I have a HP Envy laptop.I've had it for about 2 years and I use it at home and at work. In the last month or two its having issues starting up. I turn it on and the HP logo and loading icon comes up, then it goes to a black screen and stays there. I have to hold the power button down and shut it off and restart the system, then it usually boots up fine. Other times in boots up with no issues. I have noticed in my task manager that the hard drive stays at 100% when nothing is open. It does go down after 5-10 mins, so Im not sure if this is normal. I have been told that the hard drive is failing, so I bought a new one and mainly want to know if I clone my hard drive to the new one, is it as simply as cloning it and my system should load up just as normal. Any help would be great. Thanks
Solved Is my hard Drive Failing
- Thread starter PhilJR
- Start date
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
- Status
Welcome to PCHF 
Clean up temp files and reduce startup load with CCleaner.
Note: This tool will clean your browsing history as well.
ZHP Scan.
Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
2. Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.
Rogue Killer Scan.
Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:
Link 1
Link 2
JRT Scan.
Please download Junkware Removal Tool and save it on your desktop.
Please download AdwCleaner by Xplode onto your desktop.
Clean up temp files and reduce startup load with CCleaner.
Note: This tool will clean your browsing history as well.
- Download CCleaner from here.
- After install Click Options.
- Go to monitoring.
- Uncheck All Monitoring items.
- Go to advanced -- Click close program after cleaning.
- Go to settings -- click run ccleaner when the computer starts.
- Now that you have ccleaner installed and set-up:
- Open the program.
- Go to Tools
- Go to Startup
- Now double click each item. To Disable.
- Leave only your antivirus enabled.
- Then disable All items in your scheduled task as well.
- Unless they are related to windows defender.Or your antivirus.
- Reboot the machine.
ZHP Scan.
Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
2. Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.
Rogue Killer Scan.
Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:
Link 1
Link 2
- Close all other the running programs
- Disable ALL Antivirus -- Antimalware -- Applications.
- Right Click Rogue Killer and Run as Administrator.
- Click the Start Scan button.
- Allow the scan to run -- it can take ten minutes or more.
- Once the scan is complete check All items for removal.
-
- After All items are checked then press Remove Selected.
- Wait until the Status box shows Deleting Finished.
- Click on open report -- then open txt
- Copy the content of the report and paste it here in your next reply.
JRT Scan.
Please download Junkware Removal Tool and save it on your desktop.
- Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log is saved to your desktop and will automatically open.
- Please post the JRT log.
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Scan button.
- When the scan has finished click on Clean button.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
We will want to check the condition of your hard drive next.
Download HD Tune and save the file. Install HD Tune and restart it after installation. Then go to the tab Error Scan , select the hard drive you want to check and press Start . The check can be quite time consuming take depends on the size of the hard drive check. Take a screen shot of the result and save it. Upload it to IMGUR for us. Post the link here.
Do Not tick the quick scan!!
Download HD Tune and save the file. Install HD Tune and restart it after installation. Then go to the tab Error Scan , select the hard drive you want to check and press Start . The check can be quite time consuming take depends on the size of the hard drive check. Take a screen shot of the result and save it. Upload it to IMGUR for us. Post the link here.
Do Not tick the quick scan!!
Usually there's a grating/grinding noise if the drive is failing, mine failed just after 1 year & it was noisy/noticeably grinding before dying.
