Malware or Possible Trogen Issue

Good Morning:
I downloaded the ZHP Scan.
I ran the scanner. The program found 82 issues. When I attempted to push the repair button the program appeared to be stalled and it wouldn’t continue. I closed the program and ran it again 3 more times with the same results.
Any suggestions?

Regards,
P

[ol]
[li]Run the program in safe mode with networking.[/li][li]If that fails. [/li]
[li]Skip it.[/li][/ol]
Next:

Next lets check for Mcafee remnants.

Get the Everything Search Engine
Install Program, Right Click Run As Admin. Type McAfee into to search window.
Then Click Edit.
Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard. >>>>> Paste content of clipboard, here in your next reply.

Repeat the same steps for each of the 3 words below.
One at a time!
& Then The file path.

Hola Speedbit VaudiX C:\Windows\System32\Tasks

Next:

You have an extreme amount of scheduled task on your machine. More than Normal by far…

Download CCleaner from here.
After install Click Options.
Go to monitoring.
Uncheck All Monitoring items.
Go to advanced – Click close program after cleaning.
Go to settings – click run ccleaner when the computer starts.

Now that you have ccleaner installed and set-up:

Open the program.
Go to Tools
Go to Startup
Now double click each item. To Disable.
Then disable All items in your scheduled task as well.

Reboot the machine.

Also, if the pop-ups are still there after the 9-Lab and ZHP scans. Then a browser reset is in order.

Download ResetBrowser To your desktop.
Now close all open browsers.
Right click and run as administrator.

[MEDIA=imgur]vwUeyaZ[/MEDIA]

Click on Reset Chrome– Allow completion.
Now reboot your machine.

Get Everything Search;

C:\Program Files (x86)\Common Files\McAfee
C:\Program Files\Common Files\McAfee
C:\ProgramData\McAfee
C:\Users\Default\AppData\Roaming\McAfee
C:\Users\DefaultAppPool\AppData\Roaming\McAfee
C:\WINDOWS\System32\config\systemprofile\AppData\R oaming\McAfee
C:\Program Files (x86)\Hewlett-Packard\HP Setup\Assets\mcafee.png
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\ar\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\bg\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\cs\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\da\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\de\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\el\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\en\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\en_gb\TotalCareSetup.Security Pillar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\es\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\es_es_es\TotalCareSetup.Secur ityPillar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\et\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\fi\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\fr\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\fr_ca\TotalCareSetup.Security Pillar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\he\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\hr\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\hu\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\it\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\ja\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\ko\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\lt\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\lv\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\nb\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\nl\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\nn\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\pl\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\pt\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\pt_br\TotalCareSetup.Security Pillar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\ro\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\ru\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\sk\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\sl\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\sr\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\sv\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\th\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\tr\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\uk\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\zh\TotalCareSetup.SecurityPil lar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\zh_hk_hk\TotalCareSetup.Secur ityPillar.McAfee.LearnMore.xml
C:\Program Files (x86)\Hewlett-Packard\HP Setup\SecurityPillar\zh_tw_tw\TotalCareSetup.Secur ityPillar.McAfee.LearnMore.xml

One at a time!
…there were no files listed

Hola Speedbit VaudiX C: Windows…
…there were no files listed

Ok. for now can you tell me what issues remain on your machine please.

ZHP Diag.

Download ZHP Diag to your desktop.

1. Right Click Run as Admin.
   2. Click the Scanner button.

When complete please push the report button.
A notepad will open… copy and paste the report in your next reply.


Also, you need to search each word one at a time. But we will take care of that later.

Example:

[MEDIA=imgur]Jp7x1s2[/MEDIA]

As yet, since I used the “Reset Browser” program I haven’t experienced any pop ups. So I am very pleased with that.
(Thanks)

Here is the next program.
After I ran the last program, (ZHPDiag) there was a report saying that there were 4 issues but it wouldn’t allow me to copy them to show you what they were.
~ ZHPDiag v2016.11.28.232 By Nicolas Coolman (2016/11/28)
~ Run by CEP Local 440 (Administrator) (2016/11/29 13:33:46)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook: ZHP
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\CEP Local 440\Desktop\ZHPDiag.txt
~ Report: C:\Users\CEP Local 440\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Home, 64-bit (Build 10240)

Thanks again,
P

That is not the entire ZHP log, I need the whole thing not just then header.

After I ran the ZHPDiag program. As I mentioned before a log came up saying the following;
Items found at your station; 4
Superflous.SlimWare Utilities
Heuristic.Suspect
Pup.Optional. Install Converter
Superflous.Tarma.

Thanks again

~ ZHPDiag v2016.11.28.232 By Nicolas Coolman (2016/11/28)
~ Run by CEP Local 440 (Administrator) (2016/11/29 14:02:37)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook: ZHP
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\CEP Local 440\Desktop\ZHPDiag.txt
~ Report: C:\Users\CEP Local 440\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Home, 64-bit (Build 10240)

—\ Internet Browsers (1) - 0s
~ MSIE: Internet Explorer v11.0.10240.16841

—\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
System - VBScript Engine not found
Windows Automatic Updates : OK

—\ System protection software (2) - 4s
Malwarebytes Anti-Malware version 2.2.1.1043 (Protection)
Windows Defender (Activate) (Protection)

—\ System protection software (Superfluous) (1) - 5s
~ Zemana AntiMalware v2.60.1 (Superfluous)

—\ Surveillance software (1) - 5s
~ Adobe Acrobat Reader DC (Surveillance)

—\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 4094.892 MB (48% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 334 GB (72%) free of 461 GB : OK =>.Disk Space

—\ Connection to the system mode (3) - 0s
~ Computer Name: CEPLOCAL440-PC
~ User Name: CEP Local 440
~ Logged in as Administrator

—\ Enumeration of the disk units (3) - 0s
~ Drive C: has 334 GB free of 461 GB (System)
~ Drive D: has 2 GB free of 14 GB
~ Drive E: has 0 GB free of 0 GB

—\ State of the Windows Security Center (7) - 0s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

—\ Search Generic System Files (24) - 1s
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - Windows Explorer.) – C:\WINDOWS\Explorer.exe [249440] =>.Microsoft Windows®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\WINDOWS\System32\rundll32.exe [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\WINDOWS\System32\Wininit.exe [249440] =>.Microsoft Windows Publisher®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\WINDOWS\System32\wininet.dll [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (. - Windows Logon Application.) – C:\WINDOWS\System32\Winlogon.exe [249440]
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - Software Licensing Library.) – C:\WINDOWS\System32\sppcomapi.dll [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\System32\dnsapi.dll [249440] =>.Microsoft Windows®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\Syswow64\dnsapi.dll [249440] =>.Microsoft Windows®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\WINDOWS\System32\drivers\AFD.sys [249440] =>.Microsoft Windows®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\WINDOWS\System32\drivers\atapi.sys [249440] =>.Microsoft Windows®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\WINDOWS\System32\drivers\Cdfs.sys [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\WINDOWS\System32\drivers\Cdrom.sys [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\WINDOWS\System32\drivers\DfsC.sys [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\WINDOWS\System32\drivers\HDAudBus.sys [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - i8042 Port Driver.) – C:\WINDOWS\System32\drivers\i8042prt.sys [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - IP Network Address Translator.) – C:\WINDOWS\System32\drivers\IpNat.sys [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\WINDOWS\System32\drivers\MRxSmb.sys [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - MBT Transport driver.) – C:\WINDOWS\System32\drivers\netBT.sys [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - NT File System Driver.) – C:\WINDOWS\System32\drivers\ntfs.sys [249440] =>.Microsoft Windows®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - Parallel Port Driver.) – C:\WINDOWS\System32\drivers\Parport.sys [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\WINDOWS\System32\drivers\Rasl2tp.sys [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - Microsoft RDP Device redirector.) – C:\WINDOWS\System32\drivers\rdpdr.sys [249440] =>.Microsoft Corporation
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - TDI Translation Driver.) – C:\WINDOWS\System32\drivers\tdx.sys [249440] =>.Microsoft Windows®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] - 22/10/2016 - (.Microsoft Corporation - Volume Shadow Copy Driver.) – C:\WINDOWS\System32\drivers\volsnap.sys [249440] =>.Microsoft Windows®

—\ Non Microsoft non disabled Windows Services (19) - 2s
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
O23 - Service: Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe =>.Andrea Electronics®
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) . (.LSI Corporation - LSI Soft Modem Call Progress Service.) - C:\Program Files\LSI SoftModem\agr64svc.exe =>.LSI Corporation®
O23 - Service: Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
O23 - Service: Bonjour Service (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: HPWMISVC (HPWMISVC) . (…) - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) . (.Copyright CANON INC. 2006-2012 All Rights Reserved - Inkjet Printer/Scanner/Fax Extended Survey.) - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe =>.Canon Inc.®
O23 - Service: (MBAMService) . (.Malwarebytes - Malwarebytes Anti-Malware.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) . (. - McAfee Process Validation Service.) - C:\WINDOWS\System32\mfevtps.exe
O23 - Service: @C:\WINDOWS\System32\netlogon.dll (Netlogon) . (. - Local Security Authority Process.) - C:\WINDOWS\System32\lsass.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) . (…) - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe =>.RealNetworks, Inc.®
O23 - Service: RealTimes Desktop Service (RealTimes Desktop Service) . (.RealNetworks, Inc. - RealTimes Desktop Service.) - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe =>.RealNetworks, Inc.®
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Copyright 2004 - RichVideo Module.) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe =>.CyberLink®
O23 - Service: Realtek Audio Service (RtkAudioService) . (.Realtek Semiconductor - Realtek Audio Service.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe =>.Realtek Semiconductor Corp®
O23 - Service: RtVOsdService Installer (RtVOsdService) . (.Realtek Semiconductor Corp. - RtVOsdService.) - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe =>.Realtek Semiconductor Corp.
O23 - Service: @C:\WINDOWS\system32\spoolsv.exe,-1 (Spooler) . (. - Spooler SubSystem App.) - C:\WINDOWS\System32\spoolsv.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) . (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe =>.Synaptics Incorporated®
O23 - Service: ZAM Controller Service (ZAMSvc) . (.Zemana Ltd. - ZAM.) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®

—\ Services not Microsoft (SR=Run, SS=Stop) (33) - 44s
SR - Auto [22/10/2016] [ 249440] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
SS - Demand [22/10/2016] [ 249440] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe =>.Adobe Systems Incorporated®
SR - Auto [22/10/2016] [ 249440] Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe =>.Andrea Electronics®
SR - Auto [22/10/2016] [ 249440] Agere Modem Call Progress Audio (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe =>.LSI Corporation®
SR - Auto [22/10/2016] [ 249440] Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
SR - Auto [22/10/2016] [ 249440] Bonjour Service (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
SS - Demand [22/10/2016] [ 249440] @C:\WINDOWS\system32\efssvc.dll (EFS) . (…) - C:\WINDOWS\System32\lsass.exe =>.Microsoft Windows Publisher®
SS - Disabl [22/10/2016] [ 249440] Garmin Device Interaction Service (Garmin Device Interaction Service) . (.Garmin Ltd. or its subsidiaries.) - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe =>.Garmin International, Inc.®
SR - Auto [22/10/2016] [ 249440] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [22/10/2016] [ 249440] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Disabl [22/10/2016] [ 249440] HP Support Assistant Service (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Company
SS - Demand [22/10/2016] [ 249440] HP LaserJet Professional M1210 MFP Series Receive Fax Servi (HPM1210RcvFaxSrvc) . (.HP.) - C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe =>.Hewlett-Packard Company®
SS - Demand [22/10/2016] [ 249440] HP Software Framework Service (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe =>.Hewlett-Packard Company®
SS - Demand [22/10/2016] [ 249440] HP SI Service (HPSIService) . (…) - C:\WINDOWS\System32\HPSIsvc.exe =>.Hewlett-Packard Company®
SR - Auto [22/10/2016] [ 249440] HPWMISVC (HPWMISVC) . (…) - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - Auto [22/10/2016] [ 249440] Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) . (.Copyright CANON INC. 2006-2012 All Rights Reserved.) - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe =>.Canon Inc.®
SS - Demand [22/10/2016] [ 249440] iPod Service (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe =>.Apple Inc.®
SS - Demand [22/10/2016] [ 249440] @keyiso.dll (KeyIso) . (…) - C:\WINDOWS\System32\lsass.exe =>.Microsoft Windows Publisher®
SS - Demand [22/10/2016] [ 249440] Logitech Bluetooth Service (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe =>.Logitech®
SS - Disabl [22/10/2016] [ 249440] LiveUpdate (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe =>.IObit Information Technology®
SS - Auto [22/10/2016] [ 249440] (MBAMService) . (.Malwarebytes.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
SR - Auto [22/10/2016] [ 249440] McAfee Validation Trust Protection Service (mfevtp) . (…) - C:\WINDOWS\System32\mfevtps.exe =>.McAfee, Inc.®
SS - Auto [22/10/2016] [ 249440] @C:\WINDOWS\System32\netlogon.dll (Netlogon) . (…) - C:\WINDOWS\System32\lsass.exe =>.Microsoft Windows Publisher®
SS - Demand [22/10/2016] [ 249440] @C:\WINDOWS\System32\ngcsvc.dll (NgcSvc) . (…) - C:\WINDOWS\System32\lsass.exe =>.Microsoft Windows Publisher®
SR - Auto [22/10/2016] [ 249440] RealPlayer Update Service (RealPlayerUpdateSvc) . (…) - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe =>.RealNetworks, Inc.®
SR - Auto [22/10/2016] [ 249440] RealTimes Desktop Service (RealTimes Desktop Service) . (.RealNetworks, Inc..) - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe =>.RealNetworks, Inc.®
SR - Auto [22/10/2016] [ 249440] Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Copyright 2004.) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe =>.CyberLink®
SR - Auto [22/10/2016] [ 249440] Realtek Audio Service (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe =>.Realtek Semiconductor Corp®
SR - Auto [22/10/2016] [ 249440] RtVOsdService Installer (RtVOsdService) . (.Realtek Semiconductor Corp..) - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe =>.Realtek Semiconductor Corp.
SR - Auto [22/10/2016] [ 249440] @C:\WINDOWS\system32\spoolsv.exe,-1 (Spooler) . (…) - C:\WINDOWS\System32\spoolsv.exe
SR - Auto [22/10/2016] [ 249440] SynTPEnh Caller Service (SynTPEnhService) . (.Synaptics Incorporated.) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe =>.Synaptics Incorporated®
SR - Demand [22/10/2016] [ 249440] @C:\WINDOWS\system32\vaultsvc.dll (VaultSvc) . (…) - C:\WINDOWS\System32\lsass.exe =>.Microsoft Windows Publisher®
SR - Auto [22/10/2016] [ 249440] ZAM Controller Service (ZAMSvc) . (.Zemana Ltd..) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®

