How to remove rundll32.exe virus.

**toreee** · 03-11-2017, 01:25 AM

~ ZHPCleaner v2017.2.27.37 by Nicolas Coolman (2017/02/27)
~ Run by MSI CR-460 (Administrator) (01/03/2017 03:17:18)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : ZHP
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\MSI CR-460\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601)

—\ Services (0)
~ No malicious or unnecessary items found.

—\ Browser internet (2)
DELETED data: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\Curr entVersion\Internet Settings\Connections\SavedLegacySettings [Bad : Port=52737 <-Loopback>] =>Hijacker.Proxy
DELETED data: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\Curr entVersion\Internet Settings\Connections\DefaultConnectionSettings [Bad : Port=52737 <-Loopback>] =>Hijacker.Proxy

—\ Hosts file (1)
~ The hosts file is legitimate (1)

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

—\ Explorer ( File, Folder) (22)
MOVED file: C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4 hyy.default\searchplugins\WebSearch.xml =>PUP.Optional.SimpleSearches
MOVED file: C:\Windows\Installer\wix{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{6EE644CD-FC7F-424C-83EA-9C0285C4FB7F}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{F53D678E-238F-4A71-9742-08BB6774E9DC}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\AutoKMS\AutoKMS.log =>HackTool.AutoKMS
MOVED folder: C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnligehkhogpcngalffdoomehj cbecna =>.Superfluous.Linkury
MOVED folder: C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehmndecgbcffhmfjkenpamdge chcgpe =>.Superfluous.Linkury
MOVED folder: C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda =>Hijacker.Browser [ https://epicunitscan.info/00service/update2/crx ]
MOVED folder: C:\Users\MSI CR-460\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi =>PUP.Optional.CrossRider
MOVED folder: C:\Program Files\Ashampoo =>.Superfluous.Empty
MOVED folder: C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS
MOVED folder: C:\ProgramData\AutoKMS =>HackTool.AutoKMS
MOVED folder: C:\windows\AutoKMS =>HackTool.AutoKMS
MOVED folder: C:\Users\MSI CR-460\AppData\LocalLow\DataMngr =>PUP.Optional.Datamngr
MOVED folder: C:\Program Files\QuickTime =>Riskware.QuickTime
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime
MOVED folder: C:\windows\Installer\MSI6442.tmp- =>.Superfluous.Empty
MOVED folder: C:\windows\Installer\MSI687.tmp- =>.Superfluous.Empty
MOVED folder: C:\windows\Installer\MSI9C74.tmp- =>.Superfluous.Empty

—\ Registry ( Key, Value, Data) (7)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d10lpsik1i8c69.clo udfront.net [3548] =>.Superfluous.CloudfrontNet
DELETED key*: HKLM\SOFTWARE\Classes\Interface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask
DELETED key*: HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProt ector [ProtectorControl Class] =>.Superfluous.MindSpark
DELETED key*: HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProt ector.1 [ProtectorControl Class] =>.Superfluous.MindSpark
DELETED key*: HKLM\SOFTWARE\Classes\PC2739C7E_FABD_4632_AAD0_F06 3DFE8F006_.PC2739C7E_FABD_4632_AAD0_F063DFE8F006_ [bestadblocker] =>PUP.Optional.BestADBlocker
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PCBooster.exe [C:\Program Files\inKline Global\PC Booster\PCBooster.exe] =>.Superfluous.Energize

—\ Summary of the elements found (15)
Redirecting... =>Hijacker.Proxy
Le repaquetage ou l'empaquetage logiciel peut représenter un risque de sécurité - ZAM =>PUP.Optional.SimpleSearches
Logiciels Potentiellement Superflus (LPS). - ZAM =>.Superfluous.Empty
AutoKMS, Application Potentiellement Superflue. - ZAM =>HackTool.AutoKMS
Redirecting... =>.Superfluous.Linkury
Le repaquetage ou l'empaquetage logiciel peut représenter un risque de sécurité - ZAM =>Hijacker.Browser [ https://epicunitscan.info/00service/update2/crx ]
Redirecting... =>PUP.Optional.CrossRider
https://www.nicolascoolman.com/fr/pup-datamngr/ =>PUP.Optional.Datamngr
https://nicolascoolman.eu/2017/01/15...are-quicktime/ =>Riskware.QuickTime
CloudFront, Réseau de distribution d'Amazon. - ZAM =>.Superfluous.CloudfrontNet
Redirecting... =>Toolbar.Ask
MindSpark, Logiciel Potentiellement Superflu. - ZAM =>.Superfluous.MindSpark
Le repaquetage ou l'empaquetage logiciel peut représenter un risque de sécurité - ZAM =>PUP.Optional.BestADBlocker
Heuristic Suspect, 1 Logiciel Indésirable. - ZAM =>Heuristic.Suspect
Redirecting... =>.Superfluous.Energize

—\ Other deletions. (2)
~ Registry Keys Tracing deleted (1)
~ Remove the old reports ZHPCleaner. (1)

—\ Result of repair
~ Repair carried out successfully

—\ Statistics
~ Items scanned : 2257
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 31

~ End of clean in 00h00mn52s
~====================
ZHPCleaner-[R]-01032017-03_18_10.txt
ZHPCleaner--28022017-20_30_32.txt

**Malnutrition** · 03-11-2017, 06:29 AM

How is your issue now? Where are the other logs?

**toreee** · 03-11-2017, 06:32 AM

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d’export Registre :
Run by MSI CR-460 at 11/3/2017 10:30:59 AM
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (19mn AMs)

========== Registry keys ==========
REMOVES: HKLM\SOFTWARE\121_31
REMOVES: HKLM\SOFTWARE\IObit
REMOVES: HKLM\SOFTWARE\McAfee.com
REMOVES: HKLM\SOFTWARE\TrendMicro
REMOVES: HKLM\SOFTWARE\TuneUp
REMOVES: HKLM\SOFTWARE\yahoo
REMOVES: HKLM\SOFTWARE\webroot
REMOVES: HKCU\SOFTWARE\BitTorrent
REMOVES: HKCU\SOFTWARE\McAfee
REMOVES: HKCU\SOFTWARE\Yahoo
REMOVES: HKCU\SOFTWARE\AppDataLow\Software\cegcejuhat
REMOVES: HKCU\SOFTWARE\AppDataLow\Software\Yahoo
REMOVES: SearchScopes :{006ee092-9658-4fd6-bd8e-a21a348e59f5}
REMOVES: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
REMOVES: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{B67BAFBA-4C9F-48FA-9496-933E3B255044}

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Elements of the registry data ==========
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1
REMOVES: R5 AutoConfigProxy = wininet.dll
REMOVES: R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable

========== Folders ==========
No folders empty CLSID Local user
REMOVES: C:\Program Files\DownloadYoutubeIE
REMOVES: C:\Program Files\GUM8A16.tmp
REMOVES: C:\Program Files\IObit
REMOVES: C:\Program Files\Yahoo!
REMOVES: C:\ProgramData\AVG
REMOVES: C:\ProgramData\AVG2015
REMOVES: C:\ProgramData\Avg_Update_0215pit
REMOVES: C:\ProgramData\Avira
REMOVES: C:\ProgramData\CismaUva
REMOVES: C:\ProgramData\IObit
REMOVES: C:\ProgramData\McAfee
REMOVES: C:\ProgramData\MFAData
REMOVES: C:\ProgramData\TuneUp Software
REMOVES: C:\Program Files\Common Files\AV
REMOVES: C:\Program Files\Common Files\IObit
REMOVES: C:\Users\MSI CR-460\AppData\Roaming\AVG
REMOVES: C:\Users\MSI CR-460\AppData\Roaming\AVG2015
REMOVES: C:\Users\MSI CR-460\AppData\Roaming\IObit
REMOVES: C:\Users\MSI CR-460\AppData\Roaming\TuneUp Software
REMOVES: C:\Users\MSI CR-460\AppData\Roaming\uTorrent
REMOVES: C:\Users\MSI CR-460\AppData\Local\Avg
REMOVES: C:\Users\MSI CR-460\AppData\Local\Avg2015
REMOVES: C:\Users\MSI CR-460\AppData\Local\TuneUp Software
REMOVES: C:\windows\System32\Config\systemprofile\AppData\L ocal\Avg
REMOVES: C:\windows\System32\Config\systemprofile\AppData\L ocal\Avg2015
REMOVES: C:\windows\System32\Config\systemprofile\AppData\L ocal\MFAData
REMOVES: C:\windows\System32\Config\systemprofile\AppData\R oaming\AVG
REMOVES: C:\windows\System32\Config\systemprofile\AppData\R oaming\AVG2015
REMOVES: C:\windows\System32\Config\systemprofile\AppData\R oaming\IObit
REMOVES: C:\windows\System32\Config\systemprofile\AppData\R oaming\McAfee
REMOVES: C:\windows\System32\Config\systemprofile\AppData\L ocal\TuneUp Software
REMOVES: C:\windows\System32\Config\systemprofile\AppData\R oaming\TuneUp Software

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
Deletes temporary Windows (3) (178 octets)
REMOVES: c:\windows\system32\drivers\avgtdix.sys

========== System restore ==========
The system successfully created restore point

========== Other ==========
NON-TREATY R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies
NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\U ninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\U ninstall{B67BAFBA-4C9F-48FA-9496-933E3B255044}]

========== Summary ==========
15 : Registry keys
6 : Registry values
6 : Elements of the registry data
33 : Folders
3 : Files
1 : System restore
3 : Other

End of clean in 47mn AMs

========== Path to file report ==========
C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/3/2017 10:31:19 AM [4336]

**toreee** · 03-11-2017, 06:32 AM

Still apprearing the same

**Malnutrition** · 03-11-2017, 06:35 AM

Originally posted by Malnutrition

@toreee After you complete the latest steps, if you do have the issue anymore… Please post a screen shot of the exact error.

You will need to reboot after the ZHP fix.

Also, the adware removal tool log… When do you get the error? When you open what file?

**Malnutrition** · 03-11-2017, 06:37 AM

Quick Diag Scan.
Downloads - QuickDiag - Download Now - ToolsLib’]

Download Quick Diag to your desktop.[/URL]
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select https://pchelpforum.net/attachments/...7-30-png.1793/ scan.
Post the log that is generated in your next post.

**toreee** · 03-11-2017, 08:14 AM

[ATTACH]1821[/ATTACH]

**toreee** · 03-11-2017, 08:16 AM

~ Run by MSI CR-460 (Administrator) (2017/02/26 17:29:44)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: ZHP
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\MSI CR-460\Desktop\ZHPDiag.txt
~ Report: C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation

—\ Internet Browsers (2) - 0s
~ GCIE: Google Chrome v56.0.2924.87
~ MSIE: Internet Explorer v11.0.9600.18537

—\ Windows Product Information (4) - 3s
~ Windows Server License Manager Script : OK
System - VBScript Engine not found
Windows Automatic Updates : OK
Windows Activation Technologies : KO

—\ System protection software (1) - 2s
Malwarebytes Anti-Malware version 2.2.1.1043 (Protection)

—\ System optimization software (1) - 3s
~ CCleaner v5.26 (Optimize)

—\ Surveillance software (2) - 3s
~ Adobe Flash Player 22 NPAPI (Surveillance)
~ Adobe Reader XI (Surveillance)

—\ Information on the system (6) - 0s
~ Operating System: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 2097.152 MB (56% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 47 GB (15%) free of 305 GB : OK =>.Disk Space

—\ Connection to the system mode (3) - 0s
~ Computer Name: MSICR-460-PC
~ User Name: MSI CR-460
~ Logged in as Administrator

—\ Enumeration of the disk units (1) - 0s
~ Drive C: has 47 GB free of 305 GB (System)

—\ State of the Windows Security Center (23) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoClose: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

