Solved In pursuit of greed

Hello everybody i need help with In pursuit of greed (1995) shooter. I play through dosbox and some time ago after i had like 5 saving or so the game started to crush after i try to save (but not when loading). It seems to me somehow the saving crushes from overload. I am not sure. I use windows 7 and have 4.00 gb. In case it matters.

1.

-|x| RstHosts v2.0 - Rapport créé le 29/04/2017 à 18:49:28
-|x| Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
-|x| Nom d'utilisateur : ILANA - ILANA-PC (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\Windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 14/07/2009 - 05:34:48
Date de modification : 29/04/2017 - 18:49:10
Date de dernier accès : 29/04/2017 - 18:49:10

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1 localhost
::1 localhost

-|x|- E.O.F - C:\RstHosts.txt - 624 bytes -|x|-

2.

MiniToolBox by Farbar Version: 17-06-2016
Ran by ILANA (administrator) on 29-04-2017 at 18:51:49
Running from "C:\Users\ILANA\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Model: DH55TC__ Manufacturer: INTEL_
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================

Intel(R) 82578DC Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ILANA-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Intel(R) 82578DC Gigabit Network Connection
Physical Address. . . . . . . . . : 00-27-0E-13-5F-A8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7d98:add1:a319:44d0%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : ??? 29 ????? 2017 18:02:37
Lease Expires . . . . . . . . . . : ??? 29 ????? 2017 19:32:37
Default Gateway . . . . . . . . . : 10.0.0.138
DHCP Server . . . . . . . . . . . : 10.0.0.138
DHCPv6 IAID . . . . . . . . . . . : 234891022
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-96-79-64-00-27-0E-13-5F-A8
DNS Servers . . . . . . . . . . . : 10.0.0.138
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:2887:fbfc:92bc:8e7d(Preferred)
Link-local IPv6 Address . . . . . : fe80::2887:fbfc:92bc:8e7d%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 10.0.0.138

Name: google.com
Addresses: 2a00:1450:4001:811::200e
172.217.18.174


Pinging google.com [64.233.166.113] with 32 bytes of data:
Reply from 64.233.166.113: bytes=32 time=81ms TTL=45
Reply from 64.233.166.113: bytes=32 time=80ms TTL=45

Ping statistics for 64.233.166.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 80ms, Maximum = 81ms, Average = 80ms
Server: UnKnown
Address: 10.0.0.138

Name: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
2001:4998:58:c02::a9
2001:4998:44:204::a7
98.139.183.24
98.138.253.109
206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=215ms TTL=50
Reply from 98.138.253.109: bytes=32 time=215ms TTL=50

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 215ms, Maximum = 215ms, Average = 215ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 27 0e 13 5f a8 ......Intel(R) 82578DC Gigabit Network Connection
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.1 20
10.0.0.0 255.255.255.0 On-link 10.0.0.1 276
10.0.0.1 255.255.255.255 On-link 10.0.0.1 276
10.0.0.255 255.255.255.255 On-link 10.0.0.1 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.1 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:9d38:90d7:2887:fbfc:92bc:8e7d/128
On-link
11 276 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::2887:fbfc:92bc:8e7d/128
On-link
11 276 fe80::7d98:add1:a319:44d0/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Corel PaintShop Photo Express 2010 (HKLM-x32\...\{7124BAB5-BD03-436E-8438-87FC29EA1332}) (Version: 1.0.0 - Intel Corporation)
Corel VideoStudio 2010 Express (HKLM-x32\...\{6D634C97-2468-4A6F-ABE5-A34B62C80FAD}) (Version: 1.0.0 - Intel Corporation)
D-Fend Reloaded 1.4.4 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.4 - Alexander Herzog)
FastStone Image Viewer 6.0 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.0 - FastStone Soft)
Free DOC Reader (HKLM-x32\...\{810B21F5-6D1A-4E52-B5B1-ECBF75A30FF0}) (Version: 1.0.0 - Media Freeware)
Free DOC Viewer (HKLM-x32\...\{DF6E1BF1-E7D2-46E8-ACFA-94079CEDDB11}) (Version: 1.0.0 - Media Freeware)
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP DeskJet 2130 series Basic Device Software (HKLM\...\{54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP DeskJet 2130 series Help (HKLM-x32\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.15.132.1 - Intel Security)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Desktop Utilities (HKLM-x32\...\{662E930A-FBF8-4451-A5A6-4C094160B4BC}) (Version: 1.0.0 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2040 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections 14.8.43.0 (HKLM\...\PROSetDX) (Version: 14.8.43.0 - Intel)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{EA4DB54A-FAE0-4FDA-A66D-AEB8F5FFBE83}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (HKLM-x32\...\SafeZone 3.55.2393.596) (Version: 3.55.2393.596 - Avast Software) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org)
VDMSound (HKLM-x32\...\VDMSound) (Version: 2.1.0 - Vlad Romascanu)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.1.6137 - WinISO Computing Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 77%
Total physical RAM: 3893.3 MB
Available physical RAM: 884.16 MB
Total Virtual: 7784.8 MB
Available Virtual: 4226.5 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:250 GB) (Free:202.94 GB) NTFS
2 Drive d: () (Fixed) (Total:215.75 GB) (Free:207.03 GB) NTFS

========================= Users: ========================================

User accounts for \\ILANA-PC

Administrator Guest ILANA


**** End of log ****


3.

