Solved laptop very slow since reinstall

Malnutrition · Mar 6, 2017

It did not complete, try it in safe mode. If that does not work then run this tool for me.

ZHP Diag Scan

Download ZHP Diag to your desktop.

1. Right Click Run as Admin.
2. Click the Scanner button.

When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.

Loosie · Mar 7, 2017

This is getting tedious! I SO appreciate your continued help! Showed 2 bugs on the main page! Still! Can't believe this is after such a recent clean install! What did I do wrong??

Here's that report...

~ ZHPDiag v2017.3.6.40 By Nicolas Coolman (2017/03/06)
~ Run by Anya (Administrator) (2017/03/07 09:44:13)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Anya\Desktop\ZHPDiag.txt
~ Report: C:\Users\Anya\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation

---\\ Internet Browsers (3) - 0s
~ GCIE: Google Chrome v56.0.2924.87
~ MFIE: Mozilla Firefox 51.0.1 (x86 en-US)
~ MSIE: Internet Explorer v8.0.7601.17514

---\\ Windows Product Information (4) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : KO

---\\ System protection software (1) - 2s
Avast Free Antivirus v17.2.2288 (Protection)

---\\ Surveillance software (2) - 2s
~ Adobe Flash Player 24 NPAPI (Surveillance)
~ Adobe Acrobat Reader DC (Surveillance)

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 4145.068 MB (46% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 114 GB (%) free of 152 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: ANYA-PC
~ User Name: Anya
~ Logged in as Administrator

---\\ Enumeration of the disk units (1) - 0s
~ Drive C: has 114 GB free of 152 GB (System)

---\\ State of the Windows Security Center (10) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (25) - 4s
[MD5.AC4C51EB24AA95B77F705AB159189E24] - 21/11/2010 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2872320] =>.Microsoft Corporation
[MD5.DD81D91FF3B0763C392422865C9AC12E] - 14/07/2009 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe [45568] =>.Microsoft Corporation
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - 14/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\Windows\System32\Wininit.exe [129024] =>.Microsoft Corporation
[MD5.F6C5302E1F4813D552F41A0AC82455E5] - 21/11/2010 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [1188864] =>.Microsoft Corporation
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - 21/11/2010 - (.Microsoft Corporation - Windows Logon Application.) -- C:\Windows\System32\Winlogon.exe [390656] =>.Microsoft Corporation
[MD5.067FA52BFB59A56110A12312EF9AF243] - 21/11/2010 - (.Microsoft Corporation - Software Licensing Library.) -- C:\Windows\System32\sppcomapi.dll [232448] =>.Microsoft Corporation
[MD5.A52B6CC24063CC83C78C0E6F24DEEC01] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\System32\dnsapi.dll [357888] =>.Microsoft Corporation
[MD5.59DF156711A76BCB993253EC6C9BBF41] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\Syswow64\dnsapi.dll [270336] =>.Microsoft Corporation
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - 21/11/2010 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [499712] =>.Microsoft Corporation
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [24128] =>.Microsoft Windows®
[MD5.B8BD2BB284668C84865658C77574381A] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
[MD5.F036CE71586E93D94DAB220D7BDF4416] - 21/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [147456] =>.Microsoft Corporation
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - 21/11/2010 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [102400] =>.Microsoft Corporation
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 21/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [122368] =>.Microsoft Corporation
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 14/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\Windows\System32\drivers\i8042prt.sys [105472] =>.Microsoft Corporation
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 14/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [116224] =>.Microsoft Corporation
[MD5.FAF015B07E3A2874A790A39B7D2C579F] - 21/11/2010 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [158208] =>.Microsoft Corporation
[MD5.09594D1089C523423B32A4229263F068] - 21/11/2010 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [261632] =>.Microsoft Corporation
[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - 21/11/2010 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [1659776] =>.Microsoft Windows®
[MD5.0086431C29C35BE1DBC43F52CC273887] - 14/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\drivers\Parport.sys [97280] =>.Microsoft Corporation
[MD5.471815800AE33E6F1C32FB1B97C490CA] - 21/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [129536] =>.Microsoft Corporation
[MD5.1B6163C503398B23FF8B939C67747683] - 21/11/2010 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\Windows\System32\drivers\rdpdr.sys [165888] =>.Microsoft Corporation
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 14/07/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [93184] =>.Microsoft Corporation
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - 21/11/2010 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [119296] =>.Microsoft Corporation
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - 21/11/2010 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\drivers\volsnap.sys [295808] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (6) - 10s
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - Avast Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
O23 - Service: Everything (Everything) . (...) - C:\Program Files\SecureAge\Everything\Everything.exe (.not file.)
O23 - Service: Google Update Service (gupdate) (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (.not file.)
O23 - Service: Malwarebytes Service (MBAMService) . (.Malwarebytes - Malwarebytes Service.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
O23 - Service: SecureAge Everything Server (SAEverythingServer) . (...) - C:\Program Files\SecureAge\Everything\EverythingServer.exe (.not file.)

---\\ Services not Microsoft (SR=Run, SS=Stop) (5) - 77s
SR - Auto [19/12/2016] [ 82640] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
SR - Demand [03/03/2017] [ 7147320] aswbIDSAgent (aswbIDSAgent) . (.AVAST Software s.r.o..) - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe =>.AVAST Software s.r.o.®
SR - Auto [03/03/2017] [ 262736] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
SR - Auto [20/01/2017] [ 4355024] Malwarebytes Service (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
SS - Demand [29/01/2017] [ 172488] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®

---\\ Task Planned Automatically (7) - 13s
[MD5.9CB8D4CF60B6727210821B7189F9B0ED] [APT] [Avast Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2334528] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.3B2336A8281ABE998D156B580D6FAC4F] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [7347928] (.Activate.) =>.Piriform Ltd®
[MD5.5A3D0360D5B48D8D750F6095799755E3] [APT] [PrivaZer_SkipUAC] (.Goversoft LLC.) -- C:\Users\Anya\Desktop\PCHF progs & prework\PrivaZer.exe [15033608] (.Activate.) =>.Goversoft®
[MD5.C72865DE00C0B7E4B4C3DEBCB347FC36] [APT] [AVAST Software\Avast settings backup] (.AVAST Software.) -- C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [797264] (.Activate.) =>.AVAST Software s.r.o.®
O39 - APT: Avast Emergency Update - (.AVAST Software.) -- C:\Windows\System32\Tasks\Avast Emergency Update [3914] =>.AVAST Software s.r.o.®
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2788] =>.Piriform Ltd®
O39 - APT: PrivaZer_SkipUAC - (.Goversoft LLC.) -- C:\Windows\System32\Tasks\PrivaZer_SkipUAC [3162] =>.Goversoft®

---\\ Auto loading programs from Registry and folders (6) - 1s
O4 - HKLM\..\Run: [Malwarebytes TrayApp] . (.Malwarebytes - Malwarebytes Tray Application.) -- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe =>.Malwarebytes Corporation®
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - AvLaunch component.) -- C:\Program Files\AVAST Software\Avast\AvLaunch.exe =>.AVAST Software s.r.o.®
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

---\\ Process running (7) - 2s
[MD5.5258A3572C59D8CAA4D5FDD9EF13674E] - (.AVAST Software - Avast Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736] [PID.1184] =>.AVAST Software s.r.o.®
[MD5.B932E0EE190778D840F1442DFC0F9612] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82640] [PID.1696] =>.Adobe Systems, Incorporated®
[MD5.804E3246E3E73D4A936F2F4BCDC53A2D] - (.Malwarebytes - Malwarebytes Service.) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024] [PID.1220] =>.Malwarebytes Corporation®
[MD5.A6A21A7D544675E98C040DA18904CF50] - (.Malwarebytes - Malwarebytes Tray Application.) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112] [PID.1008] =>.Malwarebytes Corporation®
[MD5.5946A32650C1A8F47868F1BD9FDAFBCC] - (.AVAST Software - Avast Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [9434656] [PID.2168] =>.AVAST Software s.r.o.®
[MD5.57846C1D03BAF2F67848125339A7CEB6] - (.AVAST Software s.r.o. - Avast Behavior Shield.) -- C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320] [PID.2568] =>.AVAST Software s.r.o.®
[MD5.0F8FEC0E86BCF8D9DA613FB910D82368] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Anya\AppData\Roaming\ZHP\ZHPDiag3.exe [2708480] [PID.4580] =>.Nicolas Coolman

---\\ Google Chrome, Start,Search,Extensions (9) - 1s
G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (2) - 1s
M0 - MFSP: prefs.js [Anya - dolfqtls.default] http://mg.mail.yahoo.com/ =>.Yahoo! Inc.
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll =>.Adobe Systems Incorporated

---\\ Internet Explorer Extensions, Start, Search (17) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.bing.com/ =>.Bing.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.bing.com/ =>.Bing.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

