Closed/Inactive I'm unfortunately back... very slow, 'sticky' computer

Loosie · May 23, 2017

Hi, I hope I'm not infected again - thought I was doing everything right, no dubious sites visited... Computer slows down & gets 'stuck periodically. Without further ado, the prework results...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Anya (administrator) on ANYA-PC (23-05-2017 14:22:27)
Running from C:\Users\Anya\Desktop\PCHF progs & prework
Loaded Profiles: Anya (Available Profiles: Anya)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShield.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
() C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShieldService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(Intuit) C:\Program Files (x86)\QUICKENW\QW.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [2443600 2017-05-01] (VoodooSoft, LLC )
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-10] (AVAST Software)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft)
HKLM-x32\...\Run: [KeepVidProUpdateHelper.exe] => C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe [33992 2017-04-13] ()
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3005120 2017-04-04] (Sony Corporation)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-10] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{7627382C-5019-449A-B812-0620026D757C}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{E3766518-15B8-436E-BB5F-3E6C562D074B}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
URLSearchHook: [S-1-5-21-3010178862-2183218474-3834878404-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> DefaultScope {26080cad-4adc-49ac-8c63-eda16e595cbd} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
BHO-x32: KeepVid Pro 4.10.0 -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\KVBrowserAppMgr.dll [2017-04-13] ()
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: dolfqtls.default
FF ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default [2017-05-23]
FF Homepage: Mozilla\Firefox\Profiles\dolfqtls.default -> hxxps://mg.mail.yahoo.com/neo/launch?.rand=4329iole1n0eg#6349
FF Session Restore: Mozilla\Firefox\Profiles\dolfqtls.default -> is enabled.
FF Extension: (Self-Destructing Cookies) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-03-26]
FF Extension: (Avast SafePrice) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\sp@avast.com.xpi [2017-05-10]
FF Extension: (uBlock Origin) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\uBlock0@raymondhill.net.xpi [2017-05-16]
FF Extension: (Avast Online Security) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\wrc@avast.com.xpi [2017-05-10]
FF Extension: (Greasemonkey) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-04-28]
FF Extension: (KeepVid Pro) - C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\kvallmytube@keepvid.com_xpi [2017-05-12]
FF HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\kvallmytube@keepvid.com_xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-10] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-10] (AVAST Software)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [505024 2017-04-04] (Sony Corporation)
R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [129360 2017-05-01] (VoodooSoft, LLC )
S3 WsDrvInst; C:\Program Files (x86)\Keepvid\KeepVid Pro\DriverInstall.exe [123080 2017-04-13] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-10] (AVAST Software)
R3 VSScanner; C:\Windows\System32\DRIVERS\vsscanner.sys [21064 2016-08-19] (VoodooSoft, LLC)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
S3 catchme; \??\C:\Users\Anya\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
U3 aswMBR; \??\C:\Users\Anya\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2090-10-18 06:31 - 2017-05-23 14:16 - 00315753 ____C C:\Windows\WindowsUpdate.log
2017-05-23 11:21 - 2017-05-23 11:25 - 50812969 ____C C:\Users\Anya\Downloads\Gossec Gavotte from Suzuki Book 1, slow, violin only.mp4
2017-05-23 10:58 - 2017-05-23 10:58 - 00094811 ____C C:\Users\Anya\Downloads\TIO 2017 05 14752 - TIO complaint 1.PDF
2017-05-23 08:04 - 2017-05-23 08:04 - 00000000 ___DC C:\ProgramData\SWCUTemp
2017-05-21 14:31 - 2017-05-21 14:31 - 00000000 ___DC C:\Users\Anya\AppData\Local\Apps\2.0
2017-05-21 14:09 - 2017-05-21 15:06 - 695352722 ____C C:\Users\Anya\Downloads\76943_Aust_gda94.ecw.part
2017-05-21 13:50 - 2017-05-21 13:52 - 00000000 ___DC C:\Users\Anya\Documents\maps
2017-05-21 13:47 - 2017-05-21 13:47 - 00143353 ____C C:\Users\Anya\Documents\Vicmap_Topographic_Georeferenced_PDFs.pdf
2017-05-18 17:16 - 2017-05-18 17:17 - 04069821 ____C C:\Users\Anya\Downloads\18289162_1310709432299036_472382274403303424_n.mp4
2017-05-17 15:06 - 2017-05-17 15:06 - 00166409 ____C C:\Users\Anya\Documents\2d3438393533353536363.pdf
2017-05-17 15:02 - 2017-05-17 15:02 - 00365149 ____C C:\Users\Anya\Documents\download(1).pdf
2017-05-17 14:23 - 2017-05-17 14:23 - 00145651 ____C C:\Users\Anya\Documents\Civil Claims List(1).pdf
2017-05-17 14:05 - 2017-05-17 14:05 - 00022719 ____C C:\Users\Anya\Documents\MercantileDemand.pdf
2017-05-15 13:12 - 2017-05-15 13:12 - 00118794 ____C C:\Users\Anya\Documents\Mobile_Phone_Policy.pdf
2017-05-15 12:19 - 2010-05-26 11:41 - 02401112 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-05-15 12:19 - 2010-05-26 11:41 - 01998168 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-05-15 12:18 - 2017-05-15 12:18 - 00002183 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
2017-05-15 12:18 - 2017-05-15 12:18 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2017-05-15 12:17 - 2017-05-15 12:17 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\Sony Corporation
2017-05-15 12:09 - 2017-05-15 12:09 - 00000000 ___DC C:\Program Files (x86)\Sony
2017-05-15 12:00 - 2017-05-15 12:00 - 00000000 ___DC C:\ProgramData\Sony Corporation
2017-05-13 09:38 - 2017-05-13 09:38 - 04452861 ____C C:\Users\Anya\Documents\Ultium-Competition-Sell-Sheet-2015(1).pdf
2017-05-12 09:58 - 2017-05-12 09:58 - 00000000 ___DC C:\Users\Anya\AppData\Local\Keepvid
2017-05-12 09:58 - 2017-05-12 09:58 - 00000000 ___DC C:\ProgramData\Aimersoft
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\KeepVid
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\Users\Anya\AppData\Local\Aimersoft
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\Users\Anya\.android
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\KeepVid Pro Recorded
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\KeepVid Pro Downloaded
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\KeepVid Pro Converted
2017-05-12 09:51 - 2017-05-12 09:51 - 00000000 ___DC C:\ProgramData\KeepVid
2017-05-12 09:51 - 2017-05-12 09:51 - 00000000 ___DC C:\Program Files (x86)\Keepvid
2017-05-12 09:48 - 2017-05-12 09:51 - 00000000 ___DC C:\Users\Public\Documents\Keepvid
2017-05-12 09:46 - 2017-05-12 09:47 - 01594397 ____C C:\Users\Anya\Downloads\david attenborough.mp4
2017-05-11 13:20 - 2017-05-12 19:20 - 00004476 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-10 18:23 - 2017-05-10 18:23 - 00000000 ___DC C:\Windows\Samsung
2017-05-10 18:23 - 2017-05-10 18:23 - 00000000 ___DC C:\Program Files (x86)\SamsungPrinterLiveUpdate
2017-05-10 18:23 - 2012-07-25 19:27 - 00497568 ____C () C:\Windows\ssndii.exe
2017-05-10 18:22 - 2009-10-13 18:44 - 00022016 ____C () C:\Windows\system32\sugw2l6.dll
2017-05-10 18:22 - 2009-10-13 18:44 - 00000411 ____C C:\Windows\system32\sugw2l6.smt
2017-05-10 18:22 - 2009-10-13 18:43 - 00151552 ____C (SS) C:\Windows\system32\sugw2ci.exe
2017-05-10 18:22 - 2009-10-13 18:43 - 00089600 ____C (SS) C:\Windows\system32\sugw2ci.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 01233920 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00701440 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml2.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00082432 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00081920 ____C (Samsung Electronics) C:\Windows\SysWOW64\ssdevm.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00044544 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00038160 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml2r.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00021776 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml2a.dll
2017-05-10 18:12 - 2017-05-10 18:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SCX-4x21 Series
2017-05-10 18:12 - 2012-07-25 13:02 - 00124792 ____C C:\Windows\Wiainst.exe
2017-05-10 18:12 - 2009-11-30 11:57 - 00047104 ____C (Samsung Electronics) C:\Windows\system32\Ssusbp64.dll
2017-05-10 18:12 - 2009-10-13 17:12 - 00074240 ____C (Samsung Electronics) C:\Windows\system32\ssdevm64.dll
2017-05-10 18:12 - 2009-10-06 21:33 - 00327168 ____C C:\Windows\system32\SaMinDrv.dll
2017-05-10 18:12 - 2009-10-06 21:33 - 00129536 ____C C:\Windows\system32\SaImgFlt.dll
2017-05-10 18:12 - 2009-10-06 21:33 - 00098816 ____C C:\Windows\system32\SaSegFlt.dll
2017-05-10 18:12 - 2009-10-06 21:33 - 00055808 ____C C:\Windows\system32\SaErHdlr.dll
2017-05-10 18:12 - 2009-10-06 21:25 - 00049152 ____C (Samsung Electronics) C:\Windows\SysWOW64\Ssusbpn.dll
2017-05-10 18:11 - 2011-07-08 14:43 - 00011576 ____C (Samsung Electronics) C:\Windows\system32\Drivers\SSPORT.SYS
2017-05-10 18:10 - 2017-05-10 18:10 - 00000000 ___DC C:\Program Files (x86)\Samsung
2017-05-10 18:05 - 2017-05-10 18:05 - 00027561 ____C C:\Users\Anya\Documents\colour task(1).pdf
2017-05-10 14:04 - 2017-05-10 14:04 - 00400456 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-09 13:25 - 2017-05-09 13:25 - 00004465 ____C C:\Users\Anya\Downloads\trans090517.qif
2017-05-08 10:26 - 2017-05-08 10:26 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\Esc-RemoteSupport
2017-05-08 08:48 - 2017-05-08 08:48 - 00000457 ____C C:\Users\Anya\Downloads\TransactionHistory(3).qif
2017-05-08 08:47 - 2017-05-08 08:47 - 00000997 ____C C:\Users\Anya\Downloads\TransactionHistory(2).qif
2017-05-08 08:46 - 2017-05-08 08:46 - 00025164 ____C C:\Users\Anya\Downloads\TransactionHistory(1).qif
2017-05-08 08:45 - 2017-05-08 08:45 - 00025164 ____C C:\Users\Anya\Downloads\TransactionHistory.qif
2017-05-06 19:50 - 2017-05-06 19:50 - 00170393 ____C C:\Users\Anya\Documents\id182.pdf
2017-05-05 09:55 - 2017-05-05 09:56 - 07725183 ____C C:\Users\Anya\Documents\April_2017.pdf
2017-05-04 17:37 - 2017-05-04 17:37 - 00027561 ____C C:\Users\Anya\Documents\colour task.pdf
2017-05-04 14:38 - 2017-05-04 14:38 - 00051394 ____C C:\Users\Anya\Documents\SETTL - Settlement Total Loss.pdf
2017-05-03 15:21 - 2017-05-03 15:21 - 00075168 ____C C:\Users\Anya\Documents\257899-4703260.pdf
2017-05-02 15:02 - 2017-05-02 15:02 - 00145651 ____C C:\Users\Anya\Documents\Civil Claims List.pdf
2017-05-02 12:48 - 2017-05-02 12:48 - 04452861 ____C C:\Users\Anya\Documents\Ultium-Competition-Sell-Sheet-2015.pdf
2017-04-30 20:16 - 2017-04-30 20:17 - 03610848 ____C C:\Users\Anya\Documents\DCRTRV280.pdf
2017-04-30 15:01 - 2017-04-30 15:02 - 03105609 ____C C:\Users\Anya\Documents\ZC429604ENmanual.pdf
2017-04-30 12:07 - 2017-04-30 12:08 - 05387546 ____C C:\Users\Anya\Downloads\Vintage talent.mp4
2017-04-28 09:23 - 2017-05-09 20:01 - 00004324 ____C C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-27 16:58 - 2017-04-27 16:58 - 00666584 ____C C:\Users\Anya\Documents\G1080SP-Manual.pdf
2017-04-27 16:58 - 2017-04-27 16:58 - 00479378 ____C C:\Users\Anya\Documents\-uploadfile-image-20141231023446015.PDF
2017-04-27 16:56 - 2017-04-27 17:07 - 56435638 ____C C:\Users\Anya\Documents\SJCam-SJ4000-Wi-Fi-Manual-2016-01-08-Rev-4.2.pdf
2017-04-27 16:50 - 2017-04-27 16:51 - 02144702 ____C C:\Users\Anya\Documents\SJ4500-SJ6000-SJ8000-swing-air-jacks.pdf
2017-04-27 16:31 - 2017-04-27 16:31 - 01578416 ____C C:\Users\Anya\Documents\82-19745.pdf
2017-04-27 16:31 - 2017-04-27 16:31 - 00352803 ____C C:\Users\Anya\Documents\VMS50-1080p-Full-HD-Action-Camera-User-Manual1.pdf
2017-04-27 16:28 - 2017-04-27 16:28 - 02307069 ____C C:\Users\Anya\Documents\GCXA1 DETAILED USER GUIDE.PDF
2017-04-27 13:50 - 2017-04-27 13:50 - 00180072 ____C C:\Users\Anya\Documents\363737323834373235373.pdf
2017-04-27 13:32 - 2017-04-27 13:32 - 00043703 ____C C:\Users\Anya\Documents\726-17_201703081314.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-23 14:23 - 2017-03-17 22:03 - 00000000 ___DC C:\ProgramData\VoodooShield
2017-05-23 14:21 - 2017-03-01 10:54 - 00000000 ___DC C:\FRST
2017-05-23 14:21 - 2017-03-01 10:49 - 00000000 ___DC C:\Users\Anya\Desktop\PCHF progs & prework
2017-05-23 14:17 - 2017-03-03 18:46 - 00004172 ____C C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-23 08:11 - 2009-07-14 14:45 - 00035088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-23 08:11 - 2009-07-14 14:45 - 00035088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-23 08:09 - 2017-01-02 17:06 - 00000000 ___DC C:\Users\Anya\AppData\LocalLow\Mozilla
2017-05-23 08:02 - 2009-07-14 15:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2017-05-23 08:01 - 2017-01-02 17:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-05-22 12:50 - 2017-04-09 20:38 - 00000000 ___DC C:\Users\Anya\Documents\apk files
2017-05-22 12:50 - 2017-01-02 15:52 - 00000000 ___DC C:\Users\Anya\Documents\computer
2017-05-20 12:00 - 2017-03-17 19:39 - 00217088 __SHC C:\Users\Anya\Documents\Thumbs.db
2017-05-20 11:50 - 2009-07-14 15:13 - 00781298 ____C C:\Windows\system32\PerfStringBackup.INI
2017-05-20 11:50 - 2009-07-14 13:20 - 00000000 ___DC C:\Windows\inf
2017-05-19 21:49 - 2017-02-08 08:43 - 00000000 ___DC C:\Users\Anya\Documents\hoofcare
2017-05-19 17:24 - 2017-01-02 15:54 - 00000000 ___DC C:\Users\Anya\Documents\dogs
2017-05-16 18:27 - 2017-01-02 14:34 - 00000000 ___DC C:\Users\Anya\AppData\Local\VirtualStore
2017-05-15 12:08 - 2017-01-19 18:53 - 00000000 ___DC C:\Users\Anya\Documents\land house building
2017-05-15 11:55 - 2017-03-17 22:03 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
2017-05-15 11:55 - 2017-03-17 22:03 - 00000000 ___DC C:\Program Files\VoodooShield
2017-05-13 08:42 - 2017-03-03 18:46 - 00158880 ____C (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-12 09:52 - 2017-01-02 14:34 - 00000000 ___DC C:\Users\Anya
2017-05-11 13:20 - 2017-01-19 14:47 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-05-10 18:08 - 2017-01-07 22:06 - 00000000 ___DC C:\Users\Anya\AppData\Local\ElevatedDiagnostics
2017-05-10 14:05 - 2017-03-23 19:57 - 00003890 ____C C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1490263047
2017-05-10 14:04 - 2017-03-03 18:46 - 00569192 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00339696 ____C (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00128648 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00101152 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00075704 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00038296 ____C (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-10 14:03 - 2017-03-03 22:55 - 00032600 ____C (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 01007160 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 00334576 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 00311808 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 00190256 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 00049016 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-05-09 20:01 - 2017-01-03 15:33 - 00803320 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-09 20:01 - 2017-01-03 15:33 - 00144888 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 20:01 - 2017-01-03 15:33 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2017-05-09 20:01 - 2017-01-03 15:33 - 00000000 ___DC C:\Windows\system32\Macromed
2017-04-30 12:14 - 2017-02-16 21:02 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\vlc
2017-04-29 12:36 - 2017-02-08 08:55 - 00000000 ___DC C:\Users\Anya\Documents\stock crate
2017-04-28 09:25 - 2017-01-03 15:28 - 00000000 ___DC C:\Users\Anya\AppData\Local\Adobe

Some files in TEMP:
====================
2017-05-15 11:44 - 2017-05-15 11:45 - 14044240 ____C (VoodooSoft, LLC ) C:\Users\Anya\AppData\Local\Temp\InstallVoodooShield.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD.