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" "" "21/11/2010 06:33" ""
+ "rdpclip" "" "" "File not found: rdpclip" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "05/04/2017 02:12" ""
+ "AvastUI.exe" "AvLaunch component" "AVAST Software" "c:\program files\avast software\avast\avlaunch.exe" "28/03/2017 18:13" ""
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe" "08/01/2010 22:42" ""
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe" "08/01/2010 22:42" ""
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe" "08/01/2010 22:42" ""
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe" "20/10/2009 09:58" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "05/04/2017 02:12" ""
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files (x86)\hp\hp software update\hpwuschd2.exe" "30/05/2013 22:49" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "15/03/2017 23:43" ""
+ "BingSvc" "Microsoft Bing Service" "© 2015 Microsoft Corporation" "c:\users\ilana\appdata\local\microsoft\bingsvc\bingsvc.exe" "05/11/2015 12:37" ""
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe" "14/03/2017 11:20" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "26/10/2016 00:28" ""
+ "Google Chrome" "Google Chrome Installer" "Google Inc." "c:\program files (x86)\google\chrome\application\58.0.3029.81\installer\chrmstp.exe" "19/04/2017 07:13" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "14/07/2009 02:58" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "26/10/2016 00:28" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "14/07/2009 02:42" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "17/01/2017 23:24" ""
+ "avast" "Avast Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll" "28/03/2017 18:28" ""
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll" "22/05/2008 18:25" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "14/08/2016 22:15" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "05/04/2017 02:12" ""
+ "00asw" "Avast Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll" "28/03/2017 18:28" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "17/01/2017 23:24" ""
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll" "22/05/2008 18:25" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "17/10/2016 15:14" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll" "14/07/2009 04:32" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll" "08/01/2010 22:42" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "17/01/2017 23:24" ""
+ "avast" "Avast Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll" "28/03/2017 18:28" ""
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll" "22/05/2008 18:25" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "14/08/2016 22:15" ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "31/12/2016 22:56" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "14/08/2016 22:15" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "05/04/2017 02:12" ""
+ "00asw" "Avast Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll" "28/03/2017 18:28" ""
+ "00avast" "Avast Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll" "28/03/2017 18:28" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "27/04/2017 21:33" ""
+ "avast! Online Security" "IE Webrep plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie64.dll" "28/03/2017 16:41" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll" "19/04/2016 15:58" ""
+ "True Key Helper" "True Key Internet Explorer Extension" "Intel Security" "c:\program files\intel security\true key\msie\truekey_ie64.dll" "12/04/2017 23:28" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "27/04/2017 21:33" ""
+ "AcroIEHlprObj Class" "AcroIEHelper Module" "" "c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx" "02/03/2001 19:18" ""
+ "avast! Online Security" "IE Webrep plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll" "28/03/2017 16:38" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll" "19/04/2016 16:01" ""
+ "True Key Helper" "True Key Internet Explorer Extension" "Intel Security" "c:\program files\intel security\true key\msie\truekey_ie.dll" "12/04/2017 23:28" ""
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" "" "27/04/2017 21:33" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll" "19/04/2016 15:58" ""
+ "True Key" "True Key Internet Explorer Extension" "Intel Security" "c:\program files\intel security\true key\msie\truekey_ie64.dll" "12/04/2017 23:28" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "01/12/2016 22:49" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll" "19/04/2016 16:01" ""
+ "True Key" "True Key Internet Explorer Extension" "Intel Security" "c:\program files\intel security\true key\msie\truekey_ie.dll" "12/04/2017 23:28" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "21/10/2016 19:39" ""
+ "HP Smart Print" "SmartPrintSetup" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\smart print\smartprintsetup.exe" "21/05/2014 12:24" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "21/10/2016 19:39" ""
+ "HP Smart Print" "SmartPrintSetup" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\smart print\smartprintsetup.exe" "21/05/2014 12:24" ""
"Task Scheduler" "" "" "" "" ""
+ "\Adobe Acrobat Update Task" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" "03/02/2017 10:16" ""
+ "\FreeFileViewerUpdateChecker" "Update Checker" "Bitberry Software" "c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe" "25/03/2013 19:24" ""
+ "\HPCustPartic.exe_{0778FE57-B2D5-49AC-9D7A-21F1A3348AD5}" "HP Customer Participation." "Hewlett-Packard Development Company, LP" "c:\program files\hp\hp deskjet 2130 series\bin\hpcustpartic.exe" "09/04/2015 11:29" ""
+ "\HPCustParticipation HP DeskJet 2130 series" "HP Customer Participation." "Hewlett-Packard Development Company, LP" "c:\program files\hp\hp deskjet 2130 series\bin\hpcustpartic.exe" "09/04/2015 11:29" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "10/06/2009 23:36" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "14/07/2009 03:24" ""
+ "\SafeZone scheduled Autoupdate 1476737804" "Avast SafeZone Browser" "Avast Software" "c:\program files\avast software\szbrowser\launcher.exe" "22/03/2017 12:19" ""
+ "\{E83DEB7C-0AA4-41AA-A57D-CF5F9DD087B3}" "Address Book" "Microsoft Corporation" "c:\users\ilana\desktop\wab.exe" "11/10/2010 17:59" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "28/04/2017 19:12" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe" "03/02/2017 10:15" ""
+ "aswbIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVAST Software s.r.o." "c:\program files\avast software\avast\x64\aswidsagenta.exe" "21/03/2017 16:01" ""
+ "avast! Antivirus" "Manages and implements Avast antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe" "28/03/2017 18:16" ""
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "15/07/2016 10:29" ""
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "15/07/2016 10:29" ""
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe" "03/03/2012 00:13" ""
+ "InstallerService" "" "" "File not found: C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0" "" ""
+ "LMS" "Allows applications to access the local Intel(R) Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe" "10/12/2009 03:15" ""
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe" "02/01/2017 02:50" ""
+ "TrueKey" "Service for Intel Security True Key Service" "McAfee, Inc." "c:\program files\truekey\mcafee.truekey.service.exe" "12/04/2017 21:41" ""
+ "TrueKeyScheduler" "Intel Security True Key Scheduler Service" "McAfee, Inc." "c:\program files\truekey\mctkschedulerservice.exe" "12/04/2017 21:42" ""
+ "TrueKeyServiceHelper" "Intel Security True Key Helper Service" "McAfee, Inc." "c:\program files\truekey\mcafee.truekey.servicehelper.exe" "12/04/2017 21:40" ""
+ "UNS" "Intel(R) Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel(R) Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe" "10/12/2009 03:16" ""
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll" "14/07/2009 04:29" ""
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "20/11/2010 14:18" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "28/04/2017 19:12" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" "06/12/2008 02:54" ""
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" "01/05/2007 20:30" ""
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" "28/02/2007 03:04" ""
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" "14/07/2009 02:19" ""
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "19/03/2010 03:45" ""
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "20/03/2009 21:36" ""
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "19/03/2010 19:18" ""
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" "25/05/2007 00:27" ""
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" "14/01/2009 22:27" ""
+ "aswbidsdriver" "IDS Application Activity Monitor Driver." "AVAST Software s.r.o." "c:\windows\system32\drivers\aswbidsdrivera.sys" "21/03/2017 15:58" ""
+ "aswbidsh" "Application Activity Monitor Helper Driver" "AVAST Software s.r.o." "c:\windows\system32\drivers\aswbidsha.sys" "21/03/2017 15:58" ""
+ "aswblog" "Logging Driver" "AVAST Software s.r.o." "c:\windows\system32\drivers\aswbloga.sys" "21/03/2017 15:58" ""
+ "aswbuniv" "Universal Driver" "AVAST Software s.r.o." "c:\windows\system32\drivers\aswbuniva.sys" "21/03/2017 15:58" ""
+ "aswHdsKe" "" "" "File not found: C:\Windows\system32\drivers\aswHdsKe.sys" "" ""
+ "aswHwid" "avast! HardwareID" "AVAST Software" "c:\windows\system32\drivers\aswhwid.sys" "28/03/2017 18:12" ""
+ "aswKbd" "avast! keyboard filter driver (aswKbd)" "AVAST Software" "c:\windows\system32\drivers\aswkbd.sys" "28/03/2017 18:12" ""
+ "aswMonFlt" "avast! mini-filter driver (aswMonFlt)" "AVAST Software" "c:\windows\system32\drivers\aswmonflt.sys" "27/04/2017 16:25" ""
+ "aswRdr" "avast! WFP Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr2.sys" "28/03/2017 18:13" ""
+ "aswRvrt" "Avast Revert" "AVAST Software" "c:\windows\system32\drivers\aswrvrt.sys" "28/03/2017 18:12" ""
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys" "28/03/2017 18:13" ""
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys" "27/04/2017 16:25" ""
+ "aswStm" "avast! StreamFilter Callout Driver" "AVAST Software" "c:\windows\system32\drivers\aswstm.sys" "28/03/2017 18:30" ""
+ "aswVmm" "avast! VM Monitor" "AVAST Software" "c:\windows\system32\drivers\aswvmm.sys" "28/03/2017 18:24" ""
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys" "14/02/2009 01:18" ""
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys" "26/04/2009 14:14" ""
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "07/08/2006 04:51" ""
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "07/08/2006 04:51" ""
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" "07/08/2006 04:51" ""
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" "07/08/2006 04:51" ""
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" "07/08/2006 04:51" ""
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "09/08/2006 15:11" ""
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" "14/07/2009 02:19" ""
+ "e1kexpress" "Intel(R) Gigabit Adapter NDIS 6.x driver" "Intel Corporation" "c:\windows\system32\drivers\e1k62x64.sys" "10/12/2009 20:37" ""
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys" "31/12/2008 19:29" ""
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" "04/02/2009 01:52" ""
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" "11/05/2009 11:26" ""
+ "HECIx64" "Intel(R) Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys" "17/09/2009 22:54" ""
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "20/04/2010 21:32" ""
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "11/06/2010 03:46" ""
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys" "08/01/2010 23:32" ""
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" "14/12/2005 00:47" ""
+ "IntcAzAudAddService" "Realtek(r) High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "21/10/2009 17:27" ""
+ "IntcDAud" "Intel(R) Display HD Audio driver" "Intel(R) Corporation" "c:\windows\system32\drivers\intcdaud.sys" "27/11/2009 16:15" ""
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" "10/12/2008 01:46" ""
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "19/05/2009 03:20" ""
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" "19/05/2009 03:31" ""
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" "17/04/2009 01:13" ""
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" "19/05/2009 04:09" ""
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "19/05/2009 04:25" ""
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" "07/06/2006 00:11" ""
+ "nvraid" "NVIDIA® nForce(TM) RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "19/03/2010 23:59" ""
+ "nvstor" "NVIDIA® nForce(TM) Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "19/03/2010 23:45" ""
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" "23/01/2009 02:05" ""
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" "19/05/2009 04:18" ""
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "13/09/2006 16:18" ""
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "24/09/2008 21:28" ""
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "02/10/2008 00:56" ""
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" "18/02/2009 02:03" ""
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" "14/07/2009 02:19" ""
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "31/01/2009 04:18" ""
+ "WinisoCDBus" "WinISO Virtual CD Drive" "WinISO.com" "c:\windows\system32\drivers\winisocdbus.sys" "08/05/2012 12:57" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" "" "" "" "14/07/2009 07:53" ""
+ "Adobe Type Manager" "Windows NT OpenType/Type 1 Font Driver" "Adobe Systems Incorporated" "c:\windows\system32\atmfd.dll" "20/11/2010 12:49" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "26/02/2017 23:35" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "14/07/2009 04:28" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "26/02/2017 23:35" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "14/07/2009 04:06" ""
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "20/11/2010 14:59" ""
+ "VIDC.ZMBV" "" "" "c:\windows\syswow64\zmbv.dll" "13/02/2006 11:41" ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "18/10/2016 00:57" ""
+ "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "Internet Explorer" "Microsoft Corporation" "c:\program files (x86)\internet explorer\iexplore.exe" "20/11/2010 12:46" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "26/10/2016 00:42" ""
+ "McAfee.TrueKey.CredentialProvider" "McAfee TrueKey Credential Provider Dll" "McAfee, Inc." "c:\program files\truekey\mcafee.truekey.credentialprovider.dll" "12/04/2017 21:40" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "21/03/2017 23:33" ""
+ "HP E111 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Development Company, LP" "c:\windows\system32\hpinkstse111lm.dll" "04/11/2014 19:00" ""
+ "LIDIL hpzllwn7" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzllwn7.dll" "14/07/2009 04:28" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" "" "28/04/2017 19:12" ""
+ "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "" "" "File not found: C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter.exe" "" ""
"WMI Database Entries - run as Administrator for complete scan" "" "" "" "" ""
+ "BVTConsumer" "" "" "File not found: KernCap.vbs" "" ""
"C:\Users\ILANA\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" "" "17/10/2016 23:55" ""
+ "" "" "" "C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget" "" ""

4.