---\\ Internet Explorer, Proxy Management (6) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 1s
F2 - REG:system.ini: UserInit=C:\Windows\System32\Userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (4)

---\\ Browser Helper Object (BHO) (1) - 0s
O2 - BHO: avast! Online Security [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>.AVAST Software s.r.o.®

---\\ Global shortcuts Startup (84) - 8s
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Administrator]: Wave Editor.lnk . (.Abyss Media Company - Wave Editor.) C:\Program Files (x86)\Abyssmedia\Wave Editor\editor.exe
O4 - GS\Quicklaunch [Administrator]: Wings 3D (x64) 2.1.5.lnk . (...) C:\Program Files\wings3d_2.1.5\Wings3D.exe
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Image Composite Editor.lnk . (...) C:\Windows\Installer\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}\_AA47ECE46A59EFF35D3345.exe
O4 - GS\TaskBar [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Administrator]: OpenOffice 4.1.2.lnk . (.Apache Software Foundation - OpenOffice 4.1.2.) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe =>.Apache Software Foundation
O4 - GS\TaskBar [Administrator]: paint.net.lnk . (.dotPDN LLC - paint.net.) C:\Program Files\paint.net\PaintDotNet.exe =>.dotPDN LLC®
O4 - GS\TaskBar [Administrator]: Quicken CashBook - Version 8.lnk . (.Intuit - Quicken Executable.) C:\Program Files (x86)\QUICKENW\QW.EXE =>.Intuit
O4 - GS\TaskBar [Administrator]: Start Google Earth.lnk . (.Google - Google Earth.) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Anya]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Anya]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Anya]: Wave Editor.lnk . (.Abyss Media Company - Wave Editor.) C:\Program Files (x86)\Abyssmedia\Wave Editor\editor.exe
O4 - GS\Quicklaunch [Anya]: Wings 3D (x64) 2.1.5.lnk . (...) C:\Program Files\wings3d_2.1.5\Wings3D.exe
O4 - GS\sendTo [Anya]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Anya]: Image Composite Editor.lnk . (...) C:\Windows\Installer\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}\_AA47ECE46A59EFF35D3345.exe
O4 - GS\TaskBar [Anya]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Anya]: OpenOffice 4.1.2.lnk . (.Apache Software Foundation - OpenOffice 4.1.2.) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe =>.Apache Software Foundation
O4 - GS\TaskBar [Anya]: paint.net.lnk . (.dotPDN LLC - paint.net.) C:\Program Files\paint.net\PaintDotNet.exe =>.dotPDN LLC®
O4 - GS\TaskBar [Anya]: Quicken CashBook - Version 8.lnk . (.Intuit - Quicken Executable.) C:\Program Files (x86)\QUICKENW\QW.EXE =>.Intuit
O4 - GS\TaskBar [Anya]: Start Google Earth.lnk . (.Google - Google Earth.) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe =>.Google Inc®
O4 - GS\TaskBar [Anya]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Anya]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Anya]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Guest]: Wave Editor.lnk . (.Abyss Media Company - Wave Editor.) C:\Program Files (x86)\Abyssmedia\Wave Editor\editor.exe
O4 - GS\Quicklaunch [Guest]: Wings 3D (x64) 2.1.5.lnk . (...) C:\Program Files\wings3d_2.1.5\Wings3D.exe
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Image Composite Editor.lnk . (...) C:\Windows\Installer\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}\_AA47ECE46A59EFF35D3345.exe
O4 - GS\TaskBar [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Guest]: OpenOffice 4.1.2.lnk . (.Apache Software Foundation - OpenOffice 4.1.2.) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe =>.Apache Software Foundation
O4 - GS\TaskBar [Guest]: paint.net.lnk . (.dotPDN LLC - paint.net.) C:\Program Files\paint.net\PaintDotNet.exe =>.dotPDN LLC®
O4 - GS\TaskBar [Guest]: Quicken CashBook - Version 8.lnk . (.Intuit - Quicken Executable.) C:\Program Files (x86)\QUICKENW\QW.EXE =>.Intuit
O4 - GS\TaskBar [Guest]: Start Google Earth.lnk . (.Google - Google Earth.) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\CommonDesktop [Public]: Avast Free Antivirus.lnk . (.AVAST Software - Avast Antivirus.) C:\Program Files\AVAST Software\Avast\AvastUI.exe =>.AVAST Software s.r.o.®
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Programs [Public]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\Windows\system32\eudcedit.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\Windows\system32\displayswitch.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - Math Input Panel Accessory.) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\Windows\system32\mblctr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: NetworkProjection.lnk . (.Microsoft Corporation - Connect to a Network Projector.) C:\Windows\system32\NetProj.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\Windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\Windows\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\Windows\system32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\Windows\system32\StikyNot.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\Windows\system32\rundll32.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\Windows\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\Windows\system32\dfrgui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\Windows\system32\cleanmgr.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\Windows\system32\perfmon.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\Windows\system32\msinfo32.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\Windows\system32\rstrui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) C:\Windows\system32\taskschd.msc =>..Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\Windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\Windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.) C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico =>.Flexera Software LLC
O4 - GS\ProgramsCommon [Public]: Express Scribe Transcription Software.lnk . (.NCH Software - Express Scribe Transcription Software.) C:\Program Files (x86)\NCH Software\Scribe\scribe.exe =>.NCH Software®
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.) C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\ProgramsCommon [Public]: paint.net.lnk . (.dotPDN LLC - paint.net.) C:\Program Files\paint.net\PaintDotNet.exe =>.dotPDN LLC®
O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Anytime Upgrade.lnk . (.Microsoft Corporation - Windows Anytime Upgrade User Interface.) C:\Windows\system32\WindowsAnytimeUpgradeUI.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - Windows DVD Maker.) C:\Program Files\DVD Maker\DVDMaker.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\Windows\system32\xpsrchvw.exe =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (4) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpDomain = gateway
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 =>.Private IP
O17 - HKLM\System\CCS\Services\Tcpip\..\{12A21B6A-4A1F-42D7-8FE4-67D02DB214E3}: DhcpNameServer = 10.0.0.138 =>.Private IP (10.0.0.0 - 10.255.255.255) =>.Private IP
O17 - HKLM\System\CCS\Services\Tcpip\..\{12A21B6A-4A1F-42D7-8FE4-67D02DB214E3}: DhcpDomain = gateway

---\\ Extra protocols (22) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: deflate [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Filter: gzip [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation

---\\ Software installed (26) - 9s
O42 - Logiciel: Adobe Acrobat Reader DC - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1033-7B44-AC0F074E4100} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Flash Player 24 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-0804-1033-1959-001824211354} =>.Adobe Systems Incorporated
O42 - Logiciel: Avast Free Antivirus - (.AVAST Software.) [HKLM][64Bits] -- Avast Antivirus =>.AVAST Software s.r.o.®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: Express Scribe Transcription Software - (.NCH Software.) [HKLM][64Bits] -- Scribe =>.NCH Software®
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Earth - (.Google.) [HKLM][64Bits] -- {F6430171-B86B-4639-839E-374913E7911D} =>.Google
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Image Composite Editor - (.Microsoft Corporation.) [HKLM][64Bits] -- {92AB5708-1AAA-4B1B-A8D5-45CF3AD77519} =>.Microsoft Corporation
O42 - Logiciel: Malwarebytes version 3.0.6.1469 - (.Malwarebytes.) [HKLM][64Bits] -- {35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1 =>.Malwarebytes Corporation®
O42 - Logiciel: Mozilla Firefox 51.0.1 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 51.0.1 (x86 en-US) =>.Mozilla Corporation®
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService =>.Mozilla
O42 - Logiciel: MVHShellExtension - (.MyVirtualHome.) [HKLM][64Bits] -- {48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}
O42 - Logiciel: OpenOffice 4.1.2 - (.Apache Software Foundation.) [HKLM][64Bits] -- {E6AD67BB-1C33-4AB3-A387-E0D48137AB70} =>.Apache Software Foundation
O42 - Logiciel: paint.net - (.dotPDN LLC.) [HKLM][64Bits] -- {6AC1101E-7561-43C9-BEEA-4AB1D220D8FF} =>.dotPDN LLC
O42 - Logiciel: Quicken CashBook - Version 8 - (.Intuit Inc.) [HKLM][64Bits] -- Quicken CashBook - Version 8
O42 - Logiciel: situhome - (.Homesoft Pty. Ltd..) [HKLM][64Bits] -- {1201D379-9B6F-4419-9A64-5929D1495696}
O42 - Logiciel: situhome - (.Homesoft Pty. Ltd..) [HKLM][64Bits] -- {BDFC5012-189A-4D13-B1CF-279DF1D2F03B}
O42 - Logiciel: Speccy - (.Piriform.) [HKLM][64Bits] -- Speccy =>.Piriform Ltd®
O42 - Logiciel: Toolwiz Smart Defrag 2011 - (.Toolwiz.com..) [HKLM][64Bits] -- Toolwiz Smart Defrag FREE_is1
O42 - Logiciel: Visual Studio 2012 x64 Redistributables - (.AVG Technologies.) [HKLM][64Bits] -- {8C775E70-A791-4DA8-BCC3-6AB7136F4484} =>.AVG Technologies
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM][64Bits] -- {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN
O42 - Logiciel: Windows Resource Kit Tools - SubInAcl.exe - (.Microsoft Corporation.) [HKLM][64Bits] -- {D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE} =>.Microsoft Corporation
O42 - Logiciel: Wings 3D 2.1.5 - (..) [HKLM][64Bits] -- Wings 3D 2.1.5