—\ Task Planned Automatically (43) - 18s
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Adobe Acrobat Update Task] (.Adobe Systems Incorporated.) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [249440] (.Activate.) =>.Adobe Systems, Incorporated®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) – C:\Program Files\CCleaner\CCleaner.exe [249440] (.Activate.) =>.Piriform Ltd®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [249440] (.Activate.) =>.Google Inc®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [249440] (.Activate.) =>.Google Inc®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [RealDownloaderRealUpgradeLogonTaskS-1-5-21-1124643268-3595298339-4084894015-1000] (.RealNetworks, Inc..) – C:\Program Files (x86)\Real\RealDownloader\RealUpgrade.exe [249440] (.Activate.) =>.RealNetworks, Inc.®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1124643268-3595298339-4084894015-1000] (.RealNetworks, Inc..) – C:\Program Files (x86)\Real\RealDownloader\RealUpgrade.exe [249440] (.Activate.) =>.RealNetworks, Inc.®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [WinZipBackGroundToolsTask] (.WinZip Computing, S.L..) – C:\Program Files\WinZip\WzBGTools.exe [249440] (.Activate.) =>.WinZip Computing LLC®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [{298B2E4F-B19F-479B-A158-24E952B262D7}] (…) – F:\setup.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [{BF9EF130-FE70-4432-88EC-F3B7132270EA}] (…) – G:\internalsw.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Apple\AppleSoftwareUpdate] (.Apple Inc..) – C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [249440] (.Activate.) =>.Apple Inc.®
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan] (…) – c:\Program Files\Microsoft Security Client\MpCmdRun.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\ActivateWindowsSearch] (…) – C:\WINDOWS\ehome\ehPrivJob.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\ConfigureInternetTimeService] (…) – C:\WINDOWS\ehome\ehPrivJob.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\DispatchRecoveryTasks] (…) – C:\WINDOWS\ehome\ehPrivJob.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\ehDRMInit] (…) – C:\WINDOWS\ehome\ehPrivJob.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\InstallPlayReady] (…) – C:\WINDOWS\ehome\ehPrivJob.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\mcupdate] (…) – C:\WINDOWS\ehome\mcupdate (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\mcupdate_scheduled] (…) – C:\WINDOWS\ehome\mcupd (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\OCURActivate] (…) – C:\WINDOWS\ehome\ehPrivJob.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\OCURDiscovery] (…) – C:\WINDOWS\ehome\ehPrivJob.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\PBDADiscovery] (…) – C:\WINDOWS\ehome\ehPrivJob.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\PBDADiscoveryW1] (…) – C:\WINDOWS\ehome\ehPrivJob.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\PBDADiscoveryW2] (…) – C:\WINDOWS\ehome\ehPrivJob.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\PeriodicScanRetry] (…) – C:\WINDOWS\ehome\MCUpdate.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\RecordingRestart] (…) – C:\WINDOWS\ehome\ehrec (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\RegisterSearch] (…) – C:\WINDOWS\ehome\ehPrivJob.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\ReindexSearchRoot] (…) – C:\WINDOWS\ehome\ehPrivJob.exe (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\StartRecording] (…) – C:\WINDOWS\ehome\ehrec (.not file.) [249440] (.Activate.)
[MD5.94DF0080F625ABFB00DD02BCE2DDFDC5] [APT] [Microsoft\Windows\Media Center\UpdateRecordPath] (…) – C:\WINDOWS\ehome\ehPrivJob.exe (.not file.) [249440] (.Activate.)
O39 - APT: Unknown - (.Adobe Inc..) – C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [249440] =>.Adobe Inc.
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) – C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [249440] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) – C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [249440] =>.Google Inc®
O39 - APT: Unknown - (…) – C:\WINDOWS\Tasks\HPCeeScheduleForCEP Local 440.job [249440]
O39 - APT: Adobe Acrobat Update Task - (.Adobe Systems Incorporated.) – C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task [249440] =>.Adobe Systems, Incorporated®
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) – C:\WINDOWS\System32\Tasks\CCleanerSkipUAC [249440] =>.Piriform Ltd®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) – C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore [249440] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) – C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A [249440] =>.Google Inc®
O39 - APT: Unknown - (.Microsoft Corporation.) – C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task [249440] =>.Microsoft Corporation
O39 - APT: RealDownloaderRealUpgradeLogonTaskS-1-5-21-1124643268-3595298339-4084894015-1000 - (.RealNetworks, Inc..) – C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgrad eLogonTaskS-1-5-21-1124643268-3595298339-4084894015-1000 [249440] =>.RealNetworks, Inc.®
O39 - APT: RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1124643268-3595298339-4084894015-1000 - (.RealNetworks, Inc..) – C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgrad eScheduledTaskS-1-5-21-1124643268-3595298339-4084894015-1000 [249440] =>.RealNetworks, Inc.®
O39 - APT: WinZipBackGroundToolsTask - (.WinZip Computing, S.L..) – C:\WINDOWS\System32\Tasks\WinZipBackGroundToolsTas k [249440] =>.WinZip Computing LLC®
O39 - APT: {298B2E4F-B19F-479B-A158-24E952B262D7} - (…) – C:\WINDOWS\System32\Tasks{298B2E4F-B19F-479B-A158-24E952B262D7} [249440] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: {BF9EF130-FE70-4432-88EC-F3B7132270EA} - (…) – C:\WINDOWS\System32\Tasks{BF9EF130-FE70-4432-88EC-F3B7132270EA} [249440] (.Orphan.) =>.Superfluous.Orphan

—\ Auto loading programs from Registry and folders (31) - 2s
O4 - HKLM..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) – C:\Windows\System32\LogiLDA.dll =>.Logitech, Inc.
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] . (.Logitech, Inc. - Logitech KHAL Main Process.) – C:\WINDOWS\KHALMNPR.EXE =>.Logitech®
O4 - HKLM..\Run: [RtkOSD] . (.Realtek Semiconductor Corp. - Realtek OSD for Volume/Mute.) – C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe =>.Realtek Semiconductor Corp.
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (.not file.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (.not file.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (.not file.)
O4 - HKLM..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) – C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) – C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) – C:\Program Files\Synaptics\SynTP\SynTPEnh.exe =>.Synaptics Incorporated®
O4 - HKLM..\Run: [ZAM] . (.Zemana Ltd. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
O4 - HKLM..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) – C:\Program Files\iTunes\iTunesHelper.exe =>.Apple Inc.®
O4 - HKLM..\Run: [Everything] . (.Copyright (C) 2014 David Carpenter - Everything.) – C:\Users\CEP Local 440\Desktop\Everything\Everything.exe =>.Copyright (c) 2014 David Carpenter
O4 - HKCU..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) – C:\Users\CEP Local 440\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - HKCU..\Run: [iCloudServices] . (.Apple Inc. - iCloud Services.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe =>.Apple Inc.®
O4 - HKCU..\Run: [iCloudDrive] . (.Apple Inc. - iCloud Drive.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe =>.Apple Inc.®
O4 - HKCU..\Run: [iCloudPhotos] . (.Apple Inc. - iCloud Photo Library.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe =>.Apple Inc.®
O4 - HKCU..\Run: [GarminExpressTrayApp] . (.Garmin Ltd. or its subsidiaries - Garmin Express Tray.) – C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe =>.Garmin International, Inc.®
O4 - HKCU..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKLM..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) – C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe =>.Hewlett-Packard Company®
O4 - HKLM..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) – C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe =>.RealNetworks, Inc.®
O4 - HKLM..\Wow6432Node\Run: [RealDownloader] . (.Copyright © RealNetworks, Inc. 1995-2012 - RealDownloader.) – C:\Program Files (x86)\Real\RealDownloader\downloader2.exe =>.RealNetworks, Inc.®
O4 - HKUS.DEFAULT..\Run: [GarminExpressTrayApp] . (.Garmin Ltd. or its subsidiaries - Garmin Express Tray.) – C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe =>.Garmin International, Inc.®
O4 - HKUS\S-1-5-18..\Run: [GarminExpressTrayApp] . (.Garmin Ltd. or its subsidiaries - Garmin Express Tray.) – C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe =>.Garmin International, Inc.®
O4 - HKUS\S-1-5-19..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) – C:\WINDOWS\SysWOW64\OneDriveSetup.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-20..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) – C:\WINDOWS\SysWOW64\OneDriveSetup.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-21-1124643268-3595298339-4084894015-1000..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) – C:\Users\CEP Local 440\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-21-1124643268-3595298339-4084894015-1000..\Run: [iCloudServices] . (.Apple Inc. - iCloud Services.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe =>.Apple Inc.®
O4 - HKUS\S-1-5-21-1124643268-3595298339-4084894015-1000..\Run: [iCloudDrive] . (.Apple Inc. - iCloud Drive.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe =>.Apple Inc.®
O4 - HKUS\S-1-5-21-1124643268-3595298339-4084894015-1000..\Run: [iCloudPhotos] . (.Apple Inc. - iCloud Photo Library.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe =>.Apple Inc.®
O4 - HKUS\S-1-5-21-1124643268-3595298339-4084894015-1000..\Run: [GarminExpressTrayApp] . (.Garmin Ltd. or its subsidiaries - Garmin Express Tray.) – C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe =>.Garmin International, Inc.®
O4 - HKUS\S-1-5-21-1124643268-3595298339-4084894015-1000..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®

—\ Process running (26) - 3s
[MD5.19EB397CD020CCD25EB5F5377E37AD2C] - (.Realtek Semiconductor - Realtek Audio Service.) – C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080] [PID.1348] =>.Realtek Semiconductor Corp®
[MD5.1E7EBBF7D89DE7979308494FE98EB393] - (.Realtek Semiconductor - HD Audio Background Process.) – C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472] [PID.1372] =>.Realtek Semiconductor Corp®
[MD5.48008D4EA73C1058F36D323A644410D4] - (.LSI Corporation - LSI Soft Modem Call Progress Service.) – C:\Program Files\LSI SoftModem\agr64svc.exe [28672] [PID.1752] =>.LSI Corporation®
[MD5.DC00FD73505DAEDD99CAF4533B0C05BD] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82128] [PID.1760] =>.Adobe Systems, Incorporated®
[MD5.D1E343BC00136CE03C4D403194D06A80] - (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) – C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [98208] [PID.1808] =>.Andrea Electronics®
[MD5.7D811EA7A2AAA49B0446D42CBC1CD338] - (.Apple Inc. - MobileDeviceService.) – C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768] [PID.1820] =>.Apple Inc.®
[MD5.B5C2F92EE1106DFE7BB1CCE4D35B6037] - (.Apple Inc. - Bonjour Service.) – C:\Program Files\Bonjour\mDNSResponder.exe [462096] [PID.1828] =>.Apple Inc.®
[MD5.B6492D01712A22FF3FEA25A999DBD321] - (…) – C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480] [PID.1836]
[MD5.EDCCC8C13B1EB882F77BA0ABB84566E7] - (.Copyright CANON INC. 2006-2012 All Rights Reserved - Inkjet Printer/Scanner/Fax Extended Survey.) – C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe [140456] [PID.1876] =>.Canon Inc.®
[MD5.00000000000000000000000000000000] - (. - McAfee Process Validation Service.) – C:\WINDOWS\System32\mfevtps.exe [0] [PID.1996]
[MD5.4E1AD0DF1100880CA800272EE474C7D1] - (…) – C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [35104] [PID.2052] =>.RealNetworks, Inc.®
[MD5.1B578EBD5A6557688DD082EDFD2E3FA9] - (.RealNetworks, Inc. - RealTimes Desktop Service.) – C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [987408] [PID.2060] =>.RealNetworks, Inc.®
[MD5.498EB62A160674E793FA40FD65390625] - (.Copyright 2004 - RichVideo Module.) – C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152] [PID.2068] =>.CyberLink®
[MD5.6F42D9C646948D0604FB4271A7CEAC54] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) – C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960] [PID.2168] =>.Synaptics Incorporated®
[MD5.ADE093D9F6D3FE36B0A0F66F0EC84598] - (.Zemana Ltd. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016] [PID.2552] =>.Zemana Ltd.®
[MD5.6D99E1391FFC1D473EB18CD9252F2889] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) – C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352] [PID.2516] =>.Synaptics Incorporated®
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] - (.Google Inc. - Google Installer.) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] [PID.3440] =>.Google Inc®
[MD5.58332C83C4A329A744B0B98F934934BB] - (.Google Inc. - Google Crash Handler.) – C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.ex e [288920] [PID.4144] =>.Google Inc®
[MD5.37F586EA2E289D633B7F94D8708940A7] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) – C:\PROGRAM FILES\SYNAPTICS\SynTP\SYNTPHELPER.EXE [218816] [PID.4176] =>.Synaptics Incorporated®
[MD5.788321A2C0C45F16820E00A8BA8FD3DA] - (.Google Inc. - Google Crash Handler.) – C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64. exe [366232] [PID.4288] =>.Google Inc®
[MD5.ADE093D9F6D3FE36B0A0F66F0EC84598] - (.Zemana Ltd. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016] [PID.2076] =>.Zemana Ltd.®
[MD5.4EA7E5DF0CB237156176FA0349E6E87F] - (.Realtek Semiconductor Corp. - RtVOsdService.) – C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392] [PID.3760] =>.Realtek Semiconductor Corp.
[MD5.854CDCFB2149810A341BFD2CB4472A7E] - (.Realtek Semiconductor Corp. - Realtek OSD for Volume/Mute.) – C:\Program Files\Realtek\RtVOsd\RtVOsd.exe [1024512] [PID.3636] =>.Realtek Semiconductor Corp.
[MD5.5DA9FD282D2D14D982A1909BDBB919DB] - (.Adobe Systems Incorporated - Adobe® Flash® Player Utility.) – C:\WINDOWS\System32\Macromed\Flash\FlashUtil_Activ eX.exe [1240568] [PID.4816] =>.Microsoft Windows Third Party Application Component®
[MD5.382221669A48E195BDE6D2750C385446] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\CEP Local 440\Desktop\ZHPDiag3.exe [2503680] [PID.3568] =>.Nicolas Coolman
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] - (.Google Inc. - Google Installer.) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] [PID.4588] =>.Google Inc®

—\ Internet Explorer Extensions, Start, Search (18) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1

—\ Internet Explorer, Proxy Management (6) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll

—\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=

—\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)

—\ Browser Helper Object (BHO) (4) - 0s
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer [64Bits] - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealDownloader - RealTimes Video Downloader.) – C:\Program Files (x86)\Real\RealDownloader\BrowserPlugins\IE\rndlbr owserrecordplugin.dll =>.RealNetworks, Inc.®
O2 - BHO: Canon Easy-WebPrint EX BHO [64Bits] - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} . (.CANON INC. - Easy-WebPrint EX.) – C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll =>.Canon Inc.®
O2 - BHO: Java™ Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} (.Orphan.)
O2 - BHO: (no name) [64Bits] - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} (.Orphan.)