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

Platform: x64 Windows 7 (Home Premium), 6.1.7601, Service Pack: 1
Time: 29.04.2017 - 18:59
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: ILANA (group: Administrator) on ILANA-PC

Chrome: 58.0.3029.81
Internet Explorer: 8.0.7601.17514

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
9 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Skype\Phone\Skype.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\TrueKey\McTkSchedulerService.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Users\ILANA\AppData\Local\Microsoft\BingSvc\BingSvc.exe
1 C:\Users\ILANA\Desktop\hijackthis\HiJackThis.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\hkcmd.exe
1 C:\Windows\System32\igfxpers.exe
1 C:\Windows\System32\igfxsrvc.exe
1 C:\Windows\System32\igfxtray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\sppsvc.exe
11 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe

R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - Google - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
R4 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes: DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - Google - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
R4 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - Google - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O2-32 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2-32 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2-32 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2-32 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
O3-32 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3-32 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O4 - HKCU\..\Run: [BingSvc] C:\Users\ILANA\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun
O4 - HKLM\..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKU\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKU\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4 - HKU\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKU\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4-32 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (HKLM)
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (HKLM)
O9-32 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (HKLM)
O9-32 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (HKLM)
O12-32 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O12-32 - Plugin for application/intertrust-spop: (no file)
O17 - DHCP DNS - 1: 10.0.0.138
O22 - Task (Queued): Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task (Queued): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate
O22 - Task (Ready): Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task (Ready): FreeFileViewerUpdateChecker - C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
O22 - Task (Ready): GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task (Ready): GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task (Ready): HPCustPartic.exe_{0778FE57-B2D5-49AC-9D7A-21F1A3348AD5} - C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe /installoptin 1477067949 /installreport yes
O22 - Task (Ready): HPCustParticipation HP DeskJet 2130 series - C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe /UA 15.0 /DDV 0x0d05
O22 - Task (Ready): McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare
O22 - Task (Ready): SafeZone scheduled Autoupdate 1476737804 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task (Ready): \AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
O22 - Task (Ready): {E83DEB7C-0AA4-41AA-A57D-CF5F9DD087B3} - C:\Users\ILANA\Desktop\wab.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: Intel Security True Key Scheduler - (TrueKeyScheduler) - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service R2: Intel(R) Management & Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S2: Intel Security True Key - (TrueKey) - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service S2: Service Installer TrueKey - (InstallerService) - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (file missing)
O23 - Service S3: Google Software Updater - (gusvc) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: TrueKeyServiceHelper - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service S3: Windows Defender - (WinDefend) - C:\Windows\System32\svchost.exe; "ServiceDll" = C:\Program Files\Windows Defender\mpsvc.dll

--
End of file - Time spent: 9 sec. - 19562 bytes, CRC32: FFFFFFFF. Sign: 瑌惽

5.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by ILANA (Administrator) on Sat 04/29/2017 at 19:06:54.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

6.

# AdwCleaner v6.046 - Logfile created 29/04/2017 at 19:16:31
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-24.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : ILANA - ILANA-PC
# Running from : C:\Users\ILANA\Downloads\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKU\S-1-5-21-2708178567-3500753994-1001134934-1000\Software\Bitberry
[#] Key deleted on reboot: HKCU\Software\Bitberry
[#] Key deleted on reboot: [x64] HKCU\Software\Bitberry
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Web browsers ] *****

[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: websearch.ask.com
[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.sweetim.com
[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com_
[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://trovi.com/?ctid=CT1425416&SearchSource=48&CUI=UN26673004781665178&UM=1
[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3031 Bytes] - [29/04/2017 19:16:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [3143 Bytes] - [29/04/2017 19:13:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [3216 Bytes] - [29/04/2017 19:15:56]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3250 Bytes] ##########






File System: 25

Failed to delete: C:\Users\ILANA\AppData\Roaming\media freeware (Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\freefileviewer (Folder)
Successfully deleted: C:\Users\ILANA\AppData\Roaming\freefileviewer (Folder)
Successfully deleted: C:\Windows\system32\Tasks\FreeFileViewerUpdateChecker (Task)
Successfully deleted: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job (Task)
Successfully deleted: C:\Program Files (x86)\freefileviewer (Folder)
Successfully deleted: C:\Program Files (x86)\media freeware (Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OBYYLV5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANU5NKGF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ8XKA6O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBIDAJUR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9SDXTXC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OBYYLV5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANU5NKGF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ8XKA6O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBIDAJUR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9SDXTXC (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/29/2017 at 19:09:17.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

O22 - Task (Ready): FreeFileViewerUpdateChecker - C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
O22 - Task (Ready): HPCustParticipation HP DeskJet 2130 series - C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe /UA 15.0 /DDV 0x0d05

does not appear on the list.

I am not sure what software you are talking about in no.2 "Right Click Autoruns and run as administrator, then under the"Task Scheduler" tab please Uncheck the items below."

Otherwise, all done.

i hope i didn't screw up (the order).

1.autorun:
only the following appeared:

+ "\Adobe Acrobat Update Task" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" "03/02/2017 10:16" ""

+ "\FreeFileViewerUpdateChecker" "Update Checker" "Bitberry Software" "c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe" "25/03/2013 19:24" ""

+ "\HPCustParticipation HP DeskJet 2130 series" "HP Customer Participation." "Hewlett-Packard Development Company, LP" "c:\program files\hp\hp deskjet 2130 series\bin\hpcustpartic.exe" "09/04/2015 11:29" ""

+ "\{E83DEB7C-0AA4-41AA-A57D-CF5F9DD087B3}" "Address Book" "Microsoft Corporation" "c:\users\ilana\desktop\wab.exe" "11/10/2010 17:59" ""



the box is already unchecked:
+ "\HPCustPartic.exe_{0778FE57-B2D5-49AC-9D7A-21F1A3348AD5}" "HP Customer Participation." "Hewlett-Packard Development Company, LP" "c:\program files\hp\hp deskjet 2130 series\bin\hpcustpartic.exe" "09/04/2015 11:29" ""

2.zhpcleaner

scan results are:
superflouos.Temporary.Empty
Adware.InstallCore
.Superfluous.Bitberry

After scan is finished all software buttons disappear, and it throw me into what seems to be their site. So i didn't menage to repair it. I did second scan and it says everything is clean. In short, the repair button remains unused.

3.roguekiller
RogueKiller V12.10.7.0 (x64) [May 1 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ILANA [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 05/02/2017 23:37:42 (Duration : 00:14:12)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2708178567-3500753994-1001134934-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2708178567-3500753994-1001134934-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 6 ¤¤¤
[Tr.Gen0][File] C:\Users\ILANA\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\ILANA\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\ILANA\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\ILANA\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\ILANA\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\ILANA\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://mail.google.com/mail/ca/u/0...&SearchSource=48&CUI=UN26673004781665178&UM=1] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++
--- User ---
[MBR] 631b9d5c624b55e6edc72916918ebda2
[BSP] 910b7cece12bcf0a413a679529ef12de : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 255996 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 524281275 | Size: 220932 MB
User = LL1 ... OK
User = LL2 ... OK

chkdsk says:
"access denied as you do not have sufficient privileges
you have to invoke this utility running in elevated mode."

Malnutrition, i am sorry for the slow and late replies, i hope it will change in the following days.

Nevermind, already performed checkdisk (took a lot of time)

How are things running now?

Click to expand...

you, or anybody, have other ideas?

Malnutrition, i appreciate your help very much. I'ts the first time in any forum i came with game troubleshooting and someone ran me through extensive security and clean up checks. I worship the lizard security comp guru

~ ZHPDiag v2017.5.4.76 By Nicolas Coolman (2017/05/04)
~ Run by ILANA (Administrator) (2017/05/05 20:52:49)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\ILANA\Desktop\ZHPDiag.txt
~ Report: C:\Users\ILANA\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation

---\\ Internet Browsers (2) - 0s
~ GCIE: Google Chrome v58.0.3029.96
~ MSIE: Internet Explorer v8.0.7601.17514

---\\ Windows Product Information (4) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : KO

---\\ System protection software (1) - 1s
Avast Free Antivirus v17.3.2291 (Protection)

---\\ Surveillance software (1) - 1s
~ Adobe Acrobat Reader DC (Surveillance)

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 3986.74 MB (23% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 212 GB (83%) free of 255 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: ILANA-PC
~ User Name: ILANA
~ Logged in as Administrator

---\\ Enumeration of the disk units (2) - 0s
~ Drive C: has 212 GB free of 255 GB (System)
~ Drive D: has 211 GB free of 220 GB

---\\ State of the Windows Security Center (10) - 1s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (24) - 1s
[MD5.AC4C51EB24AA95B77F705AB159189E24] - 21/11/2010 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2872320] =>.Microsoft Corporation
[MD5.DD81D91FF3B0763C392422865C9AC12E] - 14/07/2009 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe [45568] =>.Microsoft Corporation
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - 14/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\Windows\System32\Wininit.exe [129024] =>.Microsoft Corporation
[MD5.F6C5302E1F4813D552F41A0AC82455E5] - 21/11/2010 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [1188864] =>.Microsoft Corporation
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - 21/11/2010 - (.Microsoft Corporation - Windows Logon Application.) -- C:\Windows\System32\Winlogon.exe [390656] =>.Microsoft Corporation
[MD5.067FA52BFB59A56110A12312EF9AF243] - 21/11/2010 - (.Microsoft Corporation - Software Licensing Library.) -- C:\Windows\System32\sppcomapi.dll [232448] =>.Microsoft Corporation
[MD5.A52B6CC24063CC83C78C0E6F24DEEC01] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\System32\dnsapi.dll [357888] =>.Microsoft Corporation
[MD5.59DF156711A76BCB993253EC6C9BBF41] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\Syswow64\dnsapi.dll [270336] =>.Microsoft Corporation
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - 21/11/2010 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [499712] =>.Microsoft Corporation
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [24128] =>.Microsoft Windows®
[MD5.B8BD2BB284668C84865658C77574381A] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
[MD5.F036CE71586E93D94DAB220D7BDF4416] - 21/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [147456] =>.Microsoft Corporation
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - 21/11/2010 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [102400] =>.Microsoft Corporation
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 21/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [122368] =>.Microsoft Corporation
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 14/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\Windows\System32\drivers\i8042prt.sys [105472] =>.Microsoft Corporation
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 14/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [116224] =>.Microsoft Corporation
[MD5.FAF015B07E3A2874A790A39B7D2C579F] - 21/11/2010 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [158208] =>.Microsoft Corporation
[MD5.09594D1089C523423B32A4229263F068] - 21/11/2010 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [261632] =>.Microsoft Corporation
[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - 21/11/2010 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [1659776] =>.Microsoft Windows®
[MD5.0086431C29C35BE1DBC43F52CC273887] - 14/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\drivers\Parport.sys [97280] =>.Microsoft Corporation
[MD5.471815800AE33E6F1C32FB1B97C490CA] - 21/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [129536] =>.Microsoft Corporation
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 14/07/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [93184] =>.Microsoft Corporation
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - 21/11/2010 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [119296] =>.Microsoft Corporation
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - 21/11/2010 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\drivers\volsnap.sys [295808] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (8) - 4s
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - Avast Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Service Installer TrueKey (InstallerService) . (...) - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (.not file.)
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation®
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
O23 - Service: Intel Security True Key (TrueKey) . (.McAfee, Inc. - Intel Security True Key.) - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe =>.McAfee, Inc.®
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) . (.McAfee, Inc. - Intel Security True Key.) - C:\Program Files\TrueKey\McTkSchedulerService.exe =>.McAfee, Inc.®
O23 - Service: Intel(R) Management & Security Application User Notificatio (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe =>.Intel Corporation®