LastRegBack: 2017-01-03 08:54

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Anya (23-05-2017 14:25:33)
Running from C:\Users\Anya\Desktop\PCHF progs & prework
Windows 7 Professional Service Pack 1 (X64) (2017-01-02 04:34:01)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3010178862-2183218474-3834878404-500 - Administrator - Disabled)
Anya (S-1-5-21-3010178862-2183218474-3834878404-1000 - Administrator - Enabled) => C:\Users\Anya
Guest (S-1-5-21-3010178862-2183218474-3834878404-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3010178862-2183218474-3834878404-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Avast Pro Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Express Scribe Transcription Software (HKLM-x32\...\Scribe) (Version: 6.00 - NCH Software)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
KeepVid Pro(Build 6.1.2.7) (HKLM-x32\...\KeepVid Pro_is1) (Version: 6.1.2.7 - KeepVid Studio)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
MVHShellExtension (HKLM\...\{48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}) (Version: 1.0.0 - MyVirtualHome)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PlayMemories Home (HKLM-x32\...\{4F95DC94-A29D-41F6-AF34-15AA0D666186}) (Version: 5.4.00.04040 - Sony Corporation)
PMB_ModeEditor (x32 Version: 10.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.4.00 - Sony Corporation) Hidden
Quicken CashBook - Version 8 (HKLM-x32\...\Quicken CashBook - Version 8) (Version: - )
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Samsung SCX-4x21 Series (HKLM-x32\...\Samsung SCX-4x21 Series) (Version: - Samsung Electronics CO.,LTD)
situhome (HKLM-x32\...\{BDFC5012-189A-4D13-B1CF-279DF1D2F03B}) (Version: 5.0.5038 - Homesoft Pty. Ltd.)
situhome (x32 Version: 5.0.5038 - Homesoft Pty. Ltd.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VoodooShield version 3.59 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 3.59 - VoodooSoft, LLC)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Wings 3D 2.1.5 (HKLM-x32\...\Wings 3D 2.1.5) (Version: - )
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D21AFD6-05CE-42F3-BA96-FFCAC4689FA6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {2D435836-863C-4DA4-8663-A21C47D8152A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-14] (AVAST Software)
Task: {3F9980F9-DAF0-4FE8-B0FF-7F798D59F9D3} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Anya\Desktop\PCHF progs & prework\PrivaZer.exe [2017-03-03] (Goversoft LLC)
Task: {62DE036A-55A0-4965-B5C8-54174D692686} - System32\Tasks\SafeZone scheduled Autoupdate 1490263047 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> No File <==== ATTENTION
Task: {A45BEA91-28D9-4894-A3E1-614E4D959593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION
Task: {D798EEE4-BD9A-4DE9-B8B4-252DDADD783C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-10] (AVAST Software)
Task: {F518A539-8368-4C38-945A-4C22F794512E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-05-10 18:22 - 2009-10-13 18:44 - 00022016 ____C () C:\Windows\System32\sugw2l6.dll
2017-03-17 22:03 - 2017-05-01 12:35 - 00265040 ____C () C:\Program Files\VoodooShield\Features.dll
2017-05-12 09:52 - 2017-04-13 16:27 - 00033992 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
2017-05-12 09:51 - 2017-04-13 15:58 - 01778688 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\WUL.Ctrls.dll
2017-05-12 09:51 - 2017-04-13 15:58 - 00758784 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\WUL.Core.dll
2017-05-12 09:51 - 2017-04-13 15:58 - 00046080 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\WUL.Localization.dll
2017-05-12 09:52 - 2017-04-13 16:26 - 00113664 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\Tasks.dll
2017-05-12 09:52 - 2017-04-13 16:26 - 00139776 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\Utility.dll
2017-01-04 13:53 - 2017-01-04 13:53 - 03052032 ____C () C:\Windows\assembly\NativeImages_v4.0.30319_64\PaintDotNetc8826574#\1231046019f02411806acdb82aa3f17a\PaintDotNet.SystemLayer.Native.x64.ni.dll
2016-12-12 16:01 - 2016-12-12 16:01 - 01083088 ____C () C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00170216 ____C () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00176992 ____C () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00223224 ____C () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-23 07:56 - 2017-05-23 07:56 - 05980160 ____C () C:\Program Files\AVAST Software\Avast\defs\17052202\algo.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00684656 ____C () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00230632 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00997896 ____C () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 67717632 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00291824 ____C () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-12 09:52 - 2016-10-08 17:03 - 01506304 ____C () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2017-05-12 09:52 - 2016-07-21 10:54 - 00137728 ____C () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2017-01-02 17:35 - 2000-07-20 10:27 - 00316416 ____C () C:\Program Files (x86)\QUICKENW\BAS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2017-03-03 14:18 - 00000089 _RSHC C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5EB3DB86-2C8F-478D-AE21-5C7D6B6FA9D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{615F7A83-9DCE-4BE8-9D0E-0D4AF4FED0E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5E89A639-19DC-4FBE-B92A-FDDBB5AAB57C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{9741C565-BB61-497F-8BED-710D4AD42CC0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe

==================== Restore Points =========================

15-05-2017 12:19:04 Installed DirectX

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2017 08:03:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/15/2017 11:41:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/08/2017 10:24:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/01/2017 04:59:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/27/2017 09:55:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/15/2017 01:57:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/12/2017 09:18:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a144
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf25
Exception code: 0xc0000005
Fault offset: 0x0000000000001098
Faulting process id: 0x1120
Faulting application start time: 0x01d2ae61e824bdd2
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\DUI70.dll
Report Id: c145a501-1f71-11e7-9c5c-0024e8dc6112

Error: (03/26/2017 10:07:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/26/2017 10:04:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/24/2017 10:24:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (05/23/2017 02:16:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/23/2017 02:16:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/23/2017 02:16:55 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (05/23/2017 02:16:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/23/2017 02:16:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/23/2017 02:16:45 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (05/23/2017 11:20:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/23/2017 11:20:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/23/2017 11:20:04 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (05/23/2017 09:40:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================
Date: 2017-03-07 22:03:56.503
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-07 22:03:56.503
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P9400 @ 2.40GHz
Percentage of memory in use: 76%
Total physical RAM: 4047.92 MB
Available physical RAM: 970.39 MB
Total Virtual: 8094.04 MB
Available Virtual: 2263.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.46 GB) (Free:79.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C8B9BFB9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=504 MB) - (Type=27)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-03-01 12:10:33
-----------------------------
12:10:33.299 OS Version: Windows x64 6.1.7601 Service Pack 1
12:10:33.299 Number of processors: 2 586 0x170A
12:10:33.301 ComputerName: ANYA-PC UserName: Anya
12:10:36.188 Initialize success
12:10:36.870 VM: initialized successfully
12:10:36.873 VM: Intel CPU BiosDisabled
12:17:41.631 AVAST engine defs: 17010903
12:19:02.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:19:02.670 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
12:19:02.896 Disk 0 MBR read successfully
12:19:02.899 Disk 0 MBR scan
12:19:02.906 Disk 0 Windows 7 default MBR code
12:19:02.920 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:19:02.926 Disk 0 default boot code
12:19:02.939 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152019 MB offset 206848
12:19:02.973 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 504 MB offset 311543808
12:19:03.034 Disk 0 scanning C:\Windows\system32\drivers
12:19:15.284 Service scanning
12:19:43.094 Modules scanning
12:19:43.106 Disk 0 trace - called modules:
12:19:43.152 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:19:43.158 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800439d060]
12:19:43.164 3 CLASSPNP.SYS[fffff880011d143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040b5680]
12:19:44.592 AVAST engine scan C:\Windows
12:19:47.579 AVAST engine scan C:\Windows\system32
12:32:25.222 AVAST engine scan C:\Windows\system32\drivers
12:34:02.728 AVAST engine scan C:\Users\Anya
13:20:58.634 AVAST engine scan C:\ProgramData
13:22:09.962 Disk 0 statistics 4191535/0/0 @ 0.96 MB/s
13:22:10.019 Scan finished successfully
13:37:13.672 Disk 0 MBR has been saved successfully to "C:\Users\Anya\Desktop\PC prework\MBR.dat"
13:37:13.722 The log file has been saved successfully to "C:\Users\Anya\Desktop\PC prework\aswMBR.txt"

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-05-23 14:23:25
-----------------------------
14:23:25.802 OS Version: Windows x64 6.1.7601 Service Pack 1
14:23:25.802 Number of processors: 2 586 0x170A
14:23:25.802 ComputerName: ANYA-PC UserName: Anya
14:23:37.388 Initialize success
14:23:37.437 VM: initialized successfully
14:23:37.437 VM: Intel CPU BiosDisabled
14:23:47.257 AVAST engine defs: 17052202
14:48:47.808 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:48:47.811 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
14:48:48.034 Disk 0 MBR read successfully
14:48:48.038 Disk 0 MBR scan
14:48:48.057 Disk 0 Windows 7 default MBR code
14:48:48.080 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:48:48.087 Disk 0 default boot code
14:48:48.099 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152019 MB offset 206848
14:48:48.133 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 504 MB offset 311543808
14:48:48.179 Disk 0 scanning C:\Windows\system32\drivers
14:49:19.246 Service scanning
14:50:16.829 Modules scanning
14:50:16.831 Disk 0 trace - called modules:
14:50:16.899 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:50:16.901 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004617060]
14:50:16.901 3 aswSP.sys[fffff88003c45432] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004091060]
14:50:19.053 AVAST engine scan C:\Windows
14:50:21.955 AVAST engine scan C:\Windows\system32
14:53:21.170 AVAST engine scan C:\Windows\system32\drivers
14:53:31.634 AVAST engine scan C:\Users\Anya
15:08:40.594 File: C:\Users\Anya\Desktop\PCHF progs & prework\zoek.exe **INFECTED** Win32:Malware-gen
15:08:46.105 File: C:\Users\Anya\Documents\computer\malware & tuneup\zoek(1).exe **INFECTED** Win32:Malware-gen
16:32:06.593 AVAST engine scan C:\ProgramData
16:33:07.847 Disk 0 statistics 4325060/0/0 @ 1.56 MB/s
16:33:07.872 Scan finished successfully
16:42:07.181 Disk 0 MBR has been saved successfully to "C:\Users\Anya\Desktop\PCHF progs & prework\MBR.dat"
16:42:07.206 The log file has been saved successfully to "C:\Users\Anya\Desktop\PCHF progs & prework\aswMBR.txt"

Malnutrition · May 23, 2017

Rogue Killer Scan.

Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all other the running programs
Disable ALL Antivirus -- Antimalware -- Applications.
Right Click Rogue Killer and Run as Administrator.
Click the Start Scan button.
Allow the scan to run -- it can take ten minutes or more.
Once the scan is complete check All items for removal.
After All items are checked then press Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on open report -- then open txt
Copy the content of the report and paste it here in your next reply.

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.
Please post the JRT log.

FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
ZHP Diag Scan

Download ZHP Diag to your desktop.

1. Right Click Run as Admin.

2. Click the Options button.

Click on Check All
Then Click Validate
Then click close.

2. Click the Scanner button.

When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.

Loosie · May 24, 2017

I forgot to say, my internet connection has been dropping out randomly, but ISP says it's not their end - it's my computer's connection to the modem. It sometimes shows nothing, sometimes shows a '!' on the connection icon. Don't know if it's related...

Uh, after all that ZHPDiag found 19 bugs... I followed the above instrucs not quite perfectly - I missed the FRST fix. Did the rest, but ZHP wouldn't start properly, kept showing 'update' option & nothing else. Saw the missed FRST fix, did that, then ZHP again & it worked - after I x'd out of the update option. Below are the reports...

