• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved BSOD

Status
Not open for further replies.
I need the Sysnative tool logs as well please, this will give me all of your dump files and a wealth of other information.

Sorry for the delay, I did not get an alert for this thread.
 
You have quite a bit of junk on your machine, it will take me a while to go over your logs. Please start by removing these programs from your machine.'
'
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent =>.BitTorrent Inc®
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {18455581-E099-4BA8-BC6B-F34B2F06600C} =>.Google Inc.
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F} =>.Google Inc®
O42 - Logiciel: LWS Facebook - (.Logitech.) [HKLM][64Bits] -- {FF167195-9EE4-46C0-8CD7-FBA3457E88AB} =>.Logitech
O42 - Logiciel: Malwarebytes Anti-Malware version 2.2.1.1043 - (.Malwarebytes.) [HKLM][64Bits] -- Malwarebytes Anti-Malware_is1 =>.Malwarebytes
O42 - Logiciel: SUPERAntiSpyware - (.SUPERAntiSpyware.com.) [HKLM][64Bits] -- {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} =>.SUPERAntiSpyware.com®
O42 - Logiciel: Yahoo! Powered - (..) [HKLM][64Bits] -- YahooPowered =>Adware.YahooPowered

Then Run these tools, as there are signs of infection on your machine. ( Nothing Major just PUPS and a bit of adware)

Yes, but the file is too large to upload.


Use FilerDropper or SendSpace.com


__________________________________________-
 
Last edited:
Rogue Killer Scan.

Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all other the running programs
  • Disable ALL Antivirus -- Antimalware -- Applications.
  • Right Click Rogue Killer and Run as Administrator.
  • Click the Start Scan button.
  • Allow the scan to run -- it can take ten minutes or more.
  • Once the scan is complete check All items for removal.
  • upload_2017-2-23_10-55-54-png.1658

  • After All items are checked then press Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on open report -- then open txt
  • Copy the content of the report and paste it here in your next reply.

JRT Scan.



Please download Junkware Removal Tool and save it on your desktop.


  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Malwarebytes.
  • Download MalwareBytes Anti-Malware : https://www.malwarebytes.com/mwb-download/ take the free version ( on the left )
  • Perform the installation
  • Uncheck "Enable Free Trial of Malwarebytes Anti-Malware Premium" if it's asked
  • Malwarebytes will update, let this update,
  • Click on the "Settings" tab and then on the "Detection and Protection" tab, Check the box "Search for Rootkits"
  • Click on the "Analysis" tab and then on "Start analysis"
  • Once the review is complete, check that all detections are checked and then click [Delete Selection]
  • If Malwarebytes asks you to restart your PC, click "Yes"
  • When restarting your PC, restarts Malwarebytes
  • Opens the "History" tab and then "Application logs"
  • Double click on the last Scan Log in date (the one above)
  • At the bottom click [Export] -> select "Text file (* .txt)"
  • In the explorer selects the desktop, name it mbam.txt, click [Save]
ZHP Diag Fix.


ZHP Fix
4bd9Ugb.png

  • Disable your antivirus prior to this fix!
  • Download ZHP-Fix from here.
  • UnZip it to your desktop -- Tool Here if needed.... 7-Zip
  • Install it.
  • Click Suivant 5 Times.
  • Then Installer.
  • Then Terminer.
  • Then right clcick the ZHP Fix icon Run as admin.
  • Copy the entire content of the code box below, the next step will grab it from your clipboard.
  • Then click on import.
  • Then click GO.
  • If you see any Prompts like the one below, select Oui. = Yes in French.
  • upload_2017-5-24_21-17-40-png.2248