---\\ Services not Microsoft (SR=Run, SS=Stop) (11) - 21s
SS - Demand [05/04/2017] [ 7398336] aswbIDSAgent (aswbIDSAgent) . (.AVAST Software s.r.o..) - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe =>.AVAST Software s.r.o.®
SR - Auto [05/04/2017] [ 261712] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
SS - Auto [17/10/2016] [ 153752] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [17/10/2016] [ 153752] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [23/11/2016] [ 194032] Google Software Updater (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe =>.Google Inc®
SR - Auto [09/12/2009] [ 268824] Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation®
SS - Auto [09/12/2009] [ 268824] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
SR - Auto [09/12/2009] [ 268824] Intel Security True Key (TrueKey) . (.McAfee, Inc..) - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe =>.McAfee, Inc.®
SR - Auto [09/12/2009] [ 268824] Intel Security True Key Scheduler (TrueKeyScheduler) . (.McAfee, Inc..) - C:\Program Files\TrueKey\McTkSchedulerService.exe =>.McAfee, Inc.®
SS - Demand [09/12/2009] [ 268824] TrueKeyServiceHelper (TrueKeyServiceHelper) . (.McAfee, Inc..) - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe =>.McAfee, Inc.®
SR - Auto [09/12/2009] [ 268824] Intel(R) Management & Security Application User Notificatio (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe =>.Intel Corporation®

---\\ Task Planned Automatically (15) - 9s
[MD5.617E1ED0D0D7CF1EF087C1BA2AA1A89B] [APT] [Avast Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2346488] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.FFE2D028D996BC6279A2E4894F9FCBFD] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [7456984] (.Activate.) =>.Piriform Ltd®
[MD5.A8FD9222E4D72596BB37DA8BE95C0BA4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752] (.Activate.) =>.Google Inc®
[MD5.A8FD9222E4D72596BB37DA8BE95C0BA4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752] (.Activate.) =>.Google Inc®
[MD5.00000000000000000000000000000000] [APT] [HPCustPartic.exe_{0778FE57-B2D5-49AC-9D7A-21F1A3348AD5}] (...) -- C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.D61830127D572F0FDA7FE78B0F2BBFE5] [APT] [RunUninstallTool_SkipUac] (.CrystalIDEA Software.) -- C:\Program Files\Uninstall Tool\UninstallTool.exe [5386168] (.Activate.) =>.CrystalBit Solutions®
[MD5.F485EE3C484D9874E9DD75E6B4FEE332] [APT] [SafeZone scheduled Autoupdate 1476737804] (.Avast Software.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe [927264] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.283E10FD63971145CC1E750FFA46180E] [APT] [AVAST Software\Avast settings backup] (.AVAST Software.) -- C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [826808] (.Activate.) =>.AVAST Software s.r.o.®
O39 - APT: Avast Emergency Update - (.AVAST Software.) -- C:\Windows\System32\Tasks\Avast Emergency Update [4172] =>.AVAST Software s.r.o.®
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2792] =>.Piriform Ltd®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3204] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [3332] =>.Google Inc®
O39 - APT: HPCustPartic.exe_{0778FE57-B2D5-49AC-9D7A-21F1A3348AD5} - (...) -- C:\Windows\System32\Tasks\HPCustPartic.exe_{0778FE57-B2D5-49AC-9D7A-21F1A3348AD5} [2944] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: RunUninstallTool_SkipUac - (.CrystalIDEA Software.) -- C:\Windows\System32\Tasks\RunUninstallTool_SkipUac [2976] =>.CrystalBit Solutions®
O39 - APT: SafeZone scheduled Autoupdate 1476737804 - (.Avast Software.) -- C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1476737804 [3894] =>.AVAST Software s.r.o.®

---\\ Auto loading programs from Registry and folders (3) - 0s
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - AvLaunch component.) -- C:\Program Files\AVAST Software\Avast\AvLaunch.exe =>.AVAST Software s.r.o.®
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

---\\ Process running (21) - 1s
[MD5.7AD8E22454B5EF6BD2838D19062F028C] - (.AVAST Software - Avast Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712] [PID.1152] =>.AVAST Software s.r.o.®
[MD5.1D82A01A368255FE78C65CF66B5B8281] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.1524] =>.Intel Corporation®
[MD5.A6CF3AC92230ACBF3996D1DFC005DA6B] - (.McAfee, Inc. - Intel Security True Key.) -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996736] [PID.1852] =>.McAfee, Inc.®
[MD5.11973479E0993531F9E6DA07B23BAACE] - (.McAfee, Inc. - Intel Security True Key.) -- C:\Program Files\TrueKey\McTkSchedulerService.exe [16160] [PID.2192] =>.McAfee, Inc.®
[MD5.06EE5B41E2F85D3144B1CAED4D11D3DC] - (.AVAST Software - Avast Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [9162920] [PID.2756] =>.AVAST Software s.r.o.®
[MD5.C6142B8CB72558D91CEA8E38F1B7D905] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.3728] =>.Intel Corporation®
[MD5.A8FD9222E4D72596BB37DA8BE95C0BA4] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752] [PID.3776] =>.Google Inc®
[MD5.33E6E5822E22A5E1DEA523C06155FD07] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe [288848] [PID.3900] =>.Google Inc®
[MD5.27BEAF3F308ED2276F3863C2F2597556] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe [366672] [PID.4032] =>.Google Inc®
[MD5.E88679B4CDB81293980E69C0B4E45D0E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.3940] =>.Google Inc®
[MD5.E88679B4CDB81293980E69C0B4E45D0E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.4000] =>.Google Inc®
[MD5.E88679B4CDB81293980E69C0B4E45D0E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.3020] =>.Google Inc®
[MD5.E88679B4CDB81293980E69C0B4E45D0E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.3320] =>.Google Inc®
[MD5.E88679B4CDB81293980E69C0B4E45D0E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.3424] =>.Google Inc®
[MD5.E88679B4CDB81293980E69C0B4E45D0E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.1492] =>.Google Inc®
[MD5.E88679B4CDB81293980E69C0B4E45D0E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.2076] =>.Google Inc®
[MD5.E88679B4CDB81293980E69C0B4E45D0E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.1284] =>.Google Inc®
[MD5.E88679B4CDB81293980E69C0B4E45D0E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.4892] =>.Google Inc®
[MD5.E88679B4CDB81293980E69C0B4E45D0E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.1812] =>.Google Inc®
[MD5.CF2D3DED416AA650A83736B2097AC033] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\ILANA\Downloads\ZHPDiag3.exe [2722304] [PID.4832] =>.Nicolas Coolman
[MD5.E88679B4CDB81293980E69C0B4E45D0E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640] [PID.796] =>.Google Inc®

---\\ Google Chrome, Start,Search,Extensions (19) - 1s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://trovi.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://updatech.ru
G0 - GCSP: Preferences [User Data\Default][HomePage] http://campaign.bezeqint.net
G0 - GCSP: Preferences [User Data\Default][HomePage] http://mail.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.google-analytics.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://uib.ff.avast.com =>.Avast Software s.r.o
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.googletagmanager.com
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://trovi.com/
G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [eofcbnmajmjmplflapaojjnihcjkigck] Avast SafePrice =>.Avast Software s.r.o
G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [kohcnlaamfpgkdghjlfnhggmgimfolnc] UpdateCh
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

---\\ Internet Explorer Extensions, Start, Search (17) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com =>.Google Inc.
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

---\\ Internet Explorer, Proxy Management (5) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (4)

---\\ Browser Helper Object (BHO) (2) - 0s
O2 - BHO: True Key Helper [64Bits] - {0F4B8786-5502-4803-8EBC-F652A1153BB6} . (.Intel Security - True Key Internet Explorer Extension.) -- C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll =>.McAfee, Inc.®
O2 - BHO: avast! Online Security [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>.AVAST Software s.r.o.®

---\\ Internet Explorer Toolbars (1) - 0s
O3 - Toolbar: 0xB1C218236549D4119B18009027A5CD4F - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} . (...) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (.not file.)

