Solved Friends Computer Needs a Checkup

20:21:29.0651 0x10fc TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02

--------------- QuickScript | g3n-h@ckm@n | V3_02.04.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 19/04/2017 20:24:50

Updated 02/04/2017 | 14.30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC-08:00) Pacific Time (US & Canada)
[Mitch (Administrator)] - [MITCH-PC] (S-1-5-21-2113883840-1160270776-2747418757-1000)

System: Microsoft Windows 7 Home Premium - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Home Premium |C:\windows|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: Satellite L755 - TOSHIBA - IdNumber: XB319792W - UUID: 71136460-FBBA-11E0-961F-047D7B056E26
Processor : X64 - 2394 Mhz - Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
InsydeH2O Version 03.60.453.40 - en|US|iso8859-1 - INSYDE - S/N: XB319792W - 3.40 - TOSQCI - 1
CoreTemp : ? Celsius

----------| Script


Registry saved : C:\QuickDiag\Save\Registry [19.04.2017 @ 20_24_51]

Key : [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87566282.sys] Deleted Successfully
Key : [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87566282.sys] Deleted Successfully
Key : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\Classes\Applications\FreeTorrentViewer.exe] Deleted Successfully
Key : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\Software\Blehjoqlir] Deleted Successfully
Key : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\Software\MCAFEE] Deleted Successfully
Key : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\Software\Strongvault] Deleted Successfully
Key : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\Software\Tific] Not Found !
Key : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\AppDataLow\Software\Yahoo] Deleted Successfully
Key : [HKLM\Software\REGSERVO] Deleted Successfully
Key : [HKLM\Software\WOW6432Node\AdobeFlashPlayerUpdate] Deleted Successfully
Key : [HKLM\Software\WOW6432Node\Tific] Not Found !
Key : [HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] Deleted Successfully
Key : [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] Deleted Successfully
Key : [HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] Deleted Successfully
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\extensions\ekdjfcdinekpfcedakhpngcnaamhiihn Moved Successfully
C:\Program Files (x86)\FreeTorrentViewer Moved Successfully
C:\windows\Installer\262be5.msi' Not Found !
C:\windows\Installer\9118a6.msi Moved Successfully
C:\windows\Installer\938618.msi Moved Successfully
C:\windows\System32\gatherNetworkInfo.vbs Moved Successfully
C:\Users\Mitch\AppData\Local\Tific Moved Successfully
C:\Users\Mitch\AppData\LocalLow\Yahoo! Not Found !
C:\Users\Mitch\AppData\Roaming\FreeTorrentViewer Moved Successfully
C:\Users\Mitch\AppData\Roaming\Tific Not Found !
C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeTorrentViewer Moved Successfully
C:\ProgramData\McAfee Moved Successfully
C:\ProgramData\REGSERVO64 Moved Successfully
C:\ProgramData\Yahoo! Not Found !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REGSERVO Moved Successfully
C:\Program Files (x86)\FreeTorrentViewer Not Found !
C:\Program Files (x86)\Yahoo! Not Found !
C:\ProgramData\Temp:373E1720 Not Moved ! -> Reboot !
C:\ProgramData\Temp1B5B4F1 Not Moved ! -> Reboot !
ADS : @C:\ProgramData\Temp:373E1720 Deleted successfully
ADS : @C:\ProgramData\Temp1B5B4F1 Deleted successfully

-------------- | CleanDisk :

FreeSpace : 411439
Cleaning.......
FreeSpace : 411439

----------(EOF)----------

What now??

re-ran quick fix:
--------------- QuickScript | g3n-h@ckm@n | V3_02.04.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 19/04/2017 20:49:25

Updated 02/04/2017 | 14.30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC-08:00) Pacific Time (US & Canada)
[Mitch (Administrator)] - [MITCH-PC] (S-1-5-21-2113883840-1160270776-2747418757-1000)

System: Microsoft Windows 7 Home Premium - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Home Premium |C:\windows|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: Satellite L755 - TOSHIBA - IdNumber: XB319792W - UUID: 71136460-FBBA-11E0-961F-047D7B056E26
Processor : X64 - 2394 Mhz - Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
InsydeH2O Version 03.60.453.40 - en|US|iso8859-1 - INSYDE - S/N: XB319792W - 3.40 - TOSQCI - 1
CoreTemp : ? Celsius

----------| Script


Registry saved : C:\QuickDiag\Save\Registry [19.04.2017 @ 20_49_26]

Key : [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87566282.sys] Not Found !
Key : [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87566282.sys] Not Found !
Key : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\Classes\Applications\FreeTorrentViewer.exe] Not Found !
Key : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\Software\Blehjoqlir] Not Found !
Key : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\Software\MCAFEE] Not Found !
Key : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\Software\Strongvault] Not Found !
Key : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\Software\Tific] Not Found !
Key : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\AppDataLow\Software\Yahoo] Not Found !
Key : [HKLM\Software\REGSERVO] Not Found !
Key : [HKLM\Software\WOW6432Node\AdobeFlashPlayerUpdate] Not Found !
Key : [HKLM\Software\WOW6432Node\Tific] Not Found !
Key : [HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] Deleted Successfully
Key : [HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] Deleted Successfully
Key : [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] Deleted Successfully
Key : [HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] Deleted Successfully
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\extensions\ekdjfcdinekpfcedakhpngcnaamhiihn Not Found !
C:\Program Files (x86)\FreeTorrentViewer Not Found !
C:\windows\Installer\262be5.msi' Not Found !
C:\windows\Installer\9118a6.msi Not Found !
C:\windows\Installer\938618.msi Not Found !
C:\windows\System32\gatherNetworkInfo.vbs Not Found !
C:\Users\Mitch\AppData\Local\Tific Not Found !
C:\Users\Mitch\AppData\LocalLow\Yahoo! Not Found !
C:\Users\Mitch\AppData\Roaming\FreeTorrentViewer Not Found !
C:\Users\Mitch\AppData\Roaming\Tific Not Found !
C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeTorrentViewer Not Found !
C:\ProgramData\McAfee Not Found !
C:\ProgramData\REGSERVO64 Not Found !
C:\ProgramData\Yahoo! Not Found !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REGSERVO Not Found !
C:\Program Files (x86)\FreeTorrentViewer Not Found !
C:\Program Files (x86)\Yahoo! Not Found !
C:\ProgramData\Temp:373E1720 Not Found !
C:\ProgramData\Temp1B5B4F1 Not Found !

-------------- | CleanDisk :

FreeSpace : 411401
Cleaning.......
FreeSpace : 411401

----------(EOF)----------

SuspRestrict
Report Restricted to Pierre13 (CTR version 2.5.0.0) of 19 \ 04 \ 2017 at 20:53:28
Mitch's PC
Microsoft Windows 7 Home Premium Service Pack 1 (64-bit) [6.1.7601]

Repair error 2203 performed.

Control presence restrictions

[BKDR_BLACKEN.A] key DisableFirstRunCustomize deleted.
[BKDR_BLACKEN.A] key WarnOnClose corrected.
Authorization installation Java (x86) deleted.
Authorization installation Java (x64) deleted.
Restriction Display Recent documents deleted.
Restriction Display Documents deleted.
Restriction Synchronization Background Information Streams and Web Slices Removed.
Restriction discovery of RSS feeds and Web Slices deleted.
Numeric keypad active.
User Restriction for Windows Installer Removed.
Windows Update Search Reverted.
Windows Firewall service enabled.
Windows Firewall settings restored by default and enabled.

240 controlled restrictions.

12 Restricted Restriction (s).
Reboot the PC to take the repair (s) into account.


The report is on the desktop (C: \ Users \ Mitch \ Desktop \ CTR.txt)

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

Platform: x64 Windows 7 (Home Premium), 6.1.7601, Service Pack: 1
Time: 19.04.2017 - 20:57
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: Mitch (group: Administrator) on MITCH-PC

Chrome: 57.0.2987.133
Internet Explorer: 9.0.8112.16447

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
1 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
1 C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
1 C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
9 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
1 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
1 C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\avastui.exe
1 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1 C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
1 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
1 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
1 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
1 C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
1 C:\Program Files\Toshiba\TECO\Teco.exe
1 C:\Program Files\Toshiba\TECO\TecoService.exe
1 C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
1 C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
1 C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
1 C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Users\Mitch\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\TODDSrv.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\notepad.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\sppsvc.exe
9 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe

R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - Google - http://www.google.com/search?q={searchTerms}
O4 - HKCU\..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe /AUTO
O4 - HKLM\..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe /r
O4 - HKLM\..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\Run: [ZAM] C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe /minimized
O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKU\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKU\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4 - HKU\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKU\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4-32 - HKLM\..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui
O4-32 - HKLM\..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW
O4-32 - HKLM\..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe UNATTENDED
O4-32 - HKLM\..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4-32 - HKLM\..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
O9-32 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (HKLM)
O9-32 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (HKLM)
O16-32 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
O17 - DHCP DNS - 1: 192.168.1.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - Task (Disabled): \OfficeSoftwareProtectionPlatform\SvcRestartTask - C:\windows\system32\sc.exe start osppsvc
O22 - Task (Queued): \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file)
O22 - Task (Queued): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate
O22 - Task (Queued): avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
O22 - Task (Ready): CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task (Ready): GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task (Ready): GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task (Ready): SafeZone scheduled Autoupdate 1463186051 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task (Ready): \AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
O22 - Task (Ready): \Microsoft\Windows\Media Center\mcupdate_scheduled - C:\windows\ehome\mcupdate.exe -crl -hms -pscn 15
O22 - Task (Ready): \Microsoft\Windows\NetTrace\GatherNetworkInfo - C:\windows\system32\gatherNetworkInfo.vbs (file missing)
O22 - Task (Ready): \Microsoft\Windows\Windows Activation Technologies\ValidationTask - C:\windows\system32\Wat\WatAdminSvc.exe /run
O22 - Task (Ready): \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - C:\windows\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
O22 - Task (Ready): {1426D1E5-5A00-4D59-985A-2107F1BEF83C} - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
O22 - Task (Ready): {2FB9F27A-DE3A-4CD6-B8B6-B233E63B6955} - C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE
O22 - Task (Ready): {65C76270-92BA-4F63-B82C-13F0D18DD623} - C:\windows\system32\pcalua.exe -a "C:\Users\Mitch\Desktop\OpenOffice 4.1.1 (en-US) Installation Files\setup.exe" -d "C:\Users\Mitch\Desktop\OpenOffice 4.1.1 (en-US) Installation Files"
O22 - Task (Ready): {A8D2B036-36FC-403B-8061-05969D1469A2} - C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE
O22 - Task (Ready): {E210F47C-43C1-4A1F-B297-CCB4BE5B7E4D} - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Management and Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: TOSHIBA Optical Disc Drive Service - (TODDSrv) - C:\Windows\system32\TODDSrv.exe
O23 - Service R2: TOSHIBA Power Saver - (TosCoSrv) - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service R2: TOSHIBA eco Utility Service - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service R2: Veoh Giraffic Video Accelerator - (Giraffic) - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
O23 - Service R2: ZAM Controller Service - (ZAMSvc) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
O23 - Service R3: TOSHIBA HDD SSD Alert Service - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service R3: TPCH Service - (TPCHSrv) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S2: MBAMService - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: GamesAppService - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service S3: Google Software Updater - (gusvc) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: InstallDriver Table Manager - (IDriverT) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service S3: TMachInfo - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

--
End of file - Time spent: 15 sec. - 21546 bytes, CRC32: FFFFFFFF. Sign: ⁽ⷿ

We got a problem. My friend had to leave and had me close the AdsFix program when it was at 51%. It had deleted 41 items by then, but I couldn't grab any log file. I will see him again next week, would interrupting that fix cause any significant issues? And are you willing to wait a week to continue with the logs/fixes?

Just checking in, my friend will be here in a few hours, what should the first step be? Should I re-run the Adsfix and let it finish or move on to another step?

Here's the AdsFix log. The previous entries did not re-appear so I can't know what those were unfortunately.


---------- | AdsFix | g3n-h@ckm@n | V4_05.04.17.1

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 21:01:30 - 19/04/2017

update on : 05/04/2017 | 12.10 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Mitch\Desktop\AdsFix.exe
Boot: Normal boot
[Mitch (Administrator)] - [MITCH-PC] - (united states [0409])
SID = S-1-5-21-2113883840-1160270776-2747418757-1000 || [4d69746368205e5e]
PC : Intel Corp. - Base Board Product Name - PSK1WU-0P4048
Processor : X64 - 2394 - Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Bios : INSYDE - 06/08/2012 - V.3.40
CoreTemp : ? C


System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 4141 | Free (MB) : 2320
Pagefile = Total (MB) : 8280 | Free (MB) : 6289
Virtual = Total (MB) : 4194 | Free (MB) : 3971

C:\ -> [Fixed] | [TI106234W0C] | Total : 449.77 Go | Free : 404.76 Go -> NTFS [ATA]

Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [19.04.2017 @ 21_01_28]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2012-08-12 21:11:03
Last downloaded : 2012-11-16 02:18:27
Last installation : 2012-11-16 03:04:58
Next search : 2017-04-20 03:55:12

Windows Is Activated

---------- | Browsers

IE : 9.0.8112.16447 (© Microsoft Corporation. All rights reserved.)
GC : 57.0.2987.133 (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

AM : Malwarebytes' Anti-Malware (2.3.55.0) [Update : 08/09/2015 10:46:40]
FW : avast! Antivirus Disabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Order
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 18.0.0.232
Plugin : 18.0.0.232

---------- | Killed processes

1424 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe
1492 | [Owner : SYSTEM |Parent : 464(svchost.exe)] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
1668 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Giraffic - Giraffic Video Accelerator Watchdog.) - (0.86.412.230) = C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
1896 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Microsoft Corporation - Microsoft Application Virtualization Virtual Service Agent.) - (4.6.2.22610) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2068 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.TOSHIBA Corporation - TDCSrv Application.) - (1.0.0.8) = C:\Windows\System32\TODDSrv.exe
2096 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) - (1.0.0.5) = C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2104 | [Owner : SYSTEM |Parent : 1668()] - (.Giraffic - Giraffic Video Accelerator.) - (0.86.412.230) = C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
2312 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2384 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Copyright 2017. - ZAM.) - (2.72.0.101) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
2552 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Microsoft Corporation - Microsoft Application Virtualization Client Service.) - (4.6.2.22610) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2960 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.TOSHIBA Corporation - TOSHIBA eco Utility Service.) - (1.3.0.0) = C:\Program Files\Toshiba\TECO\TecoService.exe
3420 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) - (1.0.0.7) = C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
3596 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Microsoft Corporation - Microsoft Office Client Virtualization Service.) - (14.0.6114.5003) = C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3684 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.TOSHIBA Corporation - TOSHIBA Flash Cards Main Module.) - (1.0.11.64) = C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
3904 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) - (1.7.32.0) = C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
4076 | [Owner : LOCAL SERVICE |Parent : 724(services.exe)] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2860 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.TOSHIBA Corporation - TOSHIBA eco Utility.) - (1.3.0.0) = C:\Program Files\Toshiba\TECO\Teco.exe
3076 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.TOSHIBA Corporation - Message Center.) - (1.6.0.64) = C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
3280 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.TOSHIBA Corporation - Monitor of TOSHIBA ReelTime.) - (1.7.9.0) = C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
1136 | [Owner : Mitch |Parent : 3488()] - (.- DivX Update.) - (1.0.6.15) = C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
4376 | [Owner : Mitch |Parent : 5116()] - (.Microsoft Corporation - Notepad.) - (6.1.7600.16385) = C:\Windows\System32\notepad.exe
3724 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3500 | [Owner : Mitch |Parent : 3724(chrome.exe)] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3224 | [Owner : Mitch |Parent : 3724(chrome.exe)] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3296 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Intel Corporation - Local Manageability Service.) - (7.0.2.1164) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2976 | [Owner : NETWORK SERVICE |Parent : 724(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
2804 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.TOSHIBA Corporation - TOSHIBA PC Health Monitor.) - (1.0.0.17) = C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
4580 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.TOSHIBA Corporation - TosSmartSrv.exe.) - (1.1.0.8) = C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
4976 | [Owner : Mitch |Parent : 2892()] - (.TOSHIBA Corporation - TosSENotify.exe.mui.) - (1.0.64.16) = C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
4300 | [Owner : Mitch |Parent : 1536()] - (.TOSHIBA Corporation - TOSHIBA PC Health Monitor.) - (1.0.0.10) = C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
2164 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Intel Corporation - User Notification Service.) - (7.0.2.1164) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
304 | [Owner : NETWORK SERVICE |Parent : 724(services.exe)] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe

---------- | Tasks



---------- | Services

Service : WINDEFEND : Restored

---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot


---------- | Winsock


---------- | DNS


---------- | Register

Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.BCCImpl : BCCImpl Class
Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.BCCImpl.1 : BCCImpl Class
Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.YAUEnumJob : YAUEnumJob Class
Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.YAUEnumJob.1 : YAUEnumJob Class
Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.YAUJob.1 : YAUJob Class
Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.YAUManager.1 : YAUManager Class
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\protector_dll.DLL : #
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\YahooAUService.EXE : #
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\{51B4D471-086A-4137-AD28-84EED05088AE} : SuperfishIEAddon #
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D} : protector_dll #
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\{C1352D97-77A9-4DD5-8042-BA14D5C8E266} : YahooAUService #
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\YahooAUService.YAUJob : YAUJob Class
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4BB3A9A2-28E2-492D-A01A-62E95656B4CD}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7666F922-5FCE-40DB-877A-793329B9D84E}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{90AFF435-B544-4F94-A0C2-CC020EACA4E3}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{93D47509-1A2B-4D7C-A0F7-85C80B6F31A5}
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{9F5C5784-A417-472C-81F6-336A2981B26E} : C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{A10D8738-B424-49F5-AE07-682C60F77D12} : C:\PROGRA~2\COMMON~1\ULEADS~1\DVD\LXBURN~1.DLL
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{5C05E85E-B0E8-453E-8DD8-8FCA7B8F797A} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface\{5C05E85E-B0E8-453E-8DD8-8FCA7B8F797A} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{B029974B-0BC4-424D-9363-F5D494D2A9BD} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface\{B029974B-0BC4-424D-9363-F5D494D2A9BD} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{B6AF2444-EA13-40E0-8948-78E7AE610862} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface\{B6AF2444-EA13-40E0-8948-78E7AE610862} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{BF838BD9-E55F-4A01-ABBA-B2171E63A35B} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface\{BF838BD9-E55F-4A01-ABBA-B2171E63A35B} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{C186994A-066E-4D08-8F33-CF1262640A4C} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface\{C186994A-066E-4D08-8F33-CF1262640A4C} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{D00A1789-6A8F-4AEB-A723-8ED53D445957} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface\{D00A1789-6A8F-4AEB-A723-8ED53D445957} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3459D5C6-ED0D-450E-AAA7-E18B952A4A49} : {A10D8738-B424-49F5-AE07-682C60F77D12}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7CB88608-C06A-41A5-89DE-79AD6A8A7E1F} : {A10D8738-B424-49F5-AE07-682C60F77D12}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9FE3269F-9610-43DD-9478-8373CAFE17DC} : {A10D8738-B424-49F5-AE07-682C60F77D12}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C3CDB7DC-2B68-43CC-BBBA-D09BBCF4BE88} : {A10D8738-B424-49F5-AE07-682C60F77D12}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E691B211-582E-486A-A9BD-01559020156B} : {A10D8738-B424-49F5-AE07-682C60F77D12}
Deleted successfully : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\TBSBtnCfg.exe
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\TBSbtnSt.exe
Deleted successfully : HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\AI_RecycleBin
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\NPCCU
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\PCTools
---------- | AdsFix | g3n-h@ckm@n | V4_05.04.17.1

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 15:48:41 - 26/04/2017

update on : 05/04/2017 | 12.10 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Mitch\Desktop\AdsFix.exe
Boot: Normal boot
[Mitch (Administrator)] - [MITCH-PC] - (Unied States [0409])
SID = S-1-5-21-2113883840-1160270776-2747418757-1000 || [4d69746368205e5e]
PC : Intel Corp. - Base Board Product Name - PSK1WU-0P4048
Processor : X64 - 2394 - Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Bios : INSYDE - 06/08/2012 - V.3.40
CoreTemp : ? C


System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 4141 | Free (MB) : 2863
Pagefile = Total (MB) : 8280 | Free (MB) : 6977
Virtual = Total (MB) : 4194 | Free (MB) : 3945

C:\ -> [Fixed] | [TI106234W0C] | Total : 449.77 Go | Free : 405.64 Go -> NTFS [ATA]

Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [26.04.2017 @ 15_48_40]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2012-08-12 21:11:03
Last downloaded : 2012-11-16 02:18:27
Last installation : 2012-11-16 03:04:58
Next search : 2017-04-26 01:45:49

Windows Is Activated

---------- | Browsers

IE : 9.0.8112.16447 (© Microsoft Corporation. All rights reserved.)
GC : 57.0.2987.133 (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

AM : Malwarebytes' Anti-Malware (2.3.55.0) [Update : 08/09/2015 10:46:40]
FW : avast! Antivirus Disabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Started
AS: Windows Defender [Manual(3)] = Order
FW: Windows FireWall Service [Auto(2)] = Order
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 18.0.0.232
Plugin : 18.0.0.232

---------- | Killed processes

1612 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe
1824 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Giraffic - Giraffic Video Accelerator Watchdog.) - (0.86.412.230) = C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
1384 | [Owner : SYSTEM |Parent : 1824()] - (.Giraffic - Giraffic Video Accelerator.) - (0.86.412.230) = C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
1452 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) - (1.0.0.7) = C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
536 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.TOSHIBA Corporation - TOSHIBA Flash Cards Main Module.) - (1.0.11.64) = C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
2080 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) - (1.7.32.0) = C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
2372 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Microsoft Corporation - Microsoft Application Virtualization Virtual Service Agent.) - (4.6.2.22610) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2432 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.TOSHIBA Corporation - TOSHIBA eco Utility.) - (1.3.0.0) = C:\Program Files\Toshiba\TECO\Teco.exe
2504 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.TOSHIBA Corporation - Toshiba Volume Regulator.) - (1.0.0.6) = C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
2584 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.TOSHIBA Corporation - TDCSrv Application.) - (1.0.0.8) = C:\Windows\System32\TODDSrv.exe
2600 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.TOSHIBA Corporation - Message Center.) - (1.6.0.64) = C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
2616 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.TOSHIBA Corporation - Monitor of TOSHIBA ReelTime.) - (1.7.9.0) = C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
2660 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) - (1.0.0.5) = C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2828 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2912 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Copyright 2017. - ZAM.) - (2.72.0.101) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
3040 | [Owner : Mitch |Parent : 2856()] - (.- DivX Update.) - (1.0.6.15) = C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2096 | [Owner : Mitch |Parent : 376(svchost.exe)] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
3012 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Microsoft Corporation - Microsoft Application Virtualization Client Service.) - (4.6.2.22610) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
3212 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.TOSHIBA Corporation - TOSHIBA eco Utility Service.) - (1.3.0.0) = C:\Program Files\Toshiba\TECO\TecoService.exe
3372 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Microsoft Corporation - Microsoft Office Client Virtualization Service.) - (14.0.6114.5003) = C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
4864 | [Owner : NETWORK SERVICE |Parent : 712(services.exe)] - (.Microsoft Corporation - Microsoft Distributed Transaction Coordinator Service.) - (2001.12.8530.16385) = C:\Windows\System32\msdtc.exe
2468 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.TOSHIBA Corporation - TOSHIBA PC Health Monitor.) - (1.0.0.17) = C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
4412 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.TOSHIBA Corporation - TosSmartSrv.exe.) - (1.1.0.8) = C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
1164 | [Owner : Mitch |Parent : 2556()] - (.TOSHIBA Corporation - TosSENotify.exe.mui.) - (1.0.64.16) = C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
4996 | [Owner : Mitch |Parent : 2496()] - (.TOSHIBA Corporation - TOSHIBA PC Health Monitor.) - (1.0.0.10) = C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
384 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Intel Corporation - Local Manageability Service.) - (7.0.2.1164) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
4396 | [Owner : NETWORK SERVICE |Parent : 712(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
4616 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Intel Corporation - User Notification Service.) - (7.0.2.1164) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

---------- | Tasks



---------- | Services


---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot


---------- | Winsock


---------- | DNS


---------- | Register

Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.YAUManager : YAUManager Class
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\690D05DFEA2A0F04DB7236B2BC991975 : 02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Software Update : (Yahoo! Software Update) C:\PROGRA~2\Yahoo!\SOFTWA~1\UNINST~1.EXE

---------- | Folders | Files

Deleted successfully : C:\Program Files (x86)\Netwaiting\Aboutn.dll (Copyright © Avanquest Software 2009.-.About) ABOUTN.DLL
Deleted successfully : C:\Program Files (x86)\Netwaiting\NetWaiting.exe (Copyright © Avanquest Software 1997-2008.-.NetWaiting) netwaiting.exe
Deleted successfully : C:\Program Files (x86)\Common Files\PC Tools
Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetZero\NetZero Internet Service.lnk (.-.)
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb
Deleted successfully : C:\Users\Mitch\Documents\My Web Backups
Deleted successfully : C:\ProgramData\PC Tools
Deleted successfully : C:\Users\John\AppData\Local\Temp
Deleted successfully : C:\Users\Mitch\AppData\Local\Apps
Deleted successfully : C:\Users\Mitch\AppData\Local\DDMSettings

---------- | .LNK


---------- | opening unknown extension


---------- | Proxy


---------- | Internet Explorer

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\windows\System32\blank.htm
Repaired : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2
Repaired : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1
Repaired : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1
Repaired : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1

---------- | Yandex : X

---------- | Google Chrome

Deleted successfully : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL
Deleted successfully : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = (Changelog)
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\extensions\nlgfkngkdcjlfgcfdmjoafonkkhacilj = perisistent: false
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ]

C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com/ - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\extensions\nneajnkjbffgblleaoojgaacokifdkhm = : __MSG_extdesc__ - __MSG_extname__
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\extensions\nneajnkjbffgblleaoojgaacokifdkhm = : __MSG_extdesc__ - __MSG_extname__

---------- | SrWare Iron : X

---------- | Comodo Dragon : X

---------- | Firefox : X

---------- | SeaMonkey : X

---------- | Pale moon : X

---------- | Opera : X

---------- | Spark (Baidu) : X

---------- | StartMenuInternet


---------- | Javascript


---------- | Firewall


---------- | ADS


Other(s) report(s)


Analyzed : 411216 | Modified : 5 | Deleted : 23

---------- |EOF| ---------- | 17:21:48 | [27 Ko]

Ran the HighjackThis fix, and updated and ran MWB here's the found log, quarantined all and the ZHPDiag scan. Next step?

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/26/17
Scan Time: 6:13 PM
Logfile: mbam.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1816
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mitch-PC\Mitch

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 173782
Time Elapsed: 1 hr, 24 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.REGServo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REGSERVO.exe, No Action By User, [2028], [366351],1.0.1816
PUP.Optional.REGServo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REGSERVO.exe, No Action By User, [2028], [366351],1.0.1816

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Trojan.Injector.BHO, C:\SETTINGS.INI, No Action By User, [16597], [302129],1.0.1816
PUP.Optional.REGServo, C:\USERS\MITCH\DOWNLOADS\REGSERVO_SETUP_2.1.6.EXE, No Action By User, [2028], [344366],1.0.1816

Physical Sector: 0
(No malicious items detected)


(end)

~ ZHPDiag v2017.4.26.72 By Nicolas Coolman (2017/04/26)
~ Run by Mitch (Administrator) (2017/04/26 19:44:43)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version KO
~ Mode: Scan
~ Report: C:\Users\Mitch\Desktop\ZHPDiag.txt
~ Report: C:\Users\Mitch\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation

---\\ Internet Browsers (2) - 0s
~ GCIE: Google Chrome v57.0.2987.133
~ MSIE: Internet Explorer v9.0.8112.16421

---\\ Windows Product Information (4) - 0s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software (1) - 2s
Avast Free Antivirus v12.1.2272 (Protection)

---\\ System protection software (Superfluous) (1) - 2s
~ Zemana AntiMalware v2.72.101 (Superfluous)

---\\ Surveillance software (2) - 2s
~ Adobe Flash Player 18 NPAPI (Surveillance)
~ Adobe Reader X MUI (Surveillance)

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 4140.912 MB (70% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 411 GB (89%) free of 460 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: MITCH-PC
~ User Name: Mitch
~ Logged in as Administrator

---\\ Enumeration of the disk units (1) - 0s
~ Drive C: has 411 GB free of 460 GB (System)

---\\ State of the Windows Security Center (12) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

---\\ Search Generic System Files (24) - 1s
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - 24/02/2011 - (.Microsoft Corporation - Windows Explorer.) -- C:\windows\Explorer.exe [2871808] =>.Microsoft Corporation
[MD5.DD81D91FF3B0763C392422865C9AC12E] - 13/07/2009 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\windows\System32\rundll32.exe [45568] =>.Microsoft Corporation
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - 13/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\windows\System32\Wininit.exe [129024] =>.Microsoft Corporation
[MD5.5A45FA344F4AD99D903F4B20E43B89EC] - 02/06/2012 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\windows\System32\wininet.dll [1392128] =>.Microsoft Corporation
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - 20/11/2010 - (.Microsoft Corporation - Windows Logon Application.) -- C:\windows\System32\Winlogon.exe [390656] =>.Microsoft Corporation
[MD5.067FA52BFB59A56110A12312EF9AF243] - 20/11/2010 - (.Microsoft Corporation - Software Licensing Library.) -- C:\windows\System32\sppcomapi.dll [232448] =>.Microsoft Corporation
[MD5.492D07D79E7024CA310867B526D9636D] - 02/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\windows\System32\dnsapi.dll [357888] =>.Microsoft Corporation
[MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - 02/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\windows\Syswow64\dnsapi.dll [270336] =>.Microsoft Corporation
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - 27/12/2011 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\windows\System32\drivers\AFD.sys [498688] =>.Microsoft Corporation
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - 13/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\windows\System32\drivers\atapi.sys [24128] =>.Microsoft Windows®
[MD5.B8BD2BB284668C84865658C77574381A] - 13/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\windows\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
[MD5.F036CE71586E93D94DAB220D7BDF4416] - 20/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\windows\System32\drivers\Cdrom.sys [147456] =>.Microsoft Corporation
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - 20/11/2010 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\windows\System32\drivers\DfsC.sys [102400] =>.Microsoft Corporation
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 20/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\windows\System32\drivers\HDAudBus.sys [122368] =>.Microsoft Corporation
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 13/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\windows\System32\drivers\i8042prt.sys [105472] =>.Microsoft Corporation
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 13/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\windows\System32\drivers\IpNat.sys [116224] =>.Microsoft Corporation
[MD5.A5D9106A73DC88564C825D317CAC68AC] - 26/04/2011 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\windows\System32\drivers\MRxSmb.sys [158208] =>.Microsoft Corporation
[MD5.09594D1089C523423B32A4229263F068] - 20/11/2010 - (.Microsoft Corporation - MBT Transport driver.) -- C:\windows\System32\drivers\netBT.sys [261632] =>.Microsoft Corporation
[MD5.A2F74975097F52A00745F9637451FDD8] - 10/03/2011 - (.Microsoft Corporation - NT File System Driver.) -- C:\windows\System32\drivers\ntfs.sys [1659776] =>.Microsoft Windows®
[MD5.0086431C29C35BE1DBC43F52CC273887] - 13/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\windows\System32\drivers\Parport.sys [97280] =>.Microsoft Corporation
[MD5.471815800AE33E6F1C32FB1B97C490CA] - 20/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\windows\System32\drivers\Rasl2tp.sys [129536] =>.Microsoft Corporation
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 13/07/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\windows\System32\drivers\smb.sys [93184] =>.Microsoft Corporation
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - 20/11/2010 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\windows\System32\drivers\tdx.sys [119296] =>.Microsoft Corporation
[MD5.DF8126BD41180351A093A3AD2FC8903B] - 24/02/2011 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\windows\System32\drivers\volsnap.sys [296320] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (8) - 1s
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software a.s.®
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) . (.Giraffic - Giraffic Video Accelerator Watchdog.) - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe =>.GIRAFFIC TECHNOLOGIES LTD®
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation®
O23 - Service: Malwarebytes Service (MBAMService) . (.Malwarebytes - Malwarebytes Service.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) . (.TOSHIBA Corporation - TDCSrv Application.) - C:\Windows\system32\TODDSrv.exe =>.Toshiba Corporation
O23 - Service: Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe =>.Intel Corporation®
O23 - Service: ZAM Controller Service (ZAMSvc) . (.Copyright 2017. - ZAM.) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®