—\ Global shortcuts Startup (70) - 5s
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\CEP Local 440\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: ConvertXtoDvd.lnk . (.VSO Software SARL - ConvertXtoDVD transcoder.) C:\Program Files (x86)\VSO\ConvertX\3\ConvertXtoDvd.exe =>.VSO-SOFTWARE®
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (…) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Quicklaunch [Administrator]: Jouer à HP Games.lnk . (…) C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe /src desktoptpd
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\CEP Local 440\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Desktop [CEP Local 440]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\CEP Local 440\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [CEP Local 440]: ConvertXtoDvd.lnk . (.VSO Software SARL - ConvertXtoDVD transcoder.) C:\Program Files (x86)\VSO\ConvertX\3\ConvertXtoDvd.exe =>.VSO-SOFTWARE®
O4 - GS\Quicklaunch [CEP Local 440]: Google Chrome.lnk . (…) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Quicklaunch [CEP Local 440]: Jouer à HP Games.lnk . (…) C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe /src desktoptpd
O4 - GS\Quicklaunch [CEP Local 440]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [CEP Local 440]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\Programs [CEP Local 440]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\CEP Local 440\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\CEP Local 440\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: ConvertXtoDvd.lnk . (.VSO Software SARL - ConvertXtoDVD transcoder.) C:\Program Files (x86)\VSO\ConvertX\3\ConvertXtoDvd.exe =>.VSO-SOFTWARE®
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (…) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Quicklaunch [Guest]: Jouer à HP Games.lnk . (…) C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe /src desktoptpd
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\CEP Local 440\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\CommonDesktop [Public]: Acrobat Reader DC.lnk . (.Adobe Systems Incorporated - Adobe Acrobat Reader DC.) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe =>.Adobe Systems, Incorporated®
O4 - GS\CommonDesktop [Public]: Canon Quick Menu.lnk . (.CANON INC. - Canon Quick Menu.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE =>.Canon Inc.®
O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - GS\CommonDesktop [Public]: Garmin Express.lnk . (.Garmin Ltd. or its subsidiaries - Garmin Express.) C:\Program Files (x86)\Garmin\Express\express.exe =>.Garmin International, Inc.®
O4 - GS\CommonDesktop [Public]: Garmin Lifetime Updater.lnk . (.Garmin - Garmin Lifetime Updater.) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe =>.Garmin International®
O4 - GS\CommonDesktop [Public]: Google Earth.lnk . (.Google - Google Earth.) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: HP Support Assistant.lnk . (.Hewlett-Packard Company - HP Support Assistant.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe =>.Hewlett-Packard Company®
O4 - GS\CommonDesktop [Public]: iTunes.lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\CommonDesktop [Public]: Malwarebytes Anti-Malware.lnk . (.Malwarebytes - Malwarebytes Anti-Malware.) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe =>.Malwarebytes Corporation®
O4 - GS\CommonDesktop [Public]: RealPlayer (RealTimes).lnk . (.RealNetworks, Inc. - RealPlayer.) C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:desktop =>.RealNetworks, Inc.®
O4 - GS\CommonDesktop [Public]: Removal Tool.lnk . (.9-lab LLC - 9-lab Malware Removal Tool.) C:\Users\CEP Local 440\Desktop\Removal Tool\rmtool.exe =>.9-Lab®
O4 - GS\CommonDesktop [Public]: TurboTax Free.lnk . (.GitHub, Inc. - Electron.) C:\Program Files (x86)\TurboTax Free\TurboTax Free.exe =>.GitHub, Inc.
O4 - GS\CommonDesktop [Public]: Zemana AntiMalware.lnk . (.Zemana Ltd. - ZAM.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\CEP Local 440\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\WINDOWS\system32\eudcedit.exe =>.Microsoft Corporation
O4 - GS\Startup [Public]: Logitech SetPoint.lnk . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) C:\Program Files\Logitech\SetPoint\SetPoint.exe =>.Logitech®
O4 - GS\Startup [Public]: RealTimes.lnk . (.RealNetworks, Inc. - RealPlayer with RealTimes.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe =>.RealNetworks, Inc.®
O4 - GS\Startup [Public]: Update Notifier.lnk . (.WinZip Computing, S.L. - .) C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe =>.WinZip Computing, S.L.
O4 - GS\Startup [Public]: WinZip Preloader.lnk . (.WinZip Computing, S.L. - .) C:\Program Files (x86)\WinZip\WzPreloader.exe =>.WinZip Computing, S.L.
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\WINDOWS\system32\mblctr.exe /open =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\WINDOWS\system32\StikyNot.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.) C:\WINDOWS\Installer{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico =>.Flexera Software LLC
O4 - GS\ProgramsCommon [Public]: Acrobat.com.lnk . (…) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
O4 - GS\ProgramsCommon [Public]: Apple Software Update.lnk . (…) C:\WINDOWS\Installer{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe
O4 - GS\ProgramsCommon [Public]: Devices Flow.lnk . (.Microsoft Corporation - Devices Flow.) C:\WINDOWS\DevicesFlow\DevicesFlow.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Microsoft FrontPage.lnk . (…) C:\Windows\Installer{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
O4 - GS\ProgramsCommon [Public]: Microsoft Works Task Launcher.lnk . (.Microsoft® Corporation - Microsoft® Works.) C:\Program Files (x86)\Microsoft Works\MSWorks.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Search.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\WINDOWS\system32\rundll32.exe -sta {C90FB8CA-3295-4462-A721-2935E83694BA} =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: TurboTax Free.lnk . (.GitHub, Inc. - Electron.) C:\Program Files (x86)\TurboTax Free\TurboTax Free.exe =>.GitHub, Inc.
O4 - GS\ProgramsCommon [Public]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Movie Maker.lnk . (.Microsoft Corporation - Windows Live Movie Maker.) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Photo Gallery.lnk . (.Microsoft Corporation - Windows Live Photo Gallery.) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation

—\ Lop.com/Domain Hijackers (2) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip..{7aacf0c7-f777-451d-935f-0dff73e93a81}: DhcpNameServer = 192.168.2.1 192.168.2.1 =>.Local IP Adress

—\ Extra protocols (29) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\WINDOWS\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\WINDOWS\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\WINDOWS\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\WINDOWS\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\WINDOWS\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\WINDOWS\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\WINDOWS\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\WINDOWS\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\WINDOWS\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) – C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\WINDOWS\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\WINDOWS\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\WINDOWS\SysWOW64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\WINDOWS\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\WINDOWS\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: ms-itss [64Bits] - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll =>.Microsoft Corporation®
O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) – C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: mso-offdap [64Bits] - {3D9F03FA-7A94-11D3-BE81-0050048385D1} . (.Microsoft Corporation - Microsoft Office XP Web Components.) – C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL =>.Microsoft Corporation®
O18 - Handler: mso-offdap11 [64Bits] - {32505114-5902-49B2-880A-1F7738E5A384} . (.Microsoft Corporation - Microsoft Office Web Components 2003.) – C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL =>.Microsoft Corporation®
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\WINDOWS\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\WINDOWS\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\WINDOWS\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\WINDOWS\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) – C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation®
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) – C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation®
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\WINDOWS\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\WINDOWS\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\WINDOWS\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) – C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL =>.Microsoft Corporation®

—\ Software installed (148) - 21s
O42 - Logiciel: 7-Zip 16.02 - (.Igor Pavlov.) [HKLM][64Bits] – {23170F69-40C1-2701-1602-000001000000} =>.Igor Pavlov
O42 - Logiciel: 7-Zip 16.02 - (.Igor Pavlov.) [HKLM][64Bits] – 7-Zip =>.Igor Pavlov
O42 - Logiciel: 7-Zip 16.04 (x64 edition) - (.Igor Pavlov.) [HKLM][64Bits] – {23170F69-40C1-2702-1604-000001000000} =>.Igor Pavlov
O42 - Logiciel: 9-lab Removal Tool - (..) [HKLM][64Bits] – 9-lab Removal Tool =>.9-Lab®
O42 - Logiciel: Acrobat.com - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {287ECFA4-719A-2143-A09B-D6A12DE54E40} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Acrobat Reader DC - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AC76BA86-7AD7-1033-7B44-AC0F074E4100} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {BBEC10F9-AC15-41EE-A271-0B1077F53740} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe AIR =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AC76BA86-0804-1033-1959-001824147215} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Shockwave Player - (.Adobe Systems, Inc..) [HKLM][64Bits] – {D8DFA46A-39F7-4368-810D-18AFCFDDAEAF} =>.Adobe Systems, Inc.
O42 - Logiciel: Adobe Shockwave Player 12.2 - (.Adobe Systems, Inc.) [HKLM][64Bits] – {A2116AF9-FA9D-41EA-9874-1E40B227D4DE} =>.Adobe Systems, Inc
O42 - Logiciel: ANT Drivers Installer x64 - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] – {22B06B3E-3029-4342-B12F-5D6D5636914A} =>.Garmin Ltd or its subsidiaries
O42 - Logiciel: Apple Application Support (32-bit) - (.Apple Inc..) [HKLM][64Bits] – {F2871C89-C8A5-42EE-8D45-0F02506385A6} =>.Apple Inc.
O42 - Logiciel: Apple Application Support (64-bit) - (.Apple Inc..) [HKLM][64Bits] – {9BC93467-75D1-4AA4-BD58-D9C51D88DFAB} =>.Apple Inc.
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] – {55BB2110-FB43-49B3-93F4-945A0CFB0A6C} =>.Apple Inc.
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] – {56EC47AA-5813-4FF6-8E75-544026FBEA83} =>.Apple Inc.
O42 - Logiciel: ArcSoft Panorama Maker 6 - (.ArcSoft.) [HKLM][64Bits] – {DABFD34E-BE68-4BC6-9254-5D7A7FF76B99} =>.ArcSoft
O42 - Logiciel: Bejeweled 2 Deluxe - (.WildTangent.) [HKLM][64Bits] – WT082192 =>.WildTangent Inc
O42 - Logiciel: Blackhawk Striker 2 - (.WildTangent.) [HKLM][64Bits] – WT082122 =>.WildTangent Inc
O42 - Logiciel: Blasterball 3 - (.WildTangent.) [HKLM][64Bits] – WT082124 =>.WildTangent Inc
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] – {56DDDFB8-7F79-4480-89D5-25E1F52AB28F} =>.Apple Inc.
O42 - Logiciel: Bus Driver - (.WildTangent.) [HKLM][64Bits] – WT082439 =>.WildTangent Inc
O42 - Logiciel: Canon Easy-WebPrint EX - (.Canon Inc..) [HKLM][64Bits] – Easy-WebPrint EX =>.Canon Inc.®
O42 - Logiciel: Canon IJ Network Scanner Selector EX - (.Canon Inc..) [HKLM][64Bits] – Canon_IJ_Network_Scanner_Selector_EX =>.Canon Inc.®
O42 - Logiciel: Canon IJ Network Tool - (.Canon Inc..) [HKLM][64Bits] – Canon_IJ_Network_UTILITY =>.Canon Inc.®
O42 - Logiciel: Canon IJ Scan Utility - (.Canon Inc..) [HKLM][64Bits] – Canon_IJ_Scan_Utility =>.Canon Inc.®
O42 - Logiciel: Canon Inkjet Printer/Scanner/Fax Extended Survey Program - (.Canon Inc..) [HKLM][64Bits] – CANONIJPLM100 =>.Canon Inc.®
O42 - Logiciel: Canon MX450 series MP Drivers - (.Canon Inc..) [HKLM][64Bits] – {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}Canon_MX450_series =>.Canon Inc.®
O42 - Logiciel: Canon MX450 series On-screen Manual - (.Canon Inc..) [HKLM][64Bits] – Canon MX450 series On-screen Manual =>.Canon Inc.®
O42 - Logiciel: Canon My Image Garden - (.Canon Inc..) [HKLM][64Bits] – Canon My Image Garden =>.Canon Inc.®
O42 - Logiciel: Canon My Image Garden Design Files - (.Canon Inc..) [HKLM][64Bits] – Canon My Image Garden Design Files =>.Canon Inc.®
O42 - Logiciel: Canon My Printer - (.Canon Inc..) [HKLM][64Bits] – CanonMyPrinter =>.Canon Inc.®
O42 - Logiciel: Canon Quick Menu - (.Canon Inc..) [HKLM][64Bits] – CanonQuickMenu =>.Canon Inc.®
O42 - Logiciel: Canon Speed Dial Utility - (.Canon Inc..) [HKLM][64Bits] – Speed Dial Utility =>.Canon Inc.®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] – CCleaner =>.Piriform Ltd®
O42 - Logiciel: CDDRV_Installer - (.Logitech.) [HKLM][64Bits] – {0C826C5B-B131-423A-A229-C71B3CACCD6A} =>.Logitech
O42 - Logiciel: Chuzzle Deluxe - (.WildTangent.) [HKLM][64Bits] – WT082200 =>.WildTangent Inc
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] – {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] – {51C7AD07-C3F6-4635-8E8A-231306D810FE} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] – {ED5776D5-59B4-46B7-AF81-5F2D94D7C640} =>.Cisco Systems, Inc.
O42 - Logiciel: Compatibility Pack for the 2007 Office system - (.Microsoft Corporation.) [HKLM][64Bits] – {90120000-0020-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: ConvertXtoDVD 3.3.4.106e - (..) [HKLM][64Bits] – {76C24F39-B161-498F-BD8B-C64789812D13}is1
O42 - Logiciel: CyberLink DVD Suite - (.CyberLink Corp..) [HKLM][64Bits] – {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} =>.CyberLink®
O42 - Logiciel: CyberLink DVD Suite - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} =>.CyberLink®
O42 - Logiciel: CyberLink MediaShow - (.CyberLink Corp..) [HKLM][64Bits] – {80E158EA-7181-40FE-A701-301CE6BE64AB} =>.CyberLink®
O42 - Logiciel: CyberLink MediaShow - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield{80E158EA-7181-40FE-A701-301CE6BE64AB} =>.CyberLink®
O42 - Logiciel: CyberLink PowerDVD 8 - (.CyberLink Corp..) [HKLM][64Bits] – {2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} =>.CyberLink®
O42 - Logiciel: CyberLink PowerDVD 8 - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} =>.CyberLink®
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] – {E09C4DB7-630C-4F06-A631-8EA7239923AF} =>.Microsoft
O42 - Logiciel: DAP Plug-in for 64 Bit IE - (.SpeedBit.) [HKLM][64Bits] – {E06AF9BE-E1D6-4867-8DBF-74E4BA32BBB3}
O42 - Logiciel: DivX Setup - (.DivX, LLC.) [HKLM][64Bits] – DivX Setup =>.DivX, LLC®
O42 - Logiciel: Dora’s Carnival Adventure - (.WildTangent.) [HKLM][64Bits] – WT082133 =>.WildTangent Inc
O42 - Logiciel: Elevated Installer - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] – {42B70DEB-600A-4A1C-86A3-2F2877276720} =>.Garmin Ltd or its subsidiaries
O42 - Logiciel: erLT - (.Logitech, Inc..) [HKLM][64Bits] – {A498D9EB-927B-459B-85D6-DD6EF8C2C564} =>.Logitech, Inc.
O42 - Logiciel: Escape Rosecliff Island - (.WildTangent.) [HKLM][64Bits] – WT083484 =>.WildTangent Inc
O42 - Logiciel: ESU for Microsoft Windows 7 - (.Hewlett-Packard.) [HKLM][64Bits] – {3877C901-7B90-4727-A639-B6ED2DD59D43} =>.Hewlett-Packard
O42 - Logiciel: Everything 1.3.4.686 (x64) - (..) [HKLM][64Bits] – Everything
O42 - Logiciel: Faerie Solitaire - (.WildTangent.) [HKLM][64Bits] – WT082442 =>.WildTangent Inc
O42 - Logiciel: FATE - (.WildTangent.) [HKLM][64Bits] – WT082141 =>.WildTangent Inc
O42 - Logiciel: Garmin Communicator Plugin x64 - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] – {550331CC-C34B-494F-BCDA-37CE4EF6E924} =>.Garmin Ltd or its subsidiaries
O42 - Logiciel: Garmin Express - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] – {165D8FEC-4FAE-4527-96E7-359A39FF90C4} =>.Garmin Ltd or its subsidiaries
O42 - Logiciel: Garmin Express - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] – {2639b4f0-83b4-4f3d-942f-e4ba22a40b9b} =>.Garmin International, Inc.®
O42 - Logiciel: Garmin Express Tray - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] – {CAE86049-E7B8-4B2D-8ADF-3BB3F4F1628A} =>.Garmin Ltd or its subsidiaries
O42 - Logiciel: Garmin Lifetime Updater - (.Garmin.) [HKLM][64Bits] – {9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521} =>.Garmin
O42 - Logiciel: GenuTax Standard - (.GenuSource Consulting Inc.) [HKLM][64Bits] – {C558F931-FCAD-4252-909F-D736DF679567}
O42 - Logiciel: Google Chrome - (.Google, Inc..) [HKLM][64Bits] – {8A560559-10C3-36EF-82E6-5A58EFD3A162} =>.Google, Inc.
O42 - Logiciel: Google Earth - (.Google.) [HKLM][64Bits] – {A0C18B96-AB79-46BD-8321-6FA83E6D25B9} =>.Google
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] – {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] – {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
O42 - Logiciel: Hewlett-Packard ACLM.NET v1.2.1.1 - (.Hewlett-Packard Company.) [HKLM][64Bits] – {6F340107-F9AA-47C6-B54C-C3A19F11553F} =>.Hewlett-Packard Company
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM][64Bits] – {07FA4960-B038-49EB-891B-9F95930AA544} =>.Hewlett-Packard
O42 - Logiciel: HP Game Console - (.WildTangent.) [HKLM][64Bits] – My HP Game Console =>.WildTangent Inc
O42 - Logiciel: HP LaserJet Professional M1130-M1210 MFP Series - (..) [HKLM][64Bits] – HP LaserJet Professional M1130-M1210 MFP Series =>.Hewlett-Packard Company®
O42 - Logiciel: HP LaserJet Professional M1210 MFP Series Fax Installer - (.HP.) [HKLM][64Bits] – {E65099C4-9110-4C31-BD03-5C17EFB5FE92} =>.HP
O42 - Logiciel: HP Quick Launch - (.Hewlett-Packard.) [HKLM][64Bits] – {10F539B1-31AF-43BF-9F0C-0EB66E918922} =>.Hewlett-Packard
O42 - Logiciel: HP Setup - (.Hewlett-Packard.) [HKLM][64Bits] – {17B4760F-334B-475D-829F-1A3E94A6A4E6} =>.Hewlett-Packard
O42 - Logiciel: HP Smart Web Printing - (.Hewlett-Packard.) [HKLM][64Bits] – {49A143E9-4A6A-43E7-86B1-388194C79248} =>.Hewlett-Packard
O42 - Logiciel: HP Smart Web Printing - (.Hewlett-Packard.) [HKLM][64Bits] – HP Smart Web Printing =>.Hewlett-Packard
O42 - Logiciel: HP Software Framework - (.Hewlett-Packard Company.) [HKLM][64Bits] – {97174E88-52F9-445A-A28E-704A45332D19} =>.Hewlett-Packard Company
O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM][64Bits] – {54CC7901-804D-4155-B353-21F0CC9112AB} =>.Hewlett-Packard
O42 - Logiciel: iCloud - (.Apple Inc..) [HKLM][64Bits] – {CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF} =>.Apple Inc.
O42 - Logiciel: InstaCodecs - (..) [HKLM][64Bits] – InstaCodecs_is1
O42 - Logiciel: InstallConverter - (.InstallConverter.) [HKLM][64Bits] – InstallConverter
O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel Corporation.) [HKLM][64Bits] – {5CA7FC9B-8508-4494-B365-6FBCBAEB8E89} =>.Intel Corporation
O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel(R) Corporation.) [HKLM][64Bits] – {98f335cd-0a32-4b3f-b74c-ef9480e834f0} =>.Intel Corporation - Software and Firmware Products®
O42 - Logiciel: Intel(R) Control Center - (.Intel Corporation.) [HKLM][64Bits] – {F8A9085D-4C7A-41a9-8A77-C8998A96C421} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM][64Bits] – {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation - Software and Firmware Products®
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] – {3E29EE6C-963A-4aae-86C1-DC237C4A49FC} =>.Intel Corporation®
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] – {2C49F336-2E86-4407-83E2-16AC65598EF4} =>.Apple Inc.
O42 - Logiciel: Jewel Quest 3 - (.WildTangent.) [HKLM][64Bits] – WT082443 =>.WildTangent Inc
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] – {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} =>.Microsoft Corporation
O42 - Logiciel: KhalInstallWrapper - (.Logitech.) [HKLM][64Bits] – {F3F18612-7B5D-4C05-86C9-AB50F6F71727} =>.Logitech
O42 - Logiciel: LabelPrint - (.CyberLink Corp..) [HKLM][64Bits] – {C59C179C-668D-49A9-B6EA-0121CCFC1243} =>.CyberLink®
O42 - Logiciel: LabelPrint - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} =>.CyberLink®
O42 - Logiciel: Logitech SetPoint - (.Logitech.) [HKLM][64Bits] – {F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E} =>.Logitech®
O42 - Logiciel: LSI HDA Modem - (.LSI Corporation.) [HKLM][64Bits] – LSI Soft Modem =>.LSI Corporation
O42 - Logiciel: Malwarebytes Anti-Malware version 2.2.1.1043 - (.Malwarebytes.) [HKLM][64Bits] – Malwarebytes Anti-Malware_is1 =>.Malwarebytes
O42 - Logiciel: MaxiLink - (.Autel.) [HKLM][64Bits] – {3F1420A7-FF17-40F0-B4FE-3481B8D10081} =>.Autel
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] – {8C6D6116-B724-4810-8F2D-D047E6B7D68E} =>.Microsoft Corporation
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM][64Bits] – {50816F92-1652-4A7C-B9BC-48F682742C4B} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Application Error Reporting - (.Microsoft Corporation.) [HKLM][64Bits] – {95120000-00B9-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291. - (.Microsoft Corporation.) [HKLM][64Bits] – {25E80DAA-FD87-DCE5-202C-CC02F6673002} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM][64Bits] – {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] – {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM][64Bits] – {15BC8CD0-A65B-47D0-A2DD-90A824590FA8} =>.Microsoft Corporation
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] – {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} =>.Microsoft
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] – {D0B44725-3666-492D-BEF6-587A14BD9BD9} =>.Microsoft
O42 - Logiciel: muvee Reveal - (.muvee Technologies Pte Ltd.) [HKLM][64Bits] – {DE626616-D7C4-4F00-7E0B-EAF26FA65749} =>.muvee Technologies Pte Ltd
O42 - Logiciel: ObjectDock Free - (.Stardock Corporation.) [HKLM][64Bits] – {2C13F8C1-570B-42A9-87B4-8C7903ECD602} =>.Stardock Corporation®
O42 - Logiciel: ObjectDock Free - (.Stardock Corporation.) [HKLM][64Bits] – ObjectDock Free =>.Stardock Corporation®
O42 - Logiciel: Penguins! - (.WildTangent.) [HKLM][64Bits] – WT082168 =>.WildTangent Inc
O42 - Logiciel: Plants vs. Zombies - (.WildTangent.) [HKLM][64Bits] – WT082170 =>.WildTangent Inc
O42 - Logiciel: Polar Bowler - (.WildTangent.) [HKLM][64Bits] – WT082172 =>.WildTangent Inc
O42 - Logiciel: Polar Golfer - (.WildTangent.) [HKLM][64Bits] – WT082173 =>.WildTangent Inc
O42 - Logiciel: Power2Go - (.CyberLink Corp..) [HKLM][64Bits] – {40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink®
O42 - Logiciel: Power2Go - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink®
O42 - Logiciel: PowerDirector - (.CyberLink Corp..) [HKLM][64Bits] – {CB099890-1D5F-11D5-9EA9-0050BAE317E1} =>.CyberLink®
O42 - Logiciel: PowerDirector - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} =>.CyberLink®
O42 - Logiciel: RealDownloader - (.RealNetworks, Inc..) [HKLM][64Bits] – {496CA6A6-13F4-49AA-9A27-CD96CF65B29A} =>.RealNetworks, Inc.
O42 - Logiciel: RealDownloader - (.RealNetworks.) [HKLM][64Bits] – {13743594-F75E-491E-9EFF-203C8F8DF705} =>.RealNetworks
O42 - Logiciel: RealDownloader - (.RealNetworks.) [HKLM][64Bits] – {f8361c2c-6c8e-4893-83c7-eb9f44d1cdb7} =>.RealNetworks, Inc.®
O42 - Logiciel: RealPlayer (RealTimes) - (.RealNetworks.) [HKLM][64Bits] – RealPlayer 18.1 =>.RealNetworks, Inc.®
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] – {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek USB 2.0 Card Reader - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – {96AE7E41-E34E-47D0-AC07-1091A8127911} =>.Realtek Semiconductor Corp®
O42 - Logiciel: REALTEK Wireless LAN Software - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] – {901F0D4C-009D-1112-8DE4-03599E7B0C5C} =>.Realtek Semiconductor Corp®
O42 - Logiciel: RealUpgrade 1.1 - (.RealNetworks, Inc..) [HKLM][64Bits] – {28C2DED6-325B-4CC7-983A-1777C8F7FBAB} =>.RealNetworks, Inc.
O42 - Logiciel: Recovery Manager - (.CyberLink Corp..) [HKLM][64Bits] – {44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5} =>.CyberLink®
O42 - Logiciel: Revo Uninstaller 2.0.1 - (.VS Revo Group, Ltd..) [HKLM][64Bits] – {A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1 =>.VS Revo Group, Ltd.
O42 - Logiciel: RtVOsd - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – {091A0130-A82F-4A6D-9C61-3BBBB3289030} =>.Realtek Semiconductor Corp.
O42 - Logiciel: Scan To - (.HP.) [HKLM][64Bits] – {E8A34AC8-0137-4515-A94B-0A0946DDC251} =>.HP
O42 - Logiciel: SlimDrivers - (.SlimWare Utilities, Inc..) [HKLM][64Bits] – {3CF3DEF4-ED15-4F7B-9320-C3E1081EA4DA} =>.Superfluous.SlimWareUtilities
O42 - Logiciel: Smart Defrag 3 - (.IObit.) [HKLM][64Bits] – Smart Defrag 3_is1 =>.IObit Information Technology®
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM][64Bits] – SynTPDeinstKey =>.Synaptics Incorporated
O42 - Logiciel: TurboTax Free version 1.0.1 - (.Intuit Canada.) [HKLM][64Bits] – {EF63699B-79A1-4A7D-B02D-AD5976701864}_is1 =>.Intuit Canada
O42 - Logiciel: UpdateService - (.RealNetworks, Inc..) [HKLM][64Bits] – {E3AE96D6-E196-45B4-AF62-2B41998B9E37} =>.RealNetworks, Inc.
O42 - Logiciel: vc2012_redist - (.Realnetworks.) [HKLM][64Bits] – {9402AEF2-5981-4097-8BE2-6501DAC4DBFD} =>.RealNetworks
O42 - Logiciel: VC80CRTRedist - 8.0.50727.6195 - (.DivX, Inc.) [HKLM][64Bits] – {933B4015-4618-4716-A828-5289FC03165F} =>.DivX, Inc
O42 - Logiciel: Video Downloader - (.RealNetworks.) [HKLM][64Bits] – {3B64457B-F9F7-4344-A22C-8DF920FA6522} =>.RealNetworks
O42 - Logiciel: Virtual Families - (.WildTangent.) [HKLM][64Bits] – WT082188 =>.WildTangent Inc
O42 - Logiciel: Virtual Villagers - The Secret City - (.WildTangent.) [HKLM][64Bits] – WT082241 =>.WildTangent Inc
O42 - Logiciel: vs2015_redist x86 - (.Realnetworks.) [HKLM][64Bits] – {BD46163A-0331-4A61-B65A-7B66D7C93F8E} =>.RealNetworks
O42 - Logiciel: Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (0 - (.Dynastream Innovations, Inc..) [HKLM][64Bits] – F9D2A789F9CFF8CEC36B544F53877C80F1F73C46 =>.Microsoft Windows®
O42 - Logiciel: Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/0 - (.Silicon Labs Software.) [HKLM][64Bits] – D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2 =>.Microsoft Windows®
O42 - Logiciel: WinZip 21.0 - (.WinZip Computing, S.L..) [HKLM][64Bits] – {CD95F661-A5C4-44F5-A6AA-ECDD91C2410B} =>.WinZip Computing, S.L.
O42 - Logiciel: Xvid Video Codec - (.Xvid Team.) [HKLM][64Bits] – Xvid Video Codec 1.3.1 =>.Xvid Team
O42 - Logiciel: Zemana AntiMalware - (.Zemana Ltd..) [HKLM][64Bits] – {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1 =>.Zemana Ltd.®
O42 - Logiciel: Zuma’s Revenge - (.WildTangent.) [HKLM][64Bits] – WT082463 =>.WildTangent Inc