---\\ Global shortcuts Startup (106) - 8s
O4 - GS\Desktop [Administrator]: FreeFileViewer.lnk . (...) C:\Program Files (x86)\FreeFileViewer\FreeFileViewer.exe
O4 - GS\Desktop [Administrator]: MagicISO.lnk . (.MagicISO, Inc. - MagicISO Maker.) C:\Program Files (x86)\MagicISO\MagicISO.exe =>.MagicISO, Inc.
O4 - GS\Desktop [Administrator]: WinISO.lnk . (.WinISO Computing Inc. - WinISO.) C:\Program Files (x86)\WinISO Computing\WinISO\bin\winiso.exe =>.WinISO Computing Inc.
O4 - GS\Desktop [Administrator]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\ILANA\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\ILANA\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: אילנה - Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: FreeFileViewer.lnk . (...) C:\Program Files (x86)\FreeFileViewer\FreeFileViewer.exe
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: FreeFileViewer.lnk . (...) C:\Program Files (x86)\FreeFileViewer\FreeFileViewer.exe
O4 - GS\Desktop [Guest]: MagicISO.lnk . (.MagicISO, Inc. - MagicISO Maker.) C:\Program Files (x86)\MagicISO\MagicISO.exe =>.MagicISO, Inc.
O4 - GS\Desktop [Guest]: WinISO.lnk . (.WinISO Computing Inc. - WinISO.) C:\Program Files (x86)\WinISO Computing\WinISO\bin\winiso.exe =>.WinISO Computing Inc.
O4 - GS\Desktop [Guest]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\ILANA\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\ILANA\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: אילנה - Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: FreeFileViewer.lnk . (...) C:\Program Files (x86)\FreeFileViewer\FreeFileViewer.exe
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [ILANA]: FreeFileViewer.lnk . (...) C:\Program Files (x86)\FreeFileViewer\FreeFileViewer.exe
O4 - GS\Desktop [ILANA]: MagicISO.lnk . (.MagicISO, Inc. - MagicISO Maker.) C:\Program Files (x86)\MagicISO\MagicISO.exe =>.MagicISO, Inc.
O4 - GS\Desktop [ILANA]: WinISO.lnk . (.WinISO Computing Inc. - WinISO.) C:\Program Files (x86)\WinISO Computing\WinISO\bin\winiso.exe =>.WinISO Computing Inc.
O4 - GS\Desktop [ILANA]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\ILANA\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [ILANA]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\ILANA\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [ILANA]: אילנה - Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [ILANA]: FreeFileViewer.lnk . (...) C:\Program Files (x86)\FreeFileViewer\FreeFileViewer.exe
O4 - GS\Quicklaunch [ILANA]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [ILANA]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [ILANA]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [ILANA]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [ILANA]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [ILANA]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [ILANA]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\TaskBar [ILANA]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [ILANA]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [ILANA]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\CommonDesktop [Public]: Acrobat Reader DC.lnk . (.Adobe Systems Incorporated - Adobe Acrobat Reader DC.) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe =>.Adobe Systems, Incorporated®
O4 - GS\CommonDesktop [Public]: Avast Free Antivirus.lnk . (.AVAST Software - Avast Antivirus.) C:\Program Files\AVAST Software\Avast\avastui.exe =>.AVAST Software s.r.o.®
O4 - GS\CommonDesktop [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - GS\CommonDesktop [Public]: FastStone Image Viewer.lnk . (.FastStone Soft - FastStone Image Viewer.) C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe =>.FastStone Soft
O4 - GS\CommonDesktop [Public]: Free DOC Reader.lnk . (...) C:\Program Files (x86)\Media Freeware\Free DOC Reader\Free DOC Reader.exe
O4 - GS\CommonDesktop [Public]: Free DOC Viewer.lnk . (...) C:\Program Files (x86)\Media Freeware\Free DOC Viewer\Free DOC Viewer.exe
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: HP DeskJet 2130 series.lnk . (.Hewlett-Packard Development Company, LP - .) C:\Program Files (x86)\HP\HP DeskJet 2130 series\Bin\HP DeskJet 2130 series.exe -Start UDCDevicePage =>.Hewlett-Packard Development Company, LP
O4 - GS\CommonDesktop [Public]: HP Photo Creations.lnk . (.Visan / RocketLife - PhotoProduct.exe.) C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe =>.Visan Industries®
O4 - GS\CommonDesktop [Public]: IrfanView.lnk . (.Irfan Skiljan - IrfanView 32-bit.) C:\Program Files (x86)\IrfanView\i_view32.exe =>.Irfan Skiljan®
O4 - GS\CommonDesktop [Public]: Skype.lnk . (...) C:\Windows\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe =>.Skype Technologies
O4 - GS\CommonDesktop [Public]: True Key.lnk . (.Intel Security - .) C:\Program Files (x86)\Intel Security\True Key\application\truekey.exe --open-source=dtopicon =>.Intel Security
O4 - GS\CommonDesktop [Public]: VLC media player.lnk . (.VideoLAN - VLC media player.) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe =>.VideoLAN®
O4 - GS\Programs [Public]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\Windows\system32\eudcedit.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\Windows\system32\displayswitch.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - Math Input Panel Accessory.) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\Windows\system32\mblctr.exe /open =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\Windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\Windows\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\Windows\system32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\Windows\system32\StikyNot.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\Windows\system32\rundll32.exe %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\Windows\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\Windows\system32\dfrgui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\Windows\system32\cleanmgr.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\Windows\system32\perfmon.exe /res =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\Windows\system32\msinfo32.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\Windows\system32\rstrui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) C:\Windows\system32\taskschd.msc /s =>..Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\Windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\Windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Acrobat Reader 5.0.lnk . (.Adobe Systems Incorporated - Acrobat Reader 5.0.) C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe =>.Adobe Systems Incorporated
O4 - GS\ProgramsCommon [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.) C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico =>.Flexera Software LLC
O4 - GS\ProgramsCommon [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.) C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files (x86)\Windows Sidebar\sidebar.exe /showgadgets =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: SumatraPDF.lnk . (.Krzysztof Kowalczyk - SumatraPDF.) C:\Program Files (x86)\SumatraPDF\SumatraPDF.exe =>.Krzysztof Kowalczyk®
O4 - GS\ProgramsCommon [Public]: True Key.lnk . (.Intel Security - .) C:\Program Files (x86)\Intel Security\True Key\application\truekey.exe --open-source=startmenu =>.Intel Security
O4 - GS\ProgramsCommon [Public]: Windows Anytime Upgrade.lnk . (.Microsoft Corporation - Windows Anytime Upgrade User Interface.) C:\Windows\system32\WindowsAnytimeUpgradeUI.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\DVD Maker\DVDMaker.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\Windows\system32\xpsrchvw.exe =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (2) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 =>.Private IP
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C90EA98-F3C0-49C8-A181-F0CEB87A97E0}: DhcpNameServer = 10.0.0.138 =>.Private IP (10.0.0.0 - 10.255.255.255) =>.Private IP

---\\ Extra protocols (22) - 0s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: deflate [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Filter: gzip [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation

---\\ Software installed (41) - 6s
O42 - Logiciel: Adobe Acrobat 5.0 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Acrobat 5.0 =>.Adobe Systems, Inc.
O42 - Logiciel: Adobe Acrobat Reader DC - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1033-7B44-AC0F074E4100} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-0804-1033-1959-001824214663} =>.Adobe Systems Incorporated
O42 - Logiciel: Avast Free Antivirus - (.AVAST Software.) [HKLM][64Bits] -- Avast Antivirus =>.AVAST Software s.r.o.®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: Corel PaintShop Photo Express 2010 - (.Intel Corporation.) [HKLM][64Bits] -- {7124BAB5-BD03-436E-8438-87FC29EA1332} =>.Intel Corporation
O42 - Logiciel: Corel VideoStudio 2010 Express - (.Intel Corporation.) [HKLM][64Bits] -- {6D634C97-2468-4A6F-ABE5-A34B62C80FAD} =>.Intel Corporation
O42 - Logiciel: D-Fend Reloaded 1.4.4 (deinstall) - (.Alexander Herzog.) [HKLM][64Bits] -- D-Fend Reloaded
O42 - Logiciel: FastStone Image Viewer 6.0 - (.FastStone Soft.) [HKLM][64Bits] -- FastStone Image Viewer =>.FastStone Soft
O42 - Logiciel: Free DOC Reader - (.Media Freeware.) [HKLM][64Bits] -- {810B21F5-6D1A-4E52-B5B1-ECBF75A30FF0} =>.Media Freeware
O42 - Logiciel: Free DOC Viewer - (.Media Freeware.) [HKLM][64Bits] -- {DF6E1BF1-E7D2-46E8-ACFA-94079CEDDB11} =>.Media Freeware
O42 - Logiciel: Free File Viewer 2014 - (.Bitberry Software.) [HKLM][64Bits] -- FreeFileViewer_is1 =>.Bitberry Software
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {18455581-E099-4BA8-BC6B-F34B2F06600C} =>.Google Inc.
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: HP DeskJet 2130 series Basic Device Software - (.Hewlett-Packard Co..) [HKLM][64Bits] -- {54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1} =>.Hewlett-Packard Co.
O42 - Logiciel: HP DeskJet 2130 series Help - (.Hewlett Packard.) [HKLM][64Bits] -- {1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F} =>.Hewlett Packard
O42 - Logiciel: HP Photo Creations - (.HP.) [HKLM][64Bits] -- HP Photo Creations =>.Visan Industries®
O42 - Logiciel: Intel Security True Key - (.Intel Security.) [HKLM][64Bits] -- TrueKey =>.McAfee, Inc.®
O42 - Logiciel: Intel(R) Control Center - (.Intel Corporation.) [HKLM][64Bits] -- {F8A9085D-4C7A-41a9-8A77-C8998A96C421} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Desktop Utilities - (.Intel Corporation.) [HKLM][64Bits] -- {662E930A-FBF8-4451-A5A6-4C094160B4BC} =>.Intel Corporation
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Network Connections 14.8.43.0 - (.Intel.) [HKLM][64Bits] -- {11107A2A-AD44-4BC8-ABB5-E88E63BCA785} =>.Intel
O42 - Logiciel: Intel(R) Network Connections 14.8.43.0 - (.Intel.) [HKLM][64Bits] -- PROSetDX =>.Intel
O42 - Logiciel: Intel® RealSense™ SDK 2014 Runtime (x64): Core - (.Intel Corporation.) [HKLM][64Bits] -- {37D41A97-6B02-4C30-8753-85107BE1D674} =>.Intel Corporation
O42 - Logiciel: IrfanView 4.44 (32-bit) - (.Irfan Skiljan.) [HKLM][64Bits] -- IrfanView =>.Irfan Skiljan®
O42 - Logiciel: Magic ISO Maker v5.5 (build 0281) - (.Magic ISO Inc.) [HKLM][64Bits] -- Magic ISO Maker v5.5 (build 0281) =>.Magic ISO Inc
O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK - (.Microsoft Corporation.) [HKLM][64Bits] -- {716E0306-8318-4364-8B8F-0CC4E9376BAC} =>.Microsoft Corporation
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp.
O42 - Logiciel: RogueKiller version 12.10.7.0 - (.Adlice Software.) [HKLM][64Bits] -- 8B3D7924-ED89-486B-8322-E8594065D5CB_is1 =>.Adlice®
O42 - Logiciel: SafeZone Stable 3.55.2393.596 - (.Avast Software.) [HKLM][64Bits] -- SafeZone 3.55.2393.596 =>.AVAST Software s.r.o.®
O42 - Logiciel: Skype™ 7.33 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {3B7E914A-93D5-4A29-92BB-AF8C3F66C431} =>.Skype Technologies S.A.
O42 - Logiciel: SumatraPDF - (.Krzysztof Kowalczyk.) [HKLM][64Bits] -- SumatraPDF =>.Krzysztof Kowalczyk®
O42 - Logiciel: Uninstall Tool - (.CrystalIDEA Software, Inc..) [HKLM][64Bits] -- Uninstall Tool_is1 =>.CrystalBit Solutions®
O42 - Logiciel: Unknown File Handler - (.File.org.) [HKLM][64Bits] -- UFH_is1 =>Adware.InstallCore
O42 - Logiciel: VDMSound - (.Vlad Romascanu.) [HKLM][64Bits] -- VDMSound
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN
O42 - Logiciel: WinISO - (.WinISO Computing Inc..) [HKLM][64Bits] -- WinISO =>.WinISO Computing Inc.
O42 - Logiciel: WinRAR 5.40 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver =>.win.rar GmbH®
O42 - Logiciel: Zip Motion Block Video codec (Remove Only) - (.DOSBox Team.) [HKLM][64Bits] -- ZMBV =>.DOSBox Team

---\\ HKCU & HKLM Software Keys (63) - 6s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\ASIO =>.Steinberg Media Technologies
HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
HKLM\SOFTWARE\Wow6432Node\Caphyon =>.Caphyon
HKLM\SOFTWARE\Wow6432Node\Corel =>.Corel
HKLM\SOFTWARE\Wow6432Node\D-Fend Reloaded
HKLM\SOFTWARE\Wow6432Node\FastStone Image Viewer =>.FastStone Soft
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\Hewlett-Packard =>.Hewlett-Packard
HKLM\SOFTWARE\Wow6432Node\HP =>.HP
HKLM\SOFTWARE\Wow6432Node\IM Providers =>.IM Providers
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\Intel Security =>.Intel Security
HKLM\SOFTWARE\Wow6432Node\IrfanView =>.Irfan Skiljan
HKLM\SOFTWARE\Wow6432Node\McAfee =>.McAfee Inc.
HKLM\SOFTWARE\Wow6432Node\Media Freeware =>.Media Freeware
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\Piriform =>.Piriform
HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\RocketLife =>.RocketLife
HKLM\SOFTWARE\Wow6432Node\Skype =>.Skype
HKLM\SOFTWARE\Wow6432Node\SumatraPDF =>.Krzysztof Kowalczyk
HKLM\SOFTWARE\Wow6432Node\TrendMicro =>.TrendMicro
HKLM\SOFTWARE\Wow6432Node\TrueKey =>.Intel Corporation
HKLM\SOFTWARE\Wow6432Node\VideoLAN =>.VideoLAN
HKLM\SOFTWARE\Wow6432Node\Visan =>.Visan Software
HKLM\SOFTWARE\Wow6432Node\WinISO =>.WinISO Computing Inc
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\CrystalIdea Software =>.CrystalIdea Software
HKCU\SOFTWARE\Geek Uninstaller =>.Geek Uninstaller
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\Hewlett-Packard =>.Hewlett-Packard
HKCU\SOFTWARE\HP =>.HP
HKCU\SOFTWARE\IM Providers =>.IM Providers
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\Intel Security =>.Intel Security
HKCU\SOFTWARE\InterTrust
HKCU\SOFTWARE\MagicISO =>.MagicISO
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\Phantagram
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\ProtectedStorage
HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKCU\SOFTWARE\Skype =>.Skype
HKCU\SOFTWARE\skypeapp-03eca8ebb206
HKCU\SOFTWARE\Sysinternals =>.Sysinternals
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\TrueKey =>.Intel Corporation
HKCU\SOFTWARE\Unknown File Handler =>Adware.InstallCore
HKCU\SOFTWARE\Visan =>.Visan Software
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.RarLab
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\PasswordBox =>.PasswordBox Inc