---\\ Services not Microsoft (SR=Run, SS=Stop) (14) - 13s
SR - Auto [19/07/2016] [ 197128] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software a.s.®
SR - Auto [13/05/2013] [ 2245232] Veoh Giraffic Video Accelerator (Giraffic) . (.Giraffic.) - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe =>.GIRAFFIC TECHNOLOGIES LTD®
SS - Auto [28/08/2015] [ 144200] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [28/08/2015] [ 144200] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [20/10/2011] [ 182768] Google Software Updater (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe =>.Google Inc®
SS - Demand [04/04/2005] [ 69632] InstallDriver Table Manager (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe =>.Macrovision Corporation
SR - Auto [20/12/2010] [ 325656] Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation®
SS - Auto [20/01/2017] [ 4355024] Malwarebytes Service (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
SS - Demand [11/07/2011] [ 57216] TMachInfo (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.TOSHIBA CORPORATION®
SR - Auto [20/10/2010] [ 138656] TOSHIBA Optical Disc Drive Service (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe =>.TOSHIBA CORPORATION®
SS - Demand [09/06/2011] [ 138152] TOSHIBA HDD SSD Alert Service (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe =>.TOSHIBA CORPORATION®
SS - Demand [01/07/2011] [ 828856] TPCH Service (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\Toshiba\TPHM\TPCHSrv.exe =>.TOSHIBA CORPORATION®
SR - Auto [20/12/2010] [ 2656280] Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe =>.Intel Corporation®
SR - Auto [02/02/2017] [14416624] ZAM Controller Service (ZAMSvc) . (.Copyright 2017..) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®

---\\ Task Planned Automatically (16) - 7s
[MD5.932B0CBB2DFBFD4BC1843B16740E9CD6] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [1648720] (.Activate.) =>.AVAST Software a.s.®
[MD5.7245B4C192D20107B4A3E887AED3F76E] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [6490904] (.Activate.) =>.Piriform Ltd®
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] (.Activate.) =>.Google Inc®
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] (.Activate.) =>.Google Inc®
[MD5.5FA35D553BE9D2279ECC0BD7A569A744] [APT] [SafeZone scheduled Autoupdate 1463186051] (.Avast Software.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe [735736] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.69C8604D12C6F9C88AB0C81D50F0C3D1] [APT] [{65C76270-92BA-4F63-B82C-13F0D18DD623}] (...) -- C:\Users\Mitch\Desktop\OpenOffice 4.1.1 (en-US) Installation Files\setup.exe [478720] (.Activate.)
[MD5.283E10FD63971145CC1E750FFA46180E] [APT] [AVAST Software\Avast settings backup] (.AVAST Software.) -- C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [826808] (.Activate.) =>.AVAST Software s.r.o.®
O39 - APT: avast! Emergency Update - (.AVAST Software.) -- C:\windows\System32\Tasks\avast! Emergency Update [4180] =>.AVAST Software a.s.®
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\windows\System32\Tasks\CCleanerSkipUAC [2790] =>.Piriform Ltd®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore [3202] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA [3330] =>.Google Inc®
O39 - APT: SafeZone scheduled Autoupdate 1463186051 - (.Avast Software.) -- C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1463186051 [3890] =>.AVAST Software s.r.o.®
O39 - APT: Unknown - (...) -- C:\windows\System32\Tasks\{1426D1E5-5A00-4D59-985A-2107F1BEF83C} [3032]
O39 - APT: Unknown - (...) -- C:\windows\System32\Tasks\{2FB9F27A-DE3A-4CD6-B8B6-B233E63B6955} [2982]
O39 - APT: {65C76270-92BA-4F63-B82C-13F0D18DD623} - (...) -- C:\windows\System32\Tasks\{65C76270-92BA-4F63-B82C-13F0D18DD623} [3294]
O39 - APT: Unknown - (...) -- C:\windows\System32\Tasks\{A8D2B036-36FC-403B-8061-05969D1469A2} [2982]

---\\ Auto loading programs from Registry and folders (8) - 1s
O4 - HKLM\..\Run: [ZAM] . (.Copyright 2017. - ZAM.) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
O4 - HKLM\..\Run: [Malwarebytes TrayApp] . (.Malwarebytes - Malwarebytes Tray Application.) -- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe =>.Malwarebytes Corporation®
O4 - HKCU\..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKLM\..\Wow6432Node\Run: [NortonOnlineBackupReminder] . (.Toshiba - Toshiba Online Backup Service.) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TOBuActivation.exe =>.Symantec Corporation®
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe =>.AVAST Software a.s.®
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2113883840-1160270776-2747418757-1000\..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®

---\\ Process running (12) - 1s
[MD5.8EF7C84BB20329D6DCAC09CF6B19345A] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128] [PID.1252] =>.AVAST Software a.s.®
[MD5.1B9100ACCFC9FD8B1D991F4BB80EC401] - (.Giraffic - Giraffic Video Accelerator Watchdog.) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232] [PID.1680] =>.GIRAFFIC TECHNOLOGIES LTD®
[MD5.00000000000000000000000000000000] - (.TOSHIBA Corporation - TDCSrv Application.) -- C:\Windows\system32\TODDSrv.exe [0] [PID.1576] =>.Toshiba Corporation
[MD5.2BACD71123F42CEA603F4E205E1AE337] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096] [PID.1456] =>.Microsoft Corporation®
[MD5.BF45D1E087B701D5215EBE57E2EDCA47] - (.Giraffic - Giraffic Video Accelerator.) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe [4001376] [PID.1460] =>.GIRAFFIC TECHNOLOGIES LTD®
[MD5.2A46FFE841EC43001D5A293A54DB34DE] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [223104] [PID.2136] =>.Microsoft Corporation®
[MD5.C78761C2A5475EA16ADCD438CC17841F] - (.Copyright 2017. - ZAM.) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624] [PID.2180] =>.Zemana Ltd.®
[MD5.C78761C2A5475EA16ADCD438CC17841F] - (.Copyright 2017. - ZAM.) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624] [PID.2840] =>.Zemana Ltd.®
[MD5.70050353213574B62CA9EC28F65F2F3E] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [8900328] [PID.3536] =>.AVAST Software a.s.®
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.868] =>.Intel Corporation®
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.3788] =>.Intel Corporation®
[MD5.7E3F7FDB19CA6C7FEF4FD02BF5E2E65F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Mitch\Downloads\ZHPDiag3.exe [2719744] [PID.4200] =>.Nicolas Coolman

---\\ Google Chrome, Start,Search,Extensions (13) - 0s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://connect.facebook.net =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.googleapis.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://nicolascoolman.com =>.Nicolas Coolman
G0 - GCSP: Preferences [User Data\Default][HomePage] http://staticxx.facebook.com =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.nicolascoolman.com =>.Nicolas Coolman
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.paypalobjects.com
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [nneajnkjbffgblleaoojgaacokifdkhm] __MSG_extname__
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (2) - 0s
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll =>.Adobe Systems Incorporated
P2 - FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (.WildTangent.) -- C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll =>.WildTangent

---\\ Internet Explorer Extensions, Start, Search (17) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com =>.Google Inc.
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2

---\\ Internet Explorer, Proxy Management (7) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)

---\\ Global shortcuts Startup (91) - 4s
O4 - GS\Desktop [Administrator]: AdsFix_Donate.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.paypal.com/ =>.Microsoft Corporation
O4 - GS\Desktop [Administrator]: Veoh Web Player.lnk . (.Veoh Networks - Veoh Web Player Beta.) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe /showplayer {087E17D7B2CA0D412673C947F2D84BDD} =>.Veoh Networks
O4 - GS\Desktop [Administrator]: Vivitar Experience Image Manager.lnk . (...) C:\Program Files (x86)\Vivitar Experience Image Manager\Vivitar.exe
O4 - GS\Desktop [Administrator]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Mitch\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Mitch\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: TOSHIBA Disc Creator(Audio).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendTo:AD =>.TOSHIBA CORPORATION®
O4 - GS\sendTo [Administrator]: TOSHIBA Disc Creator(Data).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendToD =>.TOSHIBA CORPORATION®
O4 - GS\sendTo [Administrator]: TOSHIBA Disc Creator(Image).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendTo:ITD =>.TOSHIBA CORPORATION®
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: AdsFix_Donate.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.paypal.com/ =>.Microsoft Corporation
O4 - GS\Desktop [Guest]: Veoh Web Player.lnk . (.Veoh Networks - Veoh Web Player Beta.) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe /showplayer {087E17D7B2CA0D412673C947F2D84BDD} =>.Veoh Networks
O4 - GS\Desktop [Guest]: Vivitar Experience Image Manager.lnk . (...) C:\Program Files (x86)\Vivitar Experience Image Manager\Vivitar.exe
O4 - GS\Desktop [Guest]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Mitch\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Mitch\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: TOSHIBA Disc Creator(Audio).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendTo:AD =>.TOSHIBA CORPORATION®
O4 - GS\sendTo [Guest]: TOSHIBA Disc Creator(Data).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendToD =>.TOSHIBA CORPORATION®
O4 - GS\sendTo [Guest]: TOSHIBA Disc Creator(Image).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendTo:ITD =>.TOSHIBA CORPORATION®
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Mitch]: AdsFix_Donate.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.paypal.com/ =>.Microsoft Corporation
O4 - GS\Desktop [Mitch]: Veoh Web Player.lnk . (.Veoh Networks - Veoh Web Player Beta.) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe /showplayer {087E17D7B2CA0D412673C947F2D84BDD} =>.Veoh Networks
O4 - GS\Desktop [Mitch]: Vivitar Experience Image Manager.lnk . (...) C:\Program Files (x86)\Vivitar Experience Image Manager\Vivitar.exe
O4 - GS\Desktop [Mitch]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Mitch\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Mitch]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Mitch\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Mitch]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Mitch]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Mitch]: TOSHIBA Disc Creator(Audio).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendTo:AD =>.TOSHIBA CORPORATION®
O4 - GS\sendTo [Mitch]: TOSHIBA Disc Creator(Data).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendToD =>.TOSHIBA CORPORATION®
O4 - GS\sendTo [Mitch]: TOSHIBA Disc Creator(Image).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendTo:ITD =>.TOSHIBA CORPORATION®
O4 - GS\TaskBar [Mitch]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Mitch]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Mitch]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Mitch]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Mitch]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\CommonDesktop [Public]: Avast Free Antivirus.lnk . (.AVAST Software - avast! Antivirus.) C:\Program Files\AVAST Software\Avast\AvastUI.exe =>.AVAST Software a.s.®
O4 - GS\CommonDesktop [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - GS\CommonDesktop [Public]: Zemana AntiMalware.lnk . (.Copyright 2017. - ZAM.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) C:\windows\system32\cmd.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\windows\system32\eudcedit.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\windows\system32\displayswitch.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - Math Input Panel Accessory.) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\windows\system32\mblctr.exe /open =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\windows\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\windows\system32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\windows\system32\StikyNot.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\windows\system32\rundll32.exe %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\windows\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\windows\system32\dfrgui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\windows\system32\cleanmgr.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\windows\system32\perfmon.exe /res =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\windows\system32\msinfo32.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\windows\system32\rstrui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) C:\windows\system32\taskschd.msc /s =>..Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Adobe Reader X.lnk . (...) C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico =>.Adobe Inc.
O4 - GS\ProgramsCommon [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.) C:\windows\ehome\ehshell.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Microsoft Office 2010.lnk . (...) C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe
O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files (x86)\Windows Sidebar\sidebar.exe /showgadgets =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Anytime Upgrade.lnk . (.Microsoft Corporation - Windows Anytime Upgrade User Interface.) C:\windows\system32\WindowsAnytimeUpgradeUI.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\DVD Maker\DVDMaker.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Movie Maker.lnk . (.Microsoft Corporation - Windows Live Movie Maker.) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Photo Gallery.lnk . (.Microsoft Corporation - Windows Live Photo Gallery.) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\windows\system32\xpsrchvw.exe =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (5) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpDomain = hsd1.ca.comcast.net.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 =>.UK Milton Keynes Dedicated Server Hosting
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C541FE9-C89C-4A5B-A474-C4A84D4970EA}: DhcpNameServer = 192.168.1.254 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CC683C3-C270-4C4C-B59E-95069212356D}: DhcpNameServer = 75.75.75.75 75.75.76.76 =>.UK Milton Keynes Dedicated Server Hosting
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CC683C3-C270-4C4C-B59E-95069212356D}: DhcpDomain = hsd1.ca.comcast.net.