—\ HKCU & HKLM Software Keys (139) - 21s
HKLM\SOFTWARE\Wow6432Node\7-Zip =>.Igor Pavlov
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\Adware Removal Tool by TSA
HKLM\SOFTWARE\Wow6432Node\AppDataLow =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\Apple Computer, Inc. =>.Apple Computer, Inc.
HKLM\SOFTWARE\Wow6432Node\Apple Inc. =>.Apple Inc.
HKLM\SOFTWARE\Wow6432Node\ArcSoft =>.ArcSoft
HKLM\SOFTWARE\Wow6432Node\Bunndle
HKLM\SOFTWARE\Wow6432Node\Canon =>.Canon
HKLM\SOFTWARE\Wow6432Node\Caphyon =>.Caphyon
HKLM\SOFTWARE\Wow6432Node\CDDB =>.Cddb Software
HKLM\SOFTWARE\Wow6432Node\CyberLink =>.CyberLink
HKLM\SOFTWARE\Wow6432Node\Digital River =>.Digital River Entreprise
HKLM\SOFTWARE\Wow6432Node\DIOC
HKLM\SOFTWARE\Wow6432Node\DivX =>.DivX Inc.
HKLM\SOFTWARE\Wow6432Node\DivXNetworks =>.DivXNetworks
HKLM\SOFTWARE\Wow6432Node\ej-technologies =>.ej-technologies
HKLM\SOFTWARE\Wow6432Node\Garmin =>.Garmin
HKLM\SOFTWARE\Wow6432Node\GNU =>.GNU
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\HaaliMkx =>.Haali Media
HKLM\SOFTWARE\Wow6432Node\Hewlett-Packard =>.Hewlett-Packard
HKLM\SOFTWARE\Wow6432Node\HewlettPackard =>.Hewlett-Packard
HKLM\SOFTWARE\Wow6432Node\HPQ =>.HPQ
HKLM\SOFTWARE\Wow6432Node\HPQLOG
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\IObit =>.IObit
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
HKLM\SOFTWARE\Wow6432Node\KasperskyLab =>.KasperskyLab
HKLM\SOFTWARE\Wow6432Node\L&H
HKLM\SOFTWARE\Wow6432Node\Lake =>.Lake Sofware
HKLM\SOFTWARE\Wow6432Node\Licenses =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\Lidan
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\magnet =>.Magnet
HKLM\SOFTWARE\Wow6432Node\Malwarebytes Anti-Rootkit =>.Malwarebytes
HKLM\SOFTWARE\Wow6432Node\Malwarebytes’ Anti-Malware =>.Malwarebytes’ Anti-Malware
HKLM\SOFTWARE\Wow6432Node\McAfee =>.McAfee
HKLM\SOFTWARE\Wow6432Node\MimarSinan =>.Mimar Sinan
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\muvee Technologies =>.muvee Technologies
HKLM\SOFTWARE\Wow6432Node\Network Associates =>.Network Associates
HKLM\SOFTWARE\Wow6432Node\Nico Mak Computing =>.Nico Mak Computing
HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\P2G_Upgrade =>.Toshiba Corporation
HKLM\SOFTWARE\Wow6432Node\PDR_Upgrade =>.Toshiba Corporation
HKLM\SOFTWARE\Wow6432Node\Piriform =>.Piriform
HKLM\SOFTWARE\Wow6432Node\Product_Upgrade =>.Toshiba Corporation
HKLM\SOFTWARE\Wow6432Node\RealNetworks =>.RealNetworks
HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek
HKLM\SOFTWARE\Wow6432Node\RtWLan =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Stardock =>.Stardock
HKLM\SOFTWARE\Wow6432Node\Symantec =>.Symantec
HKLM\SOFTWARE\Wow6432Node\trendmicro =>.TrendMicro
HKLM\SOFTWARE\Wow6432Node\Volatile =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\VSO =>.VSO Software
HKLM\SOFTWARE\Wow6432Node\WildTangent =>.WildTangent
HKLM\SOFTWARE\Wow6432Node\Windows =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\WiseCleaner =>.wisecleaner
HKLM\SOFTWARE\Wow6432Node\Wow6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\Xing Technology Corp. =>.Xing Technology Corp.
HKLM\SOFTWARE\Wow6432Node\Xvid Team =>.Xvid Team
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\7-Zip =>.Igor Pavlov
HKCU\SOFTWARE\9-lab =>.9-lab
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc. =>.Apple Inc.
HKCU\SOFTWARE\ArcSoft =>.ArcSoft
HKCU\SOFTWARE\BitTorrent =>.BitTorrent
HKCU\SOFTWARE\Canon =>.Canon
HKCU\SOFTWARE\CanonBJ =>.Canon Inc.
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\Corel =>.Corel
HKCU\SOFTWARE\CyberLink =>.CyberLink
HKCU\SOFTWARE\DivX =>.DivX Inc.
HKCU\SOFTWARE\DivXNetworks =>.DivXNetworks
HKCU\SOFTWARE\ej-technologies =>.ej-technologies
HKCU\SOFTWARE\Flock
HKCU\SOFTWARE\Garmin =>.Garmin
HKCU\SOFTWARE\Geek Uninstaller =>.Geek Uninstaller
HKCU\SOFTWARE\GNU =>.GNU
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\Haali =>.Haali Media
HKCU\SOFTWARE\Hewlett-Packard =>.Hewlett-Packard
HKCU\SOFTWARE\IM Providers =>.IM Providers
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\JEDI-VCL =>.JEDI Project
HKCU\SOFTWARE\KasperskyLab =>.KasperskyLab
HKCU\SOFTWARE\Leadertech =>.Leadertech Systems
HKCU\SOFTWARE\Licenses =>.Microsoft Corporation
HKCU\SOFTWARE\LightScribe =>.LightScribe
HKCU\SOFTWARE\LogiShrd =>.LogiShrd
HKCU\SOFTWARE\Logitech =>.Logitech
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\Magnet =>.Magnet
HKCU\SOFTWARE\MainConcept (Muvee) =>.MainConcept AG
HKCU\SOFTWARE\MainConcept (Muvee2) =>.MainConcept AG
HKCU\SOFTWARE\Malwarebytes Anti-Rootkit =>.Malwarebytes
HKCU\SOFTWARE\Malwarebytes’ Anti-Malware =>.Malwarebytes’ Anti-Malware
HKCU\SOFTWARE\McAfee =>.McAfee
HKCU\SOFTWARE\Mine =>.Microsoft Corporation
HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\Nico Mak Computing =>.Nico Mak Computing
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\Real
HKCU\SOFTWARE\RealNetworks =>.RealNetworks
HKCU\SOFTWARE\Realtek =>.Realtek
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Stardock =>.Stardock
HKCU\SOFTWARE\SUPERAntiSpyware.com =>.SUPERAntiSpyware.com
HKCU\SOFTWARE\Synaptics =>.Synaptics
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\VS Revo Group =>.VS Revo Group
HKCU\SOFTWARE\VSO =>.VSO Software
HKCU\SOFTWARE\Webshots
HKCU\SOFTWARE\WinZip Computing =>.WinZip Computing
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\yahooinstall
HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
HKCU\SOFTWARE\Zemana =>.Zemana
HKCU\SOFTWARE\AppDataLow\RealNetworks =>.RealNetworks
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\Adobe =>.Adobe
HKCU\SOFTWARE\AppDataLow\Software\Canon =>.Canon
HKCU\SOFTWARE\AppDataLow\Software\DivX =>.DivX Inc.
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\AppDataLow\Software\Macromedia =>.Macromedia
HKCU\SOFTWARE\AppDataLow\Software\Monitored
HKCU\SOFTWARE\AppDataLow\Software\settings
HKCU\SOFTWARE\AppDataLow\Software\Yahoo =>.Yahoo! Inc.