  • Allow completion.
  • A log file will appear on your desktop.
  • Post it here in your next reply.
Code:
Script ZhpFix
SysRestore
EmptyFlash
ProxyFix
EmptyCLSID
O39 - APT: OneDrive Standalone Update Task - (...) -- C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task  [2816]  (.Orphan.)
O39 - APT: OneDrive Standalone Update Task - (...) -- C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2  [2766]  (.Orphan.)
O39 - APT: {A28D6E9F-11D1-4B79-A0D8-7CCB20F69972} - (...) -- C:\WINDOWS\System32\Tasks\{A28D6E9F-11D1-4B79-A0D8-7CCB20F69972}  [2354]  (.Orphan.)
O42 - Logiciel: SlimDrivers - (.SlimWare Utilities, Inc..) [HKLM][64Bits] -- {746AB259-6474-4111-8966-1C62F9A6E063}
HKLM\SOFTWARE\Wow6432Node\SlimWare Utilities Inc
HKLM\SOFTWARE\Wow6432Node\SlimWare Utilities, Inc.
HKCU\SOFTWARE\SlimWare Utilities Inc
O43 - CFD: 14/04/2017 - [] AD -- C:\Program Files (x86)\SlimDrivers
O43 - CFD: 22/02/2014 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage
O43 - CFD: 04/08/2016 - [0] D -- C:\Users\Gary\AppData\Local\Setup458648171
O43 - CFD: 14/04/2017 - [] D -- C:\Users\Gary\AppData\Local\SlimWare Utilities Inc
O43 - CFD: 08/02/2014 - [0] D -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BadCopy Pro
[MD5.] [WIS][2017/04/14 11:59:38] (.SlimWare Utilities, Inc. - Windows Installer XML Toolset (3.9.1006.0).) -- C:\WINDOWS\Installer\1b26aa.msi   [30339072]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{746AB259-6474-4111-8966-1C62F9A6E063}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{746AB259-6474-4111-8966-1C62F9A6E063}
C:\Users\Gary\AppData\Local\SlimWare Utilities Inc
C:\WINDOWS\Installer\1b26aa.msi
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage
P2 - EXT FILE: (.YouTube Flash Video Player - .) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\vc6qe3r0.default\extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
O42 - Logiciel: Yahoo! Powered - (..) [HKLM][64Bits] -- YahooPowered
O43 - CFD: 02/08/2015 - [] D -- C:\Users\Gary\AppData\Roaming\DesktopIconForAmazon
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\vc6qe3r0.default\extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YahooPowered
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YahooPowered
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
C:\Users\Gary\AppData\Roaming\DesktopIconForAmazon
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.broadbandspeedchecker.co.uk_0.localstorage
HKCU\SOFTWARE\roamingdevice
O4 - GS\Quicklaunch [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Gary\AppData\Roaming\uTorrent\uTorrent.exe  
O4 - GS\Quicklaunch [Gary]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Gary\AppData\Roaming\uTorrent\uTorrent.exe  
O4 - GS\Quicklaunch [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Gary\AppData\Roaming\uTorrent\uTorrent.exe  
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent
HKCU\SOFTWARE\BitTorrent
O43 - CFD: 14/10/2016 - [] D -- C:\Users\Gary\AppData\Roaming\uTorrent
EmptyPrefetch
ShortcutFix
EmptyTemp
 
https://www.sendspace.com/file/026n36

Only one Google toolbar in the uninstall list, just have to hope it removes both.
I can not see any LWS Facebook in the uninstall list. The only Logitech listed there is so;ar App 1.10, which I assume is needed for the solar powered wireless keyboard, and Webcam Software which must be for the webcam which is rarely plugged in.
An error occurred while trying to uninstall Yahoo! Powered (whatever that is) It may have already been uninstalled.
Malwarebytes and SuperAntiSpyware are things I run regularly so will probably reinstall them after the investigation.
 
Last edited:
Only one Google toolbar in the uninstall list, just have to hope it removes both.


Ok, not a problem.

I can not see any LWS Facebook in the uninstall list. The only Logitech listed there is so;ar App 1.10, which I assume is needed for the solar powered wireless keyboard, and Webcam Software which must be for the webcam which is rarely plugged in.

Again not a problem. Just having anything that is Facebook related installed on your machine is not a good idea IMO. We will deal with that later...

An error occurred while trying to uninstall Yahoo! Powered (whatever that is) It may have already been uninstalled.


My script for ZHPDiag will catch this file and all of it's remnants.

Malwarebytes and SuperAntiSpyware are things I run regularly so will probably reinstall them after the investigation.


Your version of malwarebytes is outdated, if you notice in my instructions I am having you download the latest version. As well, Superantispyware is Rubbish, it had it's time when it was good, now it will not detect very much anymore and is not suggested in any security forums, just as spybot is no longer any good...

Another scanner that you can replace SAS with is ZemanaAntimalware Free Version.

Continue with the set of instructions given to you, and post all requested logs. :)
 
Permanently disable windows 10 on your machine since you have Kaspersky.


Hijack This Fix.

Start HijackThis , Right Click Run as Admin.
Close all other open programs prior to running this tool!!

Click System Scan Only.
Then check mark the items listed below.

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O2-32 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3-32 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - Global User Startup: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun
O4 - HKCU\..\Run: [Visual Subst] C:\Program Files (x86)\Visual Subst\VSubst.exe /startup
O4 - HKCU\..\StartupApproved\Run: [CCleaner Monitoring] (2016/03/31)C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\StartupApproved\Run: [Chromium] (2016/08/19)c:\users\gary\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory="Default" --restore-last-session
O4 - HKCU\..\StartupApproved\Run: [KiesPreload] (2016/02/05)C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\StartupApproved\Run: [OneDrive] (2016/02/05)C:\Users\Gary\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
O4 - HKLM\..\Run: [Speedfan] C:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - HKLM\..\Run: [TrayApplication] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
O4 - HKLM\..\StartupApproved\Run32: [KeePass 2 PreLoad] (2016/02/05)C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe --preload
O4 - HKLM\..\StartupApproved\Run32: [KiesTrayAgent] (2016/02/05)C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] (2016/02/05)C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\StartupApproved\Run: [Logitech Download Assistant] (2016/02/05)C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - User Startup: RealtimeSync.lnk -> C:\Program Files\FreeFileSync\RealtimeSync.exe
O4 - User Startup: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe
O4-32 - HKLM\..\Run: [EaseUS Cleanup] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe 10 300
O4-32 - HKLM\..\Run: [EaseUS EPM Tray Agent] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\TrayTipAgentE.exe
O4-32 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\EpmNews.exe
O4-32 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4-32 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (file missing)
O4-32 - HKLM\..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O16-32 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
O22 - Task (Ready): Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (Ready): OneDrive Standalone Update Task - C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task (Ready): \Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
O22 - Task (Ready): \Microsoft\Windows\Media Center\ActivateWindowsSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ConfigureInternetTimeService - C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\DispatchRecoveryTasks - C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\InstallPlayReady - C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\MediaCenterRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -MediaCenterRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\OCURActivate - C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\OCURDiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -ObjectStoreRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PBDADiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PBDADiscoveryW1 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PBDADiscoveryW2 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PvrRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -PvrRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\PvrScheduleTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -PvrSchedule (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\RegisterSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ReindexSearchRoot - C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\SqlLiteRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe - (no file) -SqlLiteRecoveryTask (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\StartRecording - C:\WINDOWS\ehome\ehrec /StartRecording (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\UpdateRecordPath - C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\ehDRMInit - C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\mcupdate - C:\WINDOWS\ehome\mcupdate $(Arg0) (file missing)
O22 - Task (Ready): \Microsoft\Windows\Media Center\mcupdate_scheduled - C:\WINDOWS\ehome\mcupdate -crl -hms -pscn 15 (file missing)
O22 - Task (Ready): {44F8EF0D-6116-4556-A439-59B34298EAE1} - C:\WINDOWS\system32\pcalua.exe -a "E:\copy of duff disk after it became recognisable\Program Files\Synkronizer XL 8.0\syxl80_install.exe" -d "E:\copy of duff disk after it became recognisable\Program Files\Synkronizer XL 8.0"
O22 - Task (Ready): {93F15C11-7E15-4726-AE8C-21F927221F09} - C:\WINDOWS\system32\pcalua.exe -a C:\Users\Gary\Downloads\planmaker.exe -d C:\Users\Gary\Downloads
O22 - Task (Ready): {F3DE1933-B73E-4AD8-83BB-B8886240C951} - C:\Windows\system32\pcalua.exe -a "E:\copy of duff disk after it became recognisable\Download\xdate.exe" -d "E:\copy of duff disk after it became recognisable\Download"
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Windows Defender Advanced Threat Protection Service - (Sense) - C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
O23 - Service S3: Windows Defender Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
O23 - Service S3: Windows Defender Service - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe


Now click on fix checked.
After the fix is complete, then reboot your machine.
 