HD Tune Image link- http://imgur.com/4UVqPdF
ADWCleaner
# AdwCleaner v6.045 - Logfile created 31/03/2017 at 15:38:51
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-31.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : phil - PHILLIP7445
# Running from : C:\Users\phill\Desktop\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
[!] Service not deleted: AdvancedSystemCareService10
***** [ Folders ] *****
[-] Folder deleted: C:\Users\phill\AppData\LocalLow\IObit\Advanced SystemCare
[-] Folder deleted: C:\Users\phill\AppData\Roaming\Softlink
[-] Folder deleted: C:\Users\phill\AppData\Roaming\IObit\Advanced SystemCare
[-] Folder deleted: C:\Program Files\¿ìѹ
[-] Folder deleted: C:\ProgramData\IObit\ASCDownloader
[-] Folder deleted: C:\ProgramData\IObit\Advanced SystemCare
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\ASCDownloader
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\Advanced SystemCare
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
[-] Folder deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
[-] Folder deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
***** [ Files ] *****
[-] File deleted: C:\Users\phill\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 10.lnk
[-] File deleted: C:\WINDOWS\SysNative\drivers\KuaiZipDrive.sys
[-] File deleted: C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
[-] File deleted: C:\WINDOWS\SysWOW64\sh4native.exe
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: ASC10_PerformanceMonitor
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu
[-] Key deleted: HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}
[-] Key deleted: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\SNDA
[-] Key deleted: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\winmnt
[#] Key deleted on reboot: HKCU\Software\SNDA
[#] Key deleted on reboot: HKCU\Software\winmnt
[-] Key deleted: HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Key deleted: HKLM\SOFTWARE\IOBIT\ASC
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
[#] Key deleted on reboot: [x64] HKCU\Software\SNDA
[#] Key deleted on reboot: [x64] HKCU\Software\winmnt
[-] Key deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Key deleted: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Internet Explorer\SearchScopes\{3ED8B2F4-BE79-405C-B72E-E2E3D8F79F9D}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3ED8B2F4-BE79-405C-B72E-E2E3D8F79F9D}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3ED8B2F4-BE79-405C-B72E-E2E3D8F79F9D}
[-] Value deleted: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Windows\CurrentVersion\Run [Advanced SystemCare 10]
[-] Value deleted: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Advanced SystemCare 10]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Advanced SystemCare 10]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Advanced SystemCare 10]
[-] Key deleted: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Key deleted: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
[-] Key deleted: HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
[-] Key deleted: HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
***** [ Web browsers ] *****
[-] Firefox preferences cleaned: "keyword.URL" - "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=783055&p="
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [4891 Bytes] - [14/04/2016 00:13:45]
C:\AdwCleaner\AdwCleaner[C2].txt - [4055 Bytes] - [05/07/2016 07:14:54]
C:\AdwCleaner\AdwCleaner[C3].txt - [7402 Bytes] - [31/03/2017 15:38:51]
C:\AdwCleaner\AdwCleaner[S1].txt - [5064 Bytes] - [14/04/2016 00:08:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [4809 Bytes] - [05/07/2016 07:13:36]
C:\AdwCleaner\AdwCleaner[S3].txt - [7158 Bytes] - [31/03/2017 15:20:26]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [7694 Bytes] ##########
Junkware Removal Tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 10 Home x64
Ran by phil (Administrator) on Fri 03/31/2017 at 15:07:57.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 7
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\phill\AppData\Roaming\Mozilla\Firefox\Profiles\odsj1tri.default\user.js (File)
Successfully deleted: C:\Users\phill\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (phil) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_phil (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_phil.job (Task)
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/31/2017 at 15:12:34.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rouge Killer
RogueKiller V12.10.2.0 (x64) [Mar 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : phil [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/31/2017 14:19:45 (Duration : 00:45:55)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 11 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Not selected
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Not selected
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Not selected
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\SNDA -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\SNDA -> Not selected
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj | (default) : {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Internet Explorer\Main | Start Page : https://search.yahoo.com/?type=783055&fr=spigot-yhp-ie -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Internet Explorer\Main | Start Page : https://search.yahoo.com/?type=783055&fr=spigot-yhp-ie -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 10 ¤¤¤
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Deleted
[PUP.PennyBee][Folder] C:\Users\phill\AppData\Roaming\ytmediacenter -> Deleted
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [yahoo.com Search] -> Not selected
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-60JC3T0 +++++
--- User ---
[MBR] fac8dc6172d900c01c32439a5aef0873
[BSP] 729b383b581a81900d5603442a4e913e : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 937744 MB
3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1921298432 | Size: 856 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 1923051520 | Size: 14876 MB
User = LL1 ... OK
User = LL2 ... OK
ZHPCleaner
~ ZHPCleaner v2017.3.31.56 by Nicolas Coolman (2017/03/31)
~ Run by phil (Administrator) (31/03/2017 14:11:06)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Repair
~ Report : C:\Users\phill\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\phill\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393)
---\\ Services (0)
~ No malicious or unnecessary items found.
---\\ Browser internet (0)
~ No malicious or unnecessary items found.