—\ Contents of the Common Files folders (353) - 37s
O43 - CFD: 25/11/2016 - D – C:\Program Files\Bonjour =>.Apple Inc.®
O43 - CFD: 27/12/2013 - D – C:\Program Files\Canon =>.Canon Inc.®
O43 - CFD: 27/12/2013 - HD – C:\Program Files\CanonBJ =>.Canon Inc.®
O43 - CFD: 28/11/2016 - D – C:\Program Files\CCleaner =>.Piriform Ltd®
O43 - CFD: 05/03/2016 - D – C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 31/03/2016 - D – C:\Program Files\DIFX =>.Microsoft Corporation
O43 - CFD: 16/01/2014 - D – C:\Program Files\DivX =>.DivX
O43 - CFD: 24/10/2015 - D – C:\Program Files\DVD Maker =>.Aone Software
O43 - CFD: 31/08/2012 - AD – C:\Program Files\Garmin GPS Plugin =>.Garmin Ltd
O43 - CFD: 31/12/2012 - [0] D – C:\Program Files\Google =>.Google
O43 - CFD: 08/07/2010 - D – C:\Program Files\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 24/10/2015 - D – C:\Program Files\HP =>.Hewlett-Packard Company®
O43 - CFD: 19/12/2015 - D – C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 25/05/2016 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 25/11/2016 - D – C:\Program Files\iPod =>.Apple Inc.®
O43 - CFD: 25/11/2016 - D – C:\Program Files\iTunes =>.Apple Inc.®
O43 - CFD: 22/04/2010 - D – C:\Program Files\Java =>.Oracle
O43 - CFD: 05/10/2011 - D – C:\Program Files\Logitech =>.Logitech
O43 - CFD: 24/10/2015 - D – C:\Program Files\LSI SoftModem =>.LSI Corporation®
O43 - CFD: 24/10/2015 - D – C:\Program Files\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 27/11/2016 - AD – C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation®
O43 - CFD: 24/10/2015 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 05/03/2016 - D – C:\Program Files\Realtek =>.Realtek
O43 - CFD: 24/10/2015 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 25/11/2016 - AD – C:\Program Files\SUPERAntiSpyware =>.SUPERAntiSpyware
O43 - CFD: 24/10/2015 - D – C:\Program Files\Synaptics =>.Synaptics Incorporated®
O43 - CFD: 30/07/2015 - [0] HD – C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 25/11/2016 - D – C:\Program Files\VS Revo Group =>.VS Revo Group®
O43 - CFD: 10/09/2015 - D – C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 25/05/2016 - D – C:\Program Files\Windows Journal =>.Microsoft Corporation
O43 - CFD: 13/04/2012 - D – C:\Program Files\Windows Live =>.Microsoft Corporation®
O43 - CFD: 10/09/2015 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 27/04/2016 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 27/04/2016 - D – C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 10/09/2015 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation®
O43 - CFD: 27/04/2016 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 05/03/2016 - SHD – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 29/11/2016 - HD – C:\Program Files\WindowsApps =>.Microsoft Corporation®
O43 - CFD: 30/07/2015 - SD – C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 27/11/2016 - D – C:\Program Files\WinZip =>.WinZip Computing LLC®
O43 - CFD: 25/11/2016 - D – C:\Program Files (x86)\7-Zip =>.Igor Pavlov
O43 - CFD: 03/11/2015 - D – C:\Program Files (x86)\Adobe =>.Adobe Systems Incorporated®
O43 - CFD: 26/11/2016 - D – C:\Program Files (x86)\Adware Removal Tool by TSA
O43 - CFD: 08/10/2013 - [0] D – C:\Program Files (x86)\Amazon =>.Amazon
O43 - CFD: 28/04/2016 - D – C:\Program Files (x86)\Apple Software Update =>.Apple Inc.®
O43 - CFD: 25/01/2013 - [0] D – C:\Program Files (x86)\ArcSoft =>.ArcSoft
O43 - CFD: 27/04/2012 - D – C:\Program Files (x86)\Autel =>.Autel
O43 - CFD: 25/11/2016 - D – C:\Program Files (x86)\Bonjour =>.Apple Inc.®
O43 - CFD: 27/12/2013 - D – C:\Program Files (x86)\Canon =>.Canon Inc.®
O43 - CFD: 08/07/2010 - D – C:\Program Files (x86)\Cisco =>.Cisco
O43 - CFD: 25/11/2016 - D – C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 17/02/2015 - D – C:\Program Files (x86)\CyberLink =>.CyberLink®
O43 - CFD: 16/01/2014 - D – C:\Program Files (x86)\DivX =>.DivX, LLC®
O43 - CFD: 27/04/2016 - D – C:\Program Files (x86)\Garmin =>.Garmin International®
O43 - CFD: 02/03/2015 - D – C:\Program Files (x86)\GenuSource Consulting
O43 - CFD: 29/11/2016 - D – C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 20/02/2013 - D – C:\Program Files (x86)\GUMEFCB.tmp =>.Google Inc®
O43 - CFD: 25/11/2016 - AD – C:\Program Files (x86)\Hewlett-Packard =>.Hewlett-Packard Company®
O43 - CFD: 25/11/2016 - AD – C:\Program Files (x86)\HP =>.Hewlett-Packard Company®
O43 - CFD: 24/10/2011 - AD – C:\Program Files (x86)\InstaCodecs
O43 - CFD: 17/02/2015 - HD – C:\Program Files (x86)\InstallShield Installation Information =>.Logitech®
O43 - CFD: 27/11/2011 - D – C:\Program Files (x86)\Intel =>.Intel Corporation®
O43 - CFD: 25/05/2016 - D – C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 17/11/2016 - D – C:\Program Files (x86)\IObit =>.IObit Information Technology®
O43 - CFD: 24/11/2016 - [0] D – C:\Program Files (x86)\Java =>.Oracle
O43 - CFD: 21/01/2011 - [0] D – C:\Program Files (x86)\johnsadventures.com =>.johnsadventures.com
O43 - CFD: 25/11/2016 - AD – C:\Program Files (x86)\Malwarebytes Anti-Malware =>.Malwarebytes Corporation®
O43 - CFD: 09/08/2014 - [0] D – C:\Program Files (x86)\Malwarebytes’ Anti-Malware =>.Malwarebytes’ Anti-Malware
O43 - CFD: 03/11/2010 - AD – C:\Program Files (x86)\Microsoft ActiveSync
O43 - CFD: 13/11/2014 - AD – C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation®
O43 - CFD: 22/04/2010 - AD – C:\Program Files (x86)\Microsoft Office Suite Activation Assistant =>.Digital River, Inc.®
O43 - CFD: 27/11/2016 - D – C:\Program Files (x86)\Microsoft Silverlight =>.Microsoft Corporation®
O43 - CFD: 17/09/2010 - AD – C:\Program Files (x86)\Microsoft SQL Server Compact Edition =>.Microsoft Corporation
O43 - CFD: 03/11/2010 - D – C:\Program Files (x86)\Microsoft Visual Studio =>.Microsoft Corporation
O43 - CFD: 10/10/2012 - AD – C:\Program Files (x86)\Microsoft Works =>.Microsoft Corporation®
O43 - CFD: 05/03/2016 - D – C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 24/10/2015 - D – C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 08/07/2010 - D – C:\Program Files (x86)\MSN =>.Microsoft Corporation
O43 - CFD: 08/07/2010 - D – C:\Program Files (x86)\muvee Technologies =>.muvee Technologies
O43 - CFD: 17/09/2010 - RD – C:\Program Files (x86)\Online Services =>.Skype Technologies SA®
O43 - CFD: 25/11/2016 - D – C:\Program Files (x86)\Real =>.RealNetworks, Inc.®
O43 - CFD: 06/02/2016 - D – C:\Program Files (x86)\Realtek =>.Realtek
O43 - CFD: 24/10/2015 - D – C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 25/11/2016 - [0] AD – C:\Program Files (x86)\SpeedBit Video Accelerator
O43 - CFD: 12/10/2010 - D – C:\Program Files (x86)\Stardock =>.Stardock
O43 - CFD: 27/10/2015 - [0] HD – C:\Program Files (x86)\Temp =>.Microsoft Corporation
O43 - CFD: 12/04/2016 - D – C:\Program Files (x86)\TurboTax Free
O43 - CFD: 14/07/2009 - [0] HD – C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 20/05/2012 - D – C:\Program Files (x86)\uTorrent =>.BitTorrent Inc®
O43 - CFD: 31/12/2012 - D – C:\Program Files (x86)\VS Revo Group =>.VS Revo Group®
O43 - CFD: 17/02/2015 - D – C:\Program Files (x86)\VSO =>.VSO-SOFTWARE®
O43 - CFD: 10/09/2015 - D – C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 13/04/2012 - AD – C:\Program Files (x86)\Windows Live =>.Microsoft Corporation®
O43 - CFD: 10/09/2015 - D – C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 10/09/2015 - D – C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 27/04/2016 - D – C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - D – C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 10/09/2015 - D – C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation®
O43 - CFD: 27/04/2016 - D – C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 05/03/2016 - SHD – C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - SD – C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 24/11/2016 - [0] D – C:\Program Files (x86)\Wise
O43 - CFD: 03/08/2011 - AD – C:\Program Files (x86)\Xvid =>.XviD
O43 - CFD: 25/11/2016 - D – C:\Program Files (x86)\Yahoo! =>.Yahoo!
O43 - CFD: 24/11/2016 - D – C:\Program Files (x86)\Zemana AntiMalware =>.Zemana Ltd.®
O43 - CFD: 25/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip =>.Igor Pavlov
O43 - CFD: 25/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
O43 - CFD: 24/10/2015 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 05/03/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX450 series
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX450 series Manual
O43 - CFD: 24/10/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities =>.Canon Inc.
O43 - CFD: 28/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite =>.CyberLink Corporation
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaShow
O43 - CFD: 05/03/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX =>.DivX
O43 - CFD: 25/11/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 27/04/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin =>.Garmin
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenuTax Standard
O43 - CFD: 01/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth =>.Google Earth
O43 - CFD: 25/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP =>.Hewlett-Packard
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support =>.Hewlett-Packard
O43 - CFD: 25/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud =>.Apple Inc.
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstaCodecs
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter =>PUP.Optional.InstallConverter
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater
O43 - CFD: 05/03/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel =>.Intel Corporation
O43 - CFD: 25/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes =>.Apple Inc.
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon =>.Nikon
O43 - CFD: 24/10/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech =>.Logitech
O43 - CFD: 30/07/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
O43 - CFD: 25/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works =>.Microsoft Corporation
O43 - CFD: 05/03/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee =>.muvee
O43 - CFD: 05/03/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services =>.Hewlett-Packard
O43 - CFD: 25/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks =>.RealNetworks
O43 - CFD: 05/03/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager =>.Hewlett-Packard
O43 - CFD: 25/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller =>.VS Revo Group
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
O43 - CFD: 24/10/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock =>.Stardock
O43 - CFD: 25/11/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 10/09/2015 - [0] RHD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
O43 - CFD: 24/10/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO =>.VSO Software
O43 - CFD: 05/03/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live =>.Microsoft Corporation
O43 - CFD: 25/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
O43 - CFD: 05/03/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid =>.XviD
O43 - CFD: 24/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware =>.Zemana
O43 - CFD: 25/11/2016 - D – C:\ProgramData\9-lab =>.9-lab
O43 - CFD: 03/11/2015 - D – C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 27/01/2014 - D – C:\ProgramData\Apple =>.Apple Inc.
O43 - CFD: 27/01/2014 - D – C:\ProgramData\Apple Computer =>.Apple Inc.
O43 - CFD: 30/07/2015 - [0] SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 22/09/2012 - D – C:\ProgramData\boost_interprocess =>.boost.org
O43 - CFD: 27/12/2013 - [0] D – C:\ProgramData\Canon IJ Network Tool =>.Canon Inc.
O43 - CFD: 27/12/2013 - HD – C:\ProgramData\CanonBJ =>.Canon Inc.
O43 - CFD: 27/12/2013 - HD – C:\ProgramData\CanonIJETV =>.Canon Inc.
O43 - CFD: 27/12/2013 - HD – C:\ProgramData\CanonIJFAX =>.Canon Inc.
O43 - CFD: 27/12/2013 - HD – C:\ProgramData\CanonIJMIG =>.Canon Inc.
O43 - CFD: 27/12/2013 - HD – C:\ProgramData\CanonIJMyPrinter =>.Canon Inc.
O43 - CFD: 06/08/2016 - D – C:\ProgramData\CanonIJPLM =>.Canon Inc.
O43 - CFD: 27/12/2013 - HD – C:\ProgramData\CanonIJQuickMenu =>.Canon Inc.
O43 - CFD: 27/12/2013 - D – C:\ProgramData\CanonIJWSpt =>.Canon Inc.
O43 - CFD: 30/07/2015 - [0] D – C:\ProgramData\Comms =>.Microsoft Corporation
O43 - CFD: 17/02/2015 - D – C:\ProgramData\CyberLink =>.CyberLink
O43 - CFD: 30/07/2015 - [0] SHD – C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 16/01/2014 - D – C:\ProgramData\DivX =>.DivX
O43 - CFD: 30/07/2015 - [0] SHD – C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 24/10/2015 - [0] SHD – C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 21/03/2011 - D – C:\ProgramData\FreeApp
O43 - CFD: 31/03/2016 - D – C:\ProgramData\Garmin =>.Garmin
O43 - CFD: 15/03/2015 - D – C:\ProgramData\GenuTax
O43 - CFD: 31/12/2012 - D – C:\ProgramData\Google =>.Google
O43 - CFD: 26/11/2011 - D – C:\ProgramData\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 05/02/2012 - D – C:\ProgramData\HP =>.Hewlett-Packard
O43 - CFD: 25/11/2016 - D – C:\ProgramData\InstallMate =>.Superfluous.Tarma
O43 - CFD: 03/11/2016 - D – C:\ProgramData\IObit =>.IObit
O43 - CFD: 24/11/2016 - D – C:\ProgramData\Kaspersky Lab Setup Files =>.Kaspersky Lab
O43 - CFD: 05/10/2011 - D – C:\ProgramData\LogiShrd =>.Logitech Inc.
O43 - CFD: 05/10/2011 - D – C:\ProgramData\Logitech =>.Logitech
O43 - CFD: 09/08/2014 - D – C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 16/01/2014 - [0] D – C:\ProgramData\Malwarebytes’ Anti-Malware (portable) =>.Malwarebytes
O43 - CFD: 26/11/2016 - D – C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 05/03/2016 - SD – C:\ProgramData\Microsoft =>.Microsoft
O43 - CFD: 04/12/2013 - D – C:\ProgramData\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 10/09/2015 - D – C:\ProgramData\Microsoft OneDrive =>.Microsoft Corporation
O43 - CFD: 03/05/2012 - D – C:\ProgramData\Mozilla =>.Mozilla Corporation
O43 - CFD: 12/10/2010 - D – C:\ProgramData\Norton =>.Norton
O43 - CFD: 08/07/2010 - D – C:\ProgramData\NortonInstaller =>.Symantec
O43 - CFD: 25/11/2016 - D – C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 25/11/2016 - D – C:\ProgramData\Real =>.RealNetworks Inc.
O43 - CFD: 25/11/2016 - D – C:\ProgramData\RealNetworks =>.RealNetworks
O43 - CFD: 21/01/2011 - D – C:\ProgramData\Recovery =>.Recovery Labs
O43 - CFD: 10/09/2015 - D – C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 29/11/2016 - D – C:\ProgramData\SoftwareDistribution =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 20/10/2010 - D – C:\ProgramData\Sun =>.Oracle
O43 - CFD: 05/02/2016 - AD – C:\ProgramData\Temp =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 24/11/2016 - D – C:\ProgramData\UniqueId =>.Microsoft Corporation
O43 - CFD: 05/03/2016 - D – C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - D – C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 13/07/2011 - D – C:\ProgramData\vsosdk =>.VSO Software
O43 - CFD: 24/03/2012 - D – C:\ProgramData\WildTangent =>.WildTangent
O43 - CFD: 27/11/2016 - D – C:\ProgramData\WinZip =>.WinZip
O43 - CFD: 31/12/2012 - D – C:\ProgramData\WoW Worldwide Software LTD
O43 - CFD: 12/10/2010 - HDC – C:\ProgramData{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
O43 - CFD: 31/12/2012 - D – C:\ProgramData{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
O43 - CFD: 03/11/2015 - AD – C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 25/11/2016 - AD – C:\Program Files (x86)\Common Files\Adobe AIR =>.Adobe Inc.
O43 - CFD: 25/11/2016 - D – C:\Program Files (x86)\Common Files\Apple =>.Apple Inc.
O43 - CFD: 25/01/2013 - D – C:\Program Files (x86)\Common Files\ArcSoft =>.ArcSoft
O43 - CFD: 08/07/2010 - D – C:\Program Files (x86)\Common Files\CyberLink =>.CyberLink
O43 - CFD: 22/04/2010 - AD – C:\Program Files (x86)\Common Files\DESIGNER =>.Designer
O43 - CFD: 16/01/2014 - D – C:\Program Files (x86)\Common Files\DivX Shared =>.DivX
O43 - CFD: 25/01/2013 - D – C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 08/07/2010 - D – C:\Program Files (x86)\Common Files\Intel =>.Intel Corporation
O43 - CFD: 03/11/2016 - D – C:\Program Files (x86)\Common Files\IObit =>.IObit
O43 - CFD: 03/11/2010 - AD – C:\Program Files (x86)\Common Files\L&H
O43 - CFD: 05/10/2011 - D – C:\Program Files (x86)\Common Files\LogiShrd =>.Logitech Inc.
O43 - CFD: 24/10/2015 - D – C:\Program Files (x86)\Common Files\McAfee =>.McAfee
O43 - CFD: 05/03/2016 - D – C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
O43 - CFD: 08/07/2010 - AD – C:\Program Files (x86)\Common Files\muvee Technologies =>.muvee Technologies
O43 - CFD: 30/07/2011 - D – C:\Program Files (x86)\Common Files\PX Storage Engine =>.Sonic
O43 - CFD: 30/07/2015 - D – C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 24/10/2015 - D – C:\Program Files (x86)\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 05/03/2016 - D – C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 17/09/2010 - D – C:\Program Files (x86)\Common Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 25/11/2016 - D – C:\Program Files (x86)\Common Files\xing shared =>.Xing
O43 - CFD: 25/11/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\9-lab =>.9-lab
O43 - CFD: 17/12/2013 - D – C:\Users\CEP Local 440\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 21/02/2014 - D – C:\Users\CEP Local 440\AppData\Roaming\Afduin
O43 - CFD: 29/01/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 25/01/2013 - D – C:\Users\CEP Local 440\AppData\Roaming\ArcSoft =>.ArcSoft
O43 - CFD: 29/05/2013 - D – C:\Users\CEP Local 440\AppData\Roaming\Awyh
O43 - CFD: 28/11/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\Azureus =>.Azureus Software (P2P)
O43 - CFD: 18/04/2015 - D – C:\Users\CEP Local 440\AppData\Roaming\Canon =>.Canon
O43 - CFD: 30/12/2012 - D – C:\Users\CEP Local 440\AppData\Roaming\CyberLink =>.CyberLink
O43 - CFD: 16/01/2014 - D – C:\Users\CEP Local 440\AppData\Roaming\DivX =>.DivX
O43 - CFD: 05/02/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\EQATEC Analytics
O43 - CFD: 28/11/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\Everything =>.Everything
O43 - CFD: 31/08/2012 - D – C:\Users\CEP Local 440\AppData\Roaming\Garmin =>.Garmin
O43 - CFD: 27/11/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\Geek Uninstaller =>.Geek Uninstaller
O43 - CFD: 12/10/2010 - D – C:\Users\CEP Local 440\AppData\Roaming\Google =>.Google
O43 - CFD: 27/11/2011 - D – C:\Users\CEP Local 440\AppData\Roaming\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 11/11/2010 - D – C:\Users\CEP Local 440\AppData\Roaming\HP Support Assistant =>.Hewlett-Packard
O43 - CFD: 31/12/2012 - D – C:\Users\CEP Local 440\AppData\Roaming\hpqlog =>.Hewlett-Packard
O43 - CFD: 25/11/2016 - [0] D – C:\Users\CEP Local 440\AppData\Roaming\HpUpdate =>.Hewlett-Packard
O43 - CFD: 17/09/2010 - D – C:\Users\CEP Local 440\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 27/11/2011 - D – C:\Users\CEP Local 440\AppData\Roaming\InstallShield =>.InstallShield
O43 - CFD: 03/11/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\IObit =>.IObit
O43 - CFD: 21/01/2011 - D – C:\Users\CEP Local 440\AppData\Roaming\johnsadventures.com =>.johnsadventures.com
O43 - CFD: 05/10/2011 - D – C:\Users\CEP Local 440\AppData\Roaming\Leadertech =>.Leadertech Systems
O43 - CFD: 05/10/2011 - D – C:\Users\CEP Local 440\AppData\Roaming\Logitech =>.Logitech
O43 - CFD: 08/10/2010 - D – C:\Users\CEP Local 440\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 09/08/2014 - [0] D – C:\Users\CEP Local 440\AppData\Roaming\Malwarebytes =>.Malwarebytes
O43 - CFD: 08/07/2010 - [0] D – C:\Users\CEP Local 440\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
O43 - CFD: 01/05/2016 - SD – C:\Users\CEP Local 440\AppData\Roaming\Microsoft =>.Microsoft
O43 - CFD: 01/01/2013 - D – C:\Users\CEP Local 440\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 25/11/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\Real =>.RealNetworks Inc.
O43 - CFD: 25/11/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\RealNetworks =>.RealNetworks
O43 - CFD: 25/11/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\Skype =>.Skype
O43 - CFD: 12/10/2010 - D – C:\Users\CEP Local 440\AppData\Roaming\Stardock =>.Stardock
O43 - CFD: 01/07/2013 - [0] D – C:\Users\CEP Local 440\AppData\Roaming\Syugk
O43 - CFD: 13/10/2010 - D – C:\Users\CEP Local 440\AppData\Roaming\Template =>.Microsoft Corporation
O43 - CFD: 12/04/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\turbotaxfree
O43 - CFD: 16/02/2015 - [0] D – C:\Users\CEP Local 440\AppData\Roaming\Vso =>.VSO Software
O43 - CFD: 29/12/2012 - [0] D – C:\Users\CEP Local 440\AppData\Roaming\Webshots
O43 - CFD: 20/10/2010 - D – C:\Users\CEP Local 440\AppData\Roaming\WebshotsDailyFeatures.D47BD63E E77CC0AC7AE23BFA386A3F1EDA7C080D.1
O43 - CFD: 20/10/2010 - D – C:\Users\CEP Local 440\AppData\Roaming\WildTangent =>.WildTangent
O43 - CFD: 04/05/2013 - D – C:\Users\CEP Local 440\AppData\Roaming\WinBatch =>.winbatch.com
O43 - CFD: 27/03/2012 - D – C:\Users\CEP Local 440\AppData\Roaming\Windows Live Writer =>.Microsoft Corporation
O43 - CFD: 19/12/2015 - [0] D – C:\Users\CEP Local 440\AppData\Roaming\WiseUpdate =>.WiseCleaner Inc.
O43 - CFD: 29/11/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 10/03/2016 - D – C:\Users\CEP Local 440\AppData\Local\Adobe =>.Adobe
O43 - CFD: 27/01/2014 - D – C:\Users\CEP Local 440\AppData\Local\Apple =>.Apple Inc.
O43 - CFD: 29/01/2016 - D – C:\Users\CEP Local 440\AppData\Local\Apple Computer =>.Apple Inc.
O43 - CFD: 29/01/2016 - D – C:\Users\CEP Local 440\AppData\Local\Apple Inc =>.Apple Inc.
O43 - CFD: 24/10/2015 - [0] SHD – C:\Users\CEP Local 440\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 10/03/2016 - D – C:\Users\CEP Local 440\AppData\Local\CEF =>.CEF
O43 - CFD: 07/11/2015 - D – C:\Users\CEP Local 440\AppData\Local\Chromium =>.Chromium
O43 - CFD: 24/03/2012 - D – C:\Users\CEP Local 440\AppData\Local\DDMSettings
O43 - CFD: 24/11/2016 - D – C:\Users\CEP Local 440\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 02/03/2015 - D – C:\Users\CEP Local 440\AppData\Local\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 23/05/2016 - [0] D – C:\Users\CEP Local 440\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 18/11/2014 - SHD – C:\Users\CEP Local 440\AppData\Local\EmieBrowserModeList =>.Enterprise mode Site List Mgr
O43 - CFD: 25/10/2015 - [0] SHD – C:\Users\CEP Local 440\AppData\Local\EmieSiteList =>.Enterprise mode Site List Mgr
O43 - CFD: 25/10/2015 - [0] SHD – C:\Users\CEP Local 440\AppData\Local\EmieUserList =>.Enterprise mode Site List Mgr
O43 - CFD: 31/03/2016 - D – C:\Users\CEP Local 440\AppData\Local\Garmin_Ltd._or_its_subsid =>.Garmin Ltd
O43 - CFD: 02/03/2015 - D – C:\Users\CEP Local 440\AppData\Local\GenuSource_Consulting_Inc
O43 - CFD: 01/11/2016 - D – C:\Users\CEP Local 440\AppData\Local\Google =>.Google
O43 - CFD: 10/06/2015 - D – C:\Users\CEP Local 440\AppData\Local\GWX =>.GWX
O43 - CFD: 28/04/2012 - D – C:\Users\CEP Local 440\AppData\Local\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 24/10/2015 - [0] SHD – C:\Users\CEP Local 440\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 21/01/2011 - [0] D – C:\Users\CEP Local 440\AppData\Local\johnsadventures.com =>.johnsadventures.com
O43 - CFD: 11/06/2012 - D – C:\Users\CEP Local 440\AppData\Local\Macromedia =>.Macromedia
O43 - CFD: 24/11/2016 - D – C:\Users\CEP Local 440\AppData\Local\Microsoft =>.Microsoft
O43 - CFD: 03/08/2011 - D – C:\Users\CEP Local 440\AppData\Local\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 24/03/2013 - [0] D – C:\Users\CEP Local 440\AppData\Local\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 25/10/2015 - D – C:\Users\CEP Local 440\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
O43 - CFD: 17/11/2011 - D – C:\Users\CEP Local 440\AppData\Local\Mozilla =>.Mozilla Corporation
O43 - CFD: 27/10/2015 - [0] D – C:\Users\CEP Local 440\AppData\Local\NetworkTiles =>.NetworkTiles
O43 - CFD: 12/10/2010 - D – C:\Users\CEP Local 440\AppData\Local\ODUI
O43 - CFD: 29/11/2016 - D – C:\Users\CEP Local 440\AppData\Local\Packages =>.Microsoft Corporation
O43 - CFD: 06/04/2013 - D – C:\Users\CEP Local 440\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 25/10/2015 - D – C:\Users\CEP Local 440\AppData\Local\Publishers =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - D – C:\Users\CEP Local 440\AppData\Local\Real =>.RealNetworks Inc.
O43 - CFD: 12/10/2010 - D – C:\Users\CEP Local 440\AppData\Local\Stardock =>.Stardock
O43 - CFD: 29/11/2016 - D – C:\Users\CEP Local 440\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 24/10/2015 - [0] SHD – C:\Users\CEP Local 440\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 05/03/2016 - D – C:\Users\CEP Local 440\AppData\Local\TileDataLayer =>.Microsoft Corporation
O43 - CFD: 13/07/2011 - D – C:\Users\CEP Local 440\AppData\Local\uTorrent =>.uTorrent (P2P)
O43 - CFD: 09/01/2013 - D – C:\Users\CEP Local 440\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 24/01/2016 - D – C:\Users\CEP Local 440\AppData\Local\Windows Live =>.Microsoft Corporation
O43 - CFD: 16/08/2011 - D – C:\Users\CEP Local 440\AppData\Local\Windows Live Writer =>.Microsoft Corporation
O43 - CFD: 27/11/2016 - D – C:\Users\CEP Local 440\AppData\Local\WinZip =>.WinZip
O43 - CFD: 24/11/2016 - D – C:\Users\CEP Local 440\AppData\Local\Zemana =>.Zemana
O43 - CFD: 06/04/2013 - [0] D – C:\Users\CEP Local 440\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - RD – C:\Users\CEP Local 440\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 25/10/2015 - RD – C:\Users\CEP Local 440\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 27/04/2016 - RD – C:\Users\CEP Local 440\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 24/10/2015 - D – C:\Users\CEP Local 440\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autel =>.Autel
O43 - CFD: 28/11/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything =>.Everything
O43 - CFD: 29/01/2016 - D – C:\Users\CEP Local 440\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud =>.Apple Inc.
O43 - CFD: 30/07/2015 - D – C:\Users\CEP Local 440\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 27/04/2016 - RD – C:\Users\CEP Local 440\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - RD – C:\Users\CEP Local 440\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - RSD – C:\Users\CEP Local 440\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - [0] D – C:\Users\CEP Local 440\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 20.5
O43 - CFD: 25/11/2016 - [0] D – C:\Users\CEP Local 440\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
O43 - CFD: 30/07/2015 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 10/09/2015 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft
O43 - CFD: 24/10/2015 - [0] D – C:\Users\Default\AppData\Local\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 10/09/2015 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft
O43 - CFD: 24/10/2015 - [0] D – C:\Users\Default User\AppData\Local\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 30/07/2015 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 01/04/2016 - – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\assembly =>.Assembly
O43 - CFD: 31/03/2016 - – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Garmin_Ltd._or_its_subsid =>.Garmin Ltd
O43 - CFD: 31/03/2016 - D – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft
O43 - CFD: 24/11/2016 - – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Zemana =>.Zemana
O43 - CFD: 24/10/2015 - D – C:\WINDOWS\System32\Config\systemprofile\AppData\R oaming\Apple Computer =>.Apple Inc.
O43 - CFD: 29/11/2016 - SD – C:\WINDOWS\System32\Config\systemprofile\AppData\R oaming\Microsoft =>.Microsoft