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Anya [Administrator]
Started from : C:\Users\Anya\Desktop\PCHF programs\RogueKillerX64.exe
Mode : Scan -- Date : 03/01/2017 19:04:48 (Duration : 00:17:45)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | bdx : [x] -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9fe07138 -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9fe07138 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\{3414E28B-7B30-5D60-A18E-73890419B134}.job -- C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe (/Check) -> Found
[Suspicious.Path] \{3414E28B-7B30-5D60-A18E-73890419B134} -- C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe (/Check) -> Found

¤¤¤ Files : 3 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Anya\AppData\Roaming\ParetoLogic -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Driver Detective -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\SpeedItup Free -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] dolfqtls.default : user_pref("browser.startup.homepage", "mail.yahoo.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVT-75ZCT2 ATA Device +++++
--- User ---
[MBR] 47c5e781ab77453373e0941962d72004
[BSP] ec87961bac3f884dc2a63fa0e35af3c1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152019 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 311543808 | Size: 504 MB
User = LL1 ... OK
User = LL2 ... OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Professional x64
Ran by Anya (Administrator) on Wed 05/24/2017 at 21:18:55.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Invalidprefs.js (File)

Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/24/2017 at 21:21:18.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by Anya (24-05-2017 22:02:44) Run:3
Running from C:\Users\Anya\Desktop\PCHF progs & prework
Loaded Profiles: Anya (Available Profiles: Anya)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
emptytemp:
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
URLSearchHook: [S-1-5-21-3010178862-2183218474-3834878404-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> DefaultScope {26080cad-4adc-49ac-8c63-eda16e595cbd} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
CHR HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
U1 aswbdisk; no ImagePath
S3 catchme; \??\C:\Users\Anya\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
U3 aswMBR; \??\C:\Users\Anya\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
C:\Windows\System32\Tasks\Adobe Acrobat Update Task
C:\Users\Anya\AppData\Roaming\Esc-RemoteSupport
C:\Windows\System32\Tasks\Adobe Flash Player Updater
Task: {1D21AFD6-05CE-42F3-BA96-FFCAC4689FA6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {3F9980F9-DAF0-4FE8-B0FF-7F798D59F9D3} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Anya\Desktop\PCHF progs & prework\PrivaZer.exe [2017-03-03] (Goversoft LLC)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> No File <==== ATTENTION
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION
Task: {F518A539-8368-4C38-945A-4C22F794512E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Folder: C:\Program Files (x86)\QUICKENW
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
CMD: ipconfig /flushdns
reboot:
end

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\MemCheckBoxInRunDlg => value removed successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKCR\PROTOCOLS\Handler\WSKVAllmytubechrome => key not found.
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Google\Chrome\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
aswMBR => service not found.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
C:\Users\Anya\AppData\Roaming\Esc-RemoteSupport => moved successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D21AFD6-05CE-42F3-BA96-FFCAC4689FA6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D21AFD6-05CE-42F3-BA96-FFCAC4689FA6} => key removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F9980F9-DAF0-4FE8-B0FF-7F798D59F9D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F9980F9-DAF0-4FE8-B0FF-7F798D59F9D3} => key removed successfully
C:\Windows\System32\Tasks\PrivaZer_SkipUAC => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PrivaZer_SkipUAC => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7C73732-9F11-4281-8D19-764D4EC9D94D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7C73732-9F11-4281-8D19-764D4EC9D94D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\ProgramDataUpdater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F518A539-8368-4C38-945A-4C22F794512E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F518A539-8368-4C38-945A-4C22F794512E} => key removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully

========================= Folder: C:\Program Files (x86)\QUICKENW ========================

2017-01-02 17:35 - 2000-07-26 13:54 - 0054272 ____C () C:\Program Files (x86)\QUICKENW\ab_dll.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0039424 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\ab_qdll.dll
2017-01-02 17:35 - 2000-04-18 03:15 - 0055037 ____C () C:\Program Files (x86)\QUICKENW\ADDRBOOK.CNT
2017-01-02 17:35 - 2000-07-26 13:54 - 0538112 ____C () C:\Program Files (x86)\QUICKENW\addrbook.exe
2017-01-02 17:35 - 2000-05-05 09:00 - 0073118 ____C () C:\Program Files (x86)\QUICKENW\Addrbook.hlp
2017-01-02 17:35 - 1996-06-05 12:18 - 0000082 ____C () C:\Program Files (x86)\QUICKENW\AUDQCARD.VER
2017-01-02 17:35 - 2000-07-20 10:27 - 0316416 ____C () C:\Program Files (x86)\QUICKENW\BAS.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0019968 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\BGT.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0025600 ____C (Intuit) C:\Program Files (x86)\QUICKENW\billmind.exe
2017-01-02 17:35 - 1993-08-06 10:10 - 0001003 ____C () C:\Program Files (x86)\QUICKENW\BUSINESS.QIF
2017-01-02 17:35 - 1996-06-19 23:12 - 0000079 ____C () C:\Program Files (x86)\QUICKENW\deluxe.ver
2017-01-02 17:35 - 2000-04-18 03:15 - 0055037 ____C () C:\Program Files (x86)\QUICKENW\ERO.CNT
2017-01-02 17:35 - 1998-10-14 14:46 - 0125087 ____C () C:\Program Files (x86)\QUICKENW\ero.dat
2017-01-02 17:35 - 2000-07-26 13:54 - 0096256 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\ERO.dll
2017-01-02 17:35 - 2000-04-18 03:15 - 0040815 ____C () C:\Program Files (x86)\QUICKENW\ero.hlp
2017-01-02 17:35 - 2000-07-26 13:54 - 0109568 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\FRCAST.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0064512 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\graphs6.dll
2017-01-02 17:35 - 1994-05-17 12:56 - 0002438 ____C () C:\Program Files (x86)\QUICKENW\HOME.QIF
2017-01-02 17:35 - 2000-07-26 13:54 - 0043008 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\IMVENG7.dll
2017-01-02 17:35 - 2000-07-19 10:11 - 0055152 ____C () C:\Program Files (x86)\QUICKENW\initial.cnt
2017-01-02 17:35 - 2000-06-02 11:09 - 0070035 ____C () C:\Program Files (x86)\QUICKENW\initial.HLP
2017-01-02 17:35 - 1995-09-25 18:00 - 0015581 ____C () C:\Program Files (x86)\QUICKENW\intellic.cat
2017-01-02 17:35 - 2000-07-26 13:54 - 0053760 ____C (America Online, Inc.\0) C:\Program Files (x86)\QUICKENW\LAUNCH32.DLL
2017-01-02 17:35 - 1997-03-23 19:22 - 0024576 ____C (LEAD Technologies, Inc.) C:\Program Files (x86)\QUICKENW\LFBMP70N.DLL
2017-01-02 17:35 - 1997-03-24 19:41 - 0225280 ____C (LEAD Technologies, Inc.) C:\Program Files (x86)\QUICKENW\LFCMP70N.DLL
2017-01-02 17:35 - 1997-03-23 19:22 - 0111104 ____C (LEAD Technologies, Inc.) C:\Program Files (x86)\QUICKENW\LFPNG70N.DLL
2017-01-02 17:35 - 2000-05-23 15:02 - 0007210 ____C () C:\Program Files (x86)\QUICKENW\LICENSE.TXT
2017-01-02 17:35 - 1997-03-23 19:22 - 0055808 ____C (LEAD Technologies, Inc.) C:\Program Files (x86)\QUICKENW\LTFIL70N.DLL
2017-01-02 17:35 - 1997-03-23 19:21 - 0349696 ____C (LEAD Technologies, Inc.) C:\Program Files (x86)\QUICKENW\LTKRN70N.DLL
2017-01-02 17:35 - 1996-06-19 23:12 - 0000079 ____C () C:\Program Files (x86)\QUICKENW\MMEDIA.VER
2017-01-02 17:35 - 2000-06-01 11:33 - 0011776 ____C () C:\Program Files (x86)\QUICKENW\MSFILE.DLL
2017-01-02 17:35 - 1996-02-29 14:31 - 0025600 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVBK14N.DLL
2017-01-02 17:35 - 1996-02-29 14:31 - 0112128 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVCL14N.DLL
2017-01-02 17:35 - 1996-02-29 14:31 - 0056320 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVFS14N.DLL
2017-01-02 17:35 - 1996-02-29 14:31 - 0068608 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVIX14N.DLL
2017-01-02 17:35 - 1996-02-29 14:31 - 0073728 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVMC14N.DLL
2017-01-02 17:35 - 1996-02-29 14:31 - 0032768 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVMG14N.DLL
2017-01-02 17:35 - 1996-02-29 14:31 - 0051200 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVSR14N.DLL
2017-01-02 17:35 - 1996-02-29 14:31 - 0050688 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVTL14N.DLL
2017-01-02 17:35 - 1996-02-29 14:31 - 0010240 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVUT14N.DLL
2017-01-02 17:35 - 1998-10-08 16:52 - 0029184 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\npinst.exe
2017-01-02 17:35 - 2000-07-26 13:54 - 0008704 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\NPIPA32.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0007168 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\NPIPA32S.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0107520 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\PLAN.dll
2017-01-02 17:35 - 1996-08-16 00:00 - 0000166 ____C () C:\Program Files (x86)\QUICKENW\PUBKEY
2017-01-02 17:35 - 2000-07-19 10:11 - 0063066 ____C () C:\Program Files (x86)\QUICKENW\Q8manual.cnt
2017-01-02 17:35 - 2000-07-19 10:11 - 0332363 ____C () C:\Program Files (x86)\QUICKENW\Q8manual.HLP
2017-01-02 17:35 - 2000-04-18 03:15 - 0000020 ____C () C:\Program Files (x86)\QUICKENW\Q8PHONES.cnt
2017-01-02 17:35 - 2000-05-26 14:17 - 0036936 ____C () C:\Program Files (x86)\QUICKENW\Q8PHONES.HLP
2017-01-02 17:35 - 2000-07-26 13:54 - 0164864 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\QACCES32.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0258560 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\Qcon32.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0152576 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qdb.dll
2017-01-02 17:35 - 1997-01-29 13:50 - 0137216 ____C (Intuit) C:\Program Files (x86)\QUICKENW\QDBBASE.DLL
2017-01-02 17:35 - 2000-07-26 13:54 - 0050688 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qfile.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0032256 ____C (Intuit) C:\Program Files (x86)\QUICKENW\qgderes.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0022528 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\QGUIDE6.dll
2017-01-02 17:35 - 2000-04-18 03:15 - 0055037 ____C () C:\Program Files (x86)\QUICKENW\qhi.cnt
2017-01-02 17:35 - 1995-09-18 10:31 - 0029696 ____C () C:\Program Files (x86)\QUICKENW\QHI.DAT
2017-01-02 17:35 - 2000-07-26 13:54 - 1195520 ____C (Intuit) C:\Program Files (x86)\QUICKENW\QHI.exe
2017-01-02 17:35 - 2000-07-19 10:11 - 0187365 ____C () C:\Program Files (x86)\QUICKENW\qhi.hlp
2017-01-02 17:35 - 1996-09-13 09:32 - 0005456 ____C (Intuit) C:\Program Files (x86)\QUICKENW\QIDLL.DLL
2017-01-02 17:35 - 2000-07-26 13:54 - 0049152 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\QNET.DLL
2017-01-02 17:35 - 2000-07-26 13:54 - 0011776 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qoli.dll
2017-01-02 17:35 - 1996-08-19 11:25 - 0005440 ____C (Intuit) C:\Program Files (x86)\QUICKENW\QPWDLL.DLL
2017-01-02 17:35 - 2000-07-19 10:11 - 0063068 ____C () C:\Program Files (x86)\QUICKENW\quicken8.cnt
2017-01-02 17:35 - 2000-07-19 10:11 - 1513236 ____C () C:\Program Files (x86)\QUICKENW\quicken8.HLP
2017-01-02 17:35 - 2000-07-26 13:54 - 0007168 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\QVERSION.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 9472512 ____C (Intuit) C:\Program Files (x86)\QUICKENW\QW.EXE
2017-01-02 17:35 - 2000-07-26 13:54 - 0045568 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\Qw_ibill.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0085472 ____C (Intuit) C:\Program Files (x86)\QUICKENW\QWCF.EXE
2017-01-02 17:35 - 2017-01-02 17:35 - 0035948 ____C () C:\Program Files (x86)\QUICKENW\QWCOLOR.INI
2017-01-02 17:35 - 2000-07-26 13:54 - 0146432 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qwdib.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0006656 ____C (Intuit) C:\Program Files (x86)\QUICKENW\qwenc.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0021504 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\QWIPA.dll
2017-01-02 17:35 - 1997-09-02 12:31 - 0000604 ____C () C:\Program Files (x86)\QUICKENW\QWMENU.INI
2017-01-02 17:35 - 2000-07-26 13:54 - 0307200 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\QWPR.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0046080 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qwrmnd.dll
2017-01-02 17:35 - 2000-04-04 17:15 - 0000022 ____C () C:\Program Files (x86)\QUICKENW\QWSB.DAT
2017-01-02 17:35 - 2000-07-26 13:54 - 1007104 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qwutil7.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0170496 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qwwin.dll
2017-01-02 17:35 - 2000-04-07 03:13 - 0004864 ____C () C:\Program Files (x86)\QUICKENW\readme.wri
2017-01-02 17:35 - 2000-07-20 10:27 - 0006353 ____C () C:\Program Files (x86)\QUICKENW\Sample.xml
2017-01-02 17:35 - 2000-07-26 13:54 - 0044544 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\SAVGOL.dll
2017-01-02 17:35 - 2000-04-27 15:16 - 0003890 ____C () C:\Program Files (x86)\QUICKENW\tax.scd
2017-01-02 17:35 - 1998-10-14 13:35 - 0000001 ____C () C:\Program Files (x86)\QUICKENW\TAX.THP
2017-01-02 17:35 - 2000-07-26 13:54 - 0044928 ____C (Intuit) C:\Program Files (x86)\QUICKENW\TLA.EXE
2017-01-02 17:35 - 2000-07-19 10:11 - 0012600 ____C () C:\Program Files (x86)\QUICKENW\TLA.HLP
2017-01-02 17:35 - 2017-01-02 17:35 - 0058771 ____C () C:\Program Files (x86)\QUICKENW\Uninst.isu
2017-01-02 17:35 - 1999-12-31 15:50 - 0003469 ____C () C:\Program Files (x86)\QUICKENW\Wfm.cnt
2017-01-02 17:35 - 1999-12-31 15:50 - 0345593 ____C () C:\Program Files (x86)\QUICKENW\Wfm.hlp
2017-01-02 17:35 - 2000-04-18 03:22 - 0005760 ____C () C:\Program Files (x86)\QUICKENW\whatsnew.WRI
2017-01-02 17:35 - 1996-07-10 09:10 - 0003618 ____C () C:\Program Files (x86)\QUICKENW\WPR.INI
2017-01-02 17:35 - 2000-07-26 13:54 - 0489984 ____C (Apache Software Foundation) C:\Program Files (x86)\QUICKENW\xerces-c_1_1.dll
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet
2017-01-02 17:35 - 1997-07-30 14:49 - 0000078 ____C () C:\Program Files (x86)\QUICKENW\inet\BLANK.HTM
2017-01-02 17:35 - 1997-09-12 19:28 - 0079469 ____C () C:\Program Files (x86)\QUICKENW\inet\QFNERRS
2017-01-02 17:35 - 1998-08-08 19:49 - 0001952 ____C () C:\Program Files (x86)\QUICKENW\inet\QLive.htm
2017-01-02 17:35 - 2017-01-02 17:35 - 0000108 ____C () C:\Program Files (x86)\QUICKENW\inet\QREQST.DAT
2017-01-02 17:35 - 1997-09-08 11:12 - 0001641 ____C () C:\Program Files (x86)\QUICKENW\inet\QW.BGT
2017-01-02 17:35 - 2000-04-18 03:15 - 0099289 ____C () C:\Program Files (x86)\QUICKENW\inet\QWQFN.HLP
2017-01-02 17:35 - 1996-11-19 10:21 - 0000084 ____C () C:\Program Files (x86)\QUICKENW\inet\RUNTIME.DAT
2017-01-02 17:35 - 1998-08-08 19:51 - 0002587 ____C () C:\Program Files (x86)\QUICKENW\inet\SECURITY.HTM
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\Filist
2017-01-02 17:35 - 1997-09-05 17:25 - 0003240 ____C () C:\Program Files (x86)\QUICKENW\inet\Filist\canlst.htm
2017-01-02 17:35 - 1997-09-12 11:21 - 0025528 ____C () C:\Program Files (x86)\QUICKENW\inet\Filist\locallst.htm
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\Headline
2017-01-02 17:35 - 1997-08-23 11:28 - 0000943 ____C () C:\Program Files (x86)\QUICKENW\inet\Headline\NEVERDLD.HTM
2017-01-02 17:35 - 1997-08-28 15:33 - 0001075 ____C () C:\Program Files (x86)\QUICKENW\inet\Headline\NO401K.HTM
2017-01-02 17:35 - 1997-08-21 12:55 - 0000898 ____C () C:\Program Files (x86)\QUICKENW\inet\Headline\NODATA.HTM
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\localweb
2017-01-02 17:35 - 1997-11-12 16:17 - 0000002 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\LOCALWEB.DAT
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill
2017-01-02 17:35 - 1997-08-27 19:11 - 0001215 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\acc.gif
2017-01-02 17:35 - 1997-08-27 19:08 - 0000073 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\adstop.gif
2017-01-02 17:35 - 1997-05-19 15:47 - 0000201 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\applynow.gif
2017-01-02 17:35 - 1997-08-27 19:28 - 0000178 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\back.gif
2017-01-02 17:35 - 1997-06-25 15:07 - 0000034 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\black.gif
2017-01-02 17:35 - 1997-05-19 15:47 - 0000188 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\blist.gif
2017-01-02 17:35 - 1997-08-27 19:06 - 0000272 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\cancel.gif
2017-01-02 17:35 - 1997-08-27 19:11 - 0001301 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\company.gif
2017-01-02 17:35 - 1997-06-04 17:18 - 0000169 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\demo.gif
2017-01-02 17:35 - 1997-08-27 19:06 - 0000251 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\done.gif
2017-01-02 17:35 - 1997-08-27 19:07 - 0000282 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\enterbtn.gif
2017-01-02 17:35 - 1997-06-04 17:42 - 0000260 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\getisp.gif
2017-01-02 17:35 - 1997-08-27 19:12 - 0000982 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\help.gif
2017-01-02 17:35 - 1997-08-27 19:28 - 0000203 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\helpbtn.gif
2017-01-02 17:35 - 1997-08-27 19:08 - 0000391 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\homebtn.gif
2017-01-02 17:35 - 1997-09-16 17:24 - 0001377 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-alsgn.htm
2017-01-02 17:35 - 1998-07-07 15:11 - 0003719 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-dem10.htm
2017-01-02 17:35 - 1998-07-07 15:11 - 0001915 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-dem20.htm
2017-01-02 17:35 - 1998-07-07 15:12 - 0001915 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-dem2a.htm
2017-01-02 17:35 - 1997-06-15 17:27 - 0000834 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-dem30.htm
2017-01-02 17:35 - 1997-09-03 13:13 - 0001609 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-logon.htm
2017-01-02 17:35 - 1997-09-05 14:22 - 0005342 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-welc.htm
2017-01-02 17:35 - 1997-05-26 12:25 - 0001844 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\intuit.gif
2017-01-02 17:35 - 1997-05-19 15:46 - 0000171 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\login.gif
2017-01-02 17:35 - 1997-08-27 19:29 - 0000174 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\next.gif
2017-01-02 17:35 - 1997-05-23 16:09 - 0000129 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ok_btn.gif
2017-01-02 17:35 - 1997-08-27 19:11 - 0001231 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\personal.gif
2017-01-02 17:35 - 1997-05-23 16:09 - 0000062 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\redicon.gif
2017-01-02 17:35 - 1997-06-04 17:42 - 0000208 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\tellme.gif
2017-01-02 17:35 - 1997-08-27 19:08 - 0000049 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\tile2.gif
2017-01-02 17:35 - 1997-08-27 19:07 - 0003486 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\title.gif
2017-01-02 17:35 - 1997-05-20 22:33 - 0000807 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\trans.gif
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\localweb\iis
2017-01-02 17:35 - 1997-08-04 17:43 - 0001474 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\AIG.GIF
2017-01-02 17:35 - 1997-08-04 17:01 - 0002655 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\ALST.GIF
2017-01-02 17:35 - 1997-08-01 15:43 - 0000090 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\ARRW.GIF
2017-01-02 17:35 - 1997-08-08 09:47 - 0003748 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\BAS.HTM
2017-01-02 17:35 - 1997-08-05 08:50 - 0006980 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\BASH.GIF
2017-01-02 17:35 - 1997-07-31 11:53 - 0002321 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\DIA.JPG
2017-01-02 17:35 - 1997-08-01 16:52 - 0002745 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\ELEC.GIF
2017-01-02 17:35 - 1997-08-05 11:36 - 0004325 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\EV1.GIF
2017-01-02 17:35 - 1997-08-22 13:05 - 0002413 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\EVAL.HTM
2017-01-02 17:35 - 1997-08-22 13:12 - 0008450 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\EVH.GIF
2017-01-02 17:35 - 1997-08-01 13:41 - 0000267 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\GET.GIF
2017-01-02 17:35 - 1997-08-22 13:28 - 0011476 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\GETQ.GIF
2017-01-02 17:35 - 1997-08-22 13:30 - 0002614 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\GETQ.HTM
2017-01-02 17:35 - 1997-08-22 11:14 - 0000051 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\HLINE.GIF
2017-01-02 17:35 - 1997-09-11 12:51 - 0010898 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\INDEX.HTM
2017-01-02 17:35 - 1997-08-22 11:00 - 0005432 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\JH.GIF
2017-01-02 17:35 - 1997-08-05 11:37 - 0004922 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\LB1.GIF
2017-01-02 17:35 - 1997-08-04 17:01 - 0002550 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\LBL.GIF
2017-01-02 17:35 - 1997-08-01 14:57 - 0001163 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\LIBG.JPG
2017-01-02 17:35 - 1997-08-04 17:00 - 0002885 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\METL.GIF
2017-01-02 17:35 - 1997-08-22 10:58 - 0007869 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\NAV1.GIF
2017-01-02 17:35 - 1997-08-04 18:12 - 0004852 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\NAV2.GIF
2017-01-02 17:35 - 1997-07-31 13:00 - 0003629 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\OHIO.GIF
2017-01-02 17:35 - 1997-08-05 11:36 - 0004849 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\OT1.GIF
2017-01-02 17:35 - 1997-08-22 13:41 - 0001551 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\OTHER.HTM
2017-01-02 17:35 - 1997-08-22 13:37 - 0008435 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\OTYP.GIF
2017-01-02 17:35 - 1997-07-29 18:15 - 0002227 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\PAP.JPG
2017-01-02 17:35 - 1997-08-22 15:58 - 0001109 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\PLAN.HTM
2017-01-02 17:35 - 1997-08-22 09:50 - 0003144 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\PRU.GIF
2017-01-02 17:35 - 1997-07-29 18:14 - 0006130 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\QIM.GIF
2017-01-02 17:35 - 1997-08-05 11:26 - 0005442 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\QU1.GIF
2017-01-02 17:35 - 1997-08-22 13:45 - 0008701 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\REAS.GIF
2017-01-02 17:35 - 1997-07-29 18:15 - 0001006 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\REDB.GIF
2017-01-02 17:35 - 1997-08-22 13:48 - 0004207 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\STF.GIF
2017-01-02 17:35 - 1997-08-04 16:58 - 0001887 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\SUN.GIF
2017-01-02 17:35 - 1997-08-01 14:38 - 0002624 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\TB3.JPG
2017-01-02 17:35 - 1997-08-04 16:54 - 0001986 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\TRAN.GIF
2017-01-02 17:35 - 1997-08-07 15:24 - 0001983 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\TRAV.GIF
2017-01-02 17:35 - 1997-08-04 17:03 - 0003397 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\UNUM.GIF
2017-01-02 17:35 - 1997-08-04 13:30 - 0000049 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\VLINE.GIF
2017-01-02 17:35 - 1997-08-06 10:52 - 0003603 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\ZSB.GIF
2017-01-02 17:35 - 1997-07-31 12:44 - 0001848 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\ZUR.GIF
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\localweb\mms
2017-01-02 17:35 - 1997-09-05 11:10 - 0041043 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\mms\FLATFILE.GIF
2017-01-02 17:35 - 1997-09-05 11:26 - 0000521 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\mms\FLATFILE.HTM
2017-01-02 17:35 - 1997-08-20 09:47 - 0000201 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\mms\IVORY.GIF
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\mktwatch
2017-01-02 17:35 - 1997-08-27 11:30 - 0000755 ____C () C:\Program Files (x86)\QUICKENW\inet\mktwatch\MKTWATCH.DAT
2017-01-02 17:35 - 1997-09-18 10:10 - 0001920 ____C () C:\Program Files (x86)\QUICKENW\inet\mktwatch\MKTWATCH.HTM
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\qwipa
2017-01-02 17:35 - 1997-09-12 15:33 - 0000133 ____C () C:\Program Files (x86)\QUICKENW\inet\qwipa\QWITEM.IPA
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\system
2017-01-02 17:35 - 2000-07-26 13:54 - 0019968 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\inet\system\BGT.dll
2017-01-02 17:35 - 2000-07-26 13:54 - 0049152 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\inet\system\QNET.DLL
2017-01-02 17:35 - 2000-07-26 13:54 - 0021504 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\inet\system\QWIPA.dll
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\plugins
2017-01-02 17:35 - 2000-07-26 13:54 - 0007168 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\plugins\NPIPA32S.dll
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\plugins\16
2017-01-02 17:35 - 2000-07-26 13:54 - 0006144 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\plugins\16\NPIPA16S.DLL
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\plugins\32
2017-01-02 17:35 - 2000-07-26 13:54 - 0007168 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\plugins\32\NPIPA32S.dll
2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\Sounds
2017-01-02 17:35 - 1997-06-17 09:56 - 0001128 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QABITEM.WAV
2017-01-02 17:35 - 1997-06-17 09:58 - 0006984 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QABMENU.WAV
2017-01-02 17:35 - 1997-06-17 10:56 - 0000382 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QCLICK.WAV
2017-01-02 17:35 - 1998-07-07 16:27 - 0011532 ____C () C:\Program Files (x86)\QUICKENW\Sounds\Qcrash.wav
2017-01-02 17:35 - 1997-06-17 09:57 - 0005020 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QDELETE.WAV
2017-01-02 17:35 - 1997-06-17 09:56 - 0010200 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QMEM.WAV
2017-01-02 17:35 - 1997-06-17 13:12 - 0049530 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QOPEN.WAV
2017-01-02 17:35 - 1997-06-17 10:57 - 0013626 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QRECORD.WAV