Thanks for the info. The estimated ten minutes for the scan is a massive underestimate. Still running. And particularly annoying is

SOMETHING WEIRD HAS OCCURRED. THE LINE ABOVE IS THE START OF SOMETHING I'VE ALREADY POSTED, AND CAN NO LONGER SEE, AND SOMETHING HAS ADDED LOADS OF STUFF TO MY POST ON THE PREVIOUS PAGE ????

Not to mention adding to a post and it mystically turning up in a new one below it.

I had asked about slimware which was used to help sort my Nvidea driver issue. And how annoying it was that windows defender popped up during the scan when no one had asked it to run after I paused Kaspersky.

Oh and mentioning that I'll be away again this weekend but will see how far I get before I need to go.
 
Last edited:
Scan Result

RogueKiller V12.11.3.0 (x64) [Jun 19 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Gary [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/24/2017 08:58:15 (Duration : 01:30:01)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Myfree Codec -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities, Inc. -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Myfree Codec -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\OCS -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\SlimWare Utilities Inc -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Myfree Codec -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\OCS -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\SlimWare Utilities Inc -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3536061241-6043831-2542719734-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 6 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Gary\AppData\Roaming\DesktopIconForAmazon -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Roaming\DesktopIconForAmazon\desktopicon-chip-amazon.exe -> Deleted
[PUP.Gen1][Folder] C:\Users\Gary\AppData\Roaming\Easeware -> Deleted
[PUP.Gen1][Folder] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\ignores.dat -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Images\acer.png -> Deleted
[PUP.Gen1][Folder] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Images -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 12-00-13 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 12-29-15 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 12-54-44 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 14-57-03 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 16-18-37 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 18-26-51 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 19-01-29 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-14 19-55-39 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-15 15-25-40 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-15 16-55-56 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-15 17-05-17 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-16 07-43-14 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-16 09-05-23 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-16 15-58-31 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-17 22-12-53 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-18 08-56-58 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-18 11-21-47 0.log -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2017-04-18 13-20-00 0.log -> Deleted
[PUP.Gen1][Folder] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\rupdates.db -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\settings.db -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\supdates.db -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\SWDUMon.cat -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\SWDUMon.inf -> Deleted
[PUP.Gen1][File] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers\SWDUMon.sys -> Deleted
[PUP.Gen1][Folder] C:\Users\Gary\AppData\Local\SlimWare Utilities Inc\SlimDrivers -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec -> Deleted
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec\1.0b beta\Uninstall.lnk -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec\1.0b beta -> Deleted
[PUP.Gen1][Folder] C:\Program Files\Easeware -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\MyFree Codec -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\AC-3\ac3dx.ax -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\AC-3\liba52.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\MyFree Codec\1.0b beta\AC-3 -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\avcodec-52.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\avcore-0.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\avformat-52.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\avutil-50.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\FF_MPEG.DLL -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\FF_MPEG.INI -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\MyFree.ax -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\pthreadGC2.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\swscale-0.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\TG_EVRC.DLL -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\TG_MMX.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\TG_QCELP.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\TG_VRESIZE.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\TG_WMVP.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\uninstall.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\XVID-CORE\xvid.ax -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\MyFree Codec\1.0b beta\XVID-CORE\xvidcore.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\MyFree Codec\1.0b beta\XVID-CORE -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\MyFree Codec\1.0b beta -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] af1b9da02c24cb6fefd2ab5a04d3c547
[BSP] 6e038441c2ac2aadff7dbe7b585d4766 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953317 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST31500341AS ATA Device +++++
--- User ---
[MBR] 5b57f41e710b37be9aeeb294ed7e635c
[BSP] 18588aec1a500dff30f877d6f5f7ae3e : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 7 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 1430789 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Verbatim STORE N GO USB Device +++++
--- User ---
[MBR] 45841a763801b1eaad364745e39770a8
[BSP] a3a9795d7dbcf2ffdeed0f168e61d95b : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 14782 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
Last edited:
Checking for update
================================================================
[ ]
[ Junkware Removal Tool (JRT) by Malwarebytes ]
[ Version 8.1.3 (04.10.2017) ]
[ Information about this tool can be found at ]
[ www.malwarebytes.com ]
[ ]
[ This software is free to download and use ]
[ ]
[ Please save any unsaved work before proceeding as ]
[ the program will terminate most applications during cleanup ]
[ ]
[ ]
[ ** DISCLAIMER ** ]
[ ]
[ This software is provided "as is" without ]
[ warranty of any kind. You may use this software ]
[ at your own risk. ]
[ ]
[ Click the [X] in the top-right corner of this window ]
[ if you wish to exit. Otherwise, ]
================================================================

Press any key to continue . . .