—\ Search Generic System Files (22) - 3s
[MD5.6DDCA324434FFA506CF7DC4E51DB7935] - 29/08/2016 - (.Microsoft Corporation - Windows Explorer.) – C:\windows\Explorer.exe [2972672] =>.Microsoft Corporation
[MD5.B5C5DCAD3899512020D135600129D665] - 14/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\windows\System32\Wininit.exe [96256] =>.Microsoft Corporation
[MD5.F4F5123B45BFCFD2F035280FDCB5BBBE] - 12/11/2016 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\windows\System32\wininet.dll [2444800] =>.Microsoft Corporation
[MD5.52449FD429D6053B78AE564DEF303870] - 17/07/2014 - (.Microsoft Corporation - Windows Logon Application.) – C:\windows\System32\Winlogon.exe [304128] =>.Microsoft Corporation
[MD5.E3AE23569749DE12D45BA3B489A036AE] - 21/11/2010 - (.Microsoft Corporation - Software Licensing Library.) – C:\windows\System32\sppcomapi.dll [193536] =>.Microsoft Corporation
[MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - 03/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) – C:\windows\System32\dnsapi.dll [270336] =>.Microsoft Corporation
[MD5.93B49FA857F7036A4EFF32371F6E7391] - 13/10/2015 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\windows\System32\drivers\AFD.sys [338944] =>.Microsoft Corporation
[MD5.338C86357871C167A96AB976519BF59E] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\windows\System32\drivers\atapi.sys [21584] =>.Microsoft Windows®
[MD5.77EA11B065E0A8AB902D78145CA51E10] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\windows\System32\drivers\Cdfs.sys [70656] =>.Microsoft Corporation
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - 21/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\windows\System32\drivers\Cdrom.sys [108544] =>.Microsoft Corporation
[MD5.EA9DBD76CE9254C77BAAB4339DD4C4FB] - 08/09/2016 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\windows\System32\drivers\DfsC.sys [81408] =>.Microsoft Corporation
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - 21/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\windows\System32\drivers\HDAudBus.sys [108544] =>.Microsoft Corporation
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - 14/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) – C:\windows\System32\drivers\i8042prt.sys [80896] =>.Microsoft Corporation
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - 14/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) – C:\windows\System32\drivers\IpNat.sys [101888] =>.Microsoft Corporation
[MD5.6284D46BAA301BEDB9AB7FA7672B2410] - 05/01/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\windows\System32\drivers\MRxSmb.sys [124416] =>.Microsoft Corporation
[MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - 11/05/2016 - (.Microsoft Corporation - MBT Transport driver.) – C:\windows\System32\drivers\netBT.sys [188928] =>.Microsoft Corporation
[MD5.978E7A2E4BF4E8E70D0776EF0D9E97FB] - 11/01/2016 - (.Microsoft Corporation - NT File System Driver.) – C:\windows\System32\drivers\ntfs.sys [1212352] =>.Microsoft Windows®
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - 14/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) – C:\windows\System32\drivers\Parport.sys [79360] =>.Microsoft Corporation
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - 14/07/2009 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\windows\System32\drivers\Rasl2tp.sys [78848] =>.Microsoft Corporation
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - 14/07/2009 - (.Microsoft Corporation - SMB Transport driver.) – C:\windows\System32\drivers\smb.sys [71168] =>.Microsoft Corporation
[MD5.BB8817D0508DD5EA69C770C8DEF5AB67] - 13/10/2015 - (.Microsoft Corporation - TDI Translation Driver.) – C:\windows\System32\drivers\tdx.sys [74752] =>.Microsoft Corporation
[MD5.F497F67932C6FA693D7DE2780631CFE7] - 21/11/2010 - (.Microsoft Corporation - Volume Shadow Copy Driver.) – C:\windows\System32\drivers\volsnap.sys [245632] =>.Microsoft Windows®

—\ Task Planned Automatically (3) - 12s
[MD5.1A709A8B23B584115F2CCEEDAD64DE97] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) – C:\Program Files\CCleaner\CCleaner.exe [7173848] (.Activate.) =>.Piriform Ltd®
[MD5.00000000000000000000000000000000] [APT] [Microsoft\Windows\Autochk\Proxy] (…) – C:\windows\system32\rundll32.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) – C:\windows\System32\Tasks\CCleanerSkipUAC [2784] =>.Piriform Ltd®

—\ Auto loading programs from Registry and folders (2) - 0s
O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

—\ Process running (3) - 1s
[MD5.0A70F4022EC2E14C159EFC4F69AA2477] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1710464] [PID.1860] =>.Microsoft Corporation®
[MD5.9C879E1C3B27085FB46EFECCD7120D51] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [193408] [PID.1564] =>.Microsoft Corporation®
[MD5.139A1E7AC1479231D95F650ECBD55081] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\MSI CR-460\Desktop\ZHPDiag3.exe [2703872] [PID.828] =>.Nicolas Coolman

—\ Google Chrome, Start,Search,Extensions (6) - 1s
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [dnligehkhogpcngalffdoomehjcbecna] Baboom Search =>.Superfluous.Linkury
G2 - GCE: Preference [User Data\Default] [gehmndecgbcffhmfjkenpamdgechcgpe] Baboom Search =>.Superfluous.Linkury
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] [ https://epicunitscan.info/00service/update2/crx ] Google Chrome manifest =>Hijacker.Browser
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.

—\ Mozilla Firefox,Plugins,Start,Search,Extensions (7) - 2s
P2 - EXT: (.Microsoft Corporation - The plugin allows you to have a better expe.) – C:\Program Files\Mozilla Firefox\Plugins\npMeetingJoinPluginOC.dll =>.Microsoft Corporation®
P2 - EXT FILE: (.Test Pilot - Help make Firefox better by running us.) – C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4 hyy.default\extensions\testpilot@labs.mozilla.com.xpi =>.Test Pilot
P2 - EXT FILE: (.Google - Default Search.) – C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4 hyy.default\searchplugins\Google.xml =>.Google
P2 - EXT FILE: (…) – C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4 hyy.default\searchplugins\WebSearch.xml
P2 - EXT: (…) – C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4 hyy.default\extensions\staged
P2 - EXT: (.Riverbed Technology, Inc. - Steelhead Mobile Certificate Manager.) – C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4 hyy.default\extensions\SteelheadMobileCertificateManager@riverbed.com =>.Riverbed Technology, Inc.
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) – C:\Windows\System32\Macromed\Flash\NPSWF32_22_0_0_ 209.dll =>.Adobe Systems Incorporated

—\ Opera, Plugins,Start,Search (1) - 0s
B2 - EXT: [CinemaP-1.9cV22.08] C:\Users\MSI CR-460\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi

—\ Internet Explorer Extensions, Start, Search (14) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/ =>.Bing.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/ =>.Bing.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/ =>.Bing.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://www.bing.com/ =>.Bing.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

—\ Internet Explorer, Proxy Management (7) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1 = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies

—\ Line Analysis, IniFiles, Auto loading programs (3) - 1s
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\windows\system32\SystemPropertiesPerfo rmance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

—\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (1)

—\ Browser Helper Object (BHO) (8) - 1s
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) – C:\Program Files\Microsoft Office\Office15\OCHelper.dll =>.Microsoft Corporation®
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) – C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java™ Platform SE binary.) – C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll =>.Oracle America, Inc.®
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll =>.Microsoft Corporation®
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} . (.Microsoft Corporation - Windows Live Messenger Companion Core.) – C:\Program Files\Windows Live\Companion\companioncore.dll =>.Microsoft Corporation®
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) – C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL =>.Microsoft Corporation®
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) – C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java™ Platform SE binary.) – C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll =>.Oracle America, Inc.®

—\ Global shortcuts Startup (98) - 18s
O4 - GS\Desktop [Administrator]: Documents - Shortcut.lnk . (…) C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Libraries\Do cuments.library-ms
O4 - GS\Desktop [Administrator]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Desktop [Administrator]: PDF Password Remover.lnk . (.Tenorshare - PDF Password Remover.) C:\Program Files\PDF Password Remover\PDF Password Remover.exe =>.Tenorshare
O4 - GS\Desktop [Administrator]: Telegram.lnk . (.Telegram Messenger LLP - .) C:\Users\MSI CR-460\AppData\Roaming\Telegram Desktop\Telegram.exe {0084CF3F73EDB10D86} =>.Telegram Messenger LLP
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: GOM Player.lnk . (.Gretech Corp. - GOM Player.) C:\Program Files\GRETECH\GomPlayer\GOM.exe =>.GRETECH®
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time
O4 - GS\sendTo [Administrator]: TeamViewer.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe --sendto =>.TeamViewer®
O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Administrator]: TeamViewer 10.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe =>.TeamViewer®
O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: Documents - Shortcut.lnk . (…) C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Libraries\Do cuments.library-ms
O4 - GS\Desktop [Guest]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Desktop [Guest]: PDF Password Remover.lnk . (.Tenorshare - PDF Password Remover.) C:\Program Files\PDF Password Remover\PDF Password Remover.exe =>.Tenorshare
O4 - GS\Desktop [Guest]: Telegram.lnk . (.Telegram Messenger LLP - .) C:\Users\MSI CR-460\AppData\Roaming\Telegram Desktop\Telegram.exe {0084CF3F73EDB10D86} =>.Telegram Messenger LLP
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: GOM Player.lnk . (.Gretech Corp. - GOM Player.) C:\Program Files\GRETECH\GomPlayer\GOM.exe =>.GRETECH®
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time
O4 - GS\sendTo [Guest]: TeamViewer.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe --sendto =>.TeamViewer®
O4 - GS\TaskBar [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Guest]: TeamViewer 10.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe =>.TeamViewer®
O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [MSI CR-460]: Documents - Shortcut.lnk . (…) C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Libraries\Do cuments.library-ms
O4 - GS\Desktop [MSI CR-460]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Desktop [MSI CR-460]: PDF Password Remover.lnk . (.Tenorshare - PDF Password Remover.) C:\Program Files\PDF Password Remover\PDF Password Remover.exe =>.Tenorshare
O4 - GS\Desktop [MSI CR-460]: Telegram.lnk . (.Telegram Messenger LLP - .) C:\Users\MSI CR-460\AppData\Roaming\Telegram Desktop\Telegram.exe {0084CF3F73EDB10D86} =>.Telegram Messenger LLP
O4 - GS\Desktop [MSI CR-460]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [MSI CR-460]: GOM Player.lnk . (.Gretech Corp. - GOM Player.) C:\Program Files\GRETECH\GomPlayer\GOM.exe =>.GRETECH®
O4 - GS\Quicklaunch [MSI CR-460]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [MSI CR-460]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [MSI CR-460]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [MSI CR-460]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [MSI CR-460]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time
O4 - GS\sendTo [MSI CR-460]: TeamViewer.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe --sendto =>.TeamViewer®
O4 - GS\TaskBar [MSI CR-460]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [MSI CR-460]: TeamViewer 10.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe =>.TeamViewer®
O4 - GS\TaskBar [MSI CR-460]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [MSI CR-460]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Programs [MSI CR-460]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [MSI CR-460]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\CommonDesktop [Public]: Canon IJ Network Tool.lnk . (.CANON INC. - Canon IJ Network Tool.) C:\Program Files\Canon\Canon IJ Network Tool\CNMNPUT.EXE =>.Canon Inc.®
O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - GS\CommonDesktop [Public]: Family Tree Maker 2012.lnk . (.Ancestry.com - Family Tree Maker 2012.) C:\Program Files\Family Tree Maker 2012\FTM.exe
O4 - GS\CommonDesktop [Public]: GOM Player.lnk . (.Gretech Corp. - GOM Player.) C:\Program Files\GRETECH\GomPlayer\GOM.exe =>.GRETECH®
O4 - GS\CommonDesktop [Public]: Malwarebytes Anti-Malware.lnk . (.Malwarebytes - Malwarebytes Anti-Malware.) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe =>.Malwarebytes Corporation®
O4 - GS\CommonDesktop [Public]: PIXAJOY Editor.lnk . (.Pixajoy - Pixajoy.) C:\Program Files\PIXAJOY Editor\PIXAJOY Editor.exe
O4 - GS\CommonDesktop [Public]: RogueKiller.lnk . (…) C:\Program Files\RogueKiller\RogueKiller.exe =>.Adlice®
O4 - GS\Programs [Public]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) C:\windows\system32\cmd.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\windows\system32\eudcedit.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Bluetooth File Transfer Wizard.lnk . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\windows\system32\displayswitch.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\windows\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\windows\system32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\windows\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\windows\system32\dfrgui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\windows\system32\cleanmgr.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\windows\system32\perfmon.exe /res =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\windows\system32\msinfo32.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\windows\system32\rstrui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (…) C:\windows\system32\taskschd.msc /s =>..Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Adobe Reader XI.lnk . (…) C:\windows\Installer{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico =>.Adobe Inc.
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Microsoft Security Essentials.lnk . (.Microsoft Corporation - Microsoft Security Client User Interface.) C:\Program Files\Microsoft Security Client\msseces.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files\Windows Sidebar\sidebar.exe /showgadgets =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: TeamViewer 10.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe =>.TeamViewer®
O4 - GS\ProgramsCommon [Public]: Windows Anytime Upgrade.lnk . (.Microsoft Corporation - Windows Anytime Upgrade User Interface.) C:\windows\system32\WindowsAnytimeUpgradeUI.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Movie Maker.lnk . (.Microsoft Corporation - Windows Live Movie Maker.) C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Photo Gallery.lnk . (.Microsoft Corporation - Windows Live Photo Gallery.) C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\windows\system32\xpsrchvw.exe =>.Microsoft Corporation

—\ Lop.com/Domain Hijackers (4) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip..{50C8F833-76C7-43D8-93AB-4E6D4052CA40}: DhcpNameServer = 192.168.0.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip..{50C8F833-76C7-43D8-93AB-4E6D4052CA40}: DhcpDomain = domain.name

—\ Extra protocols (25) - 1s
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) – C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll =>.Microsoft Corporation®
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} . (.Microsoft Corporation - Microsoft Office 2013 component.) – C:\Program Files\Microsoft Office\Office15\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) – C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation®
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) – C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation®
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) – C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL =>.Microsoft Corporation®

