Script ZHPFix
O4 - HKCU\..\Run: [HP Photosmart 6510 series (NET)] . (. - .) -- 1.
O4 - HKUS\S-1-5-21-1353393694-1970182662-4138011308-1000\..\Run: [HP Photosmart 6510 series (NET)] . (. - .) -- 1.
G2 - GCE: Preference [carolive][User Data\Default] [fgkeilefmpmbamgcejhjpiecahcbipip] Booking.com for ChromeÂ
G2 - GCE: Preference [carolive][User Data\Default] [pepoggcjhfobfcdfmpfokfighfjnfhjk] Open FromDocToPDF New Tab
SS - Demand [16/10/2013] [  235216]  McAfee Security Scan Component Host Service for Sony (McComponentHostServiceSony) . (.McAfee, Inc..) - C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe  =>.McAfee, Inc.Â®
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]:QuickTime Task
HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
HKCU\Software\WEBAPP
HKCU\Software\TeleCharger_v2
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
HKLM\SOFTWARE\Wow6432Node\Lavasoft\Web Companion
HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
HKLM\SOFTWARE\Lavasoft\Web Companion
HKLM\SOFTWARE\WOW6432Node\McAfee  =>.McAfee Inc.
HKLM\SOFTWARE\WOW6432Node\McAfee.com  =>.McAfee Inc.
HKLM\SOFTWARE\WOW6432Node\McAfeeInstaller  =>.McAfee Inc.
HKLM\SOFTWARE\WOW6432Node\mcafeeupdater  =>.McAfee Inc.
HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
HKLM\SOFTWARE\AssistPoint
HKLM\SOFTWARE\Conduit
HKLM\SOFTWARE\McAfee  =>.McAfee Inc.
HKLM\SOFTWARE\McAfee.com  =>.McAfee Inc.
HKLM\SOFTWARE\McAfeeInstaller  =>.McAfee Inc.
HKLM\SOFTWARE\mcafeeupdater  =>.McAfee Inc.
HKLM\SOFTWARE\SlimWare Utilities Inc
HKLM\SOFTWARE\WOW6432Node\AssistPoint
HKLM\SOFTWARE\WOW6432Node\Conduit
HKLM\SOFTWARE\WOW6432Node\SlimWare Utilities Inc
HKCU\SOFTWARE\FWT_DLM
HKCU\SOFTWARE\MCAFEE  =>.McAfee Inc.
HKU\S-1-5-21-1353393694-1970182662-4138011308-1000\SOFTWARE\MCAFEE  =>.McAfee Inc.
HKCU\SOFTWARE\rttasks
HKCU\SOFTWARE\WeatherAlerts
HKCU\SOFTWARE\AppDataLow\Software\a2zLyrics-16
HKU\S-1-5-21-1353393694-1970182662-4138011308-1000\SOFTWARE\rttasks
HKU\S-1-5-21-1353393694-1970182662-4138011308-1000\SOFTWARE\WeatherAlerts
O108 - CMH1: VersionsPageShellExt [64Bits] - {9E42900A-85F9-4E67-9778-575FBBA0A81C} . (.Orphan.)
O108 - CMH1: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
O108 - CMH1: WondershareVideoConverterFileOpreation [64Bits] - {FEB746CA-95C2-485F-B386-C30D4E56D22E} . (.Orphan.)
O108 - CMH5: Gadgets [64Bits] - {6B9228DA-9C15-419e-856C-19E768A13BDC} . (.Orphan.)
O108 - CMH6: VersionsPageShellExt [64Bits] - {9E42900A-85F9-4E67-9778-575FBBA0A81C} . (.Orphan.)
O108 - CMH6: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
O108 - CMH7: VirtualCloneDrive [64Bits] - [CC]{B7056B8E-4F99-44f8-8CBD-282390FE5428} . (.Orphan.)
O68 - StartMenuInternet: <Safari.exe> <Safari> [64Bits][HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Safari\Safari.ex http://www.mystartsearch.com/ (.not file.)
O53 - SMSR:HKLM\...\startupreg\BCSSync  [Key] [64Bits] . (...) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\DAEMON Tools Lite  [Key] [64Bits] . (...) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HP Photosmart 6510 series (NET)  [Key] [64Bits] . (...) -- 1. (.not file.)
O53 - SMSR:HKLM\...\startupreg\Lync  [Key] [64Bits] . (...) -- C:\Program Files\Microsoft Office\Office15\lync.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\OfficeSyncProcess  [Key] [64Bits] . (...) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (.not file.)
O53 - SMSR:HKLM\...\startupreg\PWRISOVM.EXE  [Key] [64Bits] . (...) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (.not file.)
O53 - SMSR:HKLM\...\startupreg\Skype  [Key] [64Bits] . (...) -- C:\Program Files (x86)\Skype\Phone\Skype.exe (.not file.)