—\ System Drivers List (69) - 12s
O58 - SDL:2015/07/10 01:09:24 A . (.LSI - LSI 3ware SCSI Storport Driver.) – C:\WINDOWS\System32\drivers\3ware.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:03:12 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) – C:\WINDOWS\System32\drivers\adp80xx.sys [249440] =>.Microsoft Windows®
O58 - SDL:1999/12/31 20:00:00 A . (.LSI Corporation - SoftModem Device Driver.) – C:\WINDOWS\System32\drivers\agrsm64.sys [249440] =>.LSI Corporation
O58 - SDL:2015/07/10 01:05:17 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) – C:\WINDOWS\System32\drivers\amdsata.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:03:16 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\WINDOWS\System32\drivers\amdsbs.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:05:17 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\WINDOWS\System32\drivers\amdxata.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:03:12 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\WINDOWS\System32\drivers\arcsas.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/06/17 21:04:00 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) – C:\WINDOWS\System32\drivers\bcmfn2.sys [249440] =>.Broadcom Corporation®
O58 - SDL:2015/07/10 00:55:09 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) – C:\WINDOWS\System32\drivers\bxvbda.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 00:55:06 A . (.QLogic Corporation - QLogic 10 GigE VBD.) – C:\WINDOWS\System32\drivers\evbda.sys [249440] =>.Microsoft Windows®
O58 - SDL:2012/08/21 13:01:20 A . (.GEAR Software Inc. - CD DVD Filter.) – C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [249440] =>.GEAR Software Inc.®
O58 - SDL:2015/07/10 01:07:32 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\WINDOWS\System32\drivers\HpSAMD.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/06/17 21:03:50 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [249440] =>.Intel Corporation - Client Components Group®
O58 - SDL:2015/06/17 21:04:39 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [249440] =>.Intel Corporation - Client Components Group®
O58 - SDL:2010/04/13 09:44:22 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) – C:\WINDOWS\System32\drivers\iaStor.sys [249440] =>.Intel Corporation®
O58 - SDL:2015/07/10 01:06:06 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) – C:\WINDOWS\System32\drivers\iaStorAV.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:06:06 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) – C:\WINDOWS\System32\drivers\iaStorV.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 00:54:54 A . (.Mellanox - InfiniBand Fabric Bus Driver.) – C:\WINDOWS\System32\drivers\ibbus.sys [249440] =>.Microsoft Windows®
O58 - SDL:2012/03/23 17:13:28 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) – C:\WINDOWS\System32\drivers\igdkmd64.sys [249440] =>.Intel Corporation
O58 - SDL:1999/12/31 20:00:00 A . (.Intel(R) Corporation - Intel(R) High Definition Audio HDMI.) – C:\WINDOWS\System32\drivers\IntcHdmi.sys [249440] =>.Intel(R) Corporation
O58 - SDL:2009/06/17 12:54:06 A . (.Logitech, Inc. - Logitech Equad USB Driver..) – C:\WINDOWS\System32\drivers\LEqdUsb.sys [249440] =>.Logitech®
O58 - SDL:2009/06/17 12:54:14 A . (.Logitech, Inc. - Logitech HID Filter Driver..) – C:\WINDOWS\System32\drivers\LHidEqd.sys [249440] =>.Logitech®
O58 - SDL:2009/06/17 12:54:22 A . (.Logitech, Inc. - Logitech HID Filter Driver..) – C:\WINDOWS\System32\drivers\LHidFilt.Sys [249440] =>.Logitech®
O58 - SDL:2009/06/17 12:54:30 A . (.Logitech, Inc. - Logitech Mouse Filter Driver..) – C:\WINDOWS\System32\drivers\LMouFilt.Sys [249440] =>.Logitech®
O58 - SDL:2015/07/10 01:09:24 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:09:24 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas2i.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:09:24 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas3i.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:09:24 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sss.sys [249440] =>.Microsoft Windows®
O58 - SDL:2016/03/10 14:08:54 A . (.Malwarebytes - Malwarebytes Anti-Malware.) – C:\WINDOWS\System32\drivers\mbam.sys [249440] =>.Malwarebytes Corporation®
O58 - SDL:2016/03/10 14:08:58 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) – C:\WINDOWS\System32\drivers\mbamchameleon.sys [249440] =>.Malwarebytes Corporation®
O58 - SDL:2016/10/25 18:39:22 A . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) – C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [249440] =>.Malwarebytes Corporation®
O58 - SDL:2015/07/10 01:09:24 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\megasas.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:09:24 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\WINDOWS\System32\drivers\megasr.sys [249440] =>.Microsoft Windows®
O58 - SDL:2012/01/22 01:10:36 A . (.McAfee, Inc. - Access Protection Filter Driver.) – C:\WINDOWS\System32\drivers\mfeapfk.sys [249440] =>.McAfee, Inc.®
O58 - SDL:2012/01/22 01:10:36 A . (.McAfee, Inc. - Anti-Virus File System Filter Driver.) – C:\WINDOWS\System32\drivers\mfeavfk.sys [249440] =>.McAfee, Inc.®
O58 - SDL:2012/01/22 01:10:37 A . (.McAfee, Inc. - McAfee Driver Cleaning Driver.) – C:\WINDOWS\System32\drivers\mfeclnk.sys [249440] =>.McAfee, Inc.®
O58 - SDL:2012/01/22 01:10:37 A . (.McAfee, Inc. - McAfee Link Driver.) – C:\WINDOWS\System32\drivers\mfehidk.sys [249440] =>.McAfee, Inc.®
O58 - SDL:2012/01/22 01:10:38 A . (.McAfee, Inc. - McAfee Code Analysis Driver.) – C:\WINDOWS\System32\drivers\mferkdet.sys [249440] =>.McAfee, Inc.®
O58 - SDL:2012/01/22 01:10:39 A . (.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) – C:\WINDOWS\System32\drivers\mfewfpk.sys [249440] =>.McAfee, Inc.®
O58 - SDL:2015/07/10 00:54:54 A . (.Mellanox - MLX4 Bus Driver.) – C:\WINDOWS\System32\drivers\mlx4_bus.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:03:10 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) – C:\WINDOWS\System32\drivers\mvumis.sys [249440] =>.Microsoft Windows®
O58 - SDL:2016/03/10 14:09:10 A . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) – C:\WINDOWS\System32\drivers\mwac.sys [249440] =>.Malwarebytes Corporation®
O58 - SDL:2015/07/10 00:54:53 A . (.Mellanox - NetworkDirect Support Filter Driver.) – C:\WINDOWS\System32\drivers\ndfltr.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:07:35 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\WINDOWS\System32\drivers\nvraid.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:07:35 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\WINDOWS\System32\drivers\nvstor.sys [249440] =>.Microsoft Windows®
O58 - SDL:2011/07/13 07:34:23 A . (.VSO Software - low level access layer for CD/DVD/BD device.) – C:\WINDOWS\System32\drivers\pcouffin.sys [249440] =>.VSO Software
O58 - SDL:2015/07/10 01:09:24 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas2i.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:09:24 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas3i.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/28 01:09:58 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.40 64-bit Dr.) – C:\WINDOWS\System32\drivers\rt640x64.sys [249440] =>.Realtek Semiconductor Corp®
O58 - SDL:2015/04/06 13:36:26 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) – C:\WINDOWS\System32\drivers\RTKVHD64.sys [249440] =>.Realtek Semiconductor Corp®
O58 - SDL:2015/06/17 21:04:12 A . (.Realtek Semiconductor Corporation - Realtek RTL81892SE NDIS Driverr.) – C:\WINDOWS\System32\drivers\rtl8192se.sys [249440] =>.Realtek Semiconductor Corp®
O58 - SDL:2009/09/22 21:39:00 A . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/V.) – C:\WINDOWS\System32\drivers\RtsUStor.sys [249440] =>.Realtek Semiconductor Corp.
O58 - SDL:2015/07/10 01:03:13 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid2.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:03:13 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid4.sys [249440] =>.Microsoft Windows®
O58 - SDL:2014/06/04 15:17:14 A . (.IObit - SmartDefrag Driver.) – C:\WINDOWS\System32\drivers\SmartDefragDriver.sys [249440] =>.IObit Information Technology®
O58 - SDL:2016/04/25 20:46:26 A . (.Synaptics Incorporated - Synaptics SMBus Driver.) – C:\WINDOWS\System32\drivers\Smb_driver_AMDASF_Aux. sys [249440] =>.Synaptics Incorporated®
O58 - SDL:2016/04/25 20:46:26 A . (.Synaptics Incorporated - Synaptics SMBus Driver.) – C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [249440] =>.Synaptics Incorporated®
O58 - SDL:2016/04/25 20:46:26 A . (.Synaptics Incorporated - Synaptics SMBus Driver.) – C:\WINDOWS\System32\drivers\Smb_driver_Intel_Aux.s ys [249440] =>.Synaptics Incorporated®
O58 - SDL:2015/07/10 01:03:16 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) – C:\WINDOWS\System32\drivers\stexstor.sys [249440] =>.Microsoft Windows®
O58 - SDL:2016/04/25 20:46:35 A . (.Synaptics Incorporated - Synaptics Touchpad Win64 Driver.) – C:\WINDOWS\System32\drivers\SynTP.sys [249440] =>.Synaptics Incorporated®
O58 - SDL:2012/03/15 17:26:18 A . (.AnchorFree Inc - TAP-Win32 Virtual Network Driver.) – C:\WINDOWS\System32\drivers\taphss.sys [249440] =>.AnchorFree Inc®
O58 - SDL:2015/05/29 03:43:22 A . (.Trend Micro Inc. - TrendMicro Common Module.) – C:\WINDOWS\System32\drivers\tmcomm.sys [249440] =>.Trend Micro, Inc.®
O58 - SDL:2015/07/09 23:21:44 A . (.Authors - .) – C:\WINDOWS\System32\drivers\Udecx.sys [249440] =>.Microsoft Corporation
O58 - SDL:2015/07/10 01:07:40 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\WINDOWS\System32\drivers\vsmraid.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 01:07:40 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) – C:\WINDOWS\System32\drivers\VSTXRAID.SYS [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 00:54:54 A . (.Mellanox - Kernel WinMad.) – C:\WINDOWS\System32\drivers\winmad.sys [249440] =>.Microsoft Windows®
O58 - SDL:2015/07/10 00:54:53 A . (.Mellanox - Kernel WinVerbs.) – C:\WINDOWS\System32\drivers\winverbs.sys [249440] =>.Microsoft Windows®
O58 - SDL:2016/11/24 08:10:30 A . (.Zemana Ltd. - ZAM.) – C:\WINDOWS\System32\drivers\zam64.sys [249440] =>.Zemana Ltd.®
O58 - SDL:2016/11/24 08:10:30 A . (.Zemana Ltd. - ZAM.) – C:\WINDOWS\System32\drivers\zamguard64.sys [249440] =>.Zemana Ltd.®