—\ Software installed (114) - 40s
O42 - Logiciel: Adobe Flash Player 22 NPAPI - (.Adobe Systems Incorporated.) [HKLM] – Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Flash Player 24 ActiveX - (.Adobe Systems Incorporated.) [HKLM] – Adobe Flash Player ActiveX =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Reader XI (11.0.13) - (.Adobe Systems Incorporated.) [HKLM] – {AC76BA86-7AD7-1033-7B44-AB0000000001} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM] – {AC76BA86-0804-1033-1959-001824157129} =>.Adobe Systems Incorporated
O42 - Logiciel: Alcor Micro USB Card Reader - (.Alcor Micro Corp..) [HKLM] – {4555BB9E-E715-4260-A178-E8EFD2B653E3} =>.Alcor Micro Corp.
O42 - Logiciel: Alcor Micro USB Card Reader - (.Alcor Micro Corp..) [HKLM] – {AB398DDB-0E7B-400B-A940-7E61FB91A531} =>.Alcor Micro Corp.
O42 - Logiciel: Alcor Micro USB Card Reader - (.Alcor Micro Corp..) [HKLM] – AmUStor =>.Alcor Micro Corp.
O42 - Logiciel: Atheros Client Installation Program - (.Atheros.) [HKLM] – {28006915-2739-4EBE-B5E8-49B25D32EB33} =>.Macrovision Corporation®
O42 - Logiciel: Atheros Client Installation Program - (.Atheros.) [HKLM] – {D3694B69-6F8C-42D3-8A0A-EB2AB528C02C} =>.Macrovision Corporation®
O42 - Logiciel: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM] – {3108C217-BE83-42E4-AE9E-A56A2A92E549} =>.Atheros Communications Inc.®
O42 - Logiciel: AVG PC TuneUp 2015 (en-US) - (.AVG Technologies.) [HKLM] – {4AC74ED1-719B-46DA-8B8A-340FBF892291} =>.AVG Technologies
O42 - Logiciel: Broadcom 802.11 Network Adapter - (.Broadcom Corporation.) [HKLM] – Broadcom 802.11 Network Adapter =>.Broadcom Corporation®
O42 - Logiciel: Canon IJ Network Scanner Selector EX - (..) [HKLM] – Canon_IJ_Network_Scanner_Selector_EX =>.Canon Inc.®
O42 - Logiciel: Canon IJ Network Tool - (.Canon Inc..) [HKLM] – Canon_IJ_Network_UTILITY =>.Canon Inc.®
O42 - Logiciel: Canon MX420 series MP Drivers - (.Canon Inc..) [HKLM] – {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}Canon_MX420_series =>.Canon Inc.®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] – CCleaner =>.Piriform Ltd®
O42 - Logiciel: Cisco AnyConnect Secure Mobility Client - (.Cisco Systems, Inc..) [HKLM] – Cisco AnyConnect Secure Mobility Client =>.Cisco Systems, Inc.®
O42 - Logiciel: Cisco AnyConnect Secure Mobility Client - (.Cisco Systems, Inc..) [HKLM] – {F63E747C-5B51-4A6E-9413-BF258F4653F3} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM] – {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM] – {51C7AD07-C3F6-4635-8E8A-231306D810FE} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM] – {ED5776D5-59B4-46B7-AF81-5F2D94D7C640} =>.Cisco Systems, Inc.
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] – {01FB4998-33C4-4431-85ED-079E3EEFE75D} =>.CyberLink®
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] – InstallShield{01FB4998-33C4-4431-85ED-079E3EEFE75D} =>.CyberLink®
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] – {E09C4DB7-630C-4F06-A631-8EA7239923AF} =>.Microsoft
O42 - Logiciel: Family Tree Maker 2012 - (.Ancestry.com, Inc..) [HKLM] – {1CB0993B-1CD4-4A18-9C85-9732AFD9843F}
O42 - Logiciel: Family Tree Maker 2012 - (.Ancestry.com, Inc..) [HKLM] – Family Tree Maker 2012
O42 - Logiciel: FileHippo App Manager - (.FileHippo.com.) [HKLM] – FileHippo.com =>.FileHippo.com
O42 - Logiciel: FlashGet3.7 - (. http://www.flashget.com .) [HKLM] – FlashGet3.7 =>. http://www.flashget.com
O42 - Logiciel: FormatFactory 2.20 - (.Free Time.) [HKLM] – FormatFactory =>.Free Time
O42 - Logiciel: GOM Player - (.Gretech Corporation.) [HKLM] – GOM Player =>.Gretech Corporation
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] – Google Chrome =>.Google Inc®
O42 - Logiciel: Google Photos Backup - (.Google, Inc..) [HKCU] – Google Photos Backup =>.Google, Inc.
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] – {18455581-E099-4BA8-BC6B-F34B2F06600C} =>.Google Inc.
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] – {2318C2B1-4965-11d4-9B18-009027A5CD4F} =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] – {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] – {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
O42 - Logiciel: HTC Driver Installer - (.HTC Corporation.) [HKLM] – {4CEEE5D0-F905-4688-B9F9-ECC710507796} =>.HTC Corporation
O42 - Logiciel: HTC Sync Manager - (.HTC.) [HKLM] – {231D0C79-98A6-4693-A366-36DE7D7346EC} =>.HTC
O42 - Logiciel: ImagXpress - (.Nero AG.) [HKLM] – {A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D} =>.Nero AG
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM] – {65153EA5-8B6E-43B6-857B-C6E4FC25798A} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM] – {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation®
O42 - Logiciel: IPTInstaller - (.HTC.) [HKLM] – {08208143-777D-4A06-BB54-71BF0AD1BB70} =>.HTC
O42 - Logiciel: Java 8 Update 121 - (.Oracle Corporation.) [HKLM] – {26A24AE4-039D-4CA4-87B4-2F32180121F0} =>.Oracle Corporation
O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM] – {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] – {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} =>.Microsoft Corporation
O42 - Logiciel: K-Lite Codec Pack 8.3.2 (Full) - (.KLite Inc.) [HKLM] – KLiteCodecPack_is1 =>.KLite Inc
O42 - Logiciel: Lenovo_Wireless_Driver - (.Lenovo.) [HKLM] – {28ABE740-47F3-441B-9437-852F6A64EFF8} =>.Macrovision Corporation®
O42 - Logiciel: Malwarebytes Anti-Malware version 2.2.1.1043 - (.Malwarebytes.) [HKLM] – Malwarebytes Anti-Malware_is1 =>.Malwarebytes
O42 - Logiciel: Master PDF Editor 2.1.65 - (.Code Industry Ltd..) [HKLM] – Master PDF Editor 2.1.65_is1
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM] – {8C6D6116-B724-4810-8F2D-D047E6B7D68E} =>.Microsoft Corporation
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] – {50816F92-1652-4A7C-B9BC-48F682742C4B} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Access MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0015-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Access Setup Metadata MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0117-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Application Error Reporting - (.Microsoft Corporation.) [HKLM] – {95120000-00B9-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft DCF MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0090-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Excel MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0016-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Groove MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-00BA-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft InfoPath MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0044-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Lync MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-012B-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft OneNote MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-00A1-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Outlook MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-001A-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft PowerPoint MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0018-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Publisher MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0019-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] – {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visio MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0054-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visio Professional 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0051-0000-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visio Professional 2013 - (.Microsoft Corporation.) [HKLM] – Office15.VISPRO =>.Microsoft Corporation®
O42 - Logiciel: Microsoft Word MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-001B-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] – {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} =>.Microsoft
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] – {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} =>.Microsoft Corporation
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] – {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} =>.Microsoft Corporation
O42 - Logiciel: My Photo Creations (Photobookmart Edition) - (.Digilabs.) [HKLM] – {111FC0F4-F93D-4FB1-A91D-B0258A8A1BA5}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] – {56C049BE-79E9-4502-BEA7-9754A3E60F9B} =>.Nero AG
O42 - Logiciel: PDF Password Remover - (.Tenorshare, Inc..) [HKLM] – PDF Password Remover =>.Tenorshare, Inc.
O42 - Logiciel: PDFill PDF Editor with FREE Writer and FREE Tools - (.PlotSoft LLC.) [HKLM] – {D1399216-81B2-457C-A0F7-73B9A2EF6902} =>.PlotSoft LLC
O42 - Logiciel: Photobook Designer - (.Photobook Malaysia.) [HKCU] – Photobook Designer
O42 - Logiciel: Pismo File Mount Audit Package - (..) [HKLM] – PismoFileMountAuditPackage =>.Pismo Technic Inc.®
O42 - Logiciel: PIXAJOY Editor - (.Pixajoy.) [HKCU] – PIXAJOY Editor
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] – {B67BAFBA-4C9F-48FA-9496-933E3B255044} =>Riskware.QuickTime
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM] – {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek USB 2.0 Reader Driver - (.Realtek Semiconductor Corp..) [HKLM] – {62BBB2F0-E220-4821-A564-730807D2C34D} =>.Realtek Semiconductor Corp®
O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM] – {9D3D8C60-A55F-4123-B2B9-173F09590E16} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Riverbed Steelhead Mobile - (.Riverbed Technology, Inc..) [HKLM] – {09D86FD5-EA7E-4072-997F-4E88AE25ACA2} =>.Riverbed Technology, Inc.
O42 - Logiciel: RogueKiller version 12.9.8.0 - (.Adlice Software.) [HKLM] – 8B3D7924-ED89-486B-8322-E8594065D5CB_is1 =>.Adlice®
O42 - Logiciel: S-Bar - (.MSI.) [HKLM] – {4E18A842-A084-46E0-81BA-31C7EB96B26C} =>.MSI
O42 - Logiciel: TeamViewer 10 - (.TeamViewer.) [HKLM] – TeamViewer =>.TeamViewer®
O42 - Logiciel: Telegram Desktop version 0.10.19 - (.Telegram Messenger LLP.) [HKCU] – {53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1 =>.Telegram Messenger LLP
O42 - Logiciel: TuneUp Utilities 2014 (en-US) - (.TuneUp Software.) [HKLM] – {14C8CE46-C68C-461B-BCA9-E276A85851C6} =>.TuneUp Software
O42 - Logiciel: Update for Skype for Business 2015 (KB3039776) 32-Bit Edition - (.Microsoft.) [HKLM] – {90150000-012B-0409-0000-0000000FF1CE}Office15.PROPLUS{9F6B3627-AF9E-40A5-AAD5-3497C4327616} =>.Microsoft Corporation®
O42 - Logiciel: Update for Skype for Business 2015 (KB3161988) 32-Bit Edition - (.Microsoft.) [HKLM] – {90150000-0011-0000-0000-0000000FF1CE}Office15.PROPLUS{245EB15F-A90C-422B-9D3F-3AEEDF028CCC} =>.Microsoft Corporation®
O42 - Logiciel: Update for Skype for Business 2015 (KB3161988) 32-Bit Edition - (.Microsoft.) [HKLM] – {90150000-012B-0409-0000-0000000FF1CE}Office15.PROPLUS{245EB15F-A90C-422B-9D3F-3AEEDF028CCC} =>.Microsoft Corporation®
O42 - Logiciel: Uplayer - (.D-LINK CORPORATION.) [HKLM] – {246F5A8A-ADB1-4ED9-BE01-C4118E7DB3A5} =>.D-Link Corporation
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM] – {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
O42 - Logiciel: VNC Enterprise Edition E4.5.1 - (.RealVNC Ltd..) [HKLM] – RealVNC_is1 =>.RealVNC Ltd.
O42 - Logiciel: VNC Mirror Driver 1.8.0 - (.RealVNC Ltd..) [HKLM] – VNCMirror_is1 =>.RealVNC Ltd.
O42 - Logiciel: VNC Printer Driver 1.6.0 - (.RealVNC Ltd..) [HKLM] – VNCPrinter_is1 =>.RealVNC Ltd.
O42 - Logiciel: WD Drive Utilities - (.Western Digital Technologies, Inc..) [HKLM] – {E61CFDDA-40DD-4400-95CA-12819C50B5C2} =>.Western Digital Technologies, Inc.
O42 - Logiciel: WD Security - (.Western Digital Technologies, Inc..) [HKLM] – {429a42d7-4c55-44d4-b38a-5872a0d70495} =>.Western Digital Technologies, Inc.®
O42 - Logiciel: WD Security - (.Western Digital Technologies, Inc..) [HKLM] – {F1D5FC88-4EE0-4D0B-917B-60E930142FB9} =>.Western Digital Technologies, Inc.
O42 - Logiciel: WD SES Driver Setup - (.Western Digital.) [HKLM] – {924A274D-38B6-4930-8859-F3F51CFA8DDD} =>.Western Digital
O42 - Logiciel: WD SmartWare - (.Western Digital Technologies, Inc..) [HKLM] – {6EE644CD-FC7F-424C-83EA-9C0285C4FB7F} =>.Western Digital Technologies, Inc.
O42 - Logiciel: Win7codecs - (.Shark007.) [HKLM] – {8C0CAA7A-3272-4991-A808-2C7559DE3409} =>.Shark007
O42 - Logiciel: Windows 7 USB/DVD Download Tool - (.Microsoft Corporation.) [HKLM] – {CCF298AF-9CE1-4B26-B251-486E98A34789} =>.Microsoft Corporation
O42 - Logiciel: Windows Driver Package - ENE (EUCR) USB (12/04/2009 5.89.0.64) - (.ENE.) [HKLM] – 7F523D4F8E191139525DC0260B06BF68E4E581EE =>.ENE Technology Inc.®
O42 - Logiciel: Windows Driver Package - Intel (NETw5s32) net (03/18/2010 13.2.0.30) - (.Intel.) [HKLM] – 5B1D8E9CE6F89F5466353F3E5A7084A126505FEA =>.Microsoft Windows®
O42 - Logiciel: Windows Driver Package - Intel (NETw5s32) net (09/15/2009 13.0.0.107) - (.Intel.) [HKLM] – 261F972493946CC8B32688E5247ADD2EE612DEB9 =>.Microsoft Windows®
O42 - Logiciel: Windows Driver Package - Intel (NETw5v32) net (03/18/2010 13.2.0.30) - (.Intel.) [HKLM] – DA556C9045FE4065F487AF1C9B3992A6AD4C8A66 =>.Microsoft Windows®
O42 - Logiciel: Windows Driver Package - Intel (NETw5v32) net (09/15/2009 13.0.0.107) - (.Intel.) [HKLM] – FB8C5A1BB9B0EB1DBE21E5BBBF6942439C4FB2F9 =>.Microsoft Windows®
O42 - Logiciel: Windows Driver Package - Ralink (netr28u) Net (11/13/2009 3.00.09.0000) - (.Ralink.) [HKLM] – AB8CA567F16EA6E1DF917E5D13C2A15AD9BB4B14 =>.Microsoft Windows Component Publisher®
O42 - Logiciel: Windows Driver Package - Ralink Technology, Corp. (netr28) Net (02/09/2010 - (.Ralink Technology, Corp..) [HKLM] – DA9E83E3434B0A377F6C3573D30A3E6E692E31F2 =>.Microsoft Windows Component Publisher®
O42 - Logiciel: Windows Media Encoder 9 Series - (.Microsoft Corporation.) [HKLM] – {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} =>.Microsoft Corporation
O42 - Logiciel: Windows Media Encoder 9 Series - (.Microsoft Corporation.) [HKLM] – Windows Media Encoder 9 =>.Microsoft Corporation
O42 - Logiciel: WinRAR archiver - (.win.rar GmbH.) [HKLM] – WinRAR archiver =>.win.rar GmbH
O42 - Logiciel: WinZip 15.0 - (.WinZip Computing, S.L..) [HKLM] – {CD95F661-A5C4-44F5-A6AA-ECDD91C240BE} =>.WinZip Computing, S.L.