====== End of Folder: ======

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state On =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14704345 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 322835 B
Edge => 0 B
Chrome => 0 B
Firefox => 369676434 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66295 B
systemprofile32 => 424 B
LocalService => 66228 B
NetworkService => 0 B
Anya => 12838604 B

RecycleBin => 1436 B
EmptyTemp: => 379.3 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-05-2017 22:09:20)

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected

~ ZHPDiag v2017.5.21.84 By Nicolas Coolman (2017/05/21)
~ Run by Anya (Administrator) (2017/05/24 22:30:25)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version KO
~ Mode: Scan
~ Report: C:\Users\Anya\Desktop\ZHPDiag.txt
~ Report: C:\Users\Anya\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation

---\\ Internet Browsers (2) - 0s
~ MFIE: Mozilla Firefox 53.0.3 (x86 en-US)
~ MSIE: Internet Explorer v8.0.7601.17514

---\\ Windows Product Information (4) - 0s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : KO

---\\ System protection software (1) - 1s
Avast Pro Antivirus v17.4.2294 (Protection)

---\\ Surveillance software (2) - 2s
~ Adobe Flash Player 25 NPAPI (Surveillance)
~ Adobe Acrobat Reader DC (Surveillance)

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 4145.068 MB (29% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 103 GB (67%) free of 152 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: ANYA-PC
~ User Name: Anya
~ Logged in as Administrator

---\\ Enumeration of the disk units (1) - 0s
~ Drive C: has 103 GB free of 152 GB (System)

---\\ State of the Windows Security Center (10) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (25) - 3s
[MD5.AC4C51EB24AA95B77F705AB159189E24] - 21/11/2010 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2872320] =>.Microsoft Corporation
[MD5.DD81D91FF3B0763C392422865C9AC12E] - 14/07/2009 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe [45568] =>.Microsoft Corporation
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - 14/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\Windows\System32\Wininit.exe [129024] =>.Microsoft Corporation
[MD5.F6C5302E1F4813D552F41A0AC82455E5] - 21/11/2010 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [1188864] =>.Microsoft Corporation
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - 21/11/2010 - (.Microsoft Corporation - Windows Logon Application.) -- C:\Windows\System32\Winlogon.exe [390656] =>.Microsoft Corporation
[MD5.067FA52BFB59A56110A12312EF9AF243] - 21/11/2010 - (.Microsoft Corporation - Software Licensing Library.) -- C:\Windows\System32\sppcomapi.dll [232448] =>.Microsoft Corporation
[MD5.A52B6CC24063CC83C78C0E6F24DEEC01] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\System32\dnsapi.dll [357888] =>.Microsoft Corporation
[MD5.59DF156711A76BCB993253EC6C9BBF41] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\Syswow64\dnsapi.dll [270336] =>.Microsoft Corporation
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - 21/11/2010 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [499712] =>.Microsoft Corporation
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [24128] =>.Microsoft Windows®
[MD5.B8BD2BB284668C84865658C77574381A] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
[MD5.F036CE71586E93D94DAB220D7BDF4416] - 21/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [147456] =>.Microsoft Corporation
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - 21/11/2010 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [102400] =>.Microsoft Corporation
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 21/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [122368] =>.Microsoft Corporation
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 14/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\Windows\System32\drivers\i8042prt.sys [105472] =>.Microsoft Corporation
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 14/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [116224] =>.Microsoft Corporation
[MD5.FAF015B07E3A2874A790A39B7D2C579F] - 21/11/2010 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [158208] =>.Microsoft Corporation
[MD5.09594D1089C523423B32A4229263F068] - 21/11/2010 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [261632] =>.Microsoft Corporation
[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - 21/11/2010 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [1659776] =>.Microsoft Windows®
[MD5.0086431C29C35BE1DBC43F52CC273887] - 14/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\drivers\Parport.sys [97280] =>.Microsoft Corporation
[MD5.471815800AE33E6F1C32FB1B97C490CA] - 21/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [129536] =>.Microsoft Corporation
[MD5.1B6163C503398B23FF8B939C67747683] - 21/11/2010 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\Windows\System32\drivers\rdpdr.sys [165888] =>.Microsoft Corporation
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 14/07/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [93184] =>.Microsoft Corporation
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - 21/11/2010 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [119296] =>.Microsoft Corporation
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - 21/11/2010 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\drivers\volsnap.sys [295808] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (4) - 4s
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - Avast Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
O23 - Service: PMBDeviceInfoProvider (PMBDeviceInfoProvider) . (.Sony Corporation - Device Information Provider.) - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe =>.Sony Corporation®
O23 - Service: VoodooShieldService (VoodooShieldService) . (.VoodooSoft, LLC - VoodooShield.) - C:\Program Files\VoodooShield\VoodooShieldService.exe =>.VoodooSoft, LLC®

---\\ Services not Microsoft (SR=Run, SS=Stop) (7) - 44s
SR - Auto [25/04/2017] [ 83056] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
SS - Demand [09/05/2017] [ 271864] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SR - Demand [10/05/2017] [ 7346208] aswbIDSAgent (aswbIDSAgent) . (.AVAST Software s.r.o..) - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe =>.AVAST Software s.r.o.®
SR - Auto [10/05/2017] [ 263304] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
SR - Auto [04/04/2017] [ 505024] PMBDeviceInfoProvider (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe =>.Sony Corporation®
SR - Auto [01/05/2017] [ 129360] VoodooShieldService (VoodooShieldService) . (.VoodooSoft, LLC.) - C:\Program Files\VoodooShield\VoodooShieldService.exe =>.VoodooSoft, LLC®
SS - Demand [13/04/2017] [ 123080] Wondershare Driver Install Service (WsDrvInst) . (.Copyright © 2017.) - C:\Program Files (x86)\Keepvid\KeepVid Pro\DriverInstall.exe {52B9467713A7F2544F50324A098DB7F8} =>PUP.Optional.KeepVid