O58 - SDL:2015/04/11 17:13:09 A . (...) -- C:\WINDOWS\System32\drivers\TrueSight.sys   [37624]  =>.AdliceÂ®
O90 - PUC: "01CFF726A0ECF794ABB202C8CA360801" [HKLM] . (.QuickTime 7.) -- C:\Windows\Installer\{627FFC10-CE0A-497F-BA2B-208CAC638010}\Installer.ico
O90 - PUC: "1213047D2C86CB8478D44008516ED00F" [HKCU] . (.Yahoo Community Smartbar.) -- %APPDATA%\Microsoft\Installer\{D7403121-68C2-48BC-874D-048015E60DF0}\icon.ico
O90 - PUC: "1213047D2C86CB8478D44008516ED00F" [HKU] . (.Yahoo Community Smartbar.) -- %APPDATA%\Microsoft\Installer\{D7403121-68C2-48BC-874D-048015E60DF0}\icon.ico
C:\Users\carolive\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fgkeilefmpmbamgcejhjpiecahcbipip
C:\Users\carolive\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pepoggcjhfobfcdfmpfokfighfjnfhjk
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{627FFC10-CE0A-497F-BA2B-208CAC638010}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{627FFC10-CE0A-497F-BA2B-208CAC638010}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Picasa Packages
C:\Program Files\Plumbytes Software
C:\Program Files (x86)\QuickTime
C:\Program Files (x86)\RelayEdit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
C:\Users\carolive\AppData\Local\@ByELDI
C:\Users\carolive\AppData\Local\Akamai
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\VersionsPageShellExt
HKLM\Software\Classes\CLSID\{9E42900A-85F9-4E67-9778-575FBBA0A81C}
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WondershareVideoConverterFileOpreation
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\VersionsPageShellExt
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\VirtualCloneDrive
HKLM\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Safari.exe\shell\Open\command
HKCU\Software\Microsoft\Installer\Products\1213047D2C86CB8478D44008516ED00F
HKCU\Software\Microsoft\Installer\Features\1213047D2C86CB8478D44008516ED00F
HKU\S-1-5-21-1353393694-1970182662-4138011308-1000\Software\Microsoft\Installer\Products\1213047D2C86CB8478D44008516ED00F
HKU\S-1-5-21-1353393694-1970182662-4138011308-1000\Software\Microsoft\Installer\Features\1213047D2C86CB8478D44008516ED00F
O43 - CFD: 04/12/2014 - [0] D -- C:\Program Files (x86)\DeltaFix  =>.SUP.Empty
O43 - CFD: 18/09/2016 - [0] D -- C:\Program Files (x86)\McAfee  =>.McAfee
O43 - CFD: 18/12/2017 - [] D -- C:\ProgramData\McAfee  =>.McAfee
O43 - CFD: 14/02/2017 - [] D -- C:\ProgramData\Norton  =>.Symantec Corporation
O43 - CFD: 14/02/2017 - [] D -- C:\ProgramData\NortonInstaller  =>.Symantec
O43 - CFD: 11/04/2015 - [] D -- C:\ProgramData\RogueKiller  =>.Adlice Software
O43 - CFD: 17/09/2016 - [] D -- C:\Program Files (x86)\Common Files\McAfee  =>.McAfee
O43 - CFD: 18/02/2015 - [] D -- C:\Users\carolive\AppData\Local\@ByELDI  =>HackTool.KMSpico
O43 - CFD: 31/08/2017 - [] D -- C:\Users\carolive\AppData\Local\Akamai  =>.SUP.AkamaiHD
O43 - CFD: 18/12/2017 - [] D -- C:\Users\carolive\AppData\Local\McAfee_Inc  =>.McAfee Inc.
C:\WINDOWS\Installer\17bf29.msp
C:\WINDOWS\Installer\1c6ff9.msp
C:\WINDOWS\Installer\2c8862.msp
C:\WINDOWS\Installer\30a41a.msp
C:\WINDOWS\Installer\603667.msp
C:\WINDOWS\Installer\65ccf2.msp
C:\WINDOWS\Installer\98306e.msp
C:\WINDOWS\Installer\9cb18.msp
C:\WINDOWS\Installer\ab7f9.msp
C:\WINDOWS\Installer\c85dc.msp
C:\WINDOWS\Installer\f0e40.msp
C:\WINDOWS\Installer\f34e7.msp
C:\Users\carolive\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\carolive\AppData\Local\Google\Chrome\User Data\Default\File System\001
C:\Users\carolive\AppData\Local\Google\Chrome\User Data\Default\File System\002
C:\Users\carolive\AppData\Local\Google\Chrome\User Data\Default\File System\003
C:\Users\carolive\AppData\Local\Google\Chrome\User Data\Default\File System\004
C:\Users\carolive\AppData\Local\Google\Chrome\User Data\Default\File System\005
C:\Users\carolive\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]:{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

SysRestore
FirewallRaz
EmptyPrefetch
EmptyCLSID
EmptyFlash
Emptytemp
ShortcutFix