—\ HKCU & HKLM Software Keys (134) - 40s
HKLM\SOFTWARE\121_31
HKLM\SOFTWARE<company>
HKLM\SOFTWARE\Adobe =>.Adobe
HKLM\SOFTWARE\Ancestry.com
HKLM\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKLM\SOFTWARE\Apple Inc. =>.Apple Inc.
HKLM\SOFTWARE\Atheros =>.Qualcomm Atheros
HKLM\SOFTWARE\ATI Technologies =>.ATI Technologies
HKLM\SOFTWARE\Avg =>.AVG Software
HKLM\SOFTWARE\BCL Technologies =>.BCL Technologies
HKLM\SOFTWARE\Broadcom =>.Broadcom
HKLM\SOFTWARE\Canon =>.Canon
HKLM\SOFTWARE\Caphyon =>.Caphyon
HKLM\SOFTWARE\CBSTEST =>.CBS Test
HKLM\SOFTWARE\Cisco =>.Cisco Systems, Inc.
HKLM\SOFTWARE\CyberLink =>.CyberLink Corporation
HKLM\SOFTWARE\DivXNetworks =>.DivXNetworks
HKLM\SOFTWARE\FlashGet Network
HKLM\SOFTWARE\Gabest =>.Gabest
HKLM\SOFTWARE\GEAR Software =>.GEAR Software
HKLM\SOFTWARE\GNU =>.GNU
HKLM\SOFTWARE\Google =>.Google
HKLM\SOFTWARE\GRETECH =>.Gretech
HKLM\SOFTWARE\HaaliMkx =>.Haali Media
HKLM\SOFTWARE\HTC =>.HTC
HKLM\SOFTWARE\IM Providers =>.IM Providers
HKLM\SOFTWARE\inKline Global
HKLM\SOFTWARE\Intel =>.Intel
HKLM\SOFTWARE\Internet Download Manager =>.Tonec Inc
HKLM\SOFTWARE\InterVideo =>.InterVideo
HKLM\SOFTWARE\IObit =>.IObit
HKLM\SOFTWARE\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\JreMetrics =>.JreMetrics
HKLM\SOFTWARE\KLCodecPack =>.KLite Inc
HKLM\SOFTWARE\LAV =>.LAV Inc
HKLM\SOFTWARE\Macromedia =>.Macromedia
HKLM\SOFTWARE\McAfee.com =>.McAfee Inc.
HKLM\SOFTWARE\MimarSinan =>.Mimar Sinan
HKLM\SOFTWARE\Mozilla =>.Mozilla
HKLM\SOFTWARE\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\MSI =>.MSI
HKLM\SOFTWARE\Nero =>.Ahead Corporation
HKLM\SOFTWARE\Nico Mak Computing =>.Nico Mak Computing
HKLM\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Piriform =>.Piriform
HKLM\SOFTWARE\PlotSoft =>.PlotSoft
HKLM\SOFTWARE\PocketSoft
HKLM\SOFTWARE\PS
HKLM\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\RealVNC =>.RealVNC
HKLM\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKLM\SOFTWARE\Riverbed
HKLM\SOFTWARE\RTLSetup =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Skype =>.Skype
HKLM\SOFTWARE\StarterBackgroundChanger
HKLM\SOFTWARE\TeamViewer =>.TeamViewer
HKLM\SOFTWARE\TrendMicro =>.TrendMicro
HKLM\SOFTWARE\TuneUp =>.TuneUp
HKLM\SOFTWARE\Volatile =>.Microsoft Corporation
HKLM\SOFTWARE\WDPA =>.WDPA
HKLM\SOFTWARE\webroot =>.Webroot
HKLM\SOFTWARE\Western Digital =>.Western Digital
HKLM\SOFTWARE\WinRAR =>.WinRAR
HKLM\SOFTWARE\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\yahoo =>.Yahoo! Inc.
HKCU\SOFTWARE\3rd Eye Solutions
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\Ancestry.com
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc. =>.Apple Inc.
HKCU\SOFTWARE\ASProtect =>.ASPack Software
HKCU\SOFTWARE\Avg =>.AVG Software
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\BugSplat =>.Bugsplat Game
HKCU\SOFTWARE\Canon =>.Canon
HKCU\SOFTWARE\CanonBJ =>.Canon Inc.
HKCU\SOFTWARE\Caphyon =>.Caphyon
HKCU\SOFTWARE\CDDB =>.Cddb Software
HKCU\SOFTWARE\Cisco =>.Cisco Systems, Inc.
HKCU\SOFTWARE\Code Industry
HKCU\SOFTWARE\CyberLink =>.CyberLink Corporation
HKCU\SOFTWARE\dlink
HKCU\SOFTWARE\DownloadManager =>.DownloadManager
HKCU\SOFTWARE\FileHippo.com =>.FileHippo.com
HKCU\SOFTWARE\FileOpen =>.FileOpen Systems Inc.
HKCU\SOFTWARE\FreeTime =>.FreeTime Inc
HKCU\SOFTWARE\Gabest =>.Gabest
HKCU\SOFTWARE\GNU =>.GNU
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\GRETECH =>.Gretech
HKCU\SOFTWARE\HTC =>.HTC
HKCU\SOFTWARE\ihelper =>.Legitimate
HKCU\SOFTWARE\IM Providers =>.IM Providers
HKCU\SOFTWARE\InstallPath =>.Legitimate
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\Lake =>.Lake Sofware
HKCU\SOFTWARE\LAV =>.LAV Inc
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\McAfee =>.McAfee Inc.
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKCU\SOFTWARE\MSI =>.MSI
HKCU\SOFTWARE\Nero =>.Ahead Corporation
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\Nitro =>.Nitro
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\Opera Software =>.Opera Software
HKCU\SOFTWARE\pdfconverter.com =>.pdfconverter.com
HKCU\SOFTWARE\Photobook Designer
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\PIXAJOY Editor
HKCU\SOFTWARE\PlotSoft =>.PlotSoft
HKCU\SOFTWARE\pocketsoft
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\RealVNC =>.RealVNC
HKCU\SOFTWARE\Riverbed
HKCU\SOFTWARE\Skype =>.Skype
HKCU\SOFTWARE\TeamViewer =>.TeamViewer
HKCU\SOFTWARE\Teiron =>.Teiron
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\TuneUp =>.TuneUp
HKCU\SOFTWARE\Western Digital =>.Western Digital
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.RarLab
HKCU\SOFTWARE\Yahoo =>.Yahoo! Inc.
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\cegcejuhat
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\AppDataLow\Software\Yahoo =>.Yahoo! Inc.