---\\ Contents of the Common Files folders (175) - 8s
O43 - CFD: 17/10/2016 - [] D -- C:\Program Files\Adobe =>.Adobe
O43 - CFD: 17/10/2016 - [] D -- C:\Program Files\AVAST Software =>.AVAST Software s.r.o.®
O43 - CFD: 02/05/2017 - [] D -- C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 26/10/2016 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\DVD Maker =>.Aone Software
O43 - CFD: 23/11/2016 - [] D -- C:\Program Files\Google =>.Google
O43 - CFD: 21/10/2016 - [] D -- C:\Program Files\HP =>.Hewlett-Packard
O43 - CFD: 17/10/2016 - [] D -- C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 26/10/2016 - [] D -- C:\Program Files\Intel Security =>.Intel Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 17/10/2016 - [] D -- C:\Program Files\Realtek =>.Realtek
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [] D -- C:\Program Files\RogueKiller =>.Adlice
O43 - CFD: 05/05/2017 - [] D -- C:\Program Files\TrueKey =>.Intel Corporation
O43 - CFD: 14/07/2009 - [0] HD -- C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 01/05/2017 - [] D -- C:\Program Files\Uninstall Tool =>.CrystalBit Solutions®
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Journal =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 05/04/2017 - [] D -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 31/12/2016 - [] D -- C:\Program Files\WinRAR =>.win.rar GmbH®
O43 - CFD: 26/10/2016 - [] D -- C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 15/03/2017 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 18/01/2017 - [] D -- C:\Program Files (x86)\D-Fend Reloaded
O43 - CFD: 22/10/2016 - [] D -- C:\Program Files (x86)\DOSBox-0.74
O43 - CFD: 22/11/2016 - [] D -- C:\Program Files (x86)\FastStone Image Viewer =>.FastStone Soft
O43 - CFD: 23/11/2016 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 21/10/2016 - [] D -- C:\Program Files (x86)\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 21/10/2016 - [] D -- C:\Program Files (x86)\HP =>.Hewlett-Packard
O43 - CFD: 21/10/2016 - [] D -- C:\Program Files (x86)\HP Photo Creations =>.Visan Industries®
O43 - CFD: 17/10/2016 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 17/10/2016 - [] D -- C:\Program Files (x86)\Intel =>.Intel Corporation
O43 - CFD: 17/10/2016 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] D -- C:\Program Files (x86)\IrfanView =>.Irfan skiljan
O43 - CFD: 17/01/2017 - [] D -- C:\Program Files (x86)\MagicISO =>.MagicISO
O43 - CFD: 05/05/2017 - [0] D -- C:\Program Files (x86)\McAfee =>.McAfee
O43 - CFD: 26/10/2016 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 17/10/2016 - [0] D -- C:\Program Files (x86)\MSXML 4.0 =>.Microsoft Corporation
O43 - CFD: 18/01/2017 - [] D -- C:\Program Files (x86)\pcem
O43 - CFD: 17/10/2016 - [] D -- C:\Program Files (x86)\Realtek =>.Realtek
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 15/03/2017 - [] RD -- C:\Program Files (x86)\Skype =>.Skype
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files (x86)\SumatraPDF =>.Krzysztof Kowalczyk
O43 - CFD: 17/10/2016 - [0] HD -- C:\Program Files (x86)\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] HD -- C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files (x86)\Unknown File Handler =>Adware.InstallCore
O43 - CFD: 18/01/2017 - [] D -- C:\Program Files (x86)\VDMSound
O43 - CFD: 29/11/2016 - [] D -- C:\Program Files (x86)\VideoLAN =>.VideoLan Team
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 17/01/2017 - [] D -- C:\Program Files (x86)\WinISO Computing =>.WinISO Computing Inc
O43 - CFD: 18/10/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 17/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software =>.AVAST Software
O43 - CFD: 02/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 18/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
O43 - CFD: 22/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
O43 - CFD: 22/11/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer =>.FastStone Soft
O43 - CFD: 01/02/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DOC Reader
O43 - CFD: 01/02/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DOC Viewer
O43 - CFD: 19/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer =>..Superfluous.Bitberry
O43 - CFD: 18/01/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 21/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP =>.Hewlett-Packard
O43 - CFD: 17/10/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel =>.Intel Corporation
O43 - CFD: 02/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView =>.Irfan skiljan
O43 - CFD: 17/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO =>.MagicISO
O43 - CFD: 14/07/2009 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller =>.Adlice
O43 - CFD: 15/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype =>.Skype
O43 - CFD: 31/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
O43 - CFD: 01/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Tool
O43 - CFD: 31/12/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 26/10/2016 - [] D -- C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 07/04/2017 - [] D -- C:\ProgramData\AVAST Software =>.AVAST Software
O43 - CFD: 01/02/2017 - [] D -- C:\ProgramData\Caphyon =>.Caphyon
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 23/11/2016 - [] D -- C:\ProgramData\Google =>.Google
O43 - CFD: 21/10/2016 - [] D -- C:\ProgramData\HP =>.Hewlett-Packard
O43 - CFD: 21/10/2016 - [] D -- C:\ProgramData\HP Photo Creations =>.HP Photo Creations
O43 - CFD: 11/04/2017 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 20/12/2016 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 15/03/2017 - [] D -- C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 03/05/2017 - [] D -- C:\ProgramData\RogueKiller =>.Adlice
O43 - CFD: 15/03/2017 - [] D -- C:\ProgramData\Skype =>.Skype
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 05/05/2017 - [0] D -- C:\ProgramData\SWCUTemp
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 26/10/2016 - [] D -- C:\ProgramData\TrueKey =>.Intel Corporation
O43 - CFD: 21/10/2016 - [] D -- C:\ProgramData\Visan =>.Visan Industries
O43 - CFD: 26/10/2016 - [] D -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 13/04/2017 - [] D -- C:\Program Files (x86)\Common Files\AV =>.Avast
O43 - CFD: 17/10/2016 - [] D -- C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 17/10/2016 - [] D -- C:\Program Files (x86)\Common Files\Intel =>.Intel Corporation
O43 - CFD: 26/10/2016 - [] D -- C:\Program Files (x86)\Common Files\McAfee =>.McAfee
O43 - CFD: 31/03/2017 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 17/10/2016 - [] D -- C:\Program Files (x86)\Common Files\postureAgent =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 15/03/2017 - [] D -- C:\Program Files (x86)\Common Files\Skype =>.Skype
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 26/10/2016 - [] D -- C:\Users\ILANA\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 17/10/2016 - [] D -- C:\Users\ILANA\AppData\Roaming\AVAST Software =>.AVAST Software
O43 - CFD: 01/05/2017 - [] D -- C:\Users\ILANA\AppData\Roaming\CrystalIdea Software =>.CrystalIdea Software
O43 - CFD: 22/11/2016 - [] D -- C:\Users\ILANA\AppData\Roaming\FastStone =>.FastStone Soft
O43 - CFD: 01/05/2017 - [] D -- C:\Users\ILANA\AppData\Roaming\Geek Uninstaller =>.Geek Uninstaller
O43 - CFD: 22/04/2017 - [] D -- C:\Users\ILANA\AppData\Roaming\Google =>.Google
O43 - CFD: 26/11/2016 - [] D -- C:\Users\ILANA\AppData\Roaming\HpUpdate =>.Hewlett-Packard
O43 - CFD: 17/10/2016 - [] D -- C:\Users\ILANA\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 17/10/2016 - [] D -- C:\Users\ILANA\AppData\Roaming\InterTrust
O43 - CFD: 02/01/2017 - [] D -- C:\Users\ILANA\AppData\Roaming\IrfanView =>.Irfan skiljan
O43 - CFD: 21/11/2010 - [0] D -- C:\Users\ILANA\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
O43 - CFD: 29/04/2017 - [] D -- C:\Users\ILANA\AppData\Roaming\Media Freeware =>.Media Freeware
O43 - CFD: 28/10/2016 - [] SD -- C:\Users\ILANA\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 01/05/2017 - [] D -- C:\Users\ILANA\AppData\Roaming\Skype =>.Skype
O43 - CFD: 19/03/2017 - [] D -- C:\Users\ILANA\AppData\Roaming\SumatraPDF =>.Krzysztof Kowalczyk
O43 - CFD: 02/05/2017 - [] D -- C:\Users\ILANA\AppData\Roaming\uTorrent
O43 - CFD: 31/03/2017 - [] D -- C:\Users\ILANA\AppData\Roaming\vlc =>.VideoLan Team
O43 - CFD: 17/01/2017 - [] D -- C:\Users\ILANA\AppData\Roaming\WinISO Computing =>.WinISO Computing Inc
O43 - CFD: 31/12/2016 - [] D -- C:\Users\ILANA\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 05/05/2017 - [] D -- C:\Users\ILANA\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 26/10/2016 - [] D -- C:\Users\ILANA\AppData\Local\Adobe =>.Adobe
O43 - CFD: 17/10/2016 - [0] SHD -- C:\Users\ILANA\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 17/10/2016 - [] D -- C:\Users\ILANA\AppData\Local\Apps =>.Microsoft Corporation
O43 - CFD: 17/10/2016 - [] D -- C:\Users\ILANA\AppData\Local\CEF =>.CEF
O43 - CFD: 17/10/2016 - [0] D -- C:\Users\ILANA\AppData\Local\Deployment =>.Microsoft Corporation
O43 - CFD: 02/11/2016 - [] D -- C:\Users\ILANA\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 22/10/2016 - [] D -- C:\Users\ILANA\AppData\Local\DOSBox =>.DOSBox Team
O43 - CFD: 21/03/2017 - [] D -- C:\Users\ILANA\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 10/12/2016 - [] D -- C:\Users\ILANA\AppData\Local\Google =>.Google
O43 - CFD: 17/10/2016 - [0] SHD -- C:\Users\ILANA\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 21/10/2016 - [] D -- C:\Users\ILANA\AppData\Local\HP =>.Hewlett-Packard
O43 - CFD: 22/03/2017 - [] D -- C:\Users\ILANA\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 19/03/2017 - [] D -- C:\Users\ILANA\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 05/05/2017 - [] D -- C:\Users\ILANA\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 17/10/2016 - [0] SHD -- C:\Users\ILANA\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 10/12/2016 - [] D -- C:\Users\ILANA\AppData\Local\tkdata =>.TK-Data
O43 - CFD: 26/10/2016 - [] D -- C:\Users\ILANA\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 17/01/2017 - [] D -- C:\Users\ILANA\AppData\Local\WinISO Computing =>.WinISO Computing Inc
O43 - CFD: 05/05/2017 - [] D -- C:\Users\ILANA\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 19/03/2017 - [0] D -- C:\Users\ILANA\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] RD -- C:\Users\ILANA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 17/10/2016 - [] RD -- C:\Users\ILANA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 17/01/2017 - [0] D -- C:\Users\ILANA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO =>.MagicISO
O43 - CFD: 14/07/2009 - [] RD -- C:\Users\ILANA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 31/03/2017 - [] RD -- C:\Users\ILANA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 17/01/2017 - [] D -- C:\Users\ILANA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinISO =>.WinISO Computing Inc
O43 - CFD: 31/12/2016 - [] D -- C:\Users\ILANA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 26/10/2016 - [] SD -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\Microsoft =>.Microsoft Corporation

---\\ ShellIconOverlayIdentifiers (SIOI) (4) - 0s
O106 - SIOI: avast [00asw] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) -- C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®
O106 - SIOI: avast [00avast] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) -- C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation

---\\ System Drivers List (64) - 3s
O58 - SDL:2009/07/14 04:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [491088] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [339536] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\drivers\adpu320.sys [182864] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [15440] =>.Microsoft Windows®
O58 - SDL:2010/11/21 06:23:47 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [107904] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [194128] =>.Microsoft Windows®
O58 - SDL:2010/11/21 06:23:47 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [27008] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [87632] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [97856] =>.Microsoft Windows®
O58 - SDL:2017/04/05 02:11:36 A . (.AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) -- C:\Windows\System32\drivers\aswbidsdrivera.sys [307736] =>.AVAST Software s.r.o.®
O58 - SDL:2017/04/05 02:11:36 A . (.AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) -- C:\Windows\System32\drivers\aswbidsha.sys [189768] =>.AVAST Software s.r.o.®
O58 - SDL:2017/04/05 02:11:36 A . (.AVAST Software s.r.o. - Logging Driver.) -- C:\Windows\System32\drivers\aswbloga.sys [334088] =>.AVAST Software s.r.o.®
O58 - SDL:2017/04/05 02:11:36 A . (.AVAST Software s.r.o. - Universal Driver.) -- C:\Windows\System32\drivers\aswbuniva.sys [48528] =>.AVAST Software s.r.o.®
O58 - SDL:2017/04/05 02:12:11 A . (.AVAST Software - Avast HWID.) -- C:\Windows\System32\drivers\aswHwid.sys [38296] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/04/05 02:11:46 A . (.AVAST Software - Avast Keyboard Filter Driver.) -- C:\Windows\System32\drivers\aswKbd.sys [32600] =>.AVAST Software s.r.o.®
O58 - SDL:2017/04/28 19:20:25 A . (.AVAST Software - Avast File System Minifilter for Windows 20.) -- C:\Windows\System32\drivers\aswmonflt.sys [128648] =>.AVAST Software s.r.o.®
O58 - SDL:2017/04/05 02:12:11 A . (.AVAST Software - Avast WFP Redirect Driver.) -- C:\Windows\System32\drivers\aswRdr2.sys [101152] =>.AVAST Software s.r.o.®
O58 - SDL:2017/04/05 02:12:11 A . (.AVAST Software - Avast Revert.) -- C:\Windows\System32\drivers\aswRvrt.sys [75704] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/04/05 02:11:46 A . (.AVAST Software - Avast Virtualization Driver.) -- C:\Windows\System32\drivers\aswSnx.sys [1005048] =>.AVAST Software s.r.o.®
O58 - SDL:2017/04/28 19:20:26 A . (.AVAST Software - Avast self protection module.) -- C:\Windows\System32\drivers\aswsp.sys [556784] =>.AVAST Software s.r.o.®
O58 - SDL:2017/04/05 02:12:12 A . (.AVAST Software - Stream Filter.) -- C:\Windows\System32\drivers\aswStm.sys [164064] =>.AVAST Software s.r.o.®
O58 - SDL:2017/04/05 02:12:12 A . (.AVAST Software - Avast VM Monitor.) -- C:\Windows\System32\drivers\aswVmm.sys [339696] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2009/06/10 23:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60a.sys [270848] =>.Broadcom Corporation
O58 - SDL:2009/06/10 23:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [18432] =>.Brother Industries, Ltd.
O58 - SDL:2009/06/10 23:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [8704] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/14 04:19:07 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [286720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 23:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [47104] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 23:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [14976] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 23:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [14720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 23:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [468480] =>.Broadcom Corporation
O58 - SDL:2009/07/14 04:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/12/10 04:37:56 A . (.Intel Corporation - Intel(R) Gigabit Adapter NDIS 6.x driver.) -- C:\Windows\System32\drivers\e1k62x64.sys [294064] =>.Intel Corporation®
O58 - SDL:2009/07/14 04:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [530496] =>.Microsoft Windows®
O58 - SDL:2009/06/10 23:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [3286016] =>.Broadcom Corporation
O58 - SDL:2009/06/10 23:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [31232] =>.Hauppauge Computer Works, Inc.
O58 - SDL:2009/09/17 07:54:54 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\drivers\HECIx64.sys [56344] =>.Intel Corporation®
O58 - SDL:2010/11/21 06:23:47 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [78720] =>.Microsoft Windows®
O58 - SDL:2009/09/29 00:06:12 A . (.Intel Corporation - NDIS 6.1 Advanced Networking Services..) -- C:\Windows\System32\drivers\iANSW60e.sys [152040] =>.Intel Corporation®
O58 - SDL:2010/11/21 06:23:47 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [410496] =>.Microsoft Windows®
O58 - SDL:2010/01/08 23:32:24 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd64.sys [7841568] =>.Intel Corporation
O58 - SDL:2009/07/14 04:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [44112] =>.Microsoft Windows®
O58 - SDL:2009/11/27 16:15:14 A . (.Intel(R) Corporation - Intel(R) Display HD Audio driver.) -- C:\Windows\System32\drivers\IntcDAud.sys [244736] =>.Intel(R) Corporation
O58 - SDL:2009/10/14 13:29:54 A . (.Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) -- C:\Windows\System32\drivers\iqvw64e.sys [34472] =>.Intel Corporation®
O58 - SDL:2009/07/14 04:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [114752] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [106560] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [65600] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [115776] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [35392] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [284736] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [51264] =>.Microsoft Windows®
O58 - SDL:2010/11/21 06:23:47 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [148352] =>.Microsoft Windows®
O58 - SDL:2010/11/21 06:23:47 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [166272] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1524816] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [128592] =>.Microsoft Windows®
O58 - SDL:2009/10/21 17:27:58 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\Windows\System32\drivers\RTKVHD64.sys [2013856] =>.Realtek Semiconductor Corp®
O58 - SDL:2009/06/10 23:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [23040] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2009/07/14 04:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [43584] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [80464] =>.Microsoft Windows®
O58 - SDL:2016/12/14 21:20:08 A . (.Authors - .) -- C:\Windows\System32\drivers\staport.sys [44952] =>.AVAST Software a.s.®
O58 - SDL:2009/07/14 04:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [24656] =>.Microsoft Windows®
O58 - SDL:2017/05/02 23:37:43 A . (.Authors - .) -- C:\Windows\System32\drivers\TrueSight.sys [28272] =>.Adlice®
O58 - SDL:2009/07/14 04:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/07/14 04:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [161872] =>.Microsoft Windows®
O58 - SDL:2016/10/20 18:13:34 A . (.WinISO.com - WinISO Virtual CD Drive.) -- C:\Windows\System32\drivers\WinisoCDBus.sys [204032] =>.ZJMedia Digital Technology Ltd.®

---\\ Last modified or created user files (3) - 10s
O61 - LFC: 2017/05/01 01:04:07 A . (..) -- C:\Users\ILANA\Desktop\internetflush.bat [827]
O61 - LFC: 2017/04/29 18:47:15 A . (..) -- C:\Users\ILANA\Desktop\rsthosts_2.0 (1).exe [353632]
O61 - LFC: 2017/04/29 18:46:06 A . (..) -- C:\Users\ILANA\Downloads\rsthosts_2.0.exe [353632]

---\\ File Associations Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

---\\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\Launcher.exe =>.AVAST Software s.r.o.®
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ShowIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ReinstallCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\HideIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software

---\\ Search Browser Infection (4) - 0s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com/ =>.Google Inc.

---\\ Search Svchost Services (32) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [72192] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\system32\srvsvc.dll [236032] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [777728] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [853504] =>.Microsoft Corporation
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\Audiosrv.dll [679424] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [99328] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [344064] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [97792] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [64512] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [359424] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [316928] =>.Microsoft Corporation
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll [680960] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [2477536] =>.Microsoft Windows Component Publisher®
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [849920] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [370688] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [569344] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [30720] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [70656] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\system32\iscsiexe.dll [156672] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\system32\mmcss.dll [67584] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [242688] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [121856] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [136192] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [111104] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\system32\schedsvc.dll [1110016] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\system32\kmsvc.dll [90624] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [84480] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [209920] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\system32\themeservice.dll [44544] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [100864] =>.Microsoft Corporation

---\\ Additional Scan (O88) (2) - 2s
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UFH_is1 =>Adware.InstallCore
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UFH_is1 =>Adware.InstallCore

---\\ Summary of the elements found (1) - 0s
https://nicolascoolman.eu/2017/03/12/adware-installcore-2/ =>Adware.InstallCore

~ Unselected Options:
~ End of the scan, 16512 items in 02mn53s (787)(0)






















2.listchkdsk result:
Clicking on the link you provided leads to "error file not found" message

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre :
Run by ILANA at 07/05/2017 23:31:32
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (00mn 02s)

========== Software ==========
REMOVES: Google Toolbar for Internet Explorer
REMOVES: Unknown File Handler

========== Registry keys ==========
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
REMOVES: Service: InstallerService
REMOVES: Service: SkypeUpdate
REMOVES: Service: TrueKey
REMOVES: Service: TrueKeyScheduler
REMOVES: HKLM\SOFTWARE\Wow6432Node\Intel Security
REMOVES: HKLM\SOFTWARE\Wow6432Node\McAfee
REMOVES: HKLM\SOFTWARE\Wow6432Node\TrueKey
REMOVES: HKCU\SOFTWARE\BitTorrent
REMOVES: HKCU\SOFTWARE\Intel Security
REMOVES: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Preferences browser ==========
NOW Chrome File: C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Preferences
REMOVES Chrome Site: http://trovi.com
NOW Chrome File: C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://updatech.ru
NOW Chrome File: C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://campaign.bezeqint.net
NOW Chrome File: C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://mail.google.com
NOW Chrome File: C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://ssl.google-analytics.com
NOW Chrome File: C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://uib.ff.avast.com
NOW Chrome File: C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.googletagmanager.com
NOW Chrome File: C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
REMOVES Chrome Site: http://trovi.com/

========== Folders ==========
No folders empty CLSID Local user
REMOVES Reboot:** c:\program files\truekey
REMOVES: C:\Program Files\Intel Security
REMOVES: C:\Program Files (x86)\McAfee
REMOVES: C:\ProgramData\McAfee
REMOVES: C:\Program Files (x86)\Common Files\McAfee
REMOVES: C:\Users\ILANA\AppData\Roaming\uTorrent
Deletes temporary Windows (13)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES: c:\program files (x86)\skype\updater\updater.exe
REMOVES: c:\program files\truekey\mcafee.truekey.service.exe
REMOVES: c:\program files\truekey\mctkschedulerservice.exe
Deletes temporary Windows (32) (8,172,434 octets)

========== Scheduled task ==========
REMOVES: HPCustPartic.exe_{0778FE57-B2D5-49AC-9D7A-21F1A3348AD5}
REMOVES: RunUninstallTool_SkipUac

========== System restore ==========
The system successfully created restore point

========== Other ==========
NON-TREATY O4 - GS\CommonDesktop [Public]: True Key.lnk . (.Intel Security - .) C:\Program Files (x86)\Intel Security\True Key\application\truekey.exe --open-source=dtopicon


========== Summary ==========
11 : Registry keys
6 : Registry values
8 : Folders
5 : Files
2 : Software
16 : Preferences browser
2 : Scheduled task
1 : System restore
1 : Other


End of clean in 01mn 26s

========== Path to file report ==========
C:\Users\ILANA\AppData\Roaming\ZHP\ZHPFix[R1].txt - 07/05/2017 23:31:35 [3690]