---\\ Extra protocols (24) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation®
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation®
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®

---\\ Software installed (99) - 8s
O42 - Logiciel: 9-lab Removal Tool - (..) [HKLM][64Bits] -- 9-lab Removal Tool =>.9-Lab®
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AFF7E080-1974-45BF-9310-10DE1A1F5ED0} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe AIR =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Flash Player 18 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Flash Player 18 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Reader X MUI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-FFFF-7B44-AA0000000001} =>.Adobe Systems Incorporated
O42 - Logiciel: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM][64Bits] -- {3108C217-BE83-42E4-AE9E-A56A2A92E549} =>.Atheros Communications Inc.®
O42 - Logiciel: Avast Free Antivirus - (.AVAST Software.) [HKLM][64Bits] -- Avast =>.AVAST Software a.s.®
O42 - Logiciel: Bejeweled 3 - (.WildTangent.) [HKLM][64Bits] -- WTA-449bd985-3c9d-415e-91db-c4c8da29a06b =>.WildTangent Inc®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: Chuzzle Deluxe - (.WildTangent.) [HKLM][64Bits] -- WTA-2b98a26a-9857-4cda-b8c0-eee3bb490993 =>.WildTangent Inc®
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {51C7AD07-C3F6-4635-8E8A-231306D810FE} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {ED5776D5-59B4-46B7-AF81-5F2D94D7C640} =>.Cisco Systems, Inc.
O42 - Logiciel: Conexant HD Audio - (.Conexant.) [HKLM][64Bits] -- CNXT_AUDIO_HDA =>.Conexant Systems, Inc.®
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} =>.Microsoft
O42 - Logiciel: DivX Setup - (.DivX, LLC.) [HKLM][64Bits] -- DivX Setup =>.DivX, LLC®
O42 - Logiciel: FATE - The Traitor Soul - (.WildTangent.) [HKLM][64Bits] -- WTA-77bd5c54-5d8d-4416-9bba-1ba4a88ce1b7 =>.WildTangent Inc®
O42 - Logiciel: ffdshow [rev 2527] [2008-12-19] - (..) [HKLM][64Bits] -- ffdshow_is1
O42 - Logiciel: Fishdom (TM) 2 - (.WildTangent.) [HKLM][64Bits] -- WTA-acdb0c5a-477e-4756-b925-430ed43ca90f =>.WildTangent Inc®
O42 - Logiciel: FreeTorrentViewer - (.Free Torrent Viewer.) [HKLM][64Bits] -- FreeTorrentViewer
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {18455581-E099-4BA8-BC6B-F34B2F06600C} =>.Google Inc.
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Haali Media Splitter - (.Mike Matsnev.) [HKLM][64Bits] -- HaaliMkx =>.Mike Matsnev
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {3E29EE6C-963A-4aae-86C1-DC237C4A49FC} =>.Intel Corporation®
O42 - Logiciel: Java Auto Updater - (.Sun Microsystems, Inc..) [HKLM][64Bits] -- {4A03706F-666A-4037-7777-5F2748764D10} =>.Sun Microsystems, Inc.
O42 - Logiciel: Java(TM) 6 Update 25 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216025FF} =>.Oracle
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} =>.Microsoft Corporation
O42 - Logiciel: Label@Once 1.0 - (.Corel.) [HKLM][64Bits] -- {0D795777-9D60-4692-8386-F2B3F2B5E5BF} =>.Corel
O42 - Logiciel: Malwarebytes version 3.0.6.1469 - (.Malwarebytes.) [HKLM][64Bits] -- {35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1 =>.Malwarebytes Corporation®
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Application Error Reporting - (.Microsoft Corporation.) [HKLM][64Bits] -- {95120000-00B9-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} =>.Microsoft
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9} =>.Microsoft
O42 - Logiciel: Netwaiting - (.Conexant Systems, Inc.) [HKLM][64Bits] -- {74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A} =>.Conexant Systems, Inc
O42 - Logiciel: Penguins! - (.WildTangent.) [HKLM][64Bits] -- WTA-2c05a9e4-d186-474f-bd85-2496b970ba27 =>.WildTangent Inc®
O42 - Logiciel: Plants vs. Zombies - Game of the Year - (.WildTangent.) [HKLM][64Bits] -- WTA-e1c833ce-2952-47e7-8161-c2ec26e43ff2 =>.WildTangent Inc®
O42 - Logiciel: PlayReady PC Runtime amd64 - (.Microsoft Corporation.) [HKLM][64Bits] -- {BCA9334F-B6C9-4F65-9A73-AC5A329A4D04} =>.Microsoft Corporation
O42 - Logiciel: PlayReady PC Runtime x86 - (.Microsoft Corporation.) [HKLM][64Bits] -- {CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61} =>.Microsoft Corporation
O42 - Logiciel: Polar Bowler - (.WildTangent.) [HKLM][64Bits] -- WTA-1bd9480c-a72e-4acf-9df8-d55787d9bcd7 =>.WildTangent Inc®
O42 - Logiciel: Realtek USB 2.0 Reader Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {62BBB2F0-E220-4821-A564-730807D2C34D} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek WLAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {9D3D8C60-A55F-4fed-B2B9-173001290E16} =>.Realtek Semiconductor Corp®
O42 - Logiciel: REGSERVO - (.TuneUp System Software Pvt Ltd..) [HKLM][64Bits] -- REGSERVO_is1
O42 - Logiciel: SafeZone Stable 1.48.2066.114 - (.Avast Software.) [HKLM][64Bits] -- SafeZone 1.48.2066.114 =>.AVAST Software s.r.o.®
O42 - Logiciel: Skype Launcher - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {DA84ECBF-4B79-47F2-B34C-95C38484C058} =>.Macrovision Corporation®
O42 - Logiciel: Strongvault Online Backup - (.Strongvault.) [HKLM][64Bits] -- {59DB31A9-BCB0-4985-ACA6-F6477C7BE367}
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM][64Bits] -- SynTPDeinstKey =>.Synaptics Incorporated
O42 - Logiciel: Tom Clancy's Splinter Cell - (.WildTangent.) [HKLM][64Bits] -- WTA-64342a07-e20d-4fb5-9bd4-5c83fc3e1740 =>.WildTangent Inc®
O42 - Logiciel: Toshiba App Place - (.Toshiba.) [HKLM][64Bits] -- {ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2} =>.Toshiba
O42 - Logiciel: TOSHIBA Application Installer - (.TOSHIBA.) [HKLM][64Bits] -- {970472D0-F5F9-4158-A6E3-1AE49EFEF2D3} =>.Toshiba
O42 - Logiciel: TOSHIBA Assist - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {C2A276E3-154E-44DC-AAF1-FFDD7FD30E35} =>.Macrovision Corporation®
O42 - Logiciel: Toshiba Book Place - (.K-NFB Reading Technology, Inc..) [HKLM][64Bits] -- {A14962A7-2B7D-456E-BFCD-F54E3A88D41F} =>.K-NFB Reading Technology, Inc.
O42 - Logiciel: TOSHIBA Bulletin Board - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {1C8C049A-145F-4A6E-8290-B5C245EBE39D} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Bulletin Board - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Disc Creator - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {5DA0E02F-970B-424B-BF41-513A5018E4C0} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA eco Utility - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {C2F94B5E-201A-4754-8F2F-4395E1D90DA3} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Face Recognition - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {F67FA545-D8E5-4209-86B1-AEE045D1003F} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Face Recognition - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Hardware Setup - (.TOSHIBA.) [HKLM][64Bits] -- {C4FFA951-9678-4D51-84B4-AFD15D3C45AD} =>.Toshiba
O42 - Logiciel: TOSHIBA Hardware Setup - (.TOSHIBA.) [HKLM][64Bits] -- InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} =>.Toshiba
O42 - Logiciel: TOSHIBA HDD/SSD Alert - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {D4322448-B6AF-4316-B859-D8A0E84DCB38} =>.Toshiba Corporation
O42 - Logiciel: Toshiba Laptop Checkup - (.Symantec Corporation.) [HKLM][64Bits] -- NortonPCCheckup =>.Symantec Corporation®
O42 - Logiciel: TOSHIBA Media Controller - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {C7A4F26F-F9B0-41B2-8659-99181108CDE3} =>.Macrovision Corporation®
O42 - Logiciel: TOSHIBA Media Controller Plug-in - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {F26FDF57-483E-42C8-A9C9-EEE1EDB256E0} =>.Toshiba Corporation
O42 - Logiciel: Toshiba Online Backup - (.Toshiba.) [HKLM][64Bits] -- {C57BCDE1-7CB9-467D-B3BA-7E119916CDC1} =>.Toshiba
O42 - Logiciel: TOSHIBA PC Health Monitor - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Quality Application - (.TOSHIBA.) [HKLM][64Bits] -- {E69992ED-A7F6-406C-9280-1C156417BC49} =>.Toshiba
O42 - Logiciel: TOSHIBA Recovery Media Creator - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {B65BBB06-1F8E-48F5-8A54-B024A9E15FDF} =>.TOSHIBA CORPORATION®
O42 - Logiciel: TOSHIBA ReelTime - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {24811C12-F4A9-4D0F-8494-A7B8FE46123C} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA ReelTime - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Resolution+ Plug-in for Windows Media Player - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Service Station - (.TOSHIBA.) [HKLM][64Bits] -- {AC6569FA-6919-442A-8552-073BE69E247A} =>.Toshiba
O42 - Logiciel: TOSHIBA Sleep Utility - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {654F7484-88C5-46DC-AB32-C66BCB0E2102} =>.TOSHIBA CORPORATION®
O42 - Logiciel: TOSHIBA Supervisor Password - (.TOSHIBA.) [HKLM][64Bits] -- {CBD6B23D-41D5-4A46-8019-6208516C9712} =>.Toshiba
O42 - Logiciel: TOSHIBA Supervisor Password - (.TOSHIBA.) [HKLM][64Bits] -- InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712} =>.Toshiba
O42 - Logiciel: TOSHIBA Value Added Package - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {066CFFF8-12BF-4390-A673-75F95EFF188E} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Value Added Package - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E} =>.TOSHIBA CORPORATION®
O42 - Logiciel: TOSHIBA Web Camera Application - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {6F3C8901-EBD3-470D-87F8-AC210F6E5E02} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Web Camera Application - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Wireless LAN Indicator - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {5B01BCB7-A5D3-476F-AF11-E515BA206591} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBARegistration - (.TOSHIBA.) [HKLM][64Bits] -- {5AF550B4-BB67-4E7E-82F1-2C4300279050} =>.Toshiba
O42 - Logiciel: Uninstall Dual Mode Camera (TDC13E0) - (..) [HKLM][64Bits] -- TDC13E0_2009_0603_1515_is1
O42 - Logiciel: Update Installer for WildTangent Games App - (.WildTangent.) [HKLM][64Bits] -- {2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App =>.WildTangent
O42 - Logiciel: VC80CRTRedist - 8.0.50727.6195 - (.DivX, Inc.) [HKLM][64Bits] -- {933B4015-4618-4716-A828-5289FC03165F} =>.DivX, Inc
O42 - Logiciel: Veoh Giraffic Video Accelerator - (.Giraffic.) [HKLM][64Bits] -- Giraffic =>.GIRAFFIC TECHNOLOGIES LTD®
O42 - Logiciel: Veoh Web Player - (.Veoh Networks, Inc..) [HKLM][64Bits] -- Veoh Web Player Beta
O42 - Logiciel: Virtual Villagers 5 - New Believers - (.WildTangent.) [HKLM][64Bits] -- WTA-52f1d0ea-61e5-4e73-9487-ae54e69b2437 =>.WildTangent Inc®
O42 - Logiciel: Vivitar Experience Image Manager - (..) [HKLM][64Bits] -- Vivitar Experience Image Manager
O42 - Logiciel: WebEx - (.Cisco WebEx LLC.) [HKCU][64Bits] -- ActiveTouchMeetingClient =>.WebEx Communications Inc.®
O42 - Logiciel: WebM Media Foundation Components - (.WebM Project.) [HKLM][64Bits] -- webmmf =>.WebM Project
O42 - Logiciel: WildTangent Games - (.WildTangent.) [HKLM][64Bits] -- WildTangent toshiba Master Uninstall =>.WildTangent
O42 - Logiciel: WildTangent Games App (Toshiba Games) - (.WildTangent.) [HKLM][64Bits] -- {70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba =>.WildTangent
O42 - Logiciel: Zemana AntiMalware - (.Zemana Ltd..) [HKLM][64Bits] -- {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1 =>.Zemana Ltd.
O42 - Logiciel: Zoola Games - (..) [HKLM][64Bits] -- Zoola Games
O42 - Logiciel: Zuma's Revenge - (.WildTangent.) [HKLM][64Bits] -- WTA-54d4bc45-6230-4afa-82ed-66eaac5d1226 =>.WildTangent Inc®