—\ Contents of the Common Files folders (327) - 38s
O43 - CFD: 14/03/2015 - D – C:\Program Files\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 27/02/2012 - D – C:\Program Files\AmIcoSingLun =>.Alcor Micro Corporation
O43 - CFD: 27/02/2012 - D – C:\Program Files\Ashampoo =>.Ashampoo GmbH
O43 - CFD: 22/08/2015 - D – C:\Program Files\Atheros =>.Qualcomm Atheros
O43 - CFD: 07/07/2015 - D – C:\Program Files\AVG =>.AVG Software
O43 - CFD: 18/09/2015 - D – C:\Program Files\BCL Technologies =>.BCL Technologies
O43 - CFD: 27/02/2012 - D – C:\Program Files\Broadcom =>.Broadcom Corporation®
O43 - CFD: 28/10/2016 - D – C:\Program Files\Canon =>.Canon Inc.®
O43 - CFD: 28/10/2016 - HD – C:\Program Files\CanonBJ =>.Canon Inc.
O43 - CFD: 04/02/2017 - D – C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 22/06/2014 - D – C:\Program Files\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 14/11/2014 - D – C:\Program Files\Code Industry
O43 - CFD: 04/02/2017 - D – C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 13/04/2012 - D – C:\Program Files\CyberLink =>.CyberLink Corporation
O43 - CFD: 27/02/2012 - D – C:\Program Files\DIFX =>.Microsoft Corporation
O43 - CFD: 04/02/2017 - [0] D – C:\Program Files\DownloadYoutubeIE
O43 - CFD: 21/11/2010 - D – C:\Program Files\DVD Maker =>.Aone Software
O43 - CFD: 18/09/2015 - D – C:\Program Files\Family Tree Maker 2012 {0617082F262673EB00DF1F193DE22525}
O43 - CFD: 09/10/2016 - D – C:\Program Files\FileHippo.com =>.Well Known Media Ltd®
O43 - CFD: 28/02/2012 - D – C:\Program Files\FlashGet Network =>.FlashGet
O43 - CFD: 21/08/2012 - D – C:\Program Files\FreeTime =>.FreeTime
O43 - CFD: 09/10/2016 - D – C:\Program Files\Google =>.Google Inc®
O43 - CFD: 28/02/2012 - D – C:\Program Files\GRETECH =>.GRETECH®
O43 - CFD: 17/12/2016 - D – C:\Program Files\GUM8A16.tmp =>.Google Inc®
O43 - CFD: 07/02/2015 - D – C:\Program Files\HTC =>.HTC
O43 - CFD: 12/09/2015 - D – C:\Program Files\inKline Global
O43 - CFD: 12/09/2015 - HD – C:\Program Files\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 13/04/2012 - D – C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 24/07/2016 - D – C:\Program Files\Internet Download Manager =>.Tonec Inc
O43 - CFD: 17/12/2016 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 08/08/2016 - D – C:\Program Files\IObit =>.IObit
O43 - CFD: 04/02/2017 - D – C:\Program Files\Java =>.Oracle
O43 - CFD: 28/02/2012 - D – C:\Program Files\K-Lite Codec Pack =>.KLite Inc
O43 - CFD: 27/02/2012 - D – C:\Program Files\Lenovo =>.Lenovo
O43 - CFD: 30/10/2016 - D – C:\Program Files\Malwarebytes Anti-Malware =>.Malwarebytes
O43 - CFD: 16/04/2012 - D – C:\Program Files\Microsoft Analysis Services =>.Microsoft Corporation
O43 - CFD: 21/09/2013 - D – C:\Program Files\Microsoft Application Virtualization Client =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Program Files\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 09/09/2015 - D – C:\Program Files\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 05/02/2017 - D – C:\Program Files\Microsoft Security Client =>.Microsoft Corporation
O43 - CFD: 24/11/2016 - D – C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 09/09/2015 - D – C:\Program Files\Microsoft SQL Server =>.Microsoft Corporation
O43 - CFD: 16/04/2012 - D – C:\Program Files\Microsoft SQL Server Compact Edition =>.Microsoft Corporation
O43 - CFD: 16/04/2012 - D – C:\Program Files\Microsoft Sync Framework =>.Microsoft Corporation
O43 - CFD: 16/04/2012 - D – C:\Program Files\Microsoft Synchronization Services =>.Microsoft Corporation
O43 - CFD: 16/09/2015 - D – C:\Program Files\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 24/11/2016 - D – C:\Program Files\Mozilla Firefox =>.Mozilla
O43 - CFD: 09/09/2015 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 22/08/2015 - D – C:\Program Files\MSECache =>.Microsoft Corporation
O43 - CFD: 02/09/2012 - [0] D – C:\Program Files\MSXML 4.0 =>.Microsoft Corporation
O43 - CFD: 03/02/2014 - D – C:\Program Files\My Photo Creations (Photobookmart Edition) {00B0948F9E29EED75E31BAF47F5061A0D3}
O43 - CFD: 31/01/2014 - D – C:\Program Files\Nero =>.Ahead Corporation
O43 - CFD: 31/01/2014 - D – C:\Program Files\OpenOffice.org 3 =>.SourceForge
O43 - CFD: 22/08/2015 - D – C:\Program Files\Opera =>.Opera Software
O43 - CFD: 03/09/2016 - D – C:\Program Files\PDF Password Remover
O43 - CFD: 25/12/2013 - D – C:\Program Files\Photobook Designer
O43 - CFD: 08/09/2015 - D – C:\Program Files\Pismo File Mount Audit Package =>.Pismo Technic Inc.®
O43 - CFD: 11/10/2014 - D – C:\Program Files\PIXAJOY Editor
O43 - CFD: 14/11/2014 - D – C:\Program Files\PlotSoft =>.PlotSoft
O43 - CFD: 29/09/2013 - D – C:\Program Files\QuickTime
O43 - CFD: 27/02/2012 - D – C:\Program Files\Realtek =>.Realtek
O43 - CFD: 27/02/2012 - D – C:\Program Files\REALTEK PCIE Wireless LAN Driver =>.Realtek Semiconductor Corp.
O43 - CFD: 22/06/2014 - D – C:\Program Files\RealVNC =>.RealVNC
O43 - CFD: 14/07/2009 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 02/11/2014 - D – C:\Program Files\Riverbed
O43 - CFD: 26/02/2017 - D – C:\Program Files\RogueKiller =>.Adlice
O43 - CFD: 13/04/2012 - D – C:\Program Files\S-Bar
O43 - CFD: 24/05/2015 - D – C:\Program Files\Save my Tabs
O43 - CFD: 23/05/2015 - D – C:\Program Files\Sidewise Tree Style Tabs
O43 - CFD: 07/02/2015 - D – C:\Program Files\Spirent Communications =>.Spirent Communications
O43 - CFD: 31/01/2014 - D – C:\Program Files\StarterBackgroundChanger
O43 - CFD: 20/10/2015 - D – C:\Program Files\TeamViewer =>.TeamViewer®
O43 - CFD: 14/07/2009 - [0] HD – C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 07/09/2015 - D – C:\Program Files\Western Digital =>.Western Digital Technologies, Inc.®
O43 - CFD: 28/02/2012 - D – C:\Program Files\Win7codecs =>.Shark007
O43 - CFD: 14/07/2013 - D – C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 23/05/2015 - D – C:\Program Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 18/09/2015 - D – C:\Program Files\Windows Media Components =>.Microsoft Corporation®
O43 - CFD: 07/12/2016 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 16/04/2012 - D – C:\Program Files\WinRAR =>.WinRAR
O43 - CFD: 27/02/2012 - D – C:\Program Files\WinZip =>.WinZip Computing®
O43 - CFD: 21/08/2016 - [0] D – C:\Program Files\Yahoo! =>.Yahoo!
O43 - CFD: 08/09/2015 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 09/07/2015 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 28/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX420 series
O43 - CFD: 28/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities =>.Canon Inc.
O43 - CFD: 21/03/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 22/06/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 28/02/2012 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam =>.CyberLink Corporation
O43 - CFD: 18/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2012
O43 - CFD: 28/02/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
O43 - CFD: 14/07/2009 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 12/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player =>.Gretech Corporation
O43 - CFD: 07/02/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC =>.HTC
O43 - CFD: 28/07/2016 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager =>.Tonec Inc
O43 - CFD: 04/02/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java =>.Oracle
O43 - CFD: 28/02/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack =>.KLite Inc
O43 - CFD: 14/07/2009 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 30/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware =>.Malwarebytes
O43 - CFD: 14/11/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Master PDF Editor =>.CAD-KAS Software
O43 - CFD: 09/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 26/02/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 =>.Microsoft Corporation
O43 - CFD: 13/04/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English) =>.Microsoft Corporation
O43 - CFD: 24/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 03/02/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Photo Creations (Photobookmart Edition)
O43 - CFD: 31/01/2014 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1 =>.SourceForge
O43 - CFD: 14/11/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill =>.PlotSoft L.L.C.
O43 - CFD: 25/12/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photobook Designer
O43 - CFD: 08/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pismo File Mount Audit Package
O43 - CFD: 12/10/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIXAJOY Editor
O43 - CFD: 29/09/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
O43 - CFD: 22/06/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC =>.RealVNC
O43 - CFD: 26/02/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller =>.Adlice
O43 - CFD: 13/04/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S-Bar
O43 - CFD: 16/04/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint =>.Microsoft Corporation
O43 - CFD: 28/02/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs =>.Shark007
O43 - CFD: 21/10/2015 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 02/11/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steelhead Mobile
O43 - CFD: 07/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital =>.Western Digital
O43 - CFD: 28/02/2012 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live =>.Microsoft Corporation
O43 - CFD: 18/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media =>.Microsoft Corporation
O43 - CFD: 16/04/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 27/02/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip =>.WinZip
O43 - CFD: 31/01/2014 - D – C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 =>.GEAR Software, Inc.
O43 - CFD: 14/03/2015 - D – C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 27/02/2012 - D – C:\ProgramData\AmUStor =>.Alocr Micro
O43 - CFD: 01/07/2012 - D – C:\ProgramData\Apple =>.Apple Inc.
O43 - CFD: 01/07/2012 - D – C:\ProgramData\Apple Computer =>.Apple Inc.
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 27/02/2012 - D – C:\ProgramData\ashampoo =>.Ashampoo GmbH
O43 - CFD: 27/02/2012 - D – C:\ProgramData\Atheros =>.Qualcomm Atheros
O43 - CFD: 03/01/2013 - D – C:\ProgramData\AutoKMS =>HackTool.AutoKMS
O43 - CFD: 07/09/2015 - D – C:\ProgramData\AVG =>.AVG Software
O43 - CFD: 07/09/2015 - D – C:\ProgramData\AVG2015 =>.AVG Software
O43 - CFD: 23/05/2015 - D – C:\ProgramData\Avg_Update_0215pit =>.AVG Software
O43 - CFD: 31/01/2014 - D – C:\ProgramData\Avira =>.Avira Software
O43 - CFD: 30/06/2012 - D – C:\ProgramData\boost_interprocess =>.boost.org
O43 - CFD: 28/10/2016 - [0] D – C:\ProgramData\Canon IJ Network Tool =>.Canon Inc.
O43 - CFD: 28/10/2016 - HD – C:\ProgramData\CanonBJ =>.Canon Inc.
O43 - CFD: 28/10/2016 - HD – C:\ProgramData\CanonIJFAX =>.Canon Inc.
O43 - CFD: 28/10/2016 - D – C:\ProgramData\CanonIJWSpt =>.Canon Inc.
O43 - CFD: 22/06/2014 - D – C:\ProgramData\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 07/09/2015 - D – C:\ProgramData\CismaUva
O43 - CFD: 04/03/2013 - HD – C:\ProgramData\Common Files =>.Microsoft Corporation
O43 - CFD: 19/05/2012 - D – C:\ProgramData\CyberLink =>.CyberLink Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 05/10/2013 - D – C:\ProgramData\FileOpen =>.FileOpen Systems Inc.
O43 - CFD: 09/10/2016 - D – C:\ProgramData\Google =>.Google
O43 - CFD: 06/10/2014 - D – C:\ProgramData\GRETECH =>.Gretech
O43 - CFD: 07/02/2015 - D – C:\ProgramData\HTC =>.HTC
O43 - CFD: 21/10/2015 - D – C:\ProgramData\IObit =>.IObit
O43 - CFD: 21/03/2015 - D – C:\ProgramData\IsolatedStorage =>.id Software
O43 - CFD: 12/09/2015 - D – C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 01/07/2012 - D – C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 21/10/2015 - D – C:\ProgramData\MFAData =>.AVG Software
O43 - CFD: 21/11/2016 - SD – C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 26/02/2017 - D – C:\ProgramData\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 08/09/2015 - D – C:\ProgramData\Microsoft Toolkit =>.Microsoft Corporation
O43 - CFD: 31/01/2014 - D – C:\ProgramData\Nero =>.Ahead Corporation
O43 - CFD: 25/05/2013 - D – C:\ProgramData\Nitro =>.Nitro
O43 - CFD: 04/02/2017 - D – C:\ProgramData\Oracle =>.Oracle
O43 - CFD: 07/09/2015 - D – C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 27/02/2012 - D – C:\ProgramData\PDVD =>.PDVD
O43 - CFD: 14/11/2014 - [0] D – C:\ProgramData\PlotSoft =>.PlotSoft
O43 - CFD: 21/08/2016 - D – C:\ProgramData\ProductData =>.Microsoft Corporation