---\\ Task Planned Automatically (3) - 5s
O39 - APT: Unknown - (...) -- C:\Windows\System32\Tasks\Avast Emergency Update [4172]
O39 - APT: Unknown - (.IObit.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2788] =>.IObit
O39 - APT: Unknown - (.Avast Software s.r.o.) -- C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1490263047 [3890] =>.Avast Software s.r.o

---\\ Auto loading programs from Registry and folders (7) - 1s
O4 - HKLM\..\Run: [VoodooShield] . (.VoodooSoft, LLC - VoodooShield.) -- C:\Program Files\VoodooShield\VoodooShield.exe =>.VoodooSoft, LLC®
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - AvLaunch component.) -- C:\Program Files\AVAST Software\Avast\AvLaunch.exe =>.AVAST Software s.r.o.®
O4 - HKLM\..\Wow6432Node\Run: [Aimersoft Helper Compact.exe] . (.AimerSoft - AimerSoft Studio.) -- C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe {2D386ECA2FB81CCCE19ECF58458BB6A0} =>.Aimersoft
O4 - HKLM\..\Wow6432Node\Run: [KeepVidProUpdateHelper.exe] . (.Copyright © 2017 - WsUpdateHelper.) -- C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe {52B9467713A7F2544F50324A098DB7F8} =>PUP.Optional.KeepVid
O4 - HKLM\..\Wow6432Node\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe =>.Sony Corporation®
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

---\\ Process running (12) - 4s
[MD5.D961A7C05A76302E782B1B0CF6546BA7] - (.AVAST Software - Avast Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304] [PID.1184] =>.AVAST Software s.r.o.®
[MD5.8D6BA8E7676038A27FD4ECF12CC744B0] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83056] [PID.1684] =>.Adobe Systems, Incorporated®
[MD5.5CC28F24145E0CCA3AA9A8B66367DB6E] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [505024] [PID.1944] =>.Sony Corporation®
[MD5.A760C2AFBA1A71E0F7310A6E900CB0E4] - (.AVAST Software s.r.o. - Avast Behavior Shield.) -- C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208] [PID.2948] =>.AVAST Software s.r.o.®
[MD5.09BB35AA600892CBE4B12864BC8D1E13] - (.VoodooSoft, LLC - VoodooShield.) -- C:\Program Files\VoodooShield\VoodooShield.exe [2443600] [PID.1696] =>.VoodooSoft, LLC®
[MD5.9710FABEF9AD37A3AA966AF53BCBDD1A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [517064] [PID.2396] =>.Mozilla Corporation®
[MD5.8FE697AB8A4C28D79C1CDB97C6FB1A17] - (.AVAST Software - Avast Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [8470464] [PID.708] =>.AVAST Software s.r.o.®
[MD5.2355145A0097829D3E84FE84C88342B8] - (.AimerSoft - AimerSoft Studio.) -- C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272] [PID.2068] {2D386ECA2FB81CCCE19ECF58458BB6A0} =>.Aimersoft
[MD5.0E591DEB061F18DB74426FFAFB86D811] - (.Copyright © 2017 - WsUpdateHelper.) -- C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe [33992] [PID.3092] {52B9467713A7F2544F50324A098DB7F8} =>PUP.Optional.KeepVid
[MD5.17FFCC407A234F34FF2F21FFB0E7C6F0] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3005120] [PID.3180] =>.Sony Corporation®
[MD5.9C8F57D022F39AD1FF1B07C51A20B562] - (.VoodooSoft, LLC - VoodooShield.) -- C:\Program Files\VoodooShield\VoodooShieldService.exe [129360] [PID.1952] =>.VoodooSoft, LLC®
[MD5.6C88188108262E1C54DBECBF1D82C710] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Anya\Downloads\ZHPDiag3.exe [2731520] [PID.2272] =>.Nicolas Coolman

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (6) - 9s
P2 - EXT FILE: (.Self-Destructing Cookies - Fix the web. Gets rid of a site's.) -- C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi =>.Self-Destructing Cookies
P2 - EXT FILE: (.Avast SafePrice - Avast SafePrice - safe shopping extens.) -- C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\extensions\sp@avast.com.xpi =>.Avast SafePrice
P2 - EXT FILE: (.uBlock Origin - Finally, an efficient blocker. Easy on.) -- C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\extensions\uBlock0@raymondhill.net.xpi =>.uBlock Origin
P2 - EXT FILE: (.Avast Online Security - Avast Browser Security and Web Reputat.) -- C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\extensions\wrc@avast.com.xpi =>.Avast Online Security
P2 - EXT FILE: (.Aaron Boodman; http://youngpup.net/ - A User Script Manager for Firefox.) -- C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi =>.Aaron Boodman; http://youngpup.net/
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll =>.Adobe Systems Incorporated

---\\ Internet Explorer Extensions, Start, Search (16) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com =>.Google Inc.
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com =>.Google Inc.
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation

---\\ Internet Explorer, Proxy Management (6) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\Windows\System32\Userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (4)

---\\ Browser Helper Object (BHO) (1) - 1s
O2 - BHO: avast! Online Security [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>.AVAST Software s.r.o.®

---\\ Global shortcuts Startup (90) - 13s
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Anya\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\Quicklaunch [Administrator]: KeepVid Pro.lnk . (.KeepVid - KeepVid.) C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidPro.exe {52B9467713A7F2544F50324A098DB7F8} =>PUP.Optional.KeepVid
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Administrator]: Wave Editor.lnk . (.Abyss Media Company - Wave Editor.) C:\Program Files (x86)\Abyssmedia\Wave Editor\editor.exe
O4 - GS\Quicklaunch [Administrator]: Wings 3D (x64) 2.1.5.lnk . (...) C:\Program Files\wings3d_2.1.5\Wings3D.exe
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Google Earth Pro.lnk . (.Google - Google Earth.) C:\Program Files (x86)\Google\Google Earth Pro\client\googleearth.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: Image Composite Editor.lnk . (...) C:\Windows\Installer\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}\_AA47ECE46A59EFF35D3345.exe
O4 - GS\TaskBar [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Administrator]: OpenOffice 4.1.2.lnk . (.Apache Software Foundation - OpenOffice 4.1.2.) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe =>.Apache Software Foundation
O4 - GS\TaskBar [Administrator]: paint.net.lnk . (.dotPDN LLC - paint.net.) C:\Program Files\paint.net\PaintDotNet.exe =>.dotPDN LLC®
O4 - GS\TaskBar [Administrator]: Quicken CashBook - Version 8.lnk . (.Intuit - Quicken Executable.) C:\Program Files (x86)\QUICKENW\QW.EXE =>.Intuit
O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Anya]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Anya\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Anya]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\Quicklaunch [Anya]: KeepVid Pro.lnk . (.KeepVid - KeepVid.) C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidPro.exe {52B9467713A7F2544F50324A098DB7F8} =>PUP.Optional.KeepVid
O4 - GS\Quicklaunch [Anya]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Anya]: Wave Editor.lnk . (.Abyss Media Company - Wave Editor.) C:\Program Files (x86)\Abyssmedia\Wave Editor\editor.exe
O4 - GS\Quicklaunch [Anya]: Wings 3D (x64) 2.1.5.lnk . (...) C:\Program Files\wings3d_2.1.5\Wings3D.exe
O4 - GS\sendTo [Anya]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Anya]: Google Earth Pro.lnk . (.Google - Google Earth.) C:\Program Files (x86)\Google\Google Earth Pro\client\googleearth.exe =>.Google Inc®
O4 - GS\TaskBar [Anya]: Image Composite Editor.lnk . (...) C:\Windows\Installer\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}\_AA47ECE46A59EFF35D3345.exe
O4 - GS\TaskBar [Anya]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Anya]: OpenOffice 4.1.2.lnk . (.Apache Software Foundation - OpenOffice 4.1.2.) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe =>.Apache Software Foundation
O4 - GS\TaskBar [Anya]: paint.net.lnk . (.dotPDN LLC - paint.net.) C:\Program Files\paint.net\PaintDotNet.exe =>.dotPDN LLC®
O4 - GS\TaskBar [Anya]: Quicken CashBook - Version 8.lnk . (.Intuit - Quicken Executable.) C:\Program Files (x86)\QUICKENW\QW.EXE =>.Intuit
O4 - GS\TaskBar [Anya]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Anya]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Anya]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Anya\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\Quicklaunch [Guest]: KeepVid Pro.lnk . (.KeepVid - KeepVid.) C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidPro.exe {52B9467713A7F2544F50324A098DB7F8} =>PUP.Optional.KeepVid
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Guest]: Wave Editor.lnk . (.Abyss Media Company - Wave Editor.) C:\Program Files (x86)\Abyssmedia\Wave Editor\editor.exe
O4 - GS\Quicklaunch [Guest]: Wings 3D (x64) 2.1.5.lnk . (...) C:\Program Files\wings3d_2.1.5\Wings3D.exe
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Google Earth Pro.lnk . (.Google - Google Earth.) C:\Program Files (x86)\Google\Google Earth Pro\client\googleearth.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: Image Composite Editor.lnk . (...) C:\Windows\Installer\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}\_AA47ECE46A59EFF35D3345.exe
O4 - GS\TaskBar [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Guest]: OpenOffice 4.1.2.lnk . (.Apache Software Foundation - OpenOffice 4.1.2.) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe =>.Apache Software Foundation
O4 - GS\TaskBar [Guest]: paint.net.lnk . (.dotPDN LLC - paint.net.) C:\Program Files\paint.net\PaintDotNet.exe =>.dotPDN LLC®
O4 - GS\TaskBar [Guest]: Quicken CashBook - Version 8.lnk . (.Intuit - Quicken Executable.) C:\Program Files (x86)\QUICKENW\QW.EXE =>.Intuit
O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\Windows\system32\eudcedit.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\Windows\system32\displayswitch.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - Math Input Panel Accessory.) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\Windows\system32\mblctr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: NetworkProjection.lnk . (.Microsoft Corporation - Connect to a Network Projector.) C:\Windows\system32\NetProj.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\Windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\Windows\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\Windows\system32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\Windows\system32\StikyNot.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\Windows\system32\rundll32.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\Windows\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\Windows\system32\dfrgui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\Windows\system32\cleanmgr.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\Windows\system32\perfmon.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\Windows\system32\msinfo32.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\Windows\system32\rstrui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) C:\Windows\system32\taskschd.msc =>..Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\Windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\Windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.) C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico =>.Flexera Software LLC
O4 - GS\ProgramsCommon [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\ProgramsCommon [Public]: Express Scribe Transcription Software.lnk . (.NCH Software - Express Scribe Transcription Software.) C:\Program Files (x86)\NCH Software\Scribe\scribe.exe =>.NCH Software®
O4 - GS\ProgramsCommon [Public]: Google Earth Pro.lnk . (.Google - Google Earth.) C:\Program Files (x86)\Google\Google Earth Pro\client\googleearth.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.) C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\ProgramsCommon [Public]: paint.net.lnk . (.dotPDN LLC - paint.net.) C:\Program Files\paint.net\PaintDotNet.exe =>.dotPDN LLC®
O4 - GS\ProgramsCommon [Public]: PlayMemories Home.lnk . (.Sony Corporation - Browser.) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe =>.Sony Corporation®
O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Anytime Upgrade.lnk . (.Microsoft Corporation - Windows Anytime Upgrade User Interface.) C:\Windows\system32\WindowsAnytimeUpgradeUI.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - Windows DVD Maker.) C:\Program Files\DVD Maker\DVDMaker.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\Windows\system32\xpsrchvw.exe =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (2) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{7627382C-5019-449A-B812-0620026D757C}: DhcpNameServer = 192.168.1.1 0.0.0.0 =>.Local IP Adress

---\\ Extra protocols (22) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: deflate [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Filter: gzip [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation

---\\ Software installed (36) - 13s
O42 - Logiciel: Adobe Acrobat Reader DC - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1033-7B44-AC0F074E4100} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Flash Player 25 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-0804-1033-1959-001824225037} =>.Adobe Systems Incorporated
O42 - Logiciel: Aimersoft Helper Compact 2.5.2 - (.Aimersoft.) [HKLM][64Bits] -- {405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1 =>.Aimersoft
O42 - Logiciel: Avast Pro Antivirus - (.AVAST Software.) [HKLM][64Bits] -- Avast Antivirus =>.AVAST Software s.r.o.®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: Express Scribe Transcription Software - (.NCH Software.) [HKLM][64Bits] -- Scribe =>.NCH Software®
O42 - Logiciel: Google Earth Pro - (.Google.) [HKLM][64Bits] -- {35DAA04C-1720-4BE3-A920-A03731EC6A1D} =>.Google
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Image Composite Editor - (.Microsoft Corporation.) [HKLM][64Bits] -- {92AB5708-1AAA-4B1B-A8D5-45CF3AD77519} =>.Microsoft Corporation
O42 - Logiciel: KeepVid Pro(Build 6.1.2.7) - (.KeepVid Studio.) [HKLM][64Bits] -- KeepVid Pro_is1 =>PUP.Optional.KeepVid
O42 - Logiciel: MergeModule_x64 - (.Sony Corporation.) [HKLM][64Bits] -- {12DCC5A7-0100-4433-B4FF-217A3C5DC83B} =>.Sony Corporation
O42 - Logiciel: MergeModule_x86 - (.Sony Corporation.) [HKLM][64Bits] -- {DD7721BB-CF1C-4DC9-AD87-8D5FB75413B7} =>.Sony Corporation
O42 - Logiciel: Mozilla Firefox 53.0.3 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 53.0.3 (x86 en-US) =>.Mozilla Corporation®
O42 - Logiciel: MVHShellExtension - (.MyVirtualHome.) [HKLM][64Bits] -- {48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}
O42 - Logiciel: OpenOffice 4.1.2 - (.Apache Software Foundation.) [HKLM][64Bits] -- {E6AD67BB-1C33-4AB3-A387-E0D48137AB70} =>.Apache Software Foundation
O42 - Logiciel: paint.net - (.dotPDN LLC.) [HKLM][64Bits] -- {6AC1101E-7561-43C9-BEEA-4AB1D220D8FF} =>.dotPDN LLC
O42 - Logiciel: PlayMemories Home - (.Sony Corporation.) [HKLM][64Bits] -- {4F95DC94-A29D-41F6-AF34-15AA0D666186} =>.Sony Corporation
O42 - Logiciel: PMB_ModeEditor - (.Sony Corporation.) [HKLM][64Bits] -- {E95982CA-945F-41F2-B156-A603897AB242} =>.Sony Corporation
O42 - Logiciel: PMB_ServiceUploader - (.Sony Corporation.) [HKLM][64Bits] -- {2CA3C685-339C-4C61-B12C-FAD81A872651} =>.Sony Corporation
O42 - Logiciel: Quicken CashBook - Version 8 - (.Intuit Inc.) [HKLM][64Bits] -- Quicken CashBook - Version 8
O42 - Logiciel: SafeZone Stable 3.55.2393.596 - (.Avast Software.) [HKLM][64Bits] -- SafeZone 3.55.2393.596 =>.AVAST Software s.r.o.®
O42 - Logiciel: Samsung SCX-4x21 Series - (.Samsung Electronics CO.,LTD.) [HKLM][64Bits] -- Samsung SCX-4x21 Series =>.Samsung Electronics CO., LTD.®
O42 - Logiciel: situhome - (.Homesoft Pty. Ltd..) [HKLM][64Bits] -- {1201D379-9B6F-4419-9A64-5929D1495696}
O42 - Logiciel: situhome - (.Homesoft Pty. Ltd..) [HKLM][64Bits] -- {BDFC5012-189A-4D13-B1CF-279DF1D2F03B}
O42 - Logiciel: Speccy - (.Piriform.) [HKLM][64Bits] -- Speccy =>.Piriform Ltd®
O42 - Logiciel: TapeImporter - (.Sony Corporation.) [HKLM][64Bits] -- {746F19CC-24D1-4859-9D48-C0280306BBA9} =>.Sony Corporation
O42 - Logiciel: Toolwiz Smart Defrag 2011 - (.Toolwiz.com..) [HKLM][64Bits] -- Toolwiz Smart Defrag FREE_is1
O42 - Logiciel: Tweaking.com - Simple System Tweaker - (.Tweaking.com.) [HKLM][64Bits] -- Tweaking.com - Simple System Tweaker =>.Tweaking.com
O42 - Logiciel: Visual Studio 2012 x64 Redistributables - (.AVG Technologies.) [HKLM][64Bits] -- {8C775E70-A791-4DA8-BCC3-6AB7136F4484} =>.AVG Technologies
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM][64Bits] -- {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN
O42 - Logiciel: VoodooShield version 3.59 - (.VoodooSoft, LLC.) [HKLM][64Bits] -- {A8644328-A66F-490E-B8FA-901FF649189D}_is1 =>.VoodooSoft, LLC
O42 - Logiciel: Windows Resource Kit Tools - SubInAcl.exe - (.Microsoft Corporation.) [HKLM][64Bits] -- {D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE} =>.Microsoft Corporation
O42 - Logiciel: Wings 3D 2.1.5 - (..) [HKLM][64Bits] -- Wings 3D 2.1.5
O42 - Logiciel: ZHPFix 2015 - (.Nicolas Coolman.) [HKLM][64Bits] -- ZHPFix_is1 =>.Nicolas Coolman