---\\ HKCU & HKLM Software Keys (74) - 8s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\Atheros Communications Inc. =>.Qualcomm Atheros
HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
HKLM\SOFTWARE\Wow6432Node\DivX =>.DivX Inc.
HKLM\SOFTWARE\Wow6432Node\DivXNetworks =>.DivXNetworks
HKLM\SOFTWARE\Wow6432Node\Eset =>.ESET
HKLM\SOFTWARE\Wow6432Node\Giraffic =>.Giraffic
HKLM\SOFTWARE\Wow6432Node\GNU =>.GNU
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\HaaliMkx =>.Haali Media
HKLM\SOFTWARE\Wow6432Node\Hyperlync
HKLM\SOFTWARE\Wow6432Node\InstallShield =>.InstallShield
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\JL2005D =>.Jeilin
HKLM\SOFTWARE\Wow6432Node\JL2005D_5 =>.Jeilin
HKLM\SOFTWARE\Wow6432Node\JL2005D_7 =>.Jeilin
HKLM\SOFTWARE\Wow6432Node\JL6_DECODE
HKLM\SOFTWARE\Wow6432Node\Licenses =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware =>.Malwarebytes' Anti-Malware
HKLM\SOFTWARE\Wow6432Node\MimarSinan =>.Mimar Sinan
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\Norton =>.Symantec Corporation
HKLM\SOFTWARE\Wow6432Node\Norton PC Checkup =>.Symantec Corporation
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\Piriform =>.Piriform
HKLM\SOFTWARE\Wow6432Node\REALTEK Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\SOS
HKLM\SOFTWARE\Wow6432Node\Symantec =>.Symantec
HKLM\SOFTWARE\Wow6432Node\TightVNC =>.TightVNC Project
HKLM\SOFTWARE\Wow6432Node\TOSHIBA =>.Toshiba Corporation
HKLM\SOFTWARE\Wow6432Node\TOSHIBA CORPORATION =>.Toshiba Corporation
HKLM\SOFTWARE\Wow6432Node\TrendMicro =>.TrendMicro
HKLM\SOFTWARE\Wow6432Node\Ulead Systems =>.Ulead Systems
HKLM\SOFTWARE\Wow6432Node\WildTangent =>.WildTangent
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\9-lab =>.9-lab
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\Caphyon =>.Caphyon
HKCU\SOFTWARE\DivX =>.DivX Inc.
HKCU\SOFTWARE\DivXNetworks =>.DivXNetworks
HKCU\SOFTWARE\g3n-h@ckm@n =>.g3n-h@ckm@n
HKCU\SOFTWARE\GNU =>.GNU
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\KineticJump
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
HKCU\SOFTWARE\Mixi.DJ
HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKCU\SOFTWARE\ORL
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\SimonTatham =>.Simon Tatham
HKCU\SOFTWARE\Stronghold Online Backup
HKCU\SOFTWARE\Synaptics =>.Synaptics
HKCU\SOFTWARE\Sysinternals =>.Sysinternals
HKCU\SOFTWARE\TightVNC =>.TightVNC Project
HKCU\SOFTWARE\Toshiba =>.Toshiba Corporation
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\VB and VBA Program Settings =>.Microsoft Corporation
HKCU\SOFTWARE\Veoh
HKCU\SOFTWARE\WebEx =>.Cisco Systems, Inc.
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
HKCU\SOFTWARE\Zemana =>.Zemana
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\DivX =>.DivX Inc.