—\ Last modified or created user files (12) - 18s
O61 - LFC: 2016/11/26 23:08:08 A . (.Copyright © 2015.) – C:\Users\CEP Local 440\Downloads\Adware Removal Tool by TSA.exe [752296] {317DD1C55F51AC2756D9C93C060C6FA5}
O61 - LFC: 2016/11/24 11:42:34 A . (..) – C:\Users\CEP Local 440\Downloads\dap97_brosp.exe [12296704]
O61 - LFC: 2016/11/24 11:42:33 A . (.SlimWare Utilities, Inc..) – C:\Users\CEP Local 440\Downloads\slimdrivers-setup (1).exe [670016] =>.Superfluous.SlimWareUtilities
O61 - LFC: 2016/11/24 11:42:33 A . (.SlimWare Utilities, Inc..) – C:\Users\CEP Local 440\Downloads\slimdrivers-setup (2).exe [698688] =>.Superfluous.SlimWareUtilities
O61 - LFC: 2016/11/24 11:42:33 A . (.SlimWare Utilities, Inc..) – C:\Users\CEP Local 440\Downloads\slimdrivers-setup (3).exe [698688] =>.Superfluous.SlimWareUtilities
O61 - LFC: 2016/11/24 11:42:33 A . (.SlimWare Utilities, Inc..) – C:\Users\CEP Local 440\Downloads\slimdrivers-setup.exe [632704] {7849657A1719539E1882587E1354B115} =>.Superfluous.SlimWareUtilities
O61 - LFC: 2016/11/24 20:10:39 A . (..) – C:\Users\CEP Local 440\Downloads\winzip100.exe [5834344] {40032F22DC310809AF0E60AC5A2FE0C9}
O61 - LFC: 2016/11/24 11:42:36 A . (..) – C:\Users\CEP Local 440\Documents\My DAP Downloads\dap10_2.exe [11250688]
O61 - LFC: 2016/11/24 11:42:35 A . (.SlimWare Utilities, Inc..) – C:\Users\CEP Local 440\Documents\My DAP Downloads\slimdrivers-setup.exe [632704] {7849657A1719539E1882587E1354B115} =>.Superfluous.SlimWareUtilities
O61 - LFC: 2016/11/26 23:09:04 A . (.Copyright © 2015.) – C:\Users\CEP Local 440\Desktop\Adware Removal Tool by TSA.exe [752296] {317DD1C55F51AC2756D9C93C060C6FA5}
O61 - LFC: 2016/11/25 21:45:35 A . (..) – C:\Users\CEP Local 440\Desktop\SecurityCheck.exe [511034]
O61 - LFC: 2016/11/27 12:00:55 A . (..) – C:\Users\CEP Local 440\AppData\Local\WinZip\rr.bin [215559]

—\ File Associations Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\WINDOWS\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\WINDOWS\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\WINDOWS\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\WINDOWS\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S

—\ Start Menu Internet (4) - 0s
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

—\ Search Browser Infection (10) - 0s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {4AF4DA01-B858-4617-AC1C-0E06F377629C} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKLM] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKUS.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKUS.DEFAULT] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com/ =>.Google Inc.

—\ Search Svchost Services (41) - 2s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\WINDOWS\system32\srvsvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\WINDOWS\System32\gpsvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\WINDOWS\System32\ikeext.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\WINDOWS\System32\iphlpsvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\WINDOWS\system32\seclogon.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\WINDOWS\System32\appinfo.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\WINDOWS\system32\iscsiexe.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\WINDOWS\System32\eapsvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\WINDOWS\system32\schedsvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\WINDOWS\system32\wbem\WMIsvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\WINDOWS\System32\browser.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\WINDOWS\system32\profsvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\WINDOWS\System32\SessEnv.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\WINDOWS\System32\wercplsupport.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) – C:\WINDOWS\system32\wlidsvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: DcpSvc (DcpSvc) . (.Microsoft Corporation - dcpsvc Task.) – C:\WINDOWS\system32\dcpsvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) – C:\WINDOWS\System32\ncasvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) – C:\WINDOWS\System32\NetSetupSvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\WINDOWS\System32\rasauto.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\WINDOWS\System32\rasmans.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\WINDOWS\System32\mprdim.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\WINDOWS\System32\sens.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\WINDOWS\System32\ipnathlp.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\WINDOWS\System32\tapisrv.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\WINDOWS\system32\wuaueng.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\WINDOWS\System32\qmgr.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\WINDOWS\System32\shsvcs.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) – C:\WINDOWS\system32\dmwappushsvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) – C:\WINDOWS\System32\XblGameSave.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) – C:\WINDOWS\system32\XboxNetApiSvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) – C:\WINDOWS\system32\usocore.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) – C:\WINDOWS\System32\usermgr.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) – C:\WINDOWS\System32\lfsvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) – C:\WINDOWS\System32\Windows.Internal.Management.dl l [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) – C:\WINDOWS\System32\XblAuthManager.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: RetailDemo (RetailDemo) . (.Microsoft Corporation - RDXService.) – C:\WINDOWS\system32\RDXService.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\WINDOWS\System32\bdesvc.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) – C:\WINDOWS\System32\DeviceSetupManager.dll [249440] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\WINDOWS\system32\themeservice.dll [249440] =>.Microsoft Corporation

—\ Firewall Active Exception List (8) - 2s
O87 - FAEL: “CoreNet-GP-LSASS-Out-TCP” [Out-None-P6-TRUE] .(…) – C:\WINDOWS\system32\lsass.exe
O87 - FAEL: “RemoteSvcAdmin-In-TCP” [In-None-P6-FALSE] .(…) – C:\WINDOWS\system32\services.exe
O87 - FAEL: “RemoteSvcAdmin-In-TCP-NoScope” [In-None-P6-FALSE] .(…) – C:\WINDOWS\system32\services.exe
O87 - FAEL: “WFDPRINT-SPOOL-Out-Active” [Out-None-P17-TRUE] .(…) – C:\WINDOWS\system32\spoolsv.exe
O87 - FAEL: “WFDPRINT-SPOOL-In-Active” [In-None-P17-TRUE] .(…) – C:\WINDOWS\system32\spoolsv.exe
O87 - FAEL: “FPS-SpoolSvc-In-TCP” [In-None-P6-FALSE] .(…) – C:\WINDOWS\system32\spoolsv.exe
O87 - FAEL: “FPS-SpoolSvc-In-TCP-NoScope” [In-None-P6-FALSE] .(…) – C:\WINDOWS\system32\spoolsv.exe
O87 - FAEL: “Netlogon-TCP-RPC-In” [In-None-P6-FALSE] .(…) – C:\WINDOWS\System32\lsass.exe

—\ Windows Installer Scan (1) - 3s
[MD5.] [WIS][2013/08/28 19:47:12] (.SlimWare Utilities, Inc. - Windows Installer XML (3.0.5419.0).) – C:\WINDOWS\Installer\e3541.msi [249440] =>.Superfluous.SlimWareUtilities

—\ Additional Scan (O88) (10) - 0s
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{3CF3DEF4-ED15-4F7B-9320-C3E1081EA4DA} =>.Superfluous.SlimWareUtilities
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{3CF3DEF4-ED15-4F7B-9320-C3E1081EA4DA} =>.Superfluous.SlimWareUtilities
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter =>PUP.Optional.InstallConverter
C:\ProgramData\InstallMate =>.Superfluous.Tarma
C:\Users\CEP Local 440\Downloads\slimdrivers-setup.exe =>.Superfluous.SlimWareUtilities
C:\Users\CEP Local 440\Documents\My DAP Downloads\slimdrivers-setup.exe =>.Superfluous.SlimWareUtilities
C:\WINDOWS\Installer\e3541.msi =>.Superfluous.SlimWareUtilities
C:\Users\CEP Local 440\AppData\Roaming\inst.exe =>Heuristic.Suspect

—\ Summary of the elements found (4) - 0s
ZHPCleaner 2025 Télécharger pour Windows 11 / 10 / 7 =>.Superfluous.SlimWareUtilities
Redirecting... =>Heuristic.Suspect
https://www.nicolascoolman.com/fr/pup-installconverter/ =>PUP.Optional.InstallConverter
https://www.nicolascoolman.com/fr/pup-tarma/ =>.Superfluous.Tarma

~ End of the scan, 53528 items in 00h46mn25s (1231)

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 02-12-2016
Ran by CEP Local 440 (02-12-2016 19:42:10) Run:4
Running from C:\Users\CEP Local 440\Desktop
Loaded Profiles: CEP Local 440 (Available Profiles: CEP Local 440 & DefaultAppPool)
Boot Mode: Normal[/HEADING]
fixlist content:

---

start
CreateRestorePoint:
CloseProcesses:
C:\WINDOWS\System32\drivers\mfeavfk.sys
C:\WINDOWS\System32\drivers\mfeapfk.sys
C:\WINDOWS\System32\mfevtps.exe
C:\WINDOWS\System32\Tasks{298B2E4F-B19F-479B-A158-24E952B262D7}
C:\WINDOWS\System32\Tasks{BF9EF130-FE70-4432-88EC-F3B7132270EA}
C:\Program Files (x86)\Amazon
C:\Program Files (x86)\SpeedBit Video Accelerator
C:\Program Files (x86)\uTorrent
C:\ProgramData\boost_interprocess
C:\ProgramData\Kaspersky Lab Setup Files
C:\ProgramData\McAfee
C:\ProgramData\Norton
C:\ProgramData\NortonInstaller
C:\ProgramData{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
C:\Program Files (x86)\Common Files\McAfee
C:\Users\CEP Local 440\AppData\Local\uTorrent
C:\WINDOWS\System32\drivers\mfeclnk.sys
C:\WINDOWS\System32\drivers\mfehidk.sys
C:\WINDOWS\System32\drivers\mferkdet.sys
C:\WINDOWS\System32\drivers\mfewfpk.sys
C:\WINDOWS\System32\drivers\tmcomm.sys
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
C:\ProgramData\InstallMate
C:\WINDOWS\Installer\e3541.msi
C:\Users\CEP Local 440\AppData\Roaming\inst.exe
DeleteKey: HKLM\SOFTWARE\Wow6432Node\KasperskyLab
DeleteKey: HKLM\SOFTWARE\Wow6432Node\McAfee
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Symantec
DeleteKey: HKLM\SOFTWARE\Wow6432Node\trendmicro
DeleteKey: HKCU\SOFTWARE\KasperskyLab
DeleteKey: HKCU\SOFTWARE\McAfee
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{3CF3DEF4-ED15-4F7B-9320-C3E1081EA4DA}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Emptytemp:
reboot:
end

---

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\System32\drivers\mfeavfk.sys => moved successfully
C:\WINDOWS\System32\drivers\mfeapfk.sys => moved successfully
C:\WINDOWS\System32\mfevtps.exe => moved successfully
C:\WINDOWS\System32\Tasks{298B2E4F-B19F-479B-A158-24E952B262D7} => moved successfully
C:\WINDOWS\System32\Tasks{BF9EF130-FE70-4432-88EC-F3B7132270EA} => moved successfully
C:\Program Files (x86)\Amazon => moved successfully
C:\Program Files (x86)\SpeedBit Video Accelerator => moved successfully
C:\Program Files (x86)\uTorrent => moved successfully
C:\ProgramData\boost_interprocess => moved successfully
C:\ProgramData\Kaspersky Lab Setup Files => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\ProgramData\Norton => moved successfully
C:\ProgramData\NortonInstaller => moved successfully
C:\ProgramData{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} => moved successfully
C:\Program Files (x86)\Common Files\McAfee => moved successfully
C:\Users\CEP Local 440\AppData\Local\uTorrent => moved successfully
C:\WINDOWS\System32\drivers\mfeclnk.sys => moved successfully
C:\WINDOWS\System32\drivers\mfehidk.sys => moved successfully
C:\WINDOWS\System32\drivers\mferkdet.sys => moved successfully
C:\WINDOWS\System32\drivers\mfewfpk.sys => moved successfully
C:\WINDOWS\System32\drivers\tmcomm.sys => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter => moved successfully
C:\ProgramData\InstallMate => moved successfully
C:\WINDOWS\Installer\e3541.msi => moved successfully
C:\Users\CEP Local 440\AppData\Roaming\inst.exe => moved successfully
HKLM\SOFTWARE\Wow6432Node\KasperskyLab => key removed successfully
HKLM\SOFTWARE\Wow6432Node\McAfee => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Symantec => key removed successfully
HKLM\SOFTWARE\Wow6432Node\trendmicro => key removed successfully
HKCU\SOFTWARE\KasperskyLab => key removed successfully
HKCU\SOFTWARE\McAfee => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{3CF3DEF4-ED15-4F7B-9320-C3E1081EA4DA} => could not remove key.: incorrect path.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} => could not remove key.: incorrect path.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6481875 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 1452669 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
CEP Local 440 => 160891345 B
DefaultAppPool => 0 B

RecycleBin => 4348207 B
EmptyTemp: => 165.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:43:17 ====

What issues remain on your machine?

Hello:
The pop ups appear to be gone and everything seems now to be back to normal.

Thanks,
P