---\\ HKCU & HKLM Software Keys (57) - 13s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\Aimersoft =>.Aimersoft Software
HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\Intuit =>.Intuit
HKLM\SOFTWARE\Wow6432Node\Keepvid =>PUP.Optional.KeepVid
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\NCH Software =>.NCH Software
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\OpenOffice =>.SourceForge
HKLM\SOFTWARE\Wow6432Node\Samsung =>.Samsung Electronics
HKLM\SOFTWARE\Wow6432Node\Sony Corporation =>.Sony Corporation
HKLM\SOFTWARE\Wow6432Node\SPanel
HKLM\SOFTWARE\Wow6432Node\SSPrint =>.Sprint Software
HKLM\SOFTWARE\Wow6432Node\SSScan =>.Games Software
HKLM\SOFTWARE\Wow6432Node\ToolwizSystemCare =>.Toolwiz
HKLM\SOFTWARE\Wow6432Node\VideoLAN =>.VideoLAN
HKLM\SOFTWARE\Wow6432Node\Volatile =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\Wings 3D
HKLM\SOFTWARE\Wow6432Node\Wondershare =>.Wondershare
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Abyssmedia =>.AbyssMedia
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\Aimersoft =>.Aimersoft Software
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\Geek Uninstaller =>.Geek Uninstaller
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\Homesoft Pty. Ltd.
HKCU\SOFTWARE\Keepvid =>PUP.Optional.KeepVid
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\NCH Software =>.NCH Software
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\OpenOffice =>.SourceForge
HKCU\SOFTWARE\paint.net =>.Rick Brewster
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\Samsung =>.Samsung Electronics
HKCU\SOFTWARE\situhome
HKCU\SOFTWARE\situhomeLauncher
HKCU\SOFTWARE\SmartDraw.com =>.SmartDraw.com
HKCU\SOFTWARE\Sony Corporation =>.Sony Corporation
HKCU\SOFTWARE\SSPrint =>.Sprint Software
HKCU\SOFTWARE\SSScan =>.Games Software
HKCU\SOFTWARE\ToolwizSystemCare =>.Toolwiz
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation

---\\ Contents of the Common Files folders (159) - 33s
O43 - CFD: 03/03/2017 - [] DC -- C:\Program Files\AVAST Software =>.AVAST Software s.r.o.®
O43 - CFD: 01/03/2017 - [] DC -- C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 03/03/2017 - [] DC -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\DVD Maker =>.Aone Software
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files\Microsoft Research =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 04/01/2017 - [] DC -- C:\Program Files\paint.net =>.Rick Brewster
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 02/03/2017 - [] DC -- C:\Program Files\Speccy =>.Piriform
O43 - CFD: 15/05/2017 - [] DC -- C:\Program Files\VoodooShield
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Windows Journal =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] DC -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 14/01/2017 - [] DC -- C:\Program Files\wings3d_2.1.5
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files (x86)\Abyssmedia =>.AbyssMedia
O43 - CFD: 19/01/2017 - [] DC -- C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 12/05/2017 - [] DC -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 06/02/2017 - [] DC -- C:\Program Files (x86)\Display
O43 - CFD: 19/03/2017 - [] DC -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 12/01/2017 - [] HDC -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 12/05/2017 - [] DC -- C:\Program Files (x86)\Keepvid =>PUP.Optional.KeepVid
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 23/05/2017 - [] DC -- C:\Program Files (x86)\Mozilla Firefox =>.Mozilla
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 12/01/2017 - [] DC -- C:\Program Files (x86)\MyVirtualHome
O43 - CFD: 02/03/2017 - [] DC -- C:\Program Files (x86)\NCH Software =>.NCH Software
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files (x86)\OpenOffice 4 =>.OpenOffice.org
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files (x86)\QUICKENW
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 10/05/2017 - [] DC -- C:\Program Files (x86)\Samsung =>.Samsung Electronics
O43 - CFD: 10/05/2017 - [] DC -- C:\Program Files (x86)\SamsungPrinterLiveUpdate =>.Samsung Electronics
O43 - CFD: 12/01/2017 - [] DC -- C:\Program Files (x86)\situhome
O43 - CFD: 15/05/2017 - [] DC -- C:\Program Files (x86)\Sony =>.Sony Corporation®
O43 - CFD: 05/03/2017 - [] DC -- C:\Program Files (x86)\Toolwiz Smart Defrag FREE =>.IObit
O43 - CFD: 17/03/2017 - [] DC -- C:\Program Files (x86)\Tweaking.com =>.Tweaking LLC®
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files (x86)\VideoLAN =>.VideoLan Team
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] DC -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 17/02/2017 - [] DC -- C:\Program Files (x86)\Windows Resource Kits =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 07/03/2017 - [] DC -- C:\Program Files (x86)\ZHPFix =>.Nicolas Coolman
O43 - CFD: 02/01/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abyssmedia =>.AbyssMedia
O43 - CFD: 17/03/2017 - [] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 17/03/2017 - [] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 23/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software =>.AVAST Software
O43 - CFD: 17/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 17/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs
O43 - CFD: 02/03/2017 - [] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 17/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor =>.Microsoft Corporation
O43 - CFD: 12/05/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid =>PUP.Optional.KeepVid
O43 - CFD: 17/03/2017 - [] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 17/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
O43 - CFD: 17/03/2017 - [] SDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2 =>.SourceForge
O43 - CFD: 15/05/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home =>.Sony Corporation
O43 - CFD: 17/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8
O43 - CFD: 10/05/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SCX-4x21 Series =>.Samsung Electronics
O43 - CFD: 17/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\situhome
O43 - CFD: 02/03/2017 - [0] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw 2016
O43 - CFD: 17/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy =>.Piriform
O43 - CFD: 09/01/2017 - [0] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [0] RHDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
O43 - CFD: 17/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Smart Defrag FREE =>.IObit
O43 - CFD: 17/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com =>.Tweaking.com
O43 - CFD: 17/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN =>.VideoLan Team
O43 - CFD: 15/05/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
O43 - CFD: 17/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings 3D 2.1.5
O43 - CFD: 17/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP =>.Nicolas Coolman
O43 - CFD: 19/01/2017 - [] DC -- C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 12/05/2017 - [] DC -- C:\ProgramData\Aimersoft =>.Aimersoft Software
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 23/03/2017 - [] DC -- C:\ProgramData\AVAST Software =>.AVAST Software
O43 - CFD: 07/01/2017 - [] HDC -- C:\ProgramData\Common Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 05/01/2017 - [] DC -- C:\ProgramData\HitmanPro =>.EIDOS hitman Game
O43 - CFD: 12/05/2017 - [] DC -- C:\ProgramData\KeepVid =>PUP.Optional.KeepVid
O43 - CFD: 04/01/2017 - [] SDC -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/03/2017 - [] DC -- C:\ProgramData\NCH Software =>.NCH Software
O43 - CFD: 01/03/2017 - [] DC -- C:\ProgramData\RogueKiller =>.Adlice
O43 - CFD: 12/01/2017 - [] DC -- C:\ProgramData\situhome
O43 - CFD: 15/05/2017 - [] DC -- C:\ProgramData\Sony Corporation =>.Sony Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [0] DC -- C:\ProgramData\SWCUTemp
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [] DC -- C:\ProgramData\VoodooShield
O43 - CFD: 19/01/2017 - [] DC -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 12/05/2017 - [] DC -- C:\Program Files (x86)\Common Files\Aimersoft =>.Aimersoft Software
O43 - CFD: 14/04/2017 - [] DC -- C:\Program Files (x86)\Common Files\AV =>.Avast
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files (x86)\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files (x86)\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 19/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 03/03/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\AVAST Software =>.AVAST Software
O43 - CFD: 03/03/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\Geek Uninstaller =>.Geek Uninstaller
O43 - CFD: 02/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 12/05/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\KeepVid =>PUP.Optional.KeepVid
O43 - CFD: 02/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 12/04/2011 - [0] DC -- C:\Users\Anya\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
O43 - CFD: 17/03/2017 - [] SDC -- C:\Users\Anya\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 02/03/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\NCH Software =>.NCH Software
O43 - CFD: 02/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\OpenOffice =>.SourceForge
O43 - CFD: 12/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\situhome
O43 - CFD: 12/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\SmartDraw
O43 - CFD: 24/05/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\Sony Corporation =>.Sony Corporation
O43 - CFD: 30/04/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\vlc =>.VideoLan Team
O43 - CFD: 24/05/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 28/04/2017 - [] DC -- C:\Users\Anya\AppData\Local\Adobe =>.Adobe
O43 - CFD: 12/05/2017 - [] DC -- C:\Users\Anya\AppData\Local\Aimersoft =>.Aimersoft Software
O43 - CFD: 02/01/2017 - [0] SHD -- C:\Users\Anya\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 21/05/2017 - [] DC -- C:\Users\Anya\AppData\Local\Apps =>.Microsoft Corporation
O43 - CFD: 07/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\CEF =>.CEF
O43 - CFD: 16/03/2017 - [] DC -- C:\Users\Anya\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 12/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 10/05/2017 - [] DC -- C:\Users\Anya\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] DC -- C:\Users\Anya\AppData\Local\Google =>.Google
O43 - CFD: 02/01/2017 - [0] SHD -- C:\Users\Anya\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 09/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\Image Composite Editor =>.Microsoft Corporation
O43 - CFD: 12/05/2017 - [] DC -- C:\Users\Anya\AppData\Local\Keepvid =>PUP.Optional.KeepVid
O43 - CFD: 03/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\Macromedia =>.Macromedia
O43 - CFD: 10/05/2017 - [] DC -- C:\Users\Anya\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\Mozilla =>.Mozilla Corporation
O43 - CFD: 04/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\paint.net =>.Rick Brewster
O43 - CFD: 02/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 11/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\SmartDraw
O43 - CFD: 24/05/2017 - [] DC -- C:\Users\Anya\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [0] SHD -- C:\Users\Anya\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 09/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\ToolwizCareFree =>.Toolwiz
O43 - CFD: 16/05/2017 - [] DC -- C:\Users\Anya\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [] DC -- C:\Users\Anya\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 02/01/2017 - [0] DC -- C:\Users\Anya\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 17/03/2017 - [] RDC -- C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] RDC -- C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 02/03/2017 - [] RDC -- C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 08/01/2017 - [0] RDC -- C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] DC -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] DC -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] SD -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\Microsoft =>.Microsoft Corporation

---\\ ShellIconOverlayIdentifiers (SIOI) (3) - 0s
O106 - SIOI: avast [00asw] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) -- C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation

---\\ System Drivers List (61) - 22s
O58 - SDL:2009/07/14 11:52:21 AC . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [491088] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:52:21 AC . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [339536] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:52:21 AC . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\drivers\adpu320.sys [182864] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:52:21 AC . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [15440] =>.Microsoft Windows®
O58 - SDL:2010/11/21 13:23:47 AC . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [107904] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:52:20 AC . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [194128] =>.Microsoft Windows®
O58 - SDL:2010/11/21 13:23:47 AC . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [27008] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:52:21 AC . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [87632] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:52:21 AC . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [97856] =>.Microsoft Windows®
O58 - SDL:2017/05/10 14:03:08 AC . (.AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) -- C:\Windows\System32\drivers\aswbidsdrivera.sys [311808] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/10 14:03:08 AC . (.AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) -- C:\Windows\System32\drivers\aswbidsha.sys [190256] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/10 14:03:09 AC . (.AVAST Software s.r.o. - Logging Driver.) -- C:\Windows\System32\drivers\aswbloga.sys [334576] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/10 14:03:09 AC . (.AVAST Software s.r.o. - Universal Driver.) -- C:\Windows\System32\drivers\aswbuniva.sys [49016] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/10 14:04:03 AC . (.AVAST Software - Avast HWID.) -- C:\Windows\System32\drivers\aswHwid.sys [38296] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/05/10 14:03:19 AC . (.AVAST Software - Avast Keyboard Filter Driver.) -- C:\Windows\System32\drivers\aswKbd.sys [32600] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/10 14:04:03 AC . (.AVAST Software - Avast File System Minifilter for Windows 20.) -- C:\Windows\System32\drivers\aswMonFlt.sys [128648] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/10 14:04:02 AC . (.AVAST Software - Avast WFP Redirect Driver.) -- C:\Windows\System32\drivers\aswRdr2.sys [101152] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/10 14:04:03 AC . (.AVAST Software - Avast Revert.) -- C:\Windows\System32\drivers\aswRvrt.sys [75704] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/05/10 14:03:19 AC . (.AVAST Software - Avast Virtualization Driver.) -- C:\Windows\System32\drivers\aswSnx.sys [1007160] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/10 14:04:03 AC . (.AVAST Software - Avast self protection module.) -- C:\Windows\System32\drivers\aswSP.sys [569192] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/13 08:42:10 AC . (.AVAST Software - Stream Filter.) -- C:\Windows\System32\drivers\aswstm.sys [158880] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/10 14:04:03 AC . (.AVAST Software - Avast VM Monitor.) -- C:\Windows\System32\drivers\aswVmm.sys [339696] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2009/06/11 06:34:23 AC . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60a.sys [270848] =>.Broadcom Corporation
O58 - SDL:2009/06/11 06:41:06 AC . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [18432] =>.Brother Industries, Ltd.
O58 - SDL:2009/06/11 06:41:06 AC . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [8704] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/14 11:19:07 AC . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [286720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/11 06:41:10 AC . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [47104] =>.Brother Industries Ltd.
O58 - SDL:2009/06/11 06:41:10 AC . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [14976] =>.Brother Industries Ltd.
O58 - SDL:2009/06/11 06:41:10 AC . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [14720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/11 06:34:28 AC . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [468480] =>.Broadcom Corporation
O58 - SDL:2009/07/14 11:52:31 AC . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/06/11 06:35:02 AC . (.Intel Corporation - Intel(R) Gigabit Network Connection NDIS 6.) -- C:\Windows\System32\drivers\e1y60x64.sys [281088] =>.Intel Corporation
O58 - SDL:2009/07/14 11:47:48 AC . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [530496] =>.Microsoft Windows®
O58 - SDL:2009/06/11 06:34:33 AC . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [3286016] =>.Broadcom Corporation
O58 - SDL:2009/06/11 06:31:59 AC . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [31232] =>.Hauppauge Computer Works, Inc.
O58 - SDL:2010/11/21 13:23:47 AC . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [78720] =>.Microsoft Windows®
O58 - SDL:2010/11/21 13:23:47 AC . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [410496] =>.Microsoft Windows®
O58 - SDL:2009/06/11 06:37:05 AC . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd64.sys [6108416] =>.Intel Corporation
O58 - SDL:2009/07/14 11:48:04 AC . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [44112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:48:04 AC . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [114752] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:48:04 AC . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [106560] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:48:04 AC . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [65600] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:48:04 AC . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [115776] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:48:04 AC . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [35392] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:48:04 AC . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [284736] =>.Microsoft Windows®
O58 - SDL:2009/06/11 06:35:28 AC . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\System32\drivers\netw5v64.sys [5434368] =>.Intel Corporation
O58 - SDL:2009/07/14 11:48:26 AC . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [51264] =>.Microsoft Windows®
O58 - SDL:2010/11/21 13:23:47 AC . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [148352] =>.Microsoft Windows®
O58 - SDL:2010/11/21 13:23:47 AC . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [166272] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:45:46 AC . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1524816] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:45:45 AC . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [128592] =>.Microsoft Windows®
O58 - SDL:2009/06/11 06:37:19 AC . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [23040] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2009/07/14 11:45:45 AC . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [43584] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:45:46 AC . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [80464] =>.Microsoft Windows®
O58 - SDL:2015/03/05 21:17:30 AC . (.SecureAge Technology - SLogDrv.) -- C:\Windows\System32\drivers\SLogDrv.sys [68120] =>.SecureAge Technology Pte Ltd®
O58 - SDL:2011/07/08 14:43:54 C . (.Samsung Electronics - Port Contention Driver.) -- C:\Windows\System32\drivers\SSPORT.SYS [11576] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2009/07/14 11:45:55 AC . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [24656] =>.Microsoft Windows®
O58 - SDL:2017/05/24 20:45:51 AC . (.Authors - .) -- C:\Windows\System32\drivers\TrueSight.sys [28272] =>.Adlice®
O58 - SDL:2009/07/14 11:45:55 AC . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/07/14 11:45:55 AC . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [161872] =>.Microsoft Windows®
O58 - SDL:2016/08/19 01:50:42 AC . (.VoodooSoft, LLC - VSScanner Filter driver.) -- C:\Windows\System32\drivers\vsscanner.sys [21064] =>.VoodooSoft, LLC®

---\\ File Associations Shell Spawning (11) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®

---\\ Start Menu Internet (12) - 1s
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\Launcher.exe =>.AVAST Software s.r.o.®
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ShowIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ReinstallCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\HideIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software

---\\ Search Browser Infection (1) - 10s
O69 - SBI: prefs.js [Anya - dolfqtls.default] user_pref("extensions.enabledAddons", "KVAllmytube%40KeepVid.com:6.0.0.8,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:53.0.3"); =>PUP.Optional.KeepVid

---\\ Search Svchost Services (33) - 2s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [72192] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\system32\srvsvc.dll [236032] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [777728] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [853504] =>.Microsoft Corporation
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\Audiosrv.dll [679424] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [99328] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [344064] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [97792] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [64512] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [359424] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [316928] =>.Microsoft Corporation
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll [680960] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [2477536] =>.Microsoft Windows Component Publisher®
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [849920] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [370688] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [569344] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [30720] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [70656] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\system32\iscsiexe.dll [156672] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\system32\mmcss.dll [67584] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [242688] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [121856] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [136192] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [111104] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\system32\schedsvc.dll [1110016] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\system32\kmsvc.dll [90624] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [84480] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [209920] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\system32\themeservice.dll [44544] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [100864] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [193536] =>.Microsoft Corporation

---\\ List of CD/DVD Emulators (MBR Hook) (6) - 4s
HKLM\SOFTWARE\Microsoft\Tracing\KeepVidProUpdateHelper_RASAPI32 =>PUP.Optional.KeepVid
HKLM\SOFTWARE\Microsoft\Tracing\KeepVidProUpdateHelper_RASMANCS =>PUP.Optional.KeepVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\keepvid-pro-desktop_setup_full2957_RASAPI32 =>PUP.Optional.KeepVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\keepvid-pro-desktop_setup_full2957_RASMANCS =>PUP.Optional.KeepVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\KeepVidPro_RASAPI32 =>PUP.Optional.KeepVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\KeepVidPro_RASMANCS =>PUP.Optional.KeepVid

---\\ Additional Scan (O88) (16) - 0s
HKLM\SYSTEM\CurrentControlSet\Services\WsDrvInst =>PUP.Optional.KeepVid
C:\Program Files (x86)\Keepvid\KeepVid Pro\DriverInstall.exe =>PUP.Optional.KeepVid
C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe =>PUP.Optional.KeepVid
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeepVid Pro_is1 =>PUP.Optional.KeepVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KeepVid Pro_is1 =>PUP.Optional.KeepVid
C:\Program Files (x86)\Keepvid =>PUP.Optional.KeepVid
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid =>PUP.Optional.KeepVid
C:\ProgramData\KeepVid =>PUP.Optional.KeepVid
C:\Users\Anya\AppData\Roaming\KeepVid =>PUP.Optional.KeepVid
C:\Users\Anya\AppData\Local\Keepvid =>PUP.Optional.KeepVid
HKLM64\SOFTWARE\Microsoft\Tracing\KeepVidProUpdateHelper_RASAPI32 =>PUP.Optional.KeepVid
HKLM64\SOFTWARE\Microsoft\Tracing\KeepVidProUpdateHelper_RASMANCS =>PUP.Optional.KeepVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\keepvid-pro-desktop_setup_full2957_RASAPI32 =>PUP.Optional.KeepVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\keepvid-pro-desktop_setup_full2957_RASMANCS =>PUP.Optional.KeepVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\KeepVidPro_RASAPI32 =>PUP.Optional.KeepVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\KeepVidPro_RASMANCS =>PUP.Optional.KeepVid

---\\ Summary of the elements found (1) - 0s
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.KeepVid

~ Unselected Options:
~ End of the scan, 12949 items in 31mn23s (715)(0)

==== End of Fixlog 22:09:20 ====

Loosie · May 24, 2017

& forgot to say, FRST fix didn't work to start with - it said 'updated' or some such but did nothing. So I pressed fix again & it then worked. When it rebooted, it just showed a blank, black screen after the Dell logo. Had to reboot again & it eventually started normally. In case that's relevant to you...

Malnutrition · May 25, 2017

Update all old programs with Patch My PC

Eliminate restrictive settings with this tool.

Temporarily disable your antivirus --- Your antivirus may flag this tool as malware, it is safe to run I assure you.
Download SupRestric.exe save to your desktop.
Close all running programs.
Double click the file to launch it.
Windows: 7/8/10 Vista and run as administrator
Click Yes at any prompt.
The analysis takes only a few moments.
The report is on the desktop ( CTR.txt )
Copy paste report in next reply.
A reboot is needed to complete the repairs.

HijackThis.

1- Please Click HERE to download HijackThis. -- Unzip to your desktop.
2- Right click run as admin.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

ZHP Diag Fix.

ZHP Fix

Disable your antivirus prior to this fix!
Download ZHP-Fix from here.
UnZip it to your desktop -- Tool Here if needed.... 7-Zip
Install it.
Click Suivant 5 Times.
Then Installer.
Then Terminer.
Then right clcick the ZHP Fix icon Run as admin.
Copy the entire content of the code box below, the next step will grab it from your clipboard.
Then click on import.
Then click GO.
If you see any Prompts like the one below, select Oui. = Yes in French.
Allow completion.
A log file will appear on your desktop.
Post it here in your next reply.

Code:

Script ZhpFix
SysRestore
EmptyFlash
ProxyFix
EmptyCLSID
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
C:\Users\Anya\AppData\Roaming\ParetoLogic
C:\Program Files (x86)\Driver Detective
C:\Program Files (x86)\SpeedItup Free
C:\Users\Anya\AppData\Local\UPDATE
SS - Demand [09/05/2017] [ 271864] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
HKCU\SOFTWARE\Chromium =>.Chromium
O43 - CFD: 05/01/2017 - [] DC -- C:\ProgramData\HitmanPro =>.EIDOS hitman Game
EmptyTemp

Loosie · May 25, 2017

Report Restricted to Restrictions Pierre13 (CTR version 2.5.0.0) of 25 \ 05 \ 2017 at 21:09:24

Anya PC
Microsoft Windows 7 Professional Service Pack 1 (64-bit) [6.1.7601]
Repair error 2203 performed.
Control presence restrictions
PC vaccinated against Java sponsor.
Windows Firewall service enabled.
Windows Firewall settings restored by default and enabled.
240 controlled restrictions.
1 Restricted Restriction (s).
Reboot the PC to take the repair (s) into account.
The report is on the desktop (C: \ Users \ Anya \ Desktop \ CTR.txt)

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

Platform: x64 Windows 7 (Pro), 6.1.7601, Service Pack: 1
Time: 25.05.2017 - 21:19
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: Anya (group: Administrator) on ANYA-PC

Firefox: 53.0.3.6347
Internet Explorer: 8.0.7601.17514

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
1 C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
1 C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
1 C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
1 C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
1 C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\VoodooShield\VoodooShield.exe
1 C:\Program Files\VoodooShield\VoodooShieldService.exe
1 C:\Users\Anya\Downloads\HiJackThis\HiJackThis.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\rundll32.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\sppsvc.exe
11 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\ehome\ehsched.exe
1 C:\Windows\ehome\ehtray.exe
2 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?fr=avantsearch6
R3 - Default URLSearchHook is missing
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O2-32 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O2-32 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2-32 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2-32 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [VoodooShield] C:\Program Files\VoodooShield\VoodooShield.exe
O4 - HKU\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4 - HKU\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4 - MSConfig\startupreg: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe /AUTO (HKCU) (2017/03/01)
O4 - MSConfig\startupreg: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe (file missing) (HKLM) (2017/03/01)
O4 - MSConfig\startupreg: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun (HKLM) (2017/05/11)
O4-32 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4-32 - HKLM\..\Run: [KeepVidProUpdateHelper.exe] C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
O4-32 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (file missing)
O17 - DHCP DNS - 1: 192.168.1.1
O18 - Protocol: WSKVAllmytubechrome - {91AB862D-07B8-4A85- - (no file)
O22 - Task (Queued): Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task (Queued): SafeZone scheduled Autoupdate 1490263047 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task (Ready): Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (Ready): CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task (Ready): \AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: PMBDeviceInfoProvider - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service R2: VoodooShieldService - C:\Program Files\VoodooShield\VoodooShieldService.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Wondershare Driver Install Service - (WsDrvInst) - C:\Program Files (x86)\Keepvid\KeepVid Pro\DriverInstall.exe
O23 - Service S3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe

--
End of file - Time spent: 23 sec. - 12024 bytes, CRC32: FFFFFFFF. Sign: ⽟儌

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre : C:\Users\Anya\AppData\Roaming\ZHP\ZHPExportRegistry-5-25-2017-9-25-02 PM.txt
Run by Anya at 5/25/2017 9:25:03 PM
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (01mn AMs)

========== Registry keys ==========
REMOVES: Service: AdobeARMservice
REMOVES: HKCU\SOFTWARE\Chromium

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Folders ==========
No folders empty CLSID Local user
Deletes temporary Windows (1)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES: c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
Deletes temporary Windows (39) (15,462,266 octets)

========== System restore ==========
The system successfully created restore point

========== Summary ==========
2 : Registry keys
6 : Registry values
2 : Folders
3 : Files
1 : System restore

End of clean in 50mn AMs

========== Path to file report ==========
C:\Users\Anya\AppData\Roaming\ZHP\ZHPFix[R1].txt - 3/7/2017 9:04:16 PM [2835]
C:\Users\Anya\AppData\Roaming\ZHP\ZHPFix[R2].txt - 5/25/2017 9:25:02 PM [1378]
C:\Users\Anya\AppData\Roaming\ZHP\ZHPFix[R3].txt - 5/25/2017 9:25:04 PM [1418]

Malnutrition · May 25, 2017

Security Check Scan.

Download Security Check to your desktop.
Right click it run as administrator.
When the program completes, the tool will automatically open a log file.
Please post that log here in your next post.

Hijack This Fix.

Start HijackThis , Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?fr=avantsearch6
R3 - Default URLSearchHook is missing
O4 - MSConfig\startupreg: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe (file missing) (HKLM) (2017/03/01)
O4 - MSConfig\startupreg: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun (HKLM) (2017/05/11)
O4-32 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4-32 - HKLM\..\Run: [KeepVidProUpdateHelper.exe] C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
O4-32 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (file missing)
O18 - Protocol: WSKVAllmytubechrome - {91AB862D-07B8-4A85- - (no file)
O22 - Task (Ready): Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Wondershare Driver Install Service - (WsDrvInst) - C:\Program Files (x86)\Keepvid\KeepVid Pro\DriverInstall.exe

Now click on fix checked.
After the fix is complete, then reboot your machine.

After the reboot post a new hijack this log and let me know how things are running now.

Loosie · May 26, 2017

Followed instrucs above, except there was no 023...Adobe Acrobat in the list to fix. Took a while to reboot but haven't tried anything else yet. After earlier fixes it wasn't obviously better though. My internet connection hasn't dropped out since, but that only happened sporadically...

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

Platform: x64 Windows 7 (Pro), 6.1.7601, Service Pack: 1
Time: 26.05.2017 - 12:30
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: Anya (group: Administrator) on ANYA-PC

Firefox: 53.0.3.6347
Internet Explorer: 8.0.7601.17514

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
1 C:\Program Files\VoodooShield\VoodooShield.exe
1 C:\Program Files\VoodooShield\VoodooShieldService.exe
1 C:\Users\Anya\Desktop\HiJackThis.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\sppsvc.exe
11 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe

O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O2-32 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O2-32 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2-32 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2-32 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [VoodooShield] C:\Program Files\VoodooShield\VoodooShield.exe
O4 - HKU\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4 - HKU\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4 - MSConfig\startupreg: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe /AUTO (HKCU) (2017/03/01)
O17 - DHCP DNS - 1: 192.168.1.1
O22 - Task (Queued): Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task (Queued): SafeZone scheduled Autoupdate 1490263047 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task (Ready): CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task (Ready): \AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: PMBDeviceInfoProvider - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service R2: VoodooShieldService - C:\Program Files\VoodooShield\VoodooShieldService.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe

--
End of file - Time spent: 2 sec. - 8006 bytes, CRC32: FFFFFFFF. Sign: ⾷쾨

Loosie · May 26, 2017

What is it do you think, that I should do differently or not doing & should, or not doing often enough, that it's getting 'infected'?? I have Avast Pro, Voodoo Shield(as per last suggestion), I use 'tweak.com' & CCleaner periodically... Don't visit P2P sites or such, click on ads, open attachments I don't know about...