---\\ HKCU & HKLM Software Keys (46) - 9s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\Intuit =>.Intuit
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\NCH Software =>.NCH Software
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\OpenOffice =>.SourceForge
HKLM\SOFTWARE\Wow6432Node\SecureAge Technology =>.SecureAge Technology
HKLM\SOFTWARE\Wow6432Node\ToolwizSystemCare =>.Toolwiz
HKLM\SOFTWARE\Wow6432Node\TrendMicro =>.TrendMicro
HKLM\SOFTWARE\Wow6432Node\VideoLAN =>.VideoLAN
HKLM\SOFTWARE\Wow6432Node\Wings 3D
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Abyssmedia =>.AbyssMedia
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\DriverSupport =>PUP.Optional.DriverSupport
HKCU\SOFTWARE\Geek Uninstaller =>.Geek Uninstaller
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\Homesoft Pty. Ltd.
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\NCH Software =>.NCH Software
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\OpenOffice =>.SourceForge
HKCU\SOFTWARE\paint.net =>.Rick Brewster
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\SecureAge Technology =>.SecureAge Technology
HKCU\SOFTWARE\situhome
HKCU\SOFTWARE\situhomeLauncher
HKCU\SOFTWARE\SmartDraw.com =>.SmartDraw.com
HKCU\SOFTWARE\SystemQQX
HKCU\SOFTWARE\ToolwizSystemCare =>.Toolwiz
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\undefined =>.Superfluous.Downloader
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation

---\\ Contents of the Common Files folders (144) - 16s
O43 - CFD: 03/03/2017 - [] DC -- C:\Program Files\AVAST Software =>.AVAST Software s.r.o.®
O43 - CFD: 01/03/2017 - [] DC -- C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 03/03/2017 - [] DC -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\DVD Maker =>.Aone Software
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 01/03/2017 - [] DC -- C:\Program Files\Malwarebytes =>.Malwarebytes
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files\Microsoft Research =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 04/01/2017 - [] DC -- C:\Program Files\paint.net =>.Rick Brewster
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 02/03/2017 - [] DC -- C:\Program Files\Speccy =>.Piriform
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Windows Journal =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] DC -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 14/01/2017 - [] DC -- C:\Program Files\wings3d_2.1.5
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files (x86)\Abyssmedia =>.AbyssMedia
O43 - CFD: 19/01/2017 - [] DC -- C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 03/03/2017 - [] DC -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 06/02/2017 - [] DC -- C:\Program Files (x86)\Display
O43 - CFD: 02/03/2017 - [] DC -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 12/01/2017 - [] HDC -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 02/02/2017 - [] DC -- C:\Program Files (x86)\Mozilla Firefox =>.Mozilla
O43 - CFD: 02/02/2017 - [] DC -- C:\Program Files (x86)\Mozilla Maintenance Service =>.Mozilla
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 12/01/2017 - [] DC -- C:\Program Files (x86)\MyVirtualHome
O43 - CFD: 02/03/2017 - [] DC -- C:\Program Files (x86)\NCH Software =>.NCH Software
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files (x86)\OpenOffice 4 =>.OpenOffice.org
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files (x86)\QUICKENW
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 12/01/2017 - [] DC -- C:\Program Files (x86)\situhome
O43 - CFD: 05/03/2017 - [] DC -- C:\Program Files (x86)\Toolwiz Smart Defrag FREE =>.IObit
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files (x86)\VideoLAN =>.VideoLan Team
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [] DC -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 17/02/2017 - [] DC -- C:\Program Files (x86)\Windows Resource Kits =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abyssmedia =>.AbyssMedia
O43 - CFD: 02/03/2017 - [] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 02/03/2017 - [] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 03/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software =>.AVAST Software
O43 - CFD: 02/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 02/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs
O43 - CFD: 02/03/2017 - [] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 02/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth =>.Google Earth
O43 - CFD: 02/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor =>.Microsoft Corporation
O43 - CFD: 02/03/2017 - [] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 02/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes =>.Malwarebytes
O43 - CFD: 02/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
O43 - CFD: 02/03/2017 - [] SDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2 =>.SourceForge
O43 - CFD: 02/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8
O43 - CFD: 02/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\situhome
O43 - CFD: 02/03/2017 - [0] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw 2016
O43 - CFD: 02/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy =>.Piriform
O43 - CFD: 09/01/2017 - [0] RDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [0] RHDC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
O43 - CFD: 05/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Smart Defrag FREE =>.IObit
O43 - CFD: 02/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN =>.VideoLan Team
O43 - CFD: 02/03/2017 - [] DC -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings 3D 2.1.5
O43 - CFD: 19/01/2017 - [] DC -- C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 03/03/2017 - [] DC -- C:\ProgramData\AVAST Software =>.AVAST Software
O43 - CFD: 03/03/2017 - [] DC -- C:\ProgramData\ClamAV =>.Legitimate
O43 - CFD: 07/01/2017 - [] HDC -- C:\ProgramData\Common Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 05/01/2017 - [] DC -- C:\ProgramData\HitmanPro =>.EIDOS hitman Game
O43 - CFD: 01/03/2017 - [] DC -- C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 04/01/2017 - [] SDC -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/03/2017 - [] DC -- C:\ProgramData\NCH Software =>.NCH Software
O43 - CFD: 01/03/2017 - [] DC -- C:\ProgramData\RogueKiller =>.Adlice
O43 - CFD: 03/03/2017 - [] DC -- C:\ProgramData\SecureAge Technology =>.SecureAge Technology
O43 - CFD: 12/01/2017 - [] DC -- C:\ProgramData\situhome
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 06/03/2017 - [0] DC -- C:\ProgramData\SWCUTemp
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 19/01/2017 - [] DC -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 03/03/2017 - [] DC -- C:\Program Files (x86)\Common Files\AV =>.Avast
O43 - CFD: 02/01/2017 - [] DC -- C:\Program Files (x86)\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Program Files (x86)\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 19/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 03/03/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\AVAST Software =>.AVAST Software
O43 - CFD: 03/03/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\Geek Uninstaller =>.Geek Uninstaller
O43 - CFD: 02/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 12/04/2011 - [0] DC -- C:\Users\Anya\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
O43 - CFD: 09/01/2017 - [] SDC -- C:\Users\Anya\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 02/03/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\NCH Software =>.NCH Software
O43 - CFD: 02/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\OpenOffice =>.SourceForge
O43 - CFD: 03/03/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\SecureAge Technology =>.SecureAge Technology
O43 - CFD: 12/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\situhome
O43 - CFD: 12/01/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\SmartDraw
O43 - CFD: 07/03/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\vlc =>.VideoLan Team
O43 - CFD: 07/03/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 17/02/2017 - [] DC -- C:\Users\Anya\AppData\Local\Adobe =>.Adobe
O43 - CFD: 02/01/2017 - [0] SHD -- C:\Users\Anya\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 07/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\Avg =>.AVG Software
O43 - CFD: 07/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\AvgSetupLog =>.AVG Software
O43 - CFD: 07/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\CEF =>.CEF
O43 - CFD: 12/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 03/03/2017 - [0] DC -- C:\Users\Anya\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 02/03/2017 - [] DC -- C:\Users\Anya\AppData\Local\Google =>.Google
O43 - CFD: 02/01/2017 - [0] SHD -- C:\Users\Anya\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 09/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\Image Composite Editor =>.Microsoft Corporation
O43 - CFD: 03/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\Macromedia =>.Macromedia
O43 - CFD: 09/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\Mozilla =>.Mozilla Corporation
O43 - CFD: 04/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\paint.net =>.Rick Brewster
O43 - CFD: 02/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 12/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\SmartDraw
O43 - CFD: 07/03/2017 - [] DC -- C:\Users\Anya\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [0] SHD -- C:\Users\Anya\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 09/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\ToolwizCareFree =>.Toolwiz
O43 - CFD: 14/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [0] DC -- C:\Users\Anya\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 02/03/2017 - [] RDC -- C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] RDC -- C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 02/03/2017 - [] RDC -- C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 08/01/2017 - [0] RDC -- C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] DC -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] DC -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] DC -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [] SD -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\Microsoft =>.Microsoft Corporation

---\\ ShellIconOverlayIdentifiers (SIOI) (3) - 1s
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation
O106 - SIOI: avast [00asw] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) -- C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®

---\\ System Drivers List (64) - 18s
O58 - SDL:2009/07/14 12:52:21 AC . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [491088] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:52:21 AC . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [339536] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:52:21 AC . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\drivers\adpu320.sys [182864] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:52:21 AC . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [15440] =>.Microsoft Windows®
O58 - SDL:2010/11/21 14:23:47 AC . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [107904] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:52:20 AC . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [194128] =>.Microsoft Windows®
O58 - SDL:2010/11/21 14:23:47 AC . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [27008] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:52:21 AC . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [87632] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:52:21 AC . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [97856] =>.Microsoft Windows®
O58 - SDL:2017/03/03 19:43:49 AC . (.AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) -- C:\Windows\System32\drivers\aswbidsdrivera.sys [309272] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/03 19:43:49 AC . (.AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) -- C:\Windows\System32\drivers\aswbidsha.sys [189768] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/03 19:43:49 AC . (.AVAST Software s.r.o. - Logging Driver.) -- C:\Windows\System32\drivers\aswbloga.sys [334600] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/03 19:43:49 AC . (.AVAST Software s.r.o. - Universal Driver.) -- C:\Windows\System32\drivers\aswbuniva.sys [48528] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/03 19:45:42 AC . (.AVAST Software - Avast HWID.) -- C:\Windows\System32\drivers\aswHwid.sys [38296] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/03/03 23:54:43 AC . (.AVAST Software - Avast Keyboard Filter Driver.) -- C:\Windows\System32\drivers\aswKbd.sys [32088] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/03 19:45:42 AC . (.AVAST Software - Avast File System Minifilter for Windows 20.) -- C:\Windows\System32\drivers\aswMonFlt.sys [126600] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/03 19:45:41 AC . (.AVAST Software - Avast WFP Redirect Driver.) -- C:\Windows\System32\drivers\aswRdr2.sys [100640] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/03 19:45:42 AC . (.AVAST Software - Avast Revert.) -- C:\Windows\System32\drivers\aswRvrt.sys [75704] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/03/03 19:44:45 AC . (.AVAST Software - Avast Virtualization Driver.) -- C:\Windows\System32\drivers\aswSnx.sys [993608] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/03 19:45:42 AC . (.AVAST Software - Avast self protection module.) -- C:\Windows\System32\drivers\aswSP.sys [547904] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/03 19:45:43 AC . (.AVAST Software - Stream Filter.) -- C:\Windows\System32\drivers\aswStm.sys [162528] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/03 19:45:43 AC . (.AVAST Software - Avast VM Monitor.) -- C:\Windows\System32\drivers\aswVmm.sys [337592] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2009/06/11 07:34:23 AC . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60a.sys [270848] =>.Broadcom Corporation
O58 - SDL:2009/06/11 07:41:06 AC . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [18432] =>.Brother Industries, Ltd.
O58 - SDL:2009/06/11 07:41:06 AC . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [8704] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/14 12:19:07 AC . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [286720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/11 07:41:10 AC . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [47104] =>.Brother Industries Ltd.
O58 - SDL:2009/06/11 07:41:10 AC . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [14976] =>.Brother Industries Ltd.
O58 - SDL:2009/06/11 07:41:10 AC . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [14720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/11 07:34:28 AC . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [468480] =>.Broadcom Corporation
O58 - SDL:2009/07/14 12:52:31 AC . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/06/11 07:35:02 AC . (.Intel Corporation - Intel(R) Gigabit Network Connection NDIS 6.) -- C:\Windows\System32\drivers\e1y60x64.sys [281088] =>.Intel Corporation
O58 - SDL:2009/07/14 12:47:48 AC . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [530496] =>.Microsoft Windows®
O58 - SDL:2009/06/11 07:34:33 AC . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [3286016] =>.Broadcom Corporation
O58 - SDL:2017/03/06 08:19:36 AC . (.Malwarebytes - Malwarebytes Anti-Ransomware Protection.) -- C:\Windows\System32\drivers\farflt.sys [110536] =>.Malwarebytes Corporation®
O58 - SDL:2009/06/11 07:31:59 AC . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [31232] =>.Hauppauge Computer Works, Inc.
O58 - SDL:2010/11/21 14:23:47 AC . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [78720] =>.Microsoft Windows®
O58 - SDL:2010/11/21 14:23:47 AC . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [410496] =>.Microsoft Windows®
O58 - SDL:2009/06/11 07:37:05 AC . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd64.sys [6108416] =>.Intel Corporation
O58 - SDL:2009/07/14 12:48:04 AC . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [44112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:48:04 AC . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [114752] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:48:04 AC . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [106560] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:48:04 AC . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [65600] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:48:04 AC . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [115776] =>.Microsoft Windows®
O58 - SDL:2017/01/20 07:47:44 AC . (.Authors - .) -- C:\Windows\System32\drivers\mbae64.sys [77416] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/06 08:19:32 AC . (.Malwarebytes - Malwarebytes Real-Time Protection.) -- C:\Windows\System32\drivers\mbam.sys [43968] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/04 08:34:14 AC . (.Malwarebytes - Malwarebytes Chameleon.) -- C:\Windows\System32\drivers\MBAMChameleon.sys [176584] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/06 08:19:24 AC . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848] =>.Malwarebytes Corporation®
O58 - SDL:2009/07/14 12:48:04 AC . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [35392] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:48:04 AC . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [284736] =>.Microsoft Windows®
O58 - SDL:2017/03/06 21:45:31 AC . (.Malwarebytes - Malwarebytes Web Protection.) -- C:\Windows\System32\drivers\mwac.sys [81696] =>.Malwarebytes Corporation®
O58 - SDL:2009/06/11 07:35:28 AC . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\System32\drivers\netw5v64.sys [5434368] =>.Intel Corporation
O58 - SDL:2009/07/14 12:48:26 AC . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [51264] =>.Microsoft Windows®
O58 - SDL:2010/11/21 14:23:47 AC . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [148352] =>.Microsoft Windows®
O58 - SDL:2010/11/21 14:23:47 AC . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [166272] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:45:46 AC . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1524816] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:45:45 AC . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [128592] =>.Microsoft Windows®
O58 - SDL:2009/06/11 07:37:19 AC . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [23040] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2009/07/14 12:45:45 AC . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [43584] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:45:46 AC . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [80464] =>.Microsoft Windows®
O58 - SDL:2015/03/05 22:17:30 AC . (.SecureAge Technology - SLogDrv.) -- C:\Windows\System32\drivers\SLogDrv.sys [68120] =>.SecureAge Technology Pte Ltd®
O58 - SDL:2009/07/14 12:45:55 AC . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [24656] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:45:55 AC . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:45:55 AC . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [161872] =>.Microsoft Windows®

---\\ Last modified or created user files (12) - 55s
O61 - LFC: 2017/03/03 20:17:04 AC . (.Company © regist & Drongo.) -- C:\Users\Anya\Desktop\PCHF progs & prework\AutoLogger\AutoLogger.exe [13222363]
O61 - LFC: 2017/03/02 13:30:04 AC . (.Alex Dragokas.) -- C:\Users\Anya\Desktop\PCHF progs & prework\AutoLogger\AutoLogger\CheckBrowsersLNK\Check Browsers LNK.exe [819416]
O61 - LFC: 2017/03/02 13:30:04 AC . (..) -- C:\Users\Anya\Desktop\PCHF progs & prework\AutoLogger\AutoLogger\RSIT\RSIT.exe [1201152]
O61 - LFC: 2017/03/02 13:30:04 AC . (..) -- C:\Users\Anya\Desktop\PCHF progs & prework\AutoLogger\AutoLogger\RSIT\RSITx64.exe [1324032]
O61 - LFC: 2017/03/02 20:48:20 AC . (.Alex Dragokas.) -- C:\Users\Anya\Desktop\PCHF progs & prework\clearlnk_2.9.0.11(1).exe [462976]
O61 - LFC: 2017/03/02 20:40:37 AC . (.Alex Dragokas.) -- C:\Users\Anya\Desktop\PCHF progs & prework\clearlnk_2.9.0.11.exe [462976]
O61 - LFC: 2017/03/02 20:40:45 AC . (..) -- C:\Users\Anya\Desktop\PCHF progs & prework\ListChkdskResult.exe [197679]
O61 - LFC: 2017/03/03 09:35:35 AC . (..) -- C:\Users\Anya\Desktop\PCHF progs & prework\rsthosts_2.0.exe [353632]
O61 - LFC: 2017/03/05 22:57:53 AC . (.Toolwiz.com..) -- C:\Users\Anya\Desktop\PCHF progs & prework\Setup_SmartDefrag\Setup_SmartDefrag.exe [776280] {6B01A485CA0C94226AA153DE1A468248}
O61 - LFC: 2017/03/04 20:01:46 AC . (..) -- C:\Users\Anya\Desktop\PCHF progs & prework\zoek.exe [1309184]
O61 - LFC: 2017/03/03 09:47:32 AC . (..) -- C:\Users\Anya\Downloads\remotesupport.exe [1056340]
O61 - LFC: 2017/03/04 20:05:55 AC . (..) -- C:\Users\Anya\Downloads\zoek(1).exe [1309184]

---\\ File Associations Shell Spawning (11) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®

---\\ Start Menu Internet (12) - 1s
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

---\\ Search Browser Infection (1) - 10s
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com/ =>.Google Inc.

---\\ Search Svchost Services (33) - 2s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [72192] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\system32\srvsvc.dll [236032] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [777728] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [853504] =>.Microsoft Corporation
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\Audiosrv.dll [679424] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [99328] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [344064] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [97792] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [64512] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [359424] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [316928] =>.Microsoft Corporation
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll [680960] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [2477536] =>.Microsoft Windows Component Publisher®
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [849920] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [370688] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [569344] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [30720] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [70656] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\system32\iscsiexe.dll [156672] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\system32\mmcss.dll [67584] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [242688] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [121856] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [136192] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [111104] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\system32\schedsvc.dll [1110016] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\system32\kmsvc.dll [90624] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [84480] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [209920] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\system32\themeservice.dll [44544] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [100864] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [193536] =>.Microsoft Corporation

---\\ Additional Scan (O88) (1) - 0s
~ No malicious or unnecessary items found.

---\\ Summary of the elements found (2) - 0s
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.DriverSupport
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Downloader

~ Unselected Options: O82,
~ End of the scan, 9243 items in 13mn35s (677)(0)

Malnutrition · Mar 7, 2017

ZHP Fix

Disable your antivirus prior to this fix!
Download ZHP-Fix from here.
Install it.
Click Suivant 5 Times.
Then Installer.
Then Terminer.
Then right clcick the ZHP Fix icon Run as admin.
Copy the entire content of the code box below, the next step will grab it from your clipboard.
Then click on import.
Then click GO.
Allow completion.
A log file will appear on your desktop.
Post it here in your next reply.

Code:

Script ZhpFix
SysRestore
EmptyFlash
ProxyFix
EmptyCLSID
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience
C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\extensions\abs@avira.com.xpi
C:\Windows\system32\drivers\TrueSight.sys
C:\0a8ec230a9bc40a012aaed
C:\ProgramData\Avg
C:\ProgramData\TechUtilities64
C:\Windows.old
C:\Program Files (x86)\Avira
C:\Windows10Upgrade
C:\ESD
C:\$Windows.~WS
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
C:\Program Files\SecureAge
C:\Program Files (x86)\Windows Defender
C:\Users\Anya\AppData\Local\Temp\~DF629C3D595DC43EF8.TMP
C:\Users\Anya\AppData\Local\Temp\~DF8CFA1C7CC0D40AA9.TMP
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
O23 - Service: SecureAge Everything Server (SAEverythingServer) . (...) - C:\Program Files\SecureAge\Everything\EverythingServer.exe (.not file.)
SS - Demand [29/01/2017] [ 172488] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.bing.com/ =>.Bing.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.bing.com/ =>.Bing.com
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\SecureAge Technology =>.SecureAge Technology
HKLM\SOFTWARE\Wow6432Node\TrendMicro =>.TrendMicro
HKCU\SOFTWARE\DriverSupport =>PUP.Optional.DriverSupport
HKCU\SOFTWARE\SecureAge Technology =>.SecureAge Technology
HKCU\SOFTWARE\SystemQQX
HKCU\SOFTWARE\undefined =>.Superfluous.Downloader
O43 - CFD: 12/04/2011 - [] DC -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 03/03/2017 - [] DC -- C:\ProgramData\ClamAV =>.Legitimate
O43 - CFD: 03/03/2017 - [] DC -- C:\ProgramData\SecureAge Technology =>.SecureAge Technology
O43 - CFD: 03/03/2017 - [] DC -- C:\Users\Anya\AppData\Roaming\SecureAge Technology =>.SecureAge Technology
O43 - CFD: 07/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\Avg =>.AVG Software
O43 - CFD: 07/01/2017 - [] DC -- C:\Users\Anya\AppData\Local\AvgSetupLog =>.AVG Software
O61 - LFC: 2017/03/03 09:47:32 AC . (..) -- C:\Users\Anya\Downloads\remotesupport.exe [1056340]
EmptyTemp

Security Check Scan.

Download Security Check to your desktop.
Right click it run as administrator.
When the program completes, the tool will automatically open a log file.
Please post that log here in your next post.

Loosie · Mar 10, 2017

Pardon delay... there are 2, so 'report' pasted here, other attached.

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre :
Run by Anya at 3/7/2017 10:04:12 PM
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (03mn AMs)

========== Software ==========
ABSENT Uninstall Process: c:\program files (x86)\mozilla maintenance service\uninstall.exe

========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
REMOVES: Service: AdobeARMservice
REMOVES: Service: SAEverythingServer
REMOVES: HKLM\SOFTWARE\Wow6432Node\SecureAge Technology
REMOVES: HKLM\SOFTWARE\Wow6432Node\TrendMicro
REMOVES: HKCU\SOFTWARE\DriverSupport
REMOVES: HKCU\SOFTWARE\SecureAge Technology
REMOVES: HKCU\SOFTWARE\SystemQQX
REMOVES: HKCU\SOFTWARE\undefined

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value
REMOVES RunValue: Sidebar
REMOVES: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

========== Elements of the registry data ==========
REMOVES: R1 Search Page = http://www.bing.com/search?FORM=INC...DtDtB0C0FtD0CtDyC0F2QtN0A0LzuyE&cr=1089545944

========== Folders ==========
No folders empty CLSID Local user
REMOVES Reboot:** C:\Program Files\Windows Defender
REMOVES: C:\ProgramData\ClamAV
REMOVES: C:\ProgramData\SecureAge Technology
REMOVES: C:\Users\Anya\AppData\Roaming\SecureAge Technology
REMOVES: C:\Users\Anya\AppData\Local\Avg
REMOVES: C:\Users\Anya\AppData\Local\AvgSetupLog
Deletes temporary Windows (28)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES: c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
REMOVES: c:\program files\windows sidebar\sidebar.exe
REMOVES Reboot: c:\program files\windows sidebar\sidebar.exe
REMOVES: c:\users\anya\downloads\remotesupport.exe
Deletes temporary Windows (147) (93,384,262 octets)

========== System restore ==========
The system successfully created restore point

========== Summary ==========
9 : Registry keys
8 : Registry values
1 : Elements of the registry data
8 : Folders
6 : Files
1 : Software
1 : System restore

End of clean in 56mn AMs

========== Path to file report ==========
C:\Users\Anya\AppData\Roaming\ZHP\ZHPFix[R1].txt - 3/7/2017 10:04:16 PM [2755]

Malnutrition · Mar 11, 2017

So... How is the machine running?

Loosie · Mar 12, 2017

Better, but still quite ornery I'm afraid. Why - seems clean now, from your perspective?? If so, is there a 'tweak' program that's worth having? I had 'toolwiz plus', as been told that was good, but I always wonder if they're really worth doing... Haven't been on it much last few days tho.

And to clarify, I thought MWB was good to go with other virus progs, didn't conflict. So running it with Avast is OK/good? Or should I have one or the other...?

Then today, my daughter was looking at youtube on her machine & suddenly a page opened and a robotic female says 'this is microsoft. Your computer is infected with malware and your credit card & personal details are being sent to them. Ring toll free number to walk through the cleaning process...' No sooner had I closed Firefox(sus'd a scam) & ran a Malwarebytes scan(she also has Avast & MWB), which found nothing but PUPs, than my computer had a pop up with the same message - in a robot male voice! Just ran MWB & it found nothing at all.

Malnutrition · Mar 14, 2017

Loosie said:
If so, is there a 'tweak' program that's worth having? I

Simple System Tweaker.

Loosie said:
And to clarify, I thought MWB was good to go with other virus progs, didn't conflict. So running it with Avast is OK/good? Or should I have one or the other...?

You can run them together, but Malwarebytes has gone downhill as of late.... So not sure how effective it will be. The paid version runs full time the free version is just on demand and ok to have with whatever you have on your machine.

Loosie said:
Then today, my daughter was looking at youtube on her machine & suddenly a page opened and a robotic female says 'this is microsoft. Your computer is infected with malware and your credit card & personal details are being sent to them. Ring toll free number to walk through the cleaning process..

You can start a new thread for her machine...

Glad to have helped!! Please tell a friend ...... or two about us.

Optimize your internet connection.

Click here for instructions.

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.

Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.

Some items to keep you safe on the internet.

VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.

Now Lets Clean up the tools we used and remove old restore points.

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:

Remove disinfection tools
Create registry backup
Purge System Restore

Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

Loosie · Mar 14, 2017

You can start a new thread for her machine...

Yeah, told you that because... strange coincidence, my computer came up with same message immediately after hers. And both of outs scanned clean - aside from some PUPs she had.

Will do the above suggestion - haven't got there yet, but to clarify, it's not just the internet/Firefox that's slow/sticky. For eg. even when nothing else is open & I click Windows Explorer, it opens but says 'not responding' periodically. And sometimes programs won't open - I click them on the taskbar as usual & nothing happens - yes, I do wait a fair while before trying again & I can 'open with' into these programs from Win Explorer... when it works.

Malnutrition · Mar 15, 2017

I'd suggest that you reset your router to factory settings if you are both having the same issue.

Let's have a fresh look at your system after the above scans please.

Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Right-click on FRST icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked, as well as Shortcut.txt
Press Scan button and wait.
The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt -- & Shortcut.txt

Please Copy & Paste them into your next reply. But attach Shortcut.txt

Loosie · Mar 15, 2017

FRST;

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Anya (administrator) on ANYA-PC (15-03-2017 22:26:25)
Running from C:\Users\Anya\Desktop\PCHF progs & prework
Loaded Profiles: Anya (Available Profiles: Anya)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Microsoft) C:\Program Files\Microsoft Research\Image Composite Editor\ICE.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-03] (AVAST Software)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-03] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{12A21B6A-4A1F-42D7-8FE4-67D02DB214E3}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
URLSearchHook: [S-1-5-21-3010178862-2183218474-3834878404-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> DefaultScope {26080cad-4adc-49ac-8c63-eda16e595cbd} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-03] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-03] (AVAST Software)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: dolfqtls.default
FF ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default [2017-03-15]
FF Homepage: Mozilla\Firefox\Profiles\dolfqtls.default -> hxxps://mg.mail.yahoo.com/neo/launch?.rand=4329iole1n0eg#6349
FF Session Restore: Mozilla\Firefox\Profiles\dolfqtls.default -> is enabled.
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-03-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default [2017-03-03]
CHR Extension: (Google Slides) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-02]
CHR Extension: (Google Docs) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-02]
CHR Extension: (Google Drive) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-02]
CHR Extension: (YouTube) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-02]
CHR Extension: (Google Sheets) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-02]
CHR Extension: (Gmail) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-02]
CHR Extension: (Chrome Media Router) - C:\Users\Anya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-02]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-03] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-03] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S2 Everything; "C:\Program Files\SecureAge\Everything\Everything.exe" -svc [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-03] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-03] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-03] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-03] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-14] (AVAST Software)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-12] (Malwarebytes)
U1 aswbdisk; no ImagePath
S3 catchme; \??\C:\Users\Anya\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2090-10-18 07:31 - 2017-03-15 21:32 - 00037516 ____C C:\Windows\WindowsUpdate.log
2017-03-15 16:12 - 2017-03-15 16:12 - 00001459 ____C C:\Users\Anya\Downloads\Untitled
2017-03-15 12:29 - 2017-03-15 12:29 - 00000095 ___HC C:\Users\Anya\Documents\.~lock.broadband probs.doc#
2017-03-14 14:30 - 2017-03-14 14:30 - 01056340 ____C C:\Users\Anya\Downloads\remotesupport.exe
2017-03-10 19:00 - 2017-03-10 19:00 - 00347453 ____C C:\Users\Anya\Downloads\2017_Invoice_Jess_term1.pdf
2017-03-10 09:26 - 2017-03-10 09:26 - 00180072 ____C C:\Users\Anya\Downloads\363737323834373235373.pdf
2017-03-10 09:25 - 2017-03-10 09:25 - 00122936 ____C C:\Users\Anya\Downloads\search-10032017-REC54466008-8ae2-157b-.pdf
2017-03-10 09:13 - 2017-03-10 09:13 - 00014623 ____C C:\Users\Anya\Documents\photobox.odt
2017-03-09 16:40 - 2017-03-09 16:41 - 00513002 ____C C:\Users\Anya\Downloads\userguide_coe.pdf
2017-03-09 15:10 - 2017-03-09 15:10 - 00364939 ____C C:\Users\Anya\Downloads\download.pdf
2017-03-09 14:35 - 2017-03-09 14:35 - 00043703 ____C C:\Users\Anya\Downloads\726-17_201703081314.pdf
2017-03-07 22:02 - 2017-03-07 22:02 - 00001853 ____C C:\Users\Public\Desktop\ZHPFix.lnk
2017-03-07 22:02 - 2017-03-07 22:02 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2017-03-07 22:02 - 2017-03-07 22:02 - 00000000 ___DC C:\Program Files (x86)\ZHPFix
2017-03-07 09:42 - 2017-03-07 22:04 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\ZHP
2017-03-06 09:22 - 2017-03-06 09:27 - 288775280 ____C (AVAST Software) C:\Users\Anya\Downloads\avast_pro_antivirus_setup_offline.exe
2017-03-05 23:33 - 2017-03-05 23:33 - 00000000 ___DC C:\zoek
2017-03-05 23:04 - 2017-03-05 23:35 - 00003067 ____C C:\runcheck.txt
2017-03-05 22:58 - 2017-03-05 22:58 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Smart Defrag FREE
2017-03-05 22:58 - 2017-03-05 22:58 - 00000000 ___DC C:\Program Files (x86)\Toolwiz Smart Defrag FREE
2017-03-05 22:57 - 2017-03-05 22:57 - 00747680 ____C C:\Users\Anya\Downloads\Setup_SmartDefrag.zip
2017-03-05 22:54 - 2017-03-05 23:34 - 00000000 ___DC C:\zoek_backup
2017-03-04 21:43 - 2017-03-04 21:44 - 00516914 ____C (DriverPack) C:\Users\Anya\Downloads\DriverPack-Online_860110572.1488624204.exe
2017-03-04 21:30 - 2017-03-04 21:31 - 00000000 ___DC C:\Users\Anya\Documents\eBooks
2017-03-04 20:07 - 2017-03-04 20:07 - 00063568 ____C C:\Users\Anya\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-04 20:05 - 2017-03-04 20:05 - 01309184 ____C C:\Users\Anya\Downloads\zoek(1).exe
2017-03-04 08:31 - 2017-03-04 08:31 - 00293176 ____C C:\Windows\system32\FNTCACHE.DAT
2017-03-03 23:55 - 2017-03-03 23:54 - 00032088 ____C (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-03-03 22:00 - 2017-03-03 22:00 - 00003162 ____C C:\Windows\System32\Tasks\PrivaZer_SkipUAC
2017-03-03 19:48 - 2017-03-03 19:48 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\AVAST Software
2017-03-03 19:47 - 2017-03-03 19:47 - 00000000 ___DC C:\Windows\System32\Tasks\AVAST Software
2017-03-03 19:47 - 2017-03-03 19:47 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-03-03 19:47 - 2017-03-03 19:47 - 00000000 ___DC C:\Program Files\Common Files\AV
2017-03-03 19:46 - 2017-03-14 19:46 - 00337592 ____C (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-03-03 19:46 - 2017-03-14 13:23 - 00004172 ____C C:\Windows\System32\Tasks\Avast Emergency Update
2017-03-03 19:46 - 2017-03-11 19:47 - 00548928 ____C (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-03-03 19:46 - 2017-03-03 19:45 - 00547904 ____C (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148922202196002
2017-03-03 19:46 - 2017-03-03 19:45 - 00337592 ____C (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148948121869701
2017-03-03 19:46 - 2017-03-03 19:45 - 00162528 ____C (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-03-03 19:46 - 2017-03-03 19:45 - 00126600 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-03 19:46 - 2017-03-03 19:45 - 00100640 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-03 19:46 - 2017-03-03 19:45 - 00075704 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-03 19:46 - 2017-03-03 19:45 - 00038296 ____C (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-03 19:46 - 2017-03-03 19:44 - 00993608 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-03 19:46 - 2017-03-03 19:43 - 00334600 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-03-03 19:46 - 2017-03-03 19:43 - 00309272 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-03-03 19:46 - 2017-03-03 19:43 - 00189768 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-03-03 19:46 - 2017-03-03 19:43 - 00048528 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-03-03 19:45 - 2017-03-03 19:45 - 00992960 ____C (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-03-03 19:45 - 2017-03-03 19:45 - 00921280 ____C (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-03-03 19:45 - 2017-03-03 19:45 - 00398408 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-03 19:39 - 2017-03-03 23:53 - 00000000 ___DC C:\Program Files\AVAST Software
2017-03-03 19:38 - 2017-03-03 23:54 - 00000000 ___DC C:\ProgramData\AVAST Software
2017-03-03 19:19 - 2017-03-03 19:19 - 06656568 ____C (AVAST Software) C:\Users\Anya\Downloads\avast_free_antivirus_setup_online_a0c.exe
2017-03-03 15:11 - 2017-03-03 15:17 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\Geek Uninstaller
2017-03-03 15:09 - 2017-03-03 15:09 - 02793495 ____C C:\Users\Anya\Downloads\geek.zip
2017-03-03 15:07 - 2017-03-03 15:07 - 17408375 ____C C:\Windows\system32\scan.db
2017-03-03 11:09 - 2017-03-03 11:09 - 01968976 ____C (SecureAge Technology) C:\Users\Anya\Downloads\SecureAPlusSetup.exe
2017-03-03 10:30 - 2017-03-03 10:30 - 02975136 ____C (Avira Operations GmbH & Co. KG) C:\Users\Anya\Downloads\avira_registry_cleaner_en.exe
2017-03-03 10:14 - 2017-03-03 15:18 - 00000674 ____C C:\RstHosts.txt
2017-03-02 22:57 - 2017-03-02 22:57 - 01226344 ____C C:\Users\Anya\Downloads\T104_TranscribeMe Style Guide (1).pdf
2017-03-02 22:56 - 2017-03-02 22:57 - 01226344 ____C C:\Users\Anya\Downloads\T104_TranscribeMe Style Guide.pdf
2017-03-02 22:55 - 2017-03-09 22:55 - 00000000 ___DC C:\Windows\System32\Tasks\NCH Software
2017-03-02 22:55 - 2017-03-02 22:55 - 00001158 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe Transcription Software.lnk
2017-03-02 22:55 - 2017-03-02 22:55 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\NCH Software
2017-03-02 22:55 - 2017-03-02 22:55 - 00000000 ___DC C:\ProgramData\NCH Software
2017-03-02 22:55 - 2017-03-02 22:55 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2017-03-02 22:55 - 2017-03-02 22:55 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs
2017-03-02 22:55 - 2017-03-02 22:55 - 00000000 ___DC C:\Program Files (x86)\NCH Software
2017-03-02 22:54 - 2017-03-02 22:55 - 00972576 ____C (NCH Software) C:\Users\Anya\Downloads\essetup.exe
2017-03-02 22:25 - 2017-03-02 22:25 - 00002271 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-02 22:18 - 2017-03-02 22:18 - 01129376 ____C (Google Inc.) C:\Users\Anya\Downloads\ChromeSetup.exe
2017-03-02 21:57 - 2017-03-02 21:57 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-03-02 21:57 - 2017-03-02 21:57 - 00000000 ___DC C:\Program Files\Speccy
2017-03-01 18:41 - 2017-03-01 19:03 - 00000000 ___DC C:\ProgramData\RogueKiller
2017-03-01 13:10 - 2017-03-01 13:11 - 03071606 ____C C:\Users\Anya\Downloads\Ramblings 4 - February 28th 2017.pdf
2017-03-01 13:03 - 2017-03-01 13:04 - 06029906 ____C C:\Users\Anya\Downloads\27th February 2017.pdf
2017-03-01 11:54 - 2017-03-15 22:26 - 00000000 ___DC C:\FRST
2017-03-01 11:49 - 2017-03-15 22:10 - 00000000 ___DC C:\Users\Anya\Desktop\PCHF progs & prework
2017-03-01 10:22 - 2017-02-27 15:02 - 00697053 ____C C:\Users\Anya\Documents\stock%20crate%20needs.doc_1.odt
2017-03-01 09:28 - 2017-03-15 12:59 - 00082208 ____C (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-01 09:28 - 2017-03-12 19:51 - 00251840 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 09:28 - 2017-03-12 19:51 - 00186304 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-01 09:28 - 2017-03-12 19:51 - 00111544 ____C (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-01 09:28 - 2017-03-12 19:51 - 00043968 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-01 09:27 - 2017-03-12 19:50 - 00077408 ____C C:\Windows\system32\Drivers\mbae64.sys
2017-03-01 09:27 - 2017-03-02 21:34 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\ProgramData\Malwarebytes
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\Program Files\Malwarebytes
2017-03-01 09:14 - 2017-03-02 21:35 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-01 09:14 - 2017-03-01 17:03 - 00002788 ____C C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-01 09:14 - 2017-03-01 09:14 - 00000000 ___DC C:\Program Files\CCleaner
2017-02-27 10:22 - 2017-02-27 10:22 - 01961016 ____C C:\Users\Anya\Downloads\Ramblings 3 - February 21st 2017.pdf
2017-02-26 22:52 - 2017-02-26 22:52 - 01793086 ____C C:\Users\Anya\Downloads\14475841_975050299290299_6153463609927139328_n.mp4
2017-02-22 19:16 - 2017-02-22 19:16 - 05476663 ____C C:\Users\Anya\Downloads\10th_February_2017(1).pdf
2017-02-22 18:58 - 2017-02-22 18:58 - 00100877 ____C C:\Users\Anya\Downloads\AssessmentCoverPage_39(1).pdf
2017-02-22 18:58 - 2017-02-22 18:58 - 00100875 ____C C:\Users\Anya\Downloads\AssessmentCoverPage_39.pdf
2017-02-22 18:56 - 2017-02-22 18:56 - 05476663 ____C C:\Users\Anya\Downloads\10th_February_2017.pdf
2017-02-21 21:46 - 2017-02-24 21:16 - 00047120 ____C C:\Users\Anya\Documents\My Places.kmz
2017-02-20 13:47 - 2017-02-20 13:47 - 00543652 ____C C:\Users\Anya\Downloads\parknotesnourlangie.pdf
2017-02-17 20:15 - 2017-02-17 20:15 - 00000000 ___DC C:\Program Files (x86)\Windows Resource Kits
2017-02-17 20:05 - 2017-02-17 20:05 - 00379392 ____C C:\Users\Anya\Downloads\subinacl.msi
2017-02-16 22:02 - 2017-03-07 09:41 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\vlc
2017-02-13 16:48 - 2017-02-13 16:50 - 01325535 ____C C:\Users\Anya\Downloads\Ramblings 1a - February 7th 2017.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 19:31 - 2009-07-14 16:13 - 00781298 ____C C:\Windows\system32\PerfStringBackup.INI
2017-03-14 19:31 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\inf
2017-03-12 18:50 - 2017-01-02 18:06 - 00000000 ___DC C:\Users\Anya\AppData\LocalLow\Mozilla
2017-03-07 22:46 - 2009-07-14 15:45 - 00035088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-07 22:46 - 2009-07-14 15:45 - 00035088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-07 22:38 - 2009-07-14 16:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2017-03-07 22:34 - 2017-01-02 16:55 - 00000000 ___DC C:\Users\Anya\Documents\finance
2017-03-06 08:14 - 2017-02-08 09:55 - 00000000 ___DC C:\Users\Anya\Documents\stock crate
2017-03-05 23:35 - 2009-07-14 14:20 - 00000000 __HDC C:\Windows\system32\GroupPolicy
2017-03-04 21:03 - 2017-01-02 16:54 - 00000000 ___DC C:\Users\Anya\Documents\dogs
2017-03-03 22:22 - 2017-01-03 09:53 - 00000000 ___DC C:\Windows\Panther
2017-03-03 22:11 - 2017-01-07 23:06 - 00000000 ___DC C:\Users\Anya\AppData\Local\ElevatedDiagnostics
2017-03-03 15:56 - 2017-01-02 16:52 - 00000000 ___DC C:\Users\Anya\Documents\computer
2017-03-02 22:32 - 2017-01-07 22:37 - 00000000 ___DC C:\Users\Anya\AppData\Local\Google
2017-03-02 22:25 - 2017-01-02 18:39 - 00000000 ___DC C:\Program Files (x86)\Google
2017-03-02 21:35 - 2017-01-27 16:05 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-03-02 21:35 - 2017-01-02 18:41 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-03-02 21:35 - 2017-01-02 18:35 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8
2017-03-02 21:35 - 2009-07-14 16:01 - 00000955 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2017-03-02 21:35 - 2009-07-14 15:57 - 00001100 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-03-02 21:35 - 2009-07-14 15:57 - 00001039 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2017-03-02 21:35 - 2009-07-14 15:49 - 00000843 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2017-03-02 21:34 - 2017-01-14 19:07 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings 3D 2.1.5
2017-03-02 21:34 - 2017-01-12 09:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\situhome
2017-03-02 21:34 - 2017-01-12 00:01 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw 2016
2017-03-02 21:34 - 2017-01-04 14:51 - 00001200 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-03-02 21:34 - 2017-01-03 09:59 - 00001006 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-03-02 21:34 - 2017-01-03 09:59 - 00000809 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-03-02 21:34 - 2017-01-02 18:38 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor
2017-03-02 21:34 - 2017-01-02 18:05 - 00001163 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-02 21:34 - 2017-01-02 17:52 - 00000000 __SDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2017-03-02 21:34 - 2017-01-02 15:35 - 00001509 ____C C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-03-02 21:34 - 2017-01-02 15:34 - 00001531 ____C C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-02 21:34 - 2009-07-14 16:32 - 00000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-02 21:34 - 2009-07-14 15:57 - 00000881 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2017-03-02 21:34 - 2009-07-14 15:57 - 00000825 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2017-03-02 21:34 - 2009-07-14 15:54 - 00000789 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2017-03-02 21:21 - 2017-01-02 17:55 - 00000008 _RSHC C:\ProgramData\ntuser.pol
2017-03-02 21:20 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\SysWOW64\GroupPolicy
2017-03-01 20:14 - 2016-09-21 20:40 - 00000000 ___DC C:\AdwCleaner
2017-03-01 09:25 - 2017-01-25 18:16 - 00000000 ___DC C:\Windows\Minidump
2017-02-24 11:39 - 2017-01-19 15:47 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 12:18 - 2017-01-02 16:56 - 00000000 ___DC C:\Users\Anya\Documents\tio & telstra
2017-02-19 21:36 - 2017-01-02 16:55 - 00000000 ___DC C:\Users\Anya\Documents\family & health
2017-02-19 21:34 - 2017-01-02 16:54 - 00000000 ___DC C:\Users\Anya\Documents\Anya's phone
2017-02-19 21:33 - 2017-01-02 16:53 - 00000000 ___DC C:\Users\Anya\Documents\Anya
2017-02-17 20:09 - 2017-01-03 16:28 - 00000000 ___DC C:\Users\Anya\AppData\Local\Adobe
2017-02-17 20:08 - 2017-01-03 16:33 - 00802904 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-17 20:08 - 2017-01-03 16:33 - 00144472 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-17 20:08 - 2017-01-03 16:33 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2017-02-17 20:08 - 2017-01-03 16:33 - 00000000 ___DC C:\Windows\system32\Macromed
2017-02-14 13:38 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\LiveKernelReports

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-03 09:54

==================== End of FRST.txt ============================

Additions;

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Anya (15-03-2017 22:28:16)
Running from C:\Users\Anya\Desktop\PCHF progs & prework
Windows 7 Professional Service Pack 1 (X64) (2017-01-02 04:34:01)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3010178862-2183218474-3834878404-500 - Administrator - Disabled)
Anya (S-1-5-21-3010178862-2183218474-3834878404-1000 - Administrator - Enabled) => C:\Users\Anya
Guest (S-1-5-21-3010178862-2183218474-3834878404-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3010178862-2183218474-3834878404-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Express Scribe Transcription Software (HKLM-x32\...\Scribe) (Version: 6.00 - NCH Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
MVHShellExtension (HKLM\...\{48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}) (Version: 1.0.0 - MyVirtualHome)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Quicken CashBook - Version 8 (HKLM-x32\...\Quicken CashBook - Version 8) (Version: - )
situhome (HKLM-x32\...\{BDFC5012-189A-4D13-B1CF-279DF1D2F03B}) (Version: 5.0.5038 - Homesoft Pty. Ltd.)
situhome (x32 Version: 5.0.5038 - Homesoft Pty. Ltd.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Wings 3D 2.1.5 (HKLM-x32\...\Wings 3D 2.1.5) (Version: - )
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2D435836-863C-4DA4-8663-A21C47D8152A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-03-03] (AVAST Software)
Task: {3F9980F9-DAF0-4FE8-B0FF-7F798D59F9D3} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Anya\Desktop\PCHF progs & prework\PrivaZer.exe [2017-03-03] (Goversoft LLC)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> No File <==== ATTENTION
Task: {8F6E44C2-1BC3-4838-9799-09DDAB3B15BE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-03] (AVAST Software)
Task: {A45BEA91-28D9-4894-A3E1-614E4D959593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Anya\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-03-01 09:27 - 2017-03-12 19:50 - 02264352 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-03 19:43 - 2017-03-03 19:43 - 00162600 ____C () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-03-03 19:45 - 2017-03-03 19:45 - 00792656 ____C () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-03-03 19:45 - 2017-03-03 19:45 - 00170216 ____C () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-03 19:45 - 2017-03-03 19:45 - 00655056 ____C () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-15 12:01 - 2017-03-15 12:01 - 05883392 ____C () C:\Program Files\AVAST Software\Avast\defs\17031402\algo.dll
2017-03-03 19:45 - 2017-03-03 19:45 - 48936448 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-03 19:43 - 2017-03-03 19:43 - 00290352 ____C () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2015-10-21 15:50 - 2015-10-21 15:50 - 00988160 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2015-10-21 15:49 - 2015-10-21 15:49 - 00170496 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2017-03-03 15:18 - 00000089 RASHC C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5EB3DB86-2C8F-478D-AE21-5C7D6B6FA9D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{615F7A83-9DCE-4BE8-9D0E-0D4AF4FED0E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F5F2617-B63D-49D8-A963-17FE01DE2112}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-03-2017 23:05:15 zoek.exe restore point
07-03-2017 22:03:24 ZHPFix Restore System Point

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2017 07:25:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 53c

Start Time: 01d297374729e30c

Termination Time: 197

Application Path: C:\Windows\Explorer.EXE

Report Id: b4809263-088f-11e7-a809-0024e8dc6112

Error: (03/13/2017 03:53:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: This operation returned because the timeout period expired.
.

Error: (03/13/2017 03:53:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: This operation returned because the timeout period expired.
.

Error: (03/13/2017 02:52:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: This operation returned because the timeout period expired.
.

Error: (03/13/2017 02:52:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: This operation returned because the timeout period expired.
.

Error: (03/13/2017 02:52:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: This operation returned because the timeout period expired.
.

Error: (03/07/2017 10:38:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/07/2017 09:57:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: This operation returned because the timeout period expired.
.

Error: (03/07/2017 09:56:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: This operation returned because the timeout period expired.
.

Error: (03/07/2017 09:56:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.c.../F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: This operation returned because the timeout period expired.
.

System errors:
=============
Error: (03/15/2017 08:30:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (03/15/2017 06:33:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (03/15/2017 05:05:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (03/15/2017 11:56:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (03/12/2017 06:49:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (03/12/2017 02:50:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (03/12/2017 10:41:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (03/11/2017 01:00:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (03/11/2017 12:12:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (03/10/2017 07:43:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

CodeIntegrity:
===================================
Date: 2017-03-07 22:03:56.503
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-07 22:03:56.503
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P9400 @ 2.40GHz
Percentage of memory in use: 66%
Total physical RAM: 4047.92 MB
Available physical RAM: 1368.87 MB
Total Virtual: 8094.04 MB
Available Virtual: 4220.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.46 GB) (Free:109.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C8B9BFB9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=504 MB) - (Type=27)

==================== End of Addition.txt ============================

Malnutrition · Mar 16, 2017

Like I said before, your machine does not have any malware on it... So it is solved as far as that is concerned.

ClearLNK

Download ClearLNK save it to your desktop.
Drag the file Shortcut.txt made with FRST earlier.
As per picture.
A report on the work as a file ClearLNK- <date> .log
Will be produced, post that log.

FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Update your drivers...

First create a restore point, by running the Delfix tool as suggested.

Use the SDI Lite download, then go by this picture...

Loosie · Mar 17, 2017

OK, forgot about just being in the malware section! Thank you again SO much for your help. Will do the above stuff & hope that resolves the rest, or start another thread in the appropriate other section of forum! Cheers! Hope you have a good one!

Loosie · Mar 17, 2017

Sorry, thought you were rid of me on this one... did the Farbar fix... yesterday arvo. Was still going last night... and this morning still apparently going, I can't even x out of it! Should I shut it down with task manager or shut the whole computer down, or...? Just thought I'd check that it's not going to wreck something.

Malnutrition · Mar 18, 2017

Just kill it with task manager, rerun the fix in safe mode. If it does not run then not a big deal, as these are just file remnants and nothing to worry about.

Malnutrition

Malnurished Mod

Loosie

Malnutrition

Malnurished Mod

Loosie

Attachments

Malnutrition

Malnurished Mod

Loosie

Malnutrition

Malnurished Mod

Loosie

Malnutrition

Malnurished Mod

Loosie

Attachments

Malnutrition

Malnurished Mod

Attachments

Loosie

Loosie

Malnutrition

Malnurished Mod

Search

Search

Solved laptop very slow since reinstall