O43 - CFD: 09/09/2015 - D – C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 02/11/2014 - D – C:\ProgramData\Riverbed
O43 - CFD: 26/02/2017 - D – C:\ProgramData\RogueKiller =>.Adlice
O43 - CFD: 09/10/2016 - D – C:\ProgramData\Skype =>.Skype
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 09/07/2015 - [0] D – C:\ProgramData\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 06/10/2014 - D – C:\ProgramData\TuneUp Software =>.TuneUp Software
O43 - CFD: 04/05/2012 - D – C:\ProgramData\VirtualizedApplications =>.Microsoft Corporation
O43 - CFD: 07/09/2015 - D – C:\ProgramData\Western Digital =>.Western Digital
O43 - CFD: 28/02/2012 - D – C:\ProgramData\Win7codecs =>.Shark007
O43 - CFD: 27/02/2012 - D – C:\ProgramData\WinZip =>.WinZip
O43 - CFD: 07/10/2015 - HD – C:\ProgramData{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
O43 - CFD: 14/03/2015 - D – C:\Program Files\Common Files\Adobe =>.Adobe
O43 - CFD: 07/09/2015 - [0] D – C:\Program Files\Common Files\AV =>.Avast
O43 - CFD: 09/09/2015 - D – C:\Program Files\Common Files\DESIGNER =>.Designer
O43 - CFD: 12/09/2015 - D – C:\Program Files\Common Files\InstallShield =>.InstallShield
O43 - CFD: 27/02/2012 - D – C:\Program Files\Common Files\Intel =>.Intel Corporation
O43 - CFD: 08/09/2015 - D – C:\Program Files\Common Files\IObit =>.IObit
O43 - CFD: 04/02/2017 - D – C:\Program Files\Common Files\Java =>.Oracle
O43 - CFD: 16/09/2015 - D – C:\Program Files\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 07/02/2015 - D – C:\Program Files\Common Files\Nero =>.Ahead Corporation
O43 - CFD: 27/02/2012 - D – C:\Program Files\Common Files\postureAgent =>.Microsoft Corporation
O43 - CFD: 30/10/2014 - D – C:\Program Files\Common Files\PS
O43 - CFD: 14/07/2009 - D – C:\Program Files\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Program Files\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 16/09/2015 - D – C:\Program Files\Common Files\System =>.Microsoft Corporation
O43 - CFD: 07/09/2015 - D – C:\Program Files\Common Files\Western Digital =>.Western Digital
O43 - CFD: 28/02/2012 - D – C:\Program Files\Common Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 25/02/2014 - D – C:\Users\MSI CR-460\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 08/09/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 07/07/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\AVG =>.AVG Software
O43 - CFD: 23/05/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\AVG2015 =>.AVG Software
O43 - CFD: 01/07/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\BITS =>.BITS
O43 - CFD: 21/11/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\BitTorrent
O43 - CFD: 28/10/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\Canon =>.Canon
O43 - CFD: 19/05/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\CyberLink =>.CyberLink Corporation
O43 - CFD: 14/10/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\dlink
O43 - CFD: 23/07/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\DMCache =>.DMCache
O43 - CFD: 27/11/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 08/08/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\FamilyTreeMaker
O43 - CFD: 05/10/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\FileOpen =>.FileOpen Systems Inc.
O43 - CFD: 01/07/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\FlashGet =>.FlashGet
O43 - CFD: 08/07/2014 - D – C:\Users\MSI CR-460\AppData\Roaming\Google =>.Google
O43 - CFD: 01/07/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\GRETECH =>.Gretech
O43 - CFD: 07/02/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\HTC =>.HTC
O43 - CFD: 13/04/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 28/07/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\IDM =>.IDM
O43 - CFD: 25/08/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\ihelper
O43 - CFD: 06/10/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\ILOVEPHOTOBOOK v2.5.4
O43 - CFD: 08/09/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\IObit =>.IObit
O43 - CFD: 23/04/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 21/03/2015 - [0] D – C:\Users\MSI CR-460\AppData\Roaming\Media Player Classic =>.Microsoft Corporation
O43 - CFD: 28/08/2016 - SD – C:\Users\MSI CR-460\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 01/07/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 23/05/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\Nero =>.Ahead Corporation
O43 - CFD: 05/10/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\Nitro =>.Nitro
O43 - CFD: 27/11/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\Nitro PDF =>.Nitro PDF
O43 - CFD: 22/08/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\Opera Software =>.Opera Software
O43 - CFD: 11/10/2014 - D – C:\Users\MSI CR-460\AppData\Roaming\Oracle =>.Oracle
O43 - CFD: 01/01/2014 - D – C:\Users\MSI CR-460\AppData\Roaming\Photobook Designer
O43 - CFD: 12/10/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\PIXAJOY Editor
O43 - CFD: 08/09/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\ProductData =>.Microsoft Corporation
O43 - CFD: 22/06/2014 - D – C:\Users\MSI CR-460\AppData\Roaming\RealVNC =>.RealVNC
O43 - CFD: 13/04/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\RGE
O43 - CFD: 18/09/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Skype =>.Skype
O43 - CFD: 28/10/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 08/09/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\Sun =>.Oracle
O43 - CFD: 21/06/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\TeamViewer =>.TeamViewer
O43 - CFD: 04/02/2017 - D – C:\Users\MSI CR-460\AppData\Roaming\Telegram Desktop =>.Telegram Messenger LLP
O43 - CFD: 13/04/2012 - [0] D – C:\Users\MSI CR-460\AppData\Roaming\TP =>.TP
O43 - CFD: 23/05/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\TuneUp Software =>.TuneUp Software
O43 - CFD: 21/03/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\uTorrent
O43 - CFD: 16/04/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 26/02/2017 - D – C:\Users\MSI CR-460\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 04/02/2017 - D – C:\Users\MSI CR-460\AppData\Local\Adobe =>.Adobe
O43 - CFD: 18/09/2015 - D – C:\Users\MSI CR-460\AppData\Local\Ancestry.com
O43 - CFD: 13/04/2012 - D – C:\Users\MSI CR-460\AppData\Local\Apple =>.Apple Inc.
O43 - CFD: 07/02/2015 - D – C:\Users\MSI CR-460\AppData\Local\Apple Computer =>.Apple Inc.
O43 - CFD: 13/04/2012 - [0] SHD – C:\Users\MSI CR-460\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 03/07/2012 - D – C:\Users\MSI CR-460\AppData\Local\Apps =>.Microsoft Corporation
O43 - CFD: 07/07/2015 - D – C:\Users\MSI CR-460\AppData\Local\Avg =>.AVG Software
O43 - CFD: 23/05/2015 - D – C:\Users\MSI CR-460\AppData\Local\Avg2015 =>.AVG Software
O43 - CFD: 24/12/2013 - D – C:\Users\MSI CR-460\AppData\Local\cache =>.Legitimate
O43 - CFD: 22/06/2014 - D – C:\Users\MSI CR-460\AppData\Local\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 19/05/2012 - D – C:\Users\MSI CR-460\AppData\Local\CyberLink =>.CyberLink Corporation
O43 - CFD: 26/02/2017 - [0] D – C:\Users\MSI CR-460\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 28/06/2015 - [0] D – C:\Users\MSI CR-460\AppData\Local\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 26/02/2017 - [0] D – C:\Users\MSI CR-460\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 07/07/2015 - [0] SHD – C:\Users\MSI CR-460\AppData\Local\EmieBrowserModeList =>.Enterprise mode Site List Mgr
O43 - CFD: 07/07/2015 - [0] SHD – C:\Users\MSI CR-460\AppData\Local\EmieSiteList =>.Enterprise mode Site List Mgr
O43 - CFD: 07/07/2015 - [0] SHD – C:\Users\MSI CR-460\AppData\Local\EmieUserList =>.Enterprise mode Site List Mgr
O43 - CFD: 23/07/2016 - D – C:\Users\MSI CR-460\AppData\Local\Google =>.Google
O43 - CFD: 13/04/2012 - [0] SHD – C:\Users\MSI CR-460\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 08/08/2016 - D – C:\Users\MSI CR-460\AppData\Local\HTC MediaHub =>.HTC MediaHub
O43 - CFD: 18/09/2015 - D – C:\Users\MSI CR-460\AppData\Local\IsolatedStorage =>.id Software
O43 - CFD: 11/08/2012 - D – C:\Users\MSI CR-460\AppData\Local\Macromedia =>.Macromedia
O43 - CFD: 14/11/2014 - [0] D – C:\Users\MSI CR-460\AppData\Local\Master PDF Editor =>.CAD-KAS Software
O43 - CFD: 13/04/2012 - D – C:\Users\MSI CR-460\AppData\Local\MediaServer =>.MediaServer
O43 - CFD: 23/05/2015 - D – C:\Users\MSI CR-460\AppData\Local\MFAData =>.AVG Software
O43 - CFD: 23/05/2015 - D – C:\Users\MSI CR-460\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 21/08/2016 - D – C:\Users\MSI CR-460\AppData\Local\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 01/07/2012 - D – C:\Users\MSI CR-460\AppData\Local\Mozilla =>.Mozilla Corporation
O43 - CFD: 13/04/2012 - D – C:\Users\MSI CR-460\AppData\Local\MSI =>.MSI
O43 - CFD: 22/08/2015 - D – C:\Users\MSI CR-460\AppData\Local\Opera Software =>.Opera Software
O43 - CFD: 23/07/2016 - D – C:\Users\MSI CR-460\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 21/03/2015 - [0] D – C:\Users\MSI CR-460\AppData\Local\RealVNC =>.RealVNC
O43 - CFD: 01/05/2012 - D – C:\Users\MSI CR-460\AppData\Local\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 26/02/2017 - D – C:\Users\MSI CR-460\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 13/04/2012 - [0] SHD – C:\Users\MSI CR-460\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 06/10/2014 - D – C:\Users\MSI CR-460\AppData\Local\TuneUp Software =>.TuneUp Software
O43 - CFD: 20/08/2012 - D – C:\Users\MSI CR-460\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 07/09/2015 - D – C:\Users\MSI CR-460\AppData\Local\Western Digital =>.Western Digital
O43 - CFD: 07/09/2015 - D – C:\Users\MSI CR-460\AppData\Local\Western_Digital_Technolog =>.Western Digital Technologies
O43 - CFD: 30/10/2014 - [0] D – C:\Users\MSI CR-460\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 23/07/2016 - D – C:\Users\MSI CR-460\AppData\Local\Programs\Google =>.Google
O43 - CFD: 14/07/2009 - RD – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 24/11/2016 - RD – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 21/08/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory =>.FormatFactory
O43 - CFD: 23/07/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup =>.Google Inc.
O43 - CFD: 28/07/2016 - [0] D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager =>.Tonec Inc
O43 - CFD: 14/07/2009 - RD – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 03/09/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Password Remover
O43 - CFD: 24/11/2016 - RD – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 28/07/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop =>.Telegram Messenger LLP
O43 - CFD: 03/07/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool =>.Microsoft Corporation
O43 - CFD: 16/04/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/05/2012 - [0] D – C:\Users\Default\AppData\Local\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/05/2012 - [0] D – C:\Users\Default User\AppData\Local\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 07/07/2015 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\Avg =>.AVG Software
O43 - CFD: 23/05/2015 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\Avg2015 =>.AVG Software
O43 - CFD: 25/02/2013 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\Google =>.Google
O43 - CFD: 27/02/2012 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\MediaServer =>.MediaServer
O43 - CFD: 07/06/2015 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\MFAData =>.AVG Software
O43 - CFD: 23/05/2015 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation
O43 - CFD: 24/05/2015 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 06/10/2014 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\TuneUp Software =>.TuneUp Software
O43 - CFD: 01/07/2012 - D – C:\windows\System32\Config\systemprofile\AppData\R oaming\Apple Computer =>.Apple Inc.
O43 - CFD: 07/07/2015 - D – C:\windows\System32\Config\systemprofile\AppData\R oaming\AVG =>.AVG Software
O43 - CFD: 23/05/2015 - D – C:\windows\System32\Config\systemprofile\AppData\R oaming\AVG2015 =>.AVG Software
O43 - CFD: 08/09/2015 - D – C:\windows\System32\Config\systemprofile\AppData\R oaming\IObit =>.IObit
O43 - CFD: 24/05/2015 - D – C:\windows\System32\Config\systemprofile\AppData\R oaming\McAfee =>.McAfee
O43 - CFD: 28/02/2012 - SD – C:\windows\System32\Config\systemprofile\AppData\R oaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 25/02/2017 - D – C:\windows\System32\Config\systemprofile\AppData\R oaming\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 06/10/2014 - D – C:\windows\System32\Config\systemprofile\AppData\R oaming\TuneUp Software =>.TuneUp Software