Malnutrition · May 26, 2017

Security Check Scan.

Download Security Check to your desktop.
Right click it run as administrator.
When the program completes, the tool will automatically open a log file.
Please post that log here in your next post.

MiniToolBox Scan

Please download MINITOOLBOX and run it.

Checkmark following boxes:

Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)

Click Go post the result.

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (XP Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

Loosie said:
What is it do you think, that I should do differently or not doing & should,

I have not removed any malware from your machine, only clutter. Just keep your startups and extra services running in check....

We will want to check the condition of your hard drive next.

Download HD Tune and save the file. Install HD Tune and restart it after installation. Then go to the tab Error Scan , select the hard drive you want to check and press Start . The check can be quite time consuming take depends on the size of the hard drive check. Take a screen shot of the result and save it. Upload it to IMGUR for us. Post the link here.

Do Not tick the quick scan!!

Loosie · May 28, 2017

Have not included a screenshot of the last because it showed all green, no red. Did the MTB scan last - somehow missed it earlier...

SecurityCheck by glax24 & Severnyj v.1.4.0.49 [15.04.17]
WebSite: www.safezone.cc
DateLog: 27.05.2017 22:53:11
Path starting: C:\Users\Anya\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Anya
VersionXML: 4.29is-26.05.2017
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) Professional Lang: English(0409)
Installation date OS: 02.01.2017 04:34:01
LicenseStatus: Windows(R) 7, Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [148.5 Gb] Used: [50.4 Gb] Free: [98.1 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 8.0.7601.17514 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
The elevation prompt for administrators disabled
^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^
Automatically download and schedule installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service has stopped
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Avast Antivirus (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
Avast Antivirus (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Pro Antivirus v.17.4.2294
-------------------------- [ SecurityUtilities ] --------------------------
VoodooShield version 3.59 v.3.59
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player v.2.2.6
Microsoft Silverlight v.5.1.50906.0
OpenOffice 4.1.2 v.4.12.9782 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.25.0.0.134
Adobe Flash Player 25 ActiveX v.25.0.0.171
Adobe Flash Player 25 NPAPI v.25.0.0.171
Adobe Shockwave Player 12.2 v.12.2.8.198
Adobe Acrobat Reader DC v.17.009.20044
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 53.0.3 (x86 en-US) v.53.0.3
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.17.4.3482.0
aswbIDSAgent (aswbIDSAgent) - The service is running
C:\Program Files\AVAST Software\Avast\AvastUI.exe v.17.4.3482.0
----------------------------- [ End of Log ] ------------------------------

MiniToolBox by Farbar Version: 17-06-2016
Ran by Anya (administrator) on 28-05-2017 at 09:08:00
Running from "C:\Users\Anya\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Model: Latitude E4300 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel(R) WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Intel(R) 82567LM Gigabit Network Connection = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Anya-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-24-E8-DC-61-12
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-24-D6-1A-43-C4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c86d:dad5:da9c:64c8%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, May 27, 2017 11:35:41 PM
Lease Expires . . . . . . . . . . : Monday, May 29, 2017 12:53:45 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 318776534
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-FC-93-16-00-24-E8-DC-61-12
DNS Servers . . . . . . . . . . . : 192.168.1.1
0.0.0.0
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{7627382C-5019-449A-B812-0620026D757C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:23:20ee:8cd5:ef06(Preferred)
Link-local IPv6 Address . . . . . : fe80::23:20ee:8cd5:ef06%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2404:6800:4006:806::200e
103.2.116.108
103.2.116.109
103.2.116.113
103.2.116.117
103.2.116.121
103.2.116.123
103.2.116.79
103.2.116.83
103.2.116.87
103.2.116.91
103.2.116.93
103.2.116.94
103.2.116.98
103.2.116.102
103.2.116.106

Pinging google.com [103.2.116.109] with 32 bytes of data:
Reply from 103.2.116.109: bytes=32 time=38ms TTL=60
Reply from 103.2.116.109: bytes=32 time=39ms TTL=60

Ping statistics for 103.2.116.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 39ms, Average = 38ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 2001:4998:58:c02::a9
2001:4998:c:a06::2:4008
2001:4998:44:204::a7
98.138.253.109
98.139.183.24
206.190.36.45

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=286ms TTL=45
Reply from 98.139.183.24: bytes=32 time=286ms TTL=45

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 286ms, Maximum = 286ms, Average = 286ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...00 24 e8 dc 61 12 ......Intel(R) 82567LM Gigabit Network Connection
13...00 24 d6 1a 43 c4 ......Intel(R) WiFi Link 5100 AGN
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:9d38:6abd:23:20ee:8cd5:ef06/128
On-link
13 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::23:20ee:8cd5:ef06/128
On-link
13 281 fe80::c86d:dad5:da9c:64c8/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/27/2017 11:37:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2017 12:26:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2017 09:23:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2017 09:13:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2017 06:05:53 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c019b758-0760-4924-bbbf-a6d12286988a}

Error: (05/24/2017 10:18:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2017 10:10:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2017 10:02:54 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {858a1e0a-d9f0-4bc0-903f-cb6e0b75cbdd}

Error: (05/24/2017 09:42:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2017 08:03:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/28/2017 02:27:21 AM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/28/2017 02:27:21 AM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/28/2017 02:27:21 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (05/28/2017 02:21:19 AM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/28/2017 02:21:19 AM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/28/2017 02:21:19 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (05/28/2017 12:24:17 AM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/28/2017 12:24:17 AM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/28/2017 12:24:17 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (05/28/2017 12:20:54 AM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Microsoft Office Sessions:
=========================
Error: (05/27/2017 11:37:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2017 12:26:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2017 09:23:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2017 09:13:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2017 06:05:53 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c019b758-0760-4924-bbbf-a6d12286988a}

Error: (05/24/2017 10:18:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2017 10:10:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2017 10:02:54 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {858a1e0a-d9f0-4bc0-903f-cb6e0b75cbdd}

Error: (05/24/2017 09:42:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2017 08:03:23 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2017-05-25 21:24:54.120
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 21:24:54.120
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-07 22:03:56.503
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-07 22:03:56.503
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{52B66F1A-E977-41EE-8359-3C4040BE72F5}) (Version: 12.2.8.198 - Adobe Systems, Inc)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Avast Pro Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Express Scribe Transcription Software (HKLM-x32\...\Scribe) (Version: 6.00 - NCH Software)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
KeepVid Pro(Build 6.1.2.7) (HKLM-x32\...\KeepVid Pro_is1) (Version: 6.1.2.7 - KeepVid Studio)
MergeModule_x64 (HKLM\...\{12DCC5A7-0100-4433-B4FF-217A3C5DC83B}) (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{DD7721BB-CF1C-4DC9-AD87-8D5FB75413B7}) (Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
MVHShellExtension (HKLM\...\{48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}) (Version: 1.0.0 - MyVirtualHome)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F37}) (Version: 4.0.16 - dotPDN LLC)
PlayMemories Home (HKLM-x32\...\{4F95DC94-A29D-41F6-AF34-15AA0D666186}) (Version: 5.4.00.04040 - Sony Corporation)
PMB_ModeEditor (HKLM-x32\...\{E95982CA-945F-41F2-B156-A603897AB242}) (Version: 10.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{2CA3C685-339C-4C61-B12C-FAD81A872651}) (Version: 10.4.00 - Sony Corporation) Hidden
Quicken CashBook - Version 8 (HKLM-x32\...\Quicken CashBook - Version 8) (Version: - )
SafeZone Stable 3.55.2393.596 (HKLM-x32\...\SafeZone 3.55.2393.596) (Version: 3.55.2393.596 - Avast Software) Hidden
Samsung SCX-4x21 Series (HKLM-x32\...\Samsung SCX-4x21 Series) (Version: - Samsung Electronics CO.,LTD)
situhome (HKLM-x32\...\{1201D379-9B6F-4419-9A64-5929D1495696}) (Version: 5.0.5038 - Homesoft Pty. Ltd.) Hidden
situhome (HKLM-x32\...\{BDFC5012-189A-4D13-B1CF-279DF1D2F03B}) (Version: 5.0.5038 - Homesoft Pty. Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
TapeImporter (HKLM-x32\...\{746F19CC-24D1-4859-9D48-C0280306BBA9}) (Version: 9.3.03 - Sony Corporation) Hidden
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VoodooShield version 3.59 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 3.59 - VoodooSoft, LLC)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Wings 3D 2.1.5 (HKLM-x32\...\Wings 3D 2.1.5) (Version: - )
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

========================= Devices: ================================

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_024D1028&REV_12\4&51D9BE7&0&0AF0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 4047.92 MB
Available physical RAM: 1441.28 MB
Total Virtual: 8094.04 MB
Available Virtual: 5085.3 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:148.46 GB) (Free:98.67 GB) NTFS

========================= Users: ========================================

User accounts for \\ANYA-PC

Administrator Anya Guest

**** End of log ****

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Anya on Sat 05/27/2017 at 22:59:05.09.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Anya\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-03-05-123528.log 10818 bytes

==== System Restore Info ======================

5/27/2017 11:00:11 PM Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Mozilla\Firefox\Extensions\KVAllmytube@KeepVid.com deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_20170527_1123_.backup

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\Users\Anya\.android deleted
C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\searchplugins\avast-search.xml deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default
user_pref("browser.startup.homepage", "https://mg.mail.yahoo.com/neo/launch?.rand=4329iole1n0eg#6349");
user_pref("browser.search.defaulturl", "https://search.avast.com/AV772/search/web?q={searchTerms}");
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.defaultengine", "Avast Search");
user_pref("browser.search.defaultenginename", "Avast Search");
user_pref("browser.search.selectedEngine", "Avast Search");
user_pref("keyword.URL", "https://search.avast.com/AV772/search/web?q={searchTerms}");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default
- Self-Destructing Cookies - %ProfilePath%\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\sp@avast.com.xpi
- uBlock Origin - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi
- Undetermined - %ProfilePath%\extensions\wrc@avast.com.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default
80320392DCC61B22F0BB23DD5AD7D341 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll - Shockwave Flash
D9F9ED68815333915D0F54F87FD9B375 - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

==== Chromium Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Anya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Anya\AppData\Local\Mozilla\Firefox\Profiles\dolfqtls.default\cache2 emptied successfully
C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\storage\default\https+++www.theguardian.com\cache emptied successfully
C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\storage\default\https+++www.youtube.com\cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=134 folders=31 27515452 bytes)

==== Empty Temp Folders ======================

C:\Users\Anya\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exesearch" not found
"C:\Users\Anya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on Sat 05/27/2017 at 23:37:24.86 ======================

Malnutrition · May 28, 2017

Create and run batch file.

Open a notepad and copy the entire content of the code box below.
Paste the txt into the notepad. Save the file to your desktop as InternetFlush.bat
Now you will right click the on InternetFlush.bat and run as administrator.
Note: If you are using a third party firewall -- you will want to leave out the top two lines of the script.
At the end of the batch file there will be a prompt to
Warning: This batch file will reboot your machine when complete! Save all work prior to running!!

Code:

netsh advfirewall reset
netsh advfirewall set allprofiles state ON
ipconfig /flushdns
netsh winsock reset catalog
netsh int ip reset c:\resetlog.txt
ipconfig /release
ipconfig /renew
netsh int ipv4 reset
netsh int ipv6 reset
bitsadmin /reset /allusers
reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
netsh interface ipv6 6to4 set state state=disabled undoonstop=disabled
netsh interface ipv6 isatap set state state=disabled
netsh interface teredo set state disabled
netsh interface tcp set global autotuning=disabled
reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t REG_DWORD /d 0xFFFFFFFF
for /F "tokens=*" %%a in ('wevtutil.exe el') DO wevtutil.exe cl "%%a"
shutdown -r

How are things running now?

Loosie · May 30, 2017

Seems to be bit slow to start up still, & slow to open some programs when I click on them - Firefox so slow, apparently unresponsive that I've clicked it a few times & eventually then a few browser windows have opened. And Firefox is still 'sticky'. Meaning unresponsive somethimes. Again, not always... but now is one of those times - been on comuter for couple of hrs no worries, & now it's been many minutes to write last sentnce! Seems to be something to do with 'scripts' maybe - the 'script is unresponsive' box comes up. I usually just press 'stop script'.

Malnutrition · May 30, 2017

please Download Process Hacker and screen shot the Svchost.exe that is taking up the memory.

Right click on it and select send to Virus Total.

Click no when the box pops up that reads view existing report.

Then Select Reanalyse

Post the resulting link of the scan back here in your next reply.

Step two: Process Hacker.

Next on the Svchost.exe that is causing the large CPU usage right click on it and select properties.

Then go to the services tab. Screen shot the services appended to it for me, with the Snipping Tool.

Example below:

Malnutrition · May 31, 2017

Also, from post five in your previous malware thread, your speccy log showed that your temperature was a bit high, have you cleaned the machine of dust yet?

Let's have a look at the temps again please....

Speccy Scan.

Please go here and download Speccy.
Install and run the program.
Upon Completion:
Hit File
Publish Snap Shot
A link will appear, post that link.

We can also turn off a few useless services....

Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select Tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.

You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.

Loosie · Jun 1, 2017

1st part... screenshots & links to virustotal - I did 3 - the one with the most CPU usage at the time(under WUDFHost.exe) & Avast & Voodooshield as the highest 'private bytes'. https://www.virustotal.com/en/file/...3b4d9ef8d6e45a179b13a5e8/analysis/1496285654/ https://www.virustotal.com/en/file/...38d660e72e63f43bcdc1f799/analysis/1496285727/ https://www.virustotal.com/en/file/...3b4d9ef8d6e45a179b13a5e8/analysis/1496285654/

No, I havent cleaned dust from my machine. Speccy results to follow...

Loosie · Jun 1, 2017

http://speccy.piriform.com/results/FSiL2jwUw1TYneXRJE7i6mj

Malnutrition · Jun 1, 2017

Your temps are high, you need to clean the machine.

Also, disable windows update, see how things run after that.

Malnutrition · Jun 1, 2017

Does avast have a firewall? If so also, disable windows firewall.

Malnutrition · Jun 1, 2017

AdsFix Scan and clean.

Disable Windows Defender, Firewall & Antivirus prior to running this tool!!
Save AdsFix to your desktop.
Right Click & Run As Administrator.
With an infected machine, it could take several seconds to be charged.
You will then be prompted to install Certificates.
Install then click OK.
Right Click & Run As Administrator Again.

Click Options then select Unlock the deletion.
Then click on clean.
Enter your country
Don’t use the machine while scanning and be patient
Once the scan has completed, please copy and paste the report in your next reply.
The report will be C:\AdsFix_date_hour.txt or on your desktop with the same name.

FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Loosie

Malnutrition

Malnurished Mod

Attachments

Loosie

Loosie

Malnutrition

Malnurished Mod

Loosie

Malnutrition

Malnurished Mod

Loosie

Loosie

Malnutrition

Malnurished Mod

Loosie

Malnutrition

Malnurished Mod

Loosie

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Loosie

Attachments

Loosie

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Attachments

Search

Search

Closed/Inactive I'm unfortunately back... very slow, 'sticky' computer