Requesting restore point... SUCCESS
Validating restore point... FAILED 0x80070002

Restore point creation encountered an error.
If you would like to continue anyway,
Press any key to continue . . .


I'll continue anyway then.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by Gary (Administrator) on 24/06/2017 at 10:57:21.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 3

Successfully deleted: C:\user.js (File)
Successfully deleted: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\vc6qe3r0.default\user.js (File)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/06/2017 at 11:07:25.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Last edited:
The post-ADW restart takes it's time, doesn't it.

# AdwCleaner v6.047 - Logfile created 24/06/2017 at 11:19:27
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-23.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Gary - HOME_PC
# Running from : C:\Users\Gary\Desktop\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Auslogics
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Auslogics
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[-] Folder deleted: C:\Program Files (x86)\SlimDrivers
[-] Folder deleted: C:\Program Files (x86)\Auslogics


***** [ Files ] *****

[-] File deleted: C:\Users\Public\Desktop\SlimDrivers.lnk


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key deleted: HKLM\SOFTWARE\Auslogics
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{746AB259-6474-4111-8966-1C62F9A6E063}
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\uk.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\uk.ask.com


***** [ Web browsers ] *****

[-] [C:\Users\Gary\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: yahoo! powered
[-] [C:\Users\Gary\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=mnn_easus_16_31&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dgb%26pa%3DMinio%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtDyD0CyE0FtB0F0CyCtB0BtN0D0Tzu0StCyCyByBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0EyC0AtDtD0AtDtGtC0EzztAtGyEyEtD0AtGtB0BtD0AtGyCtC0D0FtA0C0AyBtByByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0B0A0DtCyByE0AtG0DtD0A0BtGyEzztCyEtG0ByDzzyDtG0AtBtAzzyCzztDtAtC0C0CtD2QtN0A0LzuyE%26cr%3D793568377%26a%3Dmnn_easus_16_31%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&uref=chmm
[-] [C:\Users\Gary\AppData\Local\Chromium\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
[-] [C:\Users\Gary\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=mnn_easus_16_31&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dgb%26pa%3DMinio%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtDyD0CyE0FtB0F0CyCtB0BtN0D0Tzu0StCyCyByBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0EyC0AtDtD0AtDtGtC0EzztAtGyEyEtD0AtGtB0BtD0AtGyCtC0D0FtA0C0AyBtByByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0B0A0DtCyByE0AtG0DtD0A0BtGyEzztCyEtG0ByDzzyDtG0AtBtAzzyCzztDtAtC0C0CtD2QtN0A0LzuyE%26cr%3D793568377%26a%3Dmnn_easus_16_31%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&uref=chmm
[-] [C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: autostitch.en.softonic.com
[-] [C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: knctr.en.softonic.com
[-] [C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5188 Bytes] - [24/06/2017 11:19:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [4635 Bytes] - [24/06/2017 11:18:06]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5334 Bytes] ##########
 
Last edited:
I see that the free one on the left is the 14 day pro trial. Normally I'd download the non-trial free version of Malwarebytes. I trust it simply reverts to that at the end.
(Ah I see you tell me I shall be able to untick the trial on installation. Ok.) Oh, didn't see the opt out so I'm on the pro trial; I'll worry about that in 14 days then.

Hmm not enthralled by the hits. One is the installation file for the slimdrivers that, as mentioned earlier, were used when investigating the graphics driver issue which is where I started trying to find a cause of the crashes in the previous thread. An installation file isn't going to do anything so I think I'll leave that. Then there is the game cheat thing which is very rarely used, and only to extend interest in a game I've otherwise grown bored of. I'll let it remove that but seems a pity.
 

Attachments

  • mbam.txt
    1.3 KB · Views: 8
Last edited:
ZHP Diag Fix seems to end with two windows full of info.
This in the main window :

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre : C:\Users\Gary\AppData\Roaming\ZHP\ZHPExportRegistry-24-06-2017-12-50-28.txt
Run by Gary at 24/06/2017 12:45:58
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit Service Pack 1 (14393)

Recycle Bin emptied (04mn 27s)
Prefetcher emptied
Repair of browser shortcuts

========== Software ==========
ABSENT Uninstall Process: c:\users\gary\appdata\local\{6ab85ce4-4e10-305c-2388-15b407e0e92c}\uninstall.exe

========== Process memory ==========
REMOVES: Memory Process: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage

========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YahooPowered]
REMOVES: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
REMOVES: HKCU\SOFTWARE\roamingdevice

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Folders ==========
No folders empty CLSID Local user
REMOVES: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage
REMOVES: C:\Users\Gary\AppData\Local\Setup458648171
REMOVES: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BadCopy Pro
REMOVES: C:\Users\Gary\AppData\Roaming\uTorrent
Deletes temporary Windows (0)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES Reboot: c:\windows\system32\tasks\onedrive standalone update task
REMOVES Reboot: c:\windows\system32\tasks\onedrive standalone update task v2
REMOVES Reboot: c:\windows\system32\tasks\{a28d6e9f-11d1-4b79-a0d8-7ccb20f69972}
REMOVES: C:\WINDOWS\Installer\1b26aa.msi
REMOVES: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage
REMOVES: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\vc6qe3r0.default\extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
REMOVES: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.broadbandspeedchecker.co.uk_0.localstorage
Deletes temporary Windows (0) (0 octets)

========== System restore ==========
The system successfully created restore point


========== Summary ==========
1 : Process memory
3 : Registry keys
6 : Registry values
6 : Folders
9 : Files
1 : Software
1 : System restore


End of clean in 07mn 38s

========== Path to file report ==========
C:\Users\Gary\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/06/2017 12:50:27 [2642]


This in the text file :

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre :
Run by Gary at 24/06/2017 12:45:58
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit Service Pack 1 (14393)

Recycle Bin emptied (04mn 27s)
Prefetcher emptied
Repair of browser shortcuts

========== Software ==========
ABSENT Uninstall Process: c:\users\gary\appdata\local\{6ab85ce4-4e10-305c-2388-15b407e0e92c}\uninstall.exe

========== Process memory ==========
REMOVES: Memory Process: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage

========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YahooPowered]
REMOVES: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
REMOVES: HKCU\SOFTWARE\roamingdevice

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Folders ==========
No folders empty CLSID Local user
REMOVES: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage
REMOVES: C:\Users\Gary\AppData\Local\Setup458648171
REMOVES: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BadCopy Pro
REMOVES: C:\Users\Gary\AppData\Roaming\uTorrent
Deletes temporary Windows (0)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES Reboot: c:\windows\system32\tasks\onedrive standalone update task
REMOVES Reboot: c:\windows\system32\tasks\onedrive standalone update task v2
REMOVES Reboot: c:\windows\system32\tasks\{a28d6e9f-11d1-4b79-a0d8-7ccb20f69972}
REMOVES: C:\WINDOWS\Installer\1b26aa.msi
REMOVES: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage
REMOVES: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\vc6qe3r0.default\extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi
REMOVES: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.broadbandspeedchecker.co.uk_0.localstorage
Deletes temporary Windows (0) (0 octets)

========== System restore ==========
The system successfully created restore point


========== Summary ==========
1 : Process memory
3 : Registry keys
6 : Registry values
6 : Folders
9 : Files
1 : Software
1 : System restore


End of clean in 07mn 38s

========== Path to file report ==========
C:\Users\Gary\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/06/2017 12:50:27 [2642]
 
SuperAntiSpyware was mainly for ferreting out nosey cookie tracking. Does Zemana do the same ?

Turn off Windows Defender, now enabled.

Running Zemana at present, so loathe to start the Hijack This yet, if everything needs to be closed. Will start it when I can. It isn't keen on slimdrivers nor winiso.

Wow that was some task selecting all those. Rebooting now, but I need to be off after. Will need to re-engage Tuesday/Wednesday time. Thanks for the advice.
 
Last edited:
Status
Not open for further replies.