—\ ShellIconOverlayIdentifiers (SIOI) (10) - 0s
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) [ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) – C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) [ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) – C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 3 (InSync) [ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) – C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) – C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: Groove Explorer Icon Overlay 1 (GFS Unread Stub) [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) – C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Groove Explorer Icon Overlay 2 (GFS Stub) [Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) – C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) – C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Groove Explorer Icon Overlay 3 (GFS Folder) [Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) – C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Groove Explorer Icon Overlay 4 (GFS Unread Mark) [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) – C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) – C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation

—\ ShareTools MSconfig StartupReg (1) - 0s
O53 - SMSR:HKLM...\startupreg\MSC [Key] . (.Microsoft Corporation - Microsoft Security Client User Interface.) – c:\Program Files\Microsoft Security Client\msseces.exe =>.Microsoft Corporation

—\ System Drivers List (89) - 75s
O58 - SDL:2013/08/31 01:51:25 RA . (.Cisco Systems, Inc. - Cisco AnyConnect Kernel Driver Framework So.) – C:\windows\System32\drivers\acsock.sys [92112] =>.Cisco Systems, Inc.®
O58 - SDL:2009/07/14 05:26:15 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) – C:\windows\System32\drivers\adp94xx.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:26:17 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) – C:\windows\System32\drivers\adpahci.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:26:15 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) – C:\windows\System32\drivers\adpu320.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:26:15 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) – C:\windows\System32\drivers\aliide.sys [92112] =>.Microsoft Windows®
O58 - SDL:2011/03/11 09:38:37 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) – C:\windows\System32\drivers\amdsata.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:26:15 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\windows\System32\drivers\amdsbs.sys [92112] =>.Microsoft Windows®
O58 - SDL:2011/03/11 09:38:37 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\windows\System32\drivers\amdxata.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:26:15 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) – C:\windows\System32\drivers\arc.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:26:15 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\windows\System32\drivers\arcsas.sys [92112] =>.Microsoft Windows®
O58 - SDL:2011/06/26 21:37:12 A . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driv.) – C:\windows\System32\drivers\athr.sys [92112] =>.Atheros Communications, Inc.
O58 - SDL:2015/08/04 11:33:00 A . (.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) – C:\windows\System32\drivers\avgtdix.sys [92112] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2009/07/14 02:02:49 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) – C:\windows\System32\drivers\b57nd60x.sys [92112] =>.Broadcom Corporation
O58 - SDL:2009/07/14 02:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) – C:\windows\System32\drivers\BrFiltLo.sys [92112] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/14 02:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) – C:\windows\System32\drivers\BrFiltUp.sys [92112] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/14 04:57:25 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) – C:\windows\System32\drivers\BrSerId.sys [92112] =>.Brother Industries Ltd.
O58 - SDL:2009/07/14 02:53:32 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) – C:\windows\System32\drivers\BrSerWdm.sys [92112] =>.Brother Industries Ltd.
O58 - SDL:2009/07/14 02:53:33 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) – C:\windows\System32\drivers\BrUsbMdm.sys [92112] =>.Brother Industries Ltd.
O58 - SDL:2009/07/14 02:53:33 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) – C:\windows\System32\drivers\BrUsbSer.sys [92112] =>.Brother Industries Ltd.
O58 - SDL:2009/07/14 02:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) – C:\windows\System32\drivers\bxvbdx.sys [92112] =>.Broadcom Corporation
O58 - SDL:2010/08/20 22:49:06 A . (.CyberLink Corporation - CyberLink WebCam Virtual Driver.) – C:\windows\System32\drivers\clwvd.sys [92112] =>.CyberLink®
O58 - SDL:2009/07/14 05:26:21 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) – C:\windows\System32\drivers\cmdide.sys [92112] =>.Microsoft Windows®
O58 - SDL:2010/11/11 10:11:08 A . (.Realtek Semiconductor Corp. - Realtek Turbo Mode Filter Driver for 39.) – C:\windows\System32\drivers\diskperf.sys [92112] =>.Realtek Semiconductor Corp®
O58 - SDL:2009/07/14 05:20:28 A . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) – C:\windows\System32\drivers\djsvs.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:20:28 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) – C:\windows\System32\drivers\elxstor.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) – C:\windows\System32\drivers\evbdx.sys [92112] =>.Broadcom Corporation
O58 - SDL:2009/07/14 02:54:14 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) – C:\windows\System32\drivers\hcw85cir.sys [92112] =>.Hauppauge Computer Works, Inc.
O58 - SDL:2010/10/20 04:33:40 A . (.Intel Corporation - Intel(R) Management Engine Interface.) – C:\windows\System32\drivers\HECI.sys [92112] =>.Intel Corporation
O58 - SDL:2009/07/14 05:20:28 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\windows\System32\drivers\HpSAMD.sys [92112] =>.Microsoft Windows®
O58 - SDL:2013/10/17 11:27:02 A . (.Windows (R) Win 7 DDK provider - RawPacket NDIS Protocol Driver.) – C:\windows\System32\drivers\htcnprot.sys [92112] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2009/10/27 07:01:06 A . (.QUALCOMM Incorporated - USB Modem/Serial Device Driver.) – C:\windows\System32\drivers\HtcVComV32.sys [92112] =>.QUALCOMM Incorporated
O58 - SDL:2015/09/08 08:52:09 A . (.REALiX™ - HWiNFO x86 Kernel Driver.) – C:\windows\System32\drivers\HWiNFO32.SYS [92112] =>.Martin Malik - REALiX®
O58 - SDL:2011/03/11 09:38:51 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) – C:\windows\System32\drivers\iaStorV.sys [92112] =>.Microsoft Windows®
O58 - SDL:2012/01/27 04:48:06 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) – C:\windows\System32\drivers\idmwfp.sys [92112] =>.Tonec Inc.®
O58 - SDL:2012/03/19 19:27:04 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) – C:\windows\System32\drivers\igdkmd32.sys [92112] =>.Intel Corporation
O58 - SDL:2009/07/14 05:20:36 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) – C:\windows\System32\drivers\iirsp.sys [92112] =>.Microsoft Windows®
O58 - SDL:2011/03/30 12:11:38 A . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) – C:\windows\System32\drivers\IntcDAud.sys [92112] =>.Intel(R) Corporation
O58 - SDL:2010/07/28 20:25:02 A . (.Initio Corporation - Initio Default Vendor Specific Device Drive.) – C:\windows\System32\drivers\ivusb.sys [92112] =>.Initio Corporation®
O58 - SDL:2010/10/21 10:57:18 A . (.Atheros Communications, Inc. - Atheros L1c PCI-E Gigabit Ethernet Controll.) – C:\windows\System32\drivers\L1C62x86.sys [92112] =>.Atheros Communications Inc.®
O58 - SDL:2009/07/14 05:20:36 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) – C:\windows\System32\drivers\lsi_fc.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:20:37 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\windows\System32\drivers\lsi_sas.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:20:36 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\windows\System32\drivers\lsi_sas2.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:20:36 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) – C:\windows\System32\drivers\lsi_scsi.sys [92112] =>.Microsoft Windows®
O58 - SDL:2016/03/10 14:08:52 A . (.Malwarebytes - Malwarebytes Anti-Malware.) – C:\windows\System32\drivers\mbam.sys [92112] =>.Malwarebytes Corporation®
O58 - SDL:2016/03/10 14:08:56 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) – C:\windows\System32\drivers\mbamchameleon.sys [92112] =>.Malwarebytes Corporation®
O58 - SDL:2017/02/04 07:54:26 A . (.Malwarebytes - Malwarebytes Anti-Malware.) – C:\windows\System32\drivers\MBAMSwissArmy.sys [92112] =>.Malwarebytes Corporation®
O58 - SDL:2009/07/14 05:20:36 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) – C:\windows\System32\drivers\megasas.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:20:36 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\windows\System32\drivers\MegaSR.sys [92112] =>.Microsoft Windows®
O58 - SDL:2016/03/10 14:09:04 A . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) – C:\windows\System32\drivers\mwac.sys [92112] =>.Malwarebytes Corporation®
O58 - SDL:2009/11/14 05:44:34 A . (.Ralink Technology Corp. - Ralink 802.11n Wireless Adapter Driver.) – C:\windows\System32\drivers\netr28u.sys [92112] =>.Ralink Technology Corp.
O58 - SDL:2009/07/14 05:20:44 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) – C:\windows\System32\drivers\nfrd960.sys [92112] =>.Microsoft Windows®
O58 - SDL:2011/03/11 09:39:00 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\windows\System32\drivers\nvraid.sys [92112] =>.Microsoft Windows®
O58 - SDL:2011/03/11 09:39:00 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\windows\System32\drivers\nvstor.sys [92112] =>.Microsoft Windows®
O58 - SDL:2015/07/01 01:56:32 A . (.Pismo Technic Inc. - System Extension - Pismo File Mount.) – C:\windows\System32\drivers\pfmfs_178.sys [92112] =>.Pismo Technic Inc.®
O58 - SDL:2009/07/14 05:19:04 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) – C:\windows\System32\drivers\ql2300.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:19:04 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) – C:\windows\System32\drivers\ql40xx.sys [92112] =>.Microsoft Windows®
O58 - SDL:2013/10/07 12:36:30 A . (.Riverbed Technology, Inc - Steelhead Mobile Client.) – C:\windows\System32\drivers\rbtnfd.sys [92112]
O58 - SDL:2011/06/10 02:34:52 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Dr.) – C:\windows\System32\drivers\Rt86win7.sys [92112] =>.Realtek Semiconductor Corp®
O58 - SDL:2011/01/04 21:08:58 A . (.Realtek Semiconductor Corporation - Realtek RTL81892CE NDIS Driverr.) – C:\windows\System32\drivers\rtl8192ce.sys [92112] =>.Realtek Semiconductor Corp®
O58 - SDL:2011/03/15 14:09:16 A . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/V.) – C:\windows\System32\drivers\RtsUVStor.sys [92112] =>.Realtek Semiconductor Corp®
O58 - SDL:2009/07/14 00:50:20 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) – C:\windows\System32\drivers\secdrv.sys [92112] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2009/07/14 05:19:04 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\windows\System32\drivers\sisraid2.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:19:04 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\windows\System32\drivers\sisraid4.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:19:04 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) – C:\windows\System32\drivers\stexstor.sys [92112] =>.Microsoft Windows®
O58 - SDL:2017/02/26 16:10:05 A . (…) – C:\windows\System32\drivers\TrueSight.sys [92112] =>.Adlice®
O58 - SDL:2017/02/25 12:40:53 A . (.Zaitsev Oleg, 2006 - AVZGuard Driver.) – C:\windows\System32\drivers\ujiyodk3.sys [92112]
O58 - SDL:2012/12/13 10:50:38 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) – C:\windows\System32\drivers\usbaapl.sys [92112] =>.Apple, Inc.
O58 - SDL:2017/02/05 13:40:58 A . (.Zaitsev Oleg, Copyright (C) 2004-2006 - AVZ Driver.) – C:\windows\System32\drivers\utiyodk3.sys [92112]
O58 - SDL:2009/07/14 05:19:10 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) – C:\windows\System32\drivers\viaide.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/24 20:21:14 A . (.RealVNC Ltd. - VNC Mirror Miniport.) – C:\windows\System32\drivers\vncmirror.sys [92112] =>.RealVNC Ltd.
O58 - SDL:2013/08/31 01:53:13 A . (.Cisco Systems, Inc. - Cisco AnyConnect Secure Mobility Client Vir.) – C:\windows\System32\drivers\vpnva-6.sys [92112] =>.Cisco Systems, Inc.®
O58 - SDL:2009/07/14 05:19:11 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\windows\System32\drivers\vsmraid.sys [92112] =>.Microsoft Windows®
O58 - SDL:2015/04/30 00:01:06 A . (.Western Digital Technologies - WD SCSI Architecture Model (SAM) driver.) – C:\windows\System32\drivers\wdcsam.sys [92112] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2009/07/14 01:40:41 A . (…) – C:\windows\System32\ANSI.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/10/05 21:31:50 A . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driv.) – C:\windows\System32\athr.sys [92112] =>.Atheros Communications, Inc.
O58 - SDL:2009/07/14 01:40:44 A . (…) – C:\windows\System32\country.sys [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:40 A . (…) – C:\windows\System32\HIMEM.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:43 A . (…) – C:\windows\System32\KEY01.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:43 A . (…) – C:\windows\System32\KEYBOARD.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:23 A . (…) – C:\windows\System32\NTDOS.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:31 A . (…) – C:\windows\System32\NTDOS404.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:35 A . (…) – C:\windows\System32\NTDOS411.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:39 A . (…) – C:\windows\System32\NTDOS412.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:27 A . (…) – C:\windows\System32\NTDOS804.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:11 A . (…) – C:\windows\System32\NTIO.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:15 A . (…) – C:\windows\System32\NTIO404.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:17 A . (…) – C:\windows\System32\NTIO411.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:19 A . (…) – C:\windows\System32\NTIO412.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:13 A . (…) – C:\windows\System32\NTIO804.SYS [92112] =>.Microsoft Corporation

—\ Last modified or created user files (1) - 35s
O61 - LFC: 2017/02/25 12:16:44 A . (.Alex Dragokas.) – C:\Users\MSI CR-460\Desktop\clearlnk_2.9.0.11.exe [462976]

—\ File Associations Shell Spawning (10) - 1s
O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S

—\ Start Menu Internet (8) - 0s
O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

—\ Search Browser Infection (3) - 3s
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com

—\ Search Svchost Services (32) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) – C:\Windows\System32\aelupsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\Windows\System32\srvsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\Windows\System32\gpsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\Windows\System32\IKEEXT.DLL [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) – C:\Windows\System32\audiosrv.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\Windows\System32\rasauto.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\Windows\System32\rasmans.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\Windows\System32\Sens.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\Windows\System32\ipnathlp.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) – C:\Windows\System32\termsrv.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\Windows\System32\wuaueng.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\Windows\System32\qmgr.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\Windows\System32\iphlpsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\Windows\System32\seclogon.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\Windows\System32\appinfo.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\Windows\System32\iscsiexe.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) – C:\Windows\System32\mmcss.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\Windows\System32\wercplsupport.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\Windows\System32\eapsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\Windows\System32\profsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\Windows\System32\schedsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) – C:\Windows\System32\KMSVC.DLL [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\Windows\System32\wbem\WMIsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\Windows\System32\browser.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\Windows\System32\themeservice.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\Windows\System32\bdesvc.dll [92112] =>.Microsoft Corporation

—\ Additional Scan (O88) (8) - 0s
C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnligehkhogpcngalffdoomehj cbecna =>.Superfluous.Linkury
C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehmndecgbcffhmfjkenpamdge chcgpe =>.Superfluous.Linkury
C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda =>Hijacker.Browser
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\U ninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\U ninstall{B67BAFBA-4C9F-48FA-9496-933E3B255044} =>Riskware.QuickTime
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{B67BAFBA-4C9F-48FA-9496-933E3B255044} =>Riskware.QuickTime
C:\ProgramData\AutoKMS =>HackTool.AutoKMS

—\ Summary of the elements found (5) - 0s
Redirecting... =>.Superfluous.Linkury
Hijacker Browser, un pirate de navigateur internet. - ZAM =>Hijacker.Browser
Heuristic Suspect, 1 Logiciel Indésirable. - ZAM =>Heuristic.Suspect
https://nicolascoolman.eu/2017/01/15...are-quicktime/ =>Riskware.QuickTime
AutoKMS, Application Potentiellement Superflue. - ZAM =>HackTool.AutoKMS

~ Unselected Options: O82,
~ End of the scan, 71591 items in 05mn42s (1078)(0)

**toreee** · 03-11-2017, 08:19 AM

Adware Removal Tool 5.1
Time: 2017_03_11_05_27_21
OS: Windows 7 Starter - x86 Bit
Account Name: MSI CR-460
Adware Definition: 03082017.2
Elapsed time: 29:53
Repair Status:- Automatic Done
\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\

[-] Deleted ->> File ->> C:\Users\MSI CR-460\Appdata\LocalLow\Microsoft\Internet Explorer\Services\search_{006ee092-9658-4fd6-bd8e-a21a348e59f5}.ico

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ RegValue: DefaultScope RegData: {006ee092-9658-4fd6-bd8e-a21a348e59f5} : {006ee092-9658-4fd6-bd8e-a21a348e59f5}

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ RegValue: FaviconPath RegData: C:\Users\MSI CR-460\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{006ee092-9658-4fd6-bd8e-a21a348e59f5}.ico : C:\Users\MSI CR-460\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{006ee092-9658-4fd6-bd8e-a21a348e59f5}.ico

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\ RegValue: Default RegData: http://feed.snapdo.com/?publisher=So...archtype=ds&q= {searchTerms}&installDate=07/12/2013 : http://feed.snapdo.com/?publisher=So...archtype=ds&q= {searchTerms}&installDate=07/12/2013

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ RegValue: DefaultScope RegData: {006ee092-9658-4fd6-bd8e-a21a348e59f5} : {006ee092-9658-4fd6-bd8e-a21a348e59f5}

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ RegValue: FaviconPath RegData: C:\Users\MSI CR-460\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{006ee092-9658-4fd6-bd8e-a21a348e59f5}.ico : C:\Users\MSI CR-460\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{006ee092-9658-4fd6-bd8e-a21a348e59f5}.ico

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\ RegValue: Default RegData: http://feed.snapdo.com/?publisher=So...archtype=ds&q= {searchTerms}&installDate=07/12/2013 : http://feed.snapdo.com/?publisher=So...archtype=ds&q= {searchTerms}&installDate=07/12/2013

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ RegValue: DefaultScope RegData: {006ee092-9658-4fd6-bd8e-a21a348e59f5} : {006ee092-9658-4fd6-bd8e-a21a348e59f5}

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ RegValue: FaviconPath RegData: C:\Users\MSI CR-460\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{006ee092-9658-4fd6-bd8e-a21a348e59f5}.ico : C:\Users\MSI CR-460\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{006ee092-9658-4fd6-bd8e-a21a348e59f5}.ico

[-] Repaired ->> File ->> C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Web Data

[-] Repaired ->> File ->> C:\Users\MSI CR-460\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{006ee092-9658-4fd6-bd8e-a21a348e59f5}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\classes\CLSID{6DDA37BA-0553-499A-AE0D-BEBA67204548}

[-] Deleted ->> Registry Key ->> HKEY_CLASSES_ROOT\CLSID{6DDA37BA-0553-499A-AE0D-BEBA67204548}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record{181480C 8-90AC-3430-B39A-CD121E034A1A}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record{8F54FA5 4-1DF8-3B20-890C-CDD95364BC95}

**Malnutrition** · 03-11-2017, 08:31 AM

That is an old ZHP Diag log… ~ Run by MSI CR-460 (Administrator) (2017/02/26 17:29:44) Ran on Febuary 26…

Also, when does the error appear? When you boot the machine? When you click a certain application? Detail about the issue, helps me help you.

I was almost certain that the entry below that we removed with ZHP was the issue.
[MD5.00000000000000000000000000000000] [APT] [Microsoft\Windows\Autochk\Proxy] (…) – C:\windows\system32\rundll32.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty

One of the next two scans should reveal the issue.

Autoruns details everything that starts with your machine so that and the Quick Diag log, should get this thing solved…

Autoruns Log.

Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

Quick Diag Scan.
Downloads - QuickDiag - Download Now - ToolsLib’]

Download Quick Diag to your desktop.[/URL]
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select https://pchelpforum.net/attachments/...7-30-png.1793/ scan.
Post the log that is generated in your next post.