---\\ Contents of the Common Files folders (207) - 5s
O43 - CFD: 08/09/2015 - [] D -- C:\Program Files\9-lab =>.9-Lab®
O43 - CFD: 13/05/2016 - [] D -- C:\Program Files\AVAST Software =>.AVAST Software s.r.o.®
O43 - CFD: 09/09/2015 - [] D -- C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 03/12/2015 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\CONEXANT =>.Conexant Systems, Inc.®
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\DivX =>.DivX
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\DVD Maker =>.Aone Software
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Google =>.Google
O43 - CFD: 10/07/2013 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 26/04/2017 - [] D -- C:\Program Files\Malwarebytes =>.Malwarebytes
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\PlayReady =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Synaptics =>.Synaptics Incorporated®
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Toshiba =>.Toshiba Corporation
O43 - CFD: 13/07/2009 - [0] HD -- C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Vivitar Experience Image Manager =>.Adobe Systems Incorporated®
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Windows Journal =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 20/11/2010 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 08/09/2015 - [] D -- C:\Program Files (x86)\Adware Removal Tool by TSA =>.TSA Softwares
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 26/04/2017 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Conexant =>.Conexant Systems, Inc.®
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Corel =>.Corel Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\DivX =>.DivX
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\ffdshow =>.Open Source
O43 - CFD: 26/04/2017 - [] D -- C:\Program Files (x86)\Giraffic =>.GIRAFFIC TECHNOLOGIES LTD®
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Haali =>.Haali
O43 - CFD: 14/08/2012 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Intel =>.Intel Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Java =>.Oracle
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Microsoft Application Virtualization Client =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition =>.Microsoft Corporation
O43 - CFD: 28/12/2011 - [] HD -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\MTA
O43 - CFD: 26/04/2017 - [] D -- C:\Program Files (x86)\Netwaiting
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Norton PC Checkup =>.Symantec Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\NortonInstaller =>.Symantec
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\PlayReady =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Realtek =>.Realtek
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Realtek WLAN Driver =>.Realtek Semiconductor Corp.
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\TDC13E0
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\TOSHIBA =>.Toshiba Corporation
O43 - CFD: 20/10/2011 - [] HD -- C:\Program Files (x86)\TOSHIBA Corporation =>.Toshiba Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\TOSHIBA Games =>.Toshiba Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Toshiba Online Backup =>.Toshiba Corporation
O43 - CFD: 19/04/2017 - [0] HD -- C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Veoh Networks =>.Veoh Networks
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\WildTangent Games =>.WildTangent Games
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Windows Live =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 20/11/2010 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 04/02/2017 - [] D -- C:\Program Files (x86)\Zemana AntiMalware =>.Zemana
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Zoola Games
O43 - CFD: 08/09/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
O43 - CFD: 10/07/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 02/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software =>.AVAST Software
O43 - CFD: 09/09/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 10/07/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Label@Once
O43 - CFD: 10/07/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus =>.DivX Inc.
O43 - CFD: 10/07/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow =>.Open Source
O43 - CFD: 10/07/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter =>.Mike Matsnev
O43 - CFD: 10/07/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 26/04/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes =>.Malwarebytes
O43 - CFD: 10/07/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English) =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 26/04/2017 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netwaiting
O43 - CFD: 26/04/2017 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetZero
O43 - CFD: 10/07/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype =>.Skype
O43 - CFD: 09/09/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
O43 - CFD: 09/09/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA =>.Toshiba Corporation
O43 - CFD: 10/07/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live =>.Microsoft Corporation
O43 - CFD: 03/02/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware =>.Zemana
O43 - CFD: 08/09/2015 - [] D -- C:\ProgramData\9-lab =>.9-lab
O43 - CFD: 10/07/2013 - [] D -- C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 13/07/2009 - [] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 13/05/2016 - [] D -- C:\ProgramData\AVAST Software =>.AVAST Software
O43 - CFD: 13/07/2009 - [] SD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\ProgramData\DivX =>.DivX
O43 - CFD: 13/07/2009 - [] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD -- C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 27/11/2016 - [] D -- C:\ProgramData\Giraffic =>.Giraffic
O43 - CFD: 14/08/2012 - [] D -- C:\ProgramData\Google =>.Google
O43 - CFD: 26/04/2017 - [] D -- C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 19/04/2017 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\ProgramData\Norton =>.Symantec Corporation
O43 - CFD: 27/01/2012 - [] HD -- C:\ProgramData\NortonInstaller =>.Symantec
O43 - CFD: 19/04/2017 - [] D -- C:\ProgramData\RogueKiller =>.Adlice
O43 - CFD: 13/07/2009 - [] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 01/08/2011 - [] HD -- C:\ProgramData\Sun =>.Oracle
O43 - CFD: 30/05/2015 - [0] AHD -- C:\ProgramData\TEMP =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\ProgramData\Toshiba =>.Toshiba Corporation
O43 - CFD: 08/01/2013 - [] D -- C:\ProgramData\Toshiba Book Place =>.Toshiba Corporation
O43 - CFD: 27/12/2011 - [] HD -- C:\ProgramData\VirtualizedApplications =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\ProgramData\WebEx =>.Cisco Systems, Inc.
O43 - CFD: 14/08/2012 - [] D -- C:\ProgramData\WildTangent =>.WildTangent
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\Adobe AIR =>.Adobe Inc.
O43 - CFD: 13/04/2017 - [] D -- C:\Program Files (x86)\Common Files\AV =>.Avast
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\DESIGNER =>.Designer
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\DivX Shared =>.DivX
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\Intel =>.Intel Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\Java =>.Oracle
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - [] D -- C:\Program Files (x86)\Common Files\MSSoap =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\postureAgent =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\PX Storage Engine =>.Sonic Solutions
O43 - CFD: 13/07/2009 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\Toshiba Shared =>.Toshiba Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\Ulead Systems =>.Ulead Systems
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\WebM Project =>.WebM Project
O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Common Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 08/09/2015 - [] D -- C:\Users\Mitch\AppData\Roaming\9-lab =>.9-lab
O43 - CFD: 14/08/2012 - [] D -- C:\Users\Mitch\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 09/09/2015 - [] D -- C:\Users\Mitch\AppData\Roaming\AVAST Software =>.AVAST Software
O43 - CFD: 09/07/2013 - [] D -- C:\Users\Mitch\AppData\Roaming\Book Place
O43 - CFD: 05/03/2012 - [] HD -- C:\Users\Mitch\AppData\Roaming\DivX =>.DivX
O43 - CFD: 26/12/2011 - [] HD -- C:\Users\Mitch\AppData\Roaming\Google =>.Google
O43 - CFD: 26/12/2011 - [] HD -- C:\Users\Mitch\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Users\Mitch\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 21/11/2010 - [0] HD -- C:\Users\Mitch\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - [] SD -- C:\Users\Mitch\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 09/02/2012 - [] HD -- C:\Users\Mitch\AppData\Roaming\Product_RM
O43 - CFD: 30/08/2016 - [] D -- C:\Users\Mitch\AppData\Roaming\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 01/06/2013 - [] HD -- C:\Users\Mitch\AppData\Roaming\Toshiba =>.Toshiba Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Users\Mitch\AppData\Roaming\vlc =>.VideoLan Team
O43 - CFD: 26/12/2011 - [] HD -- C:\Users\Mitch\AppData\Roaming\WinBatch =>.winbatch.com
O43 - CFD: 26/04/2017 - [] D -- C:\Users\Mitch\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 08/09/2015 - [] D -- C:\Users\Mitch\AppData\Roaming\ZHP.$quar
O43 - CFD: 02/07/2015 - [] HD -- C:\Users\Mitch\AppData\Local\Adobe =>.Adobe
O43 - CFD: 26/12/2011 - [] SHD -- C:\Users\Mitch\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 21/07/2016 - [] D -- C:\Users\Mitch\AppData\Local\CEF =>.CEF
O43 - CFD: 26/04/2017 - [0] HD -- C:\Users\Mitch\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 07/02/2016 - [] HD -- C:\Users\Mitch\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 31/10/2016 - [] HD -- C:\Users\Mitch\AppData\Local\Google =>.Google
O43 - CFD: 26/12/2011 - [] SHD -- C:\Users\Mitch\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 08/01/2013 - [] D -- C:\Users\Mitch\AppData\Local\Kjs.AppLife.Update
O43 - CFD: 15/09/2015 - [] D -- C:\Users\Mitch\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 08/09/2015 - [] D -- C:\Users\Mitch\AppData\Local\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 08/09/2015 - [] D -- C:\Users\Mitch\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 26/12/2011 - [] HD -- C:\Users\Mitch\AppData\Local\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 26/04/2017 - [] D -- C:\Users\Mitch\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 26/12/2011 - [] SHD -- C:\Users\Mitch\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\Users\Mitch\AppData\Local\TOSHIBA =>.Toshiba Corporation
O43 - CFD: 19/04/2017 - [0] D -- C:\Users\Mitch\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 17/02/2012 - [] HD -- C:\Users\Mitch\AppData\Local\Vivitar Experience Image Manager
O43 - CFD: 08/09/2015 - [] D -- C:\Users\Mitch\AppData\Local\Zemana =>.Zemana
O43 - CFD: 26/04/2017 - [] D -- C:\Users\Mitch\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 08/09/2015 - [0] D -- C:\Users\Mitch\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - [] RD -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 12/07/2012 - [] RD -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 02/01/2012 - [0] HD -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter =>.Mike Matsnev
O43 - CFD: 10/07/2013 - [] RD -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 30/06/2013 - [] RD -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - [] D -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Veoh Networks, Inc
O43 - CFD: 10/07/2013 - [] D -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivitar Experience Image Manager
O43 - CFD: 10/07/2013 - [] D -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoola Games
O43 - CFD: 13/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [] HD -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] HD -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [] HD -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] HD -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 01/08/2011 - [] -- C:\windows\System32\Config\systemprofile\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 10/02/2015 - [] D -- C:\windows\System32\Config\systemprofile\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 26/12/2011 - [] -- C:\windows\System32\Config\systemprofile\AppData\Local\Google =>.Google
O43 - CFD: 01/08/2011 - [] -- C:\windows\System32\Config\systemprofile\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - [] D -- C:\windows\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 01/08/2011 - [] -- C:\windows\System32\Config\systemprofile\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 15/02/2012 - [0] D -- C:\windows\System32\Config\systemprofile\AppData\Local\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 01/08/2011 - [] -- C:\windows\System32\Config\systemprofile\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 08/09/2015 - [] -- C:\windows\System32\Config\systemprofile\AppData\Local\Zemana =>.Zemana
O43 - CFD: 14/08/2012 - [] SD -- C:\windows\System32\Config\systemprofile\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 26/04/2017 - [] D -- C:\windows\System32\Config\systemprofile\AppData\Roaming\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 11/09/2012 - [0] -- C:\windows\System32\Config\systemprofile\AppData\Roaming\TightVNC =>.TightVNC Project

---\\ ShellIconOverlayIdentifiers (SIOI) (3) - 1s
O106 - SIOI: avast [00avast] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - avast! Shell Extension.) -- C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software a.s.®
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation

---\\ System Drivers List (82) - 14s
O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\windows\System32\drivers\adp94xx.sys [491088] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\windows\System32\drivers\adpahci.sys [339536] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\windows\System32\drivers\adpu320.sys [182864] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\windows\System32\drivers\aliide.sys [15440] =>.Microsoft Windows®
O58 - SDL:2011/03/10 23:41:12 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\windows\System32\drivers\amdsata.sys [107904] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\windows\System32\drivers\amdsbs.sys [194128] =>.Microsoft Windows®
O58 - SDL:2011/03/10 23:41:12 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\windows\System32\drivers\amdxata.sys [27008] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\windows\System32\drivers\arc.sys [87632] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\windows\System32\drivers\arcsas.sys [97856] =>.Microsoft Windows®
O58 - SDL:2016/07/19 18:28:46 A . (.AVAST Software - avast! HWID.) -- C:\windows\System32\drivers\aswHwid.sys [37656] =>.AVAST Software a.s.® (.AVAST Software)
O58 - SDL:2016/07/19 18:28:25 A . (.AVAST Software - avast! Keyboard Filter Driver.) -- C:\windows\System32\drivers\aswKbd.sys [37144] =>.AVAST Software a.s.®
O58 - SDL:2016/07/19 18:28:46 A . (.AVAST Software - avast! File System Minifilter for Windows 2.) -- C:\windows\System32\drivers\aswMonFlt.sys [108304] =>.AVAST Software a.s.®
O58 - SDL:2016/07/19 18:28:45 A . (.AVAST Software - avast! WFP Redirect Driver.) -- C:\windows\System32\drivers\aswRdr2.sys [103064] =>.AVAST Software a.s.®
O58 - SDL:2016/07/19 18:28:46 A . (.AVAST Software - avast! Revert.) -- C:\windows\System32\drivers\aswRvrt.sys [74544] =>.AVAST Software a.s.® (.AVAST Software)
O58 - SDL:2016/07/19 18:28:29 A . (.AVAST Software - avast! Virtualization Driver.) -- C:\windows\System32\drivers\aswSnx.sys [1070904] =>.AVAST Software a.s.®
O58 - SDL:2016/07/19 18:30:05 A . (.AVAST Software - avast! self protection module.) -- C:\windows\System32\drivers\aswsp.sys [473592] =>.AVAST Software a.s.®
O58 - SDL:2016/07/19 18:28:46 A . (.AVAST Software - Stream Filter.) -- C:\windows\System32\drivers\aswStm.sys [162904] =>.AVAST Software a.s.®
O58 - SDL:2016/08/05 17:08:07 A . (.AVAST Software - avast! VM Monitor.) -- C:\windows\System32\drivers\aswvmm.sys [292704] =>.AVAST Software a.s.® (.AVAST Software)
O58 - SDL:2009/06/10 13:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\windows\System32\drivers\b57nd60a.sys [270848] =>.Broadcom Corporation
O58 - SDL:2009/06/10 13:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\windows\System32\drivers\BrFiltLo.sys [18432] =>.Brother Industries, Ltd.
O58 - SDL:2009/06/10 13:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\windows\System32\drivers\BrFiltUp.sys [8704] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/13 18:19:07 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\windows\System32\drivers\BrSerId.sys [286720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 13:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\windows\System32\drivers\BrSerWdm.sys [47104] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 13:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\windows\System32\drivers\BrUsbMdm.sys [14976] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 13:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\windows\System32\drivers\BrUsbSer.sys [14720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 13:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\windows\System32\drivers\bxvbda.sys [468480] =>.Broadcom Corporation
O58 - SDL:2011/07/07 15:02:16 A . (.Conexant Systems Inc. - 64-bit High Definition Audio Function Drive.) -- C:\windows\System32\drivers\CHDRT64.sys [1576576] =>.Conexant Systems, Inc.®
O58 - SDL:2009/07/13 18:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\windows\System32\drivers\cmdide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\windows\System32\drivers\elxstor.sys [530496] =>.Microsoft Windows®
O58 - SDL:2009/06/10 13:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\windows\System32\drivers\evbda.sys [3286016] =>.Broadcom Corporation
O58 - SDL:2011/12/26 12:57:17 RSH . (.Authors - .) -- C:\windows\System32\drivers\fbd.sys [13] =>.EasyCo LLC
O58 - SDL:2009/06/10 13:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\windows\System32\drivers\hcw85cir.sys [31232] =>.Hauppauge Computer Works, Inc.
O58 - SDL:2010/10/19 16:34:26 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\windows\System32\drivers\HECIx64.sys [56344] =>.Intel Corporation®
O58 - SDL:2010/11/20 20:23:47 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\windows\System32\drivers\HpSAMD.sys [78720] =>.Microsoft Windows®
O58 - SDL:2011/01/12 17:51:44 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) -- C:\windows\System32\drivers\iaStor.sys [439320] =>.Intel Corporation®
O58 - SDL:2011/03/10 23:41:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\windows\System32\drivers\iaStorV.sys [410496] =>.Microsoft Windows®
O58 - SDL:2011/04/04 20:10:14 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\windows\System32\drivers\igdkmd64.sys [12262624] =>.Intel Corporation
O58 - SDL:2009/07/13 18:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\windows\System32\drivers\iirsp.sys [44112] =>.Microsoft Windows®
O58 - SDL:2010/10/15 01:28:16 A . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\windows\System32\drivers\IntcDAud.sys [317440] =>.Intel(R) Corporation
O58 - SDL:2009/06/02 13:26:26 A . (.Windows (R) Codename Longhorn DDK provider - Universal Serial Bus Camera Driver.) -- C:\windows\System32\drivers\jl2005c.sys [80880] =>.JEILIN TECHNOLOGIES CORPORATION®
O58 - SDL:2010/11/08 12:44:40 A . (.Atheros Communications, Inc. - Atheros L1c PCI-E Gigabit Ethernet Controll.) -- C:\windows\System32\drivers\L1C62x64.sys [76912] =>.Atheros Communications Inc.®
O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\windows\System32\drivers\lsi_fc.sys [114752] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\windows\System32\drivers\lsi_sas.sys [106560] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\windows\System32\drivers\lsi_sas2.sys [65600] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\windows\System32\drivers\lsi_scsi.sys [115776] =>.Microsoft Windows®
O58 - SDL:2017/03/22 11:02:44 A . (.Authors - .) -- C:\windows\System32\drivers\mbae64.sys [77440] =>.Malwarebytes Corporation®
O58 - SDL:2017/04/26 19:41:51 A . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\windows\System32\drivers\MBAMSwissArmy.sys [251832] =>.Malwarebytes Corporation®
O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\windows\System32\drivers\megasas.sys [35392] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\windows\System32\drivers\MegaSR.sys [284736] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\windows\System32\drivers\nfrd960.sys [51264] =>.Microsoft Windows®
O58 - SDL:2011/03/10 23:41:34 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\windows\System32\drivers\nvraid.sys [148352] =>.Microsoft Windows®
O58 - SDL:2011/03/10 23:41:34 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\windows\System32\drivers\nvstor.sys [166272] =>.Microsoft Windows®
O58 - SDL:2011/02/08 19:07:00 A . (.TOSHIBA Corporation - TOSHIBA Universal Camera Filter Driver.) -- C:\windows\System32\drivers\PGEffect.sys [38096] =>.TOSHIBA CORPORATION®
O58 - SDL:2009/06/15 13:58:50 A . (.TOSHIBA - Generic IO & Memory Access.) -- C:\windows\System32\drivers\QIOMem.sys [12800] =>.Toshiba
O58 - SDL:2009/07/13 18:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\windows\System32\drivers\ql2300.sys [1524816] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\windows\System32\drivers\ql40xx.sys [128592] =>.Microsoft Windows®
O58 - SDL:2011/07/08 17:06:08 A . (.Realtek Semiconductor Corp. - Realtek Turbo Mode Filter Driver for 39.) -- C:\windows\System32\drivers\rtcrfilt64.sys [18024] =>.Realtek Semiconductor Corp®
O58 - SDL:2010/03/31 11:10:18 A . (.Realtek Semiconductor Corporation - Realtek RTL8187B NDIS Driver.) -- C:\windows\System32\drivers\rtl8187B.sys [450048] =>.Realtek Semiconductor Corporation
O58 - SDL:2010/04/01 14:01:10 A . (.Realtek Semiconductor Corporation - Realtek RTL8187S PCIE NDIS Driverr.) -- C:\windows\System32\drivers\rtl8187Se.sys [442368] =>.Realtek Semiconductor Corporation
O58 - SDL:2011/01/05 01:08:58 A . (.Realtek Semiconductor Corporation - Realtek RTL81892CE NDIS Driverr.) -- C:\windows\System32\drivers\rtl8192ce.sys [1109096] =>.Realtek Semiconductor Corp®
O58 - SDL:2010/12/17 16:04:28 A . (.Realtek Semiconductor Corporation - Realtek RTL81892SE NDIS Driverr.) -- C:\windows\System32\drivers\rtl8192se.sys [1221224] =>.Realtek Semiconductor Corp®
O58 - SDL:2010/12/22 16:24:00 A . (.Realtek Semiconductor Corporation - Realtek RTL819xP NDIS Driverr.) -- C:\windows\System32\drivers\rtl819xp.sys [626792] =>.Realtek Semiconductor Corp®
O58 - SDL:2010/12/01 16:12:06 A . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/V.) -- C:\windows\System32\drivers\RtsUStor.sys [250984] =>.Realtek Semiconductor Corp®
O58 - SDL:2011/07/08 17:06:08 A . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/V.) -- C:\windows\System32\drivers\rtsuvstor.sys [307304] =>.Realtek Semiconductor Corp®
O58 - SDL:2009/06/10 13:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\windows\System32\drivers\secdrv.sys [23040] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2009/07/13 18:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\windows\System32\drivers\sisraid2.sys [43584] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\windows\System32\drivers\sisraid4.sys [80464] =>.Microsoft Windows®
O58 - SDL:2016/08/30 16:15:58 A . (.Authors - .) -- C:\windows\System32\drivers\staport.sys [44952] =>.AVAST Software a.s.®
O58 - SDL:2009/07/13 18:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\windows\System32\drivers\stexstor.sys [24656] =>.Microsoft Windows®
O58 - SDL:2011/02/03 19:59:06 A . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\windows\System32\drivers\SynTP.sys [1413680] =>.Synaptics Incorporated®
O58 - SDL:2009/07/30 20:22:04 A . (.TOSHIBA Corporation. - TOSHIBA ODD Writing Driver for x64..) -- C:\windows\System32\drivers\tdcmdpst.sys [27784] =>.TOSHIBA CORPORATION®
O58 - SDL:2009/06/24 15:36:48 A . (.TOSHIBA Corporation - tos_sps64.) -- C:\windows\System32\drivers\tos_sps64.sys [482384] =>.TOSHIBA CORPORATION®
O58 - SDL:2017/04/19 16:55:39 A . (.Authors - .) -- C:\windows\System32\drivers\TrueSight.sys [28272] =>.Adlice®
O58 - SDL:2009/06/19 19:15:22 A . (.TOSHIBA Corporation - TOSHIBA TVALZ Filter Driver for x64.) -- C:\windows\System32\drivers\TVALZFL.sys [14472] =>.TOSHIBA CORPORATION®
O58 - SDL:2009/07/14 15:31:18 A . (.TOSHIBA Corporation - TOSHIBA ACPI-Based Value Added Logical and.) -- C:\windows\System32\drivers\TVALZ_O.SYS [26840] =>.TOSHIBA CORPORATION®
O58 - SDL:2009/07/13 18:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\windows\System32\drivers\viaide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\windows\System32\drivers\vsmraid.sys [161872] =>.Microsoft Windows®
O58 - SDL:2009/06/10 14:01:11 A . (.Conexant Systems, Inc. - HSF_HWAZL WDM driver.) -- C:\windows\System32\drivers\VSTAZL6.SYS [292864] =>.Conexant Systems, Inc.
O58 - SDL:2009/06/10 14:01:11 A . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\windows\System32\drivers\VSTCNXT6.SYS [740864] =>.Conexant Systems, Inc.
O58 - SDL:2009/06/10 14:01:11 A . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\windows\System32\drivers\VSTDPV6.SYS [1485312] =>.Conexant Systems, Inc.
O58 - SDL:2016/09/04 14:33:24 A . (.Zemana Ltd. - ZAM.) -- C:\windows\System32\drivers\zam64.sys [203680] =>.Zemana Ltd.®
O58 - SDL:2016/09/04 14:33:21 A . (.Zemana Ltd. - ZAM.) -- C:\windows\System32\drivers\zamguard64.sys [203680] =>.Zemana Ltd.®

---\\ Last modified or created user files (1) - 20s
O61 - LFC: 2017/04/19 20:57:07 A . (.Trend Micro Inc. & Stanislav Polshyn.) -- C:\Users\Mitch\Desktop\HiJackThis\HiJackThis.exe [1147984]

---\\ File Associations Shell Spawning (10) - 1s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

---\\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\Launcher.exe =>.AVAST Software s.r.o.®
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ShowIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ReinstallCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\HideIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software

---\\ Search Browser Infection (1) - 0s
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com/ =>.Google Inc.

---\\ Search Svchost Services (32) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\windows\System32\aelupsvc.dll [72192] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\windows\system32\srvsvc.dll [236032] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\windows\System32\gpsvc.dll [777728] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\windows\System32\ikeext.dll [853504] =>.Microsoft Corporation
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\windows\System32\Audiosrv.dll [679424] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\windows\System32\rasauto.dll [99328] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\windows\System32\rasmans.dll [344064] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [97792] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [64512] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\windows\System32\ipnathlp.dll [359424] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [316928] =>.Microsoft Corporation
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\windows\System32\termsrv.dll [680960] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\windows\system32\wuaueng.dll [2428952] =>.Microsoft Windows Component Publisher®
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\windows\System32\qmgr.dll [849920] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [370688] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\windows\System32\iphlpsvc.dll [569344] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\windows\system32\seclogon.dll [30720] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\windows\System32\appinfo.dll [70656] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\windows\system32\iscsiexe.dll [156672] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\windows\system32\mmcss.dll [67584] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\windows\system32\wbem\WMIsvc.dll [242688] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [121856] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\windows\System32\browser.dll [136192] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\windows\System32\eapsvc.dll [111104] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\windows\system32\schedsvc.dll [1110016] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\windows\system32\kmsvc.dll [90624] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\windows\System32\wercplsupport.dll [84480] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\windows\system32\profsvc.dll [209920] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\windows\system32\themeservice.dll [44544] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\windows\System32\bdesvc.dll [100864] =>.Microsoft Corporation

---\\ Additional Scan (O88) (1) - 0s
~ No malicious or unnecessary items found.

---\\ Summary of the elements found (1) - 0s
~ No malicious or unnecessary items found.

~ Unselected Options:
~ End of the scan, 50558 items in 01mn48s (887)(0)

My friend wants to install OpenOffice, yet when we attempted it consistently comes up with this error. How do we fix it?

Just a heads up. He left for tonight and will be back next Wednesday. The final thing I did to clear the clutter was run Delfix and ONLY remove all the tools on the desktop. Was this okay to do?