---\\ Hosts file (1)
~ The hosts file is legitimate (31)
---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
---\\ Explorer ( File, Folder) (24)
MOVED file: C:\Users\Public\Desktop\YTD Video Downloader.lnk [Bad : C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe](.GreenTree Applications SRL.) =>.Superfluous.GreenTreeApp
MOVED file: C:\Users\phill\AppData\Local\Temp\1#z9$lXOp7OXKDVZ.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\20170327201755775.png =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\20170327201756010.png =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\20170327201756890.png =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\20170327201757280.png =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\20170327201757311.png =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\chrome_installer.log =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\etilqs_emfLjxKvP3JpIrn =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\KSNbgFqDERyZ,qCr.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\nsd9AAD.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\q$Ak@vUG$XBmCi5V.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\S,ZXJ9vpBUXSEp4P.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\sa.AD2F1837.HPPrinterControl_v10z8vjag6ke6_1__.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\sa.DellPrinter.DellDocumentHub_nmdn7k89bxsn6_1__.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\sa.Microsoft.XboxOneSmartGlass_8wekyb3d8bbwe_1__.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\ZLB931B.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\ZLBEB18.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\{F7E6F46C-BBDF-4F1C-8FD8-6B606DCD1CAE}.png =>.Superfluous.Temporary.Empty
MOVED folder: C:\Program Files (x86)\GreenTree Applications =>.Superfluous.GreenTreeApp
MOVED folder: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} =>PUP.Optional.Generic
MOVED folder: C:\ProgramData\YTD Video Downloader =>.Superfluous.GreenTreeApp
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader =>.Superfluous.GreenTreeApp
MOVED folder: C:\Users\phill\AppData\Roaming\Kuaizip =>.Superfluous.ShanghaiGuangle
---\\ Registry ( Key, Value, Data) (9)
DELETED key*: HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\SOFTWARE\GreenTree Applications [] =>.Superfluous.GreenTreeApp
DELETED key*: HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\SOFTWARE\KuaiZipSFX [] =>.Superfluous.ShanghaiGuangle
DELETED key*: HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\SOFTWARE\SpringFiles [] =>.Superfluous.SpringFiles
DELETED key: HKCU\Software\GreenTree Applications [] =>.Superfluous.GreenTreeApp
DELETED key: HKCU\Software\KuaiZipSFX [] =>.Superfluous.ShanghaiGuangle
DELETED key: HKCU\Software\SpringFiles [] =>.Superfluous.SpringFiles
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpringFiles [http://www.spring-file.com] =>.Superfluous.SpringFiles
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SpringFiles [] =>.Superfluous.SpringFiles
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} [GreenTree Applications SRL] =>.Superfluous.GreenTreeApp
---\\ Summary of the elements found (5)
https://www.anti-malware.top/2016/09/10/superfluous-greentreeapp/ =>.Superfluous.GreenTreeApp
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Empty
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Generic
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.ShanghaiGuangle
https://www.anti-malware.top/2016/04/26/superfluous-springfiles/ =>.Superfluous.SpringFiles
---\\ Other deletions. (29)
~ Registry Keys Tracing deleted (29)
~ Remove the old reports ZHPCleaner. (0)
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
---\\ Statistics
~ Items scanned : 972
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 33
~ End of clean in 00h00mn33s
~====================
ZHPCleaner-[R]-31032017-14_11_39.txt
ZHPCleaner--31032017-14_02_47.txt
ZHPCleaner--31032017-14_10_03.txt
Hope this is everything you needed.
ADWCleaner
# AdwCleaner v6.045 - Logfile created 31/03/2017 at 15:38:51
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-31.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : phil - PHILLIP7445
# Running from : C:\Users\phill\Desktop\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
[!] Service not deleted: AdvancedSystemCareService10
***** [ Folders ] *****
[-] Folder deleted: C:\Users\phill\AppData\LocalLow\IObit\Advanced SystemCare
[-] Folder deleted: C:\Users\phill\AppData\Roaming\Softlink
[-] Folder deleted: C:\Users\phill\AppData\Roaming\IObit\Advanced SystemCare
[-] Folder deleted: C:\Program Files\¿ìѹ
[-] Folder deleted: C:\ProgramData\IObit\ASCDownloader
[-] Folder deleted: C:\ProgramData\IObit\Advanced SystemCare
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\ASCDownloader
[#] Folder deleted on reboot: C:\ProgramData\Application Data\IObit\Advanced SystemCare
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
[-] Folder deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
[-] Folder deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
***** [ Files ] *****
[-] File deleted: C:\Users\phill\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 10.lnk
[-] File deleted: C:\WINDOWS\SysNative\drivers\KuaiZipDrive.sys
[-] File deleted: C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
[-] File deleted: C:\WINDOWS\SysWOW64\sh4native.exe
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: ASC10_PerformanceMonitor
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu
[-] Key deleted: HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[-] Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}
[-] Key deleted: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\SNDA
[-] Key deleted: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\winmnt
[#] Key deleted on reboot: HKCU\Software\SNDA
[#] Key deleted on reboot: HKCU\Software\winmnt
[-] Key deleted: HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Key deleted: HKLM\SOFTWARE\IOBIT\ASC
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
[#] Key deleted on reboot: [x64] HKCU\Software\SNDA
[#] Key deleted on reboot: [x64] HKCU\Software\winmnt
[-] Key deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Key deleted: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Internet Explorer\SearchScopes\{3ED8B2F4-BE79-405C-B72E-E2E3D8F79F9D}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3ED8B2F4-BE79-405C-B72E-E2E3D8F79F9D}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3ED8B2F4-BE79-405C-B72E-E2E3D8F79F9D}
[-] Value deleted: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Windows\CurrentVersion\Run [Advanced SystemCare 10]
[-] Value deleted: HKU\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Advanced SystemCare 10]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Advanced SystemCare 10]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Advanced SystemCare 10]
[-] Key deleted: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Key deleted: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
[-] Key deleted: HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
[-] Key deleted: HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
***** [ Web browsers ] *****
[-] Firefox preferences cleaned: "keyword.URL" - "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=783055&p="
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [4891 Bytes] - [14/04/2016 00:13:45]
C:\AdwCleaner\AdwCleaner[C2].txt - [4055 Bytes] - [05/07/2016 07:14:54]
C:\AdwCleaner\AdwCleaner[C3].txt - [7402 Bytes] - [31/03/2017 15:38:51]
C:\AdwCleaner\AdwCleaner[S1].txt - [5064 Bytes] - [14/04/2016 00:08:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [4809 Bytes] - [05/07/2016 07:13:36]
C:\AdwCleaner\AdwCleaner[S3].txt - [7158 Bytes] - [31/03/2017 15:20:26]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [7694 Bytes] ##########
Junkware Removal Tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 10 Home x64
Ran by phil (Administrator) on Fri 03/31/2017 at 15:07:57.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 7
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\phill\AppData\Roaming\Mozilla\Firefox\Profiles\odsj1tri.default\user.js (File)
Successfully deleted: C:\Users\phill\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (phil) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_phil (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_phil.job (Task)
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/31/2017 at 15:12:34.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rouge Killer
RogueKiller V12.10.2.0 (x64) [Mar 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : phil [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/31/2017 14:19:45 (Duration : 00:45:55)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 11 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Not selected
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Not selected
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Not selected
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\SNDA -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\SNDA -> Not selected
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj | (default) : {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Internet Explorer\Main | Start Page : https://search.yahoo.com/?type=783055&fr=spigot-yhp-ie -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\Software\Microsoft\Internet Explorer\Main | Start Page : https://search.yahoo.com/?type=783055&fr=spigot-yhp-ie -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 10 ¤¤¤
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\phill\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Deleted
[PUP.PennyBee][Folder] C:\Users\phill\AppData\Roaming\ytmediacenter -> Deleted
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [yahoo.com Search] -> Not selected
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-60JC3T0 +++++
--- User ---
[MBR] fac8dc6172d900c01c32439a5aef0873
[BSP] 729b383b581a81900d5603442a4e913e : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 937744 MB
3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1921298432 | Size: 856 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 1923051520 | Size: 14876 MB
User = LL1 ... OK
User = LL2 ... OK
ZHPCleaner
~ ZHPCleaner v2017.3.31.56 by Nicolas Coolman (2017/03/31)
~ Run by phil (Administrator) (31/03/2017 14:11:06)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Repair
~ Report : C:\Users\phill\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\phill\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393)
---\\ Services (0)
~ No malicious or unnecessary items found.
---\\ Browser internet (0)
~ No malicious or unnecessary items found.
---\\ Hosts file (1)
~ The hosts file is legitimate (31)
---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
---\\ Explorer ( File, Folder) (24)
MOVED file: C:\Users\Public\Desktop\YTD Video Downloader.lnk [Bad : C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe](.GreenTree Applications SRL.) =>.Superfluous.GreenTreeApp
MOVED file: C:\Users\phill\AppData\Local\Temp\1#z9$lXOp7OXKDVZ.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\20170327201755775.png =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\20170327201756010.png =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\20170327201756890.png =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\20170327201757280.png =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\20170327201757311.png =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\chrome_installer.log =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\etilqs_emfLjxKvP3JpIrn =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\KSNbgFqDERyZ,qCr.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\nsd9AAD.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\q$Ak@vUG$XBmCi5V.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\S,ZXJ9vpBUXSEp4P.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\sa.AD2F1837.HPPrinterControl_v10z8vjag6ke6_1__.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\sa.DellPrinter.DellDocumentHub_nmdn7k89bxsn6_1__.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\sa.Microsoft.XboxOneSmartGlass_8wekyb3d8bbwe_1__.Public.InstallAgent.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\ZLB931B.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\ZLBEB18.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\phill\AppData\Local\Temp\{F7E6F46C-BBDF-4F1C-8FD8-6B606DCD1CAE}.png =>.Superfluous.Temporary.Empty
MOVED folder: C:\Program Files (x86)\GreenTree Applications =>.Superfluous.GreenTreeApp
MOVED folder: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} =>PUP.Optional.Generic
MOVED folder: C:\ProgramData\YTD Video Downloader =>.Superfluous.GreenTreeApp
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader =>.Superfluous.GreenTreeApp
MOVED folder: C:\Users\phill\AppData\Roaming\Kuaizip =>.Superfluous.ShanghaiGuangle
---\\ Registry ( Key, Value, Data) (9)
DELETED key*: HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\SOFTWARE\GreenTree Applications [] =>.Superfluous.GreenTreeApp
DELETED key*: HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\SOFTWARE\KuaiZipSFX [] =>.Superfluous.ShanghaiGuangle
DELETED key*: HKEY_USERS\S-1-5-21-1441219405-3998441181-3717618401-1002\SOFTWARE\SpringFiles [] =>.Superfluous.SpringFiles
DELETED key: HKCU\Software\GreenTree Applications [] =>.Superfluous.GreenTreeApp
DELETED key: HKCU\Software\KuaiZipSFX [] =>.Superfluous.ShanghaiGuangle
DELETED key: HKCU\Software\SpringFiles [] =>.Superfluous.SpringFiles
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpringFiles [http://www.spring-file.com] =>.Superfluous.SpringFiles
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SpringFiles [] =>.Superfluous.SpringFiles
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} [GreenTree Applications SRL] =>.Superfluous.GreenTreeApp
---\\ Summary of the elements found (5)
https://www.anti-malware.top/2016/09/10/superfluous-greentreeapp/ =>.Superfluous.GreenTreeApp
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Empty
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Generic
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.ShanghaiGuangle
https://www.anti-malware.top/2016/04/26/superfluous-springfiles/ =>.Superfluous.SpringFiles
---\\ Other deletions. (29)
~ Registry Keys Tracing deleted (29)
~ Remove the old reports ZHPCleaner. (0)
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
---\\ Statistics
~ Items scanned : 972
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 33
~ End of clean in 00h00mn33s
~====================
ZHPCleaner-[R]-31032017-14_11_39.txt
ZHPCleaner-
ZHPCleaner-
Hope this is everything you needed.
Hi Phil. Lets make sure there is no corruption in the file system.
Click Start< type Command Prompt in the Start search box, right click on Command Prompt and click on Run as administrator. After the Command Prompt window opens, type chkdsk C: /r and hit enter. Type Y to confirm that you want to schedule a Check Disk to run on the next restart. After the Check Disk has been scheduled, close the Command Prompt window and reboot the computer to allow Check Disk to run.
Then lets see what is starting up with your machine.
Please download Autoruns. After you download the zipped folder on your desktop, right click the zipped folder and click Extract All. After the folder has been extracted open the regular folder. Run the autoruns.exe program by right clicking on it and selecting Run as administrator. When you open the program, click the Logon Tab and then post a screenshot of all the startup entries on the Logon Tab in your next reply.
Click Start< type Command Prompt in the Start search box, right click on Command Prompt and click on Run as administrator. After the Command Prompt window opens, type chkdsk C: /r and hit enter. Type Y to confirm that you want to schedule a Check Disk to run on the next restart. After the Check Disk has been scheduled, close the Command Prompt window and reboot the computer to allow Check Disk to run.
Then lets see what is starting up with your machine.
Please download Autoruns. After you download the zipped folder on your desktop, right click the zipped folder and click Extract All. After the folder has been extracted open the regular folder. Run the autoruns.exe program by right clicking on it and selecting Run as administrator. When you open the program, click the Logon Tab and then post a screenshot of all the startup entries on the Logon Tab in your next reply.
In Autoruns uncheck the following items:
Logitech Download Assistant
Realtek HD Audio Manager
HP Message Service
IOBit Malware Fighter
Advanced System Care
Windows Mail
Google Chrome
The entry highlighted in yellow
Then reboot the machine and see if there is any performance improvement.
Logitech Download Assistant
Realtek HD Audio Manager
HP Message Service
IOBit Malware Fighter
Advanced System Care
Windows Mail
Google Chrome
The entry highlighted in yellow
Then reboot the machine and see if there is any performance improvement.
- Status