**toreee** · 03-11-2017, 10:24 AM

[ATTACH]1822[/ATTACH]

**toreee** · 03-11-2017, 10:24 AM

when I clikck change date and time setting to set my timing..it pop up the error message

**toreee** · 03-11-2017, 10:33 AM

“HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms” “” “” “” “08/9/2015 8:23 AM” “”

“rdpclip” “” “” “File not found: rdpclip” “” “”
“HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n” “” “” “” “28/2/2017 7:58 PM” “”
“CCleaner” “CCleaner” “Piriform Ltd” “c:\program files\ccleaner\ccleaner.exe” “08/2/2017 6:17 AM” “”
“HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components” “” “” “” “21/8/2016 1:01 PM” “”
“Google Chrome” “Google Chrome Installer” “Google Inc.” “c:\program files\google\chrome\application\56.0.2924.87\insta ller\chrmstp.exe” “01/2/2017 11:48 AM” “”
“Microsoft Windows” “Windows Mail” “Microsoft Corporation” “c:\program files\windows mail\winmail.exe” “14/7/2009 3:42 AM” “”
“HKLM\SOFTWARE\Classes\Protocols\Filter” “” “” “” “23/4/2012 4:47 AM” “”
“text/xml” “Microsoft Office XML MIME Filter” “Microsoft Corporation” “c:\program files\common files\microsoft shared\office15\msoxmlmf.dll” “18/12/2013 12:15 AM” “”
“HKLM\SOFTWARE\Classes\Protocols\Handler” “” “” “” “25/2/2017 12:07 PM” “”
“ms-help” “Microsoft® Help Data Services Module” “Microsoft Corporation” “c:\program files\common files\microsoft shared\help\hxds.dll” “07/11/2012 2:30 PM” “”
“osf” “Microsoft Office 2013 component” “Microsoft Corporation” “c:\program files\microsoft office\office15\msosb.dll” “20/4/2016 2:34 AM” “”
“wlmailhtml” “Windows Live Mail” “Microsoft Corporation” “c:\program files\windows live\mail\mailcomm.dll” “10/11/2010 2:56 PM” “”
“wlpg” “Windows Live Album Download Protocol Handler” “Microsoft Corporation” “c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll” “10/11/2010 2:21 PM” “”
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellExecuteHooks” “” “” “” “16/4/2012 3:31 AM” “”
“Groove GFS Stub Execution Hook” “Microsoft SharePoint Workspace Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office14\grooveex.dll” “19/12/2013 4:37 AM” “”
“HKLM\Software\Classes*\ShellEx\ContextMenuHandler s” “” “” “” “21/11/2016 7:12 PM” “”
“EPP” “Microsoft Security Client Shell Extension” “Microsoft Corporation” “c:\program files\microsoft security client\shellext.dll” “15/11/2016 7:58 AM” “”
“PismoFileMountAuditPackage” “Shell Extension - Pismo File Mount Audit Package” “Pismo Technic Inc.” “c:\windows\system32\pfmshx_178.dll” “01/7/2015 1:57 AM” “”
“XXX Groove GFS Context Menu Handler XXX” “Microsoft SharePoint Workspace Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office14\grooveex.dll” “19/12/2013 4:37 AM” “”
“HKLM\Software\Classes\Drive\ShellEx\ContextMenuHa ndlers” “” “” “” “21/11/2016 7:12 PM” “”
“EPP” “Microsoft Security Client Shell Extension” “Microsoft Corporation” “c:\program files\microsoft security client\shellext.dll” “15/11/2016 7:58 AM” “”
“PismoFileMountAuditPackage” “Shell Extension - Pismo File Mount Audit Package” “Pismo Technic Inc.” “c:\windows\system32\pfmshx_178.dll” “01/7/2015 1:57 AM” “”
“HKLM\Software\Classes*\ShellEx\PropertySheetHandl ers” “” “” “” “07/9/2015 10:31 AM” “”
“WDBackupPropSheetHandler” “WD ContextMenu Handler” “Western Digital Technologies, Inc.” “c:\program files\western digital\wd smartware\wdcontextmenuhandler.dll” “23/7/2014 2:19 AM” “”
“HKLM\Software\Classes\AllFileSystemObjects\ShellE x\ContextMenuHandlers” “” “” “” “30/10/2016 4:23 AM” “”
“XXX Groove GFS Context Menu Handler XXX” “Microsoft SharePoint Workspace Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office14\grooveex.dll” “19/12/2013 4:37 AM” “”
“HKLM\Software\Classes\Directory\ShellEx\ContextMe nuHandlers” “” “” “” “21/11/2016 7:12 PM” “”
“EPP” “Microsoft Security Client Shell Extension” “Microsoft Corporation” “c:\program files\microsoft security client\shellext.dll” “15/11/2016 7:58 AM” “”
“XXX Groove GFS Context Menu Handler XXX” “Microsoft SharePoint Workspace Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office14\grooveex.dll” “19/12/2013 4:37 AM” “”
“HKLM\Software\Classes\Directory\Shellex\DragDropH andlers” “” “” “” “27/2/2012 9:53 AM” “”
“WinRAR” “” “” “c:\program files\winrar\rarext.dll” “12/12/2009 2:11 PM” “”
“WinZip” “WinZip Shell Extension DLL” “WinZip Computing, S.L.” “c:\program files\winzip\wzshlstb.dll” “29/10/2010 10:23 PM” “”
“HKLM\Software\Classes\Directory\Background\ShellE x\ContextMenuHandlers” “” “” “” “16/4/2012 3:31 AM” “”
“Gadgets” “Sidebar droptarget” “Microsoft Corporation” “c:\program files\windows sidebar\sbdrop.dll” “14/7/2009 5:09 AM” “”
“igfxcui” “igfxpph Module” “Intel Corporation” “c:\windows\system32\igfxpph.dll” “20/3/2012 2:12 AM” “”
“XXX Groove GFS Context Menu Handler XXX” “Microsoft SharePoint Workspace Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office14\grooveex.dll” “19/12/2013 4:37 AM” “”
“HKLM\Software\Classes\Folder\Shellex\ColumnHandle rs” “” “” “” “14/3/2015 2:25 PM” “”
“PDF Shell Extension” “PDF Shell Extension” “Adobe Systems, Inc.” “c:\program files\common files\adobe\acrobat\activex\pdfshell.dll” “11/5/2013 1:34 PM” “”
“HKLM\Software\Classes\Folder\ShellEx\ContextMenuH andlers” “” “” “” “30/10/2016 4:23 AM” “”
“PismoFileMountAuditPackage” “Shell Extension - Pismo File Mount Audit Package” “Pismo Technic Inc.” “c:\windows\system32\pfmshx_178.dll” “01/7/2015 1:57 AM” “”
“XXX Groove GFS Context Menu Handler XXX” “Microsoft SharePoint Workspace Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office14\grooveex.dll” “19/12/2013 4:37 AM” “”
“HKLM\Software\Classes\Folder\ShellEx\DragDropHand lers” “” “” “” “27/2/2012 9:53 AM” “”
“WinRAR” “” “” “c:\program files\winrar\rarext.dll” “12/12/2009 2:11 PM” “”
“WinZip” “WinZip Shell Extension DLL” “WinZip Computing, S.L.” “c:\program files\winzip\wzshlstb.dll” “29/10/2010 10:23 PM” “”
“HKLM\Software\Classes\Folder\ShellEx\PropertyShee tHandlers” “” “” “” “07/9/2015 10:31 AM” “”
“WDBackupPropSheetHandler” “WD ContextMenu Handler” “Western Digital Technologies, Inc.” “c:\program files\western digital\wd smartware\wdcontextmenuhandler.dll” “23/7/2014 2:19 AM” “”
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers” “” “” “” “23/7/2016 8:02 PM” “”
" SkyDrivePro1 (ErrorConflict)" “Microsoft OneDrive for Business Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office15\grooveex.dll” “01/11/2016 11:14 AM” “”
" SkyDrivePro2 (SyncInProgress)" “Microsoft OneDrive for Business Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office15\grooveex.dll” “01/11/2016 11:14 AM” “”
" SkyDrivePro3 (InSync)" “Microsoft OneDrive for Business Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office15\grooveex.dll” “01/11/2016 11:14 AM” “”
“Groove Explorer Icon Overlay 1 (GFS Unread Stub)” “Microsoft SharePoint Workspace Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office14\grooveex.dll” “19/12/2013 4:37 AM” “”
“Groove Explorer Icon Overlay 2 (GFS Stub)” “Microsoft SharePoint Workspace Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office14\grooveex.dll” “19/12/2013 4:37 AM” “”
“Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)” “Microsoft SharePoint Workspace Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office14\grooveex.dll” “19/12/2013 4:37 AM” “”
“Groove Explorer Icon Overlay 3 (GFS Folder)” “Microsoft SharePoint Workspace Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office14\grooveex.dll” “19/12/2013 4:37 AM” “”
“Groove Explorer Icon Overlay 4 (GFS Unread Mark)” “Microsoft SharePoint Workspace Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office14\grooveex.dll” “19/12/2013 4:37 AM” “”
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects” “” “” “” “05/2/2017 12:41 PM” “”
“Groove GFS Browser Helper” “Microsoft SharePoint Workspace Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office14\grooveex.dll” “19/12/2013 4:37 AM” “”
“Java™ Plug-In 2 SSV Helper” “Java™ Platform SE binary” “Oracle Corporation” “c:\program files\java\jre1.8.0_121\bin\jp2ssv.dll” “13/12/2016 7:00 AM” “”
“Java™ Plug-In SSV Helper” “Java™ Platform SE binary” “Oracle Corporation” “c:\program files\java\jre1.8.0_121\bin\ssv.dll” “13/12/2016 7:00 AM” “”
“Microsoft SkyDrive Pro Browser Helper” “Microsoft OneDrive for Business Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office15\grooveex.dll” “01/11/2016 11:14 AM” “”
“Office Document Cache Handler” “Microsoft Office Document Cache Handler” “Microsoft Corporation” “c:\program files\microsoft office\office15\urlredir.dll” “18/12/2013 12:06 AM” “”
“Skype for Business Browser Helper” “Skype for Business” “Microsoft Corporation” “c:\program files\microsoft office\office15\ochelper.dll” “13/12/2016 10:42 AM” “”
“Windows Live ID Sign-in Helper” “Microsoft® Windows Live ID Login Helper” “Microsoft Corp.” “c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll” “22/9/2010 1:01 AM” “”
“Windows Live Messenger Companion Helper” “Windows Live Messenger Companion Core” “Microsoft Corporation” “c:\program files\windows live\companion\companioncore.dll” “10/11/2010 2:02 PM” “”
“HKLM\Software\Microsoft\Internet Explorer\Extensions” “” “” “” “09/9/2015 11:58 AM” “”
“&Blog This in Windows Live Writer” “Windows Live Writer Blog This Extension” “Microsoft Corporation” “c:\program files\windows live\writer\writerbrowserextension.dll” “10/11/2010 2:03 PM” “”
“Messenger Companion (Ctrl+Shift+C)” “Windows Live Messenger Companion Core” “Microsoft Corporation” “c:\program files\windows live\companion\companioncore.dll” “10/11/2010 2:02 PM” “”
“OneNote Lin&ked Notes” “Microsoft OneNote Internet Explorer Add-in” “Microsoft Corporation” “c:\program files\microsoft office\office15\onbttnielinkednotes.dll” “01/11/2016 11:18 AM” “”
“Se&nd to OneNote” “Microsoft OneNote Internet Explorer Add-in” “Microsoft Corporation” “c:\program files\microsoft office\office15\onbttnie.dll” “01/11/2016 11:28 AM” “”
“Skype for Business Click to Call” “Skype for Business” “Microsoft Corporation” “c:\program files\microsoft office\office15\ochelper.dll” “13/12/2016 10:42 AM” “”
“Task Scheduler” “” “” “” “” “”
“\CCleanerSkipUAC” “CCleaner” “Piriform Ltd” “c:\program files\ccleaner\ccleaner.exe” “08/2/2017 6:17 AM” “”
“\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan” “Microsoft Malware Protection Command Line Utility” “Microsoft Corporation” “c:\program files\microsoft security client\mpcmdrun.exe” “15/11/2016 7:57 AM” “”
“\Microsoft\Office\Office 15 Subscription Heartbeat” “Office Subscription Licensing Heartbeat” “Microsoft Corporation” “c:\program files\common files\microsoft shared\office15\olicenseheartbeat.exe” “18/12/2013 12:08 AM” “”
“\Microsoft\Office\OfficeTelemetryAgentFallBack” “Office Telemetry Agent” “Microsoft Corporation” “c:\program files\microsoft office\office15\msoia.exe” “18/12/2013 12:13 AM” “”
“\Microsoft\Office\OfficeTelemetryAgentLogOn” “Office Telemetry Agent” “Microsoft Corporation” “c:\program files\microsoft office\office15\msoia.exe” “18/12/2013 12:13 AM” “”
“\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task” “Windows Live Social Object Extractor Engine” “Microsoft Corporation” “c:\program files\windows live\soxe\wlsoxe.dll” “10/11/2010 2:02 PM” “”
“\Microsoft\Windows\Autochk\Proxy” “” “” “File not found: C:\windows\system32\rundll32.exe” “” “”
“\Microsoft\Windows\NetTrace\GatherNetworkInfo” “” “” “c:\windows\system32\gathernetworkinfo.vbs” “11/6/2009 1:19 AM” “”
“\Microsoft\Windows\SystemRestore\SR” “” “” “File not found: C:\windows\system32\rundll32.exe” “” “”
“\Microsoft\Windows\Tcpip\IpAddressConflict1” “” “” “File not found: C:\windows\system32\rundll32.exe” “” “”
“\Microsoft\Windows\Tcpip\IpAddressConflict2” “” “” “File not found: C:\windows\system32\rundll32.exe” “” “”
“\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange” “” “” “File not found: C:\windows\system32\rundll32.exe” “” “”
“\Microsoft\Windows\Windows Media Sharing\UpdateLibrary” “Windows Media Player Network Sharing Service Configuration Application” “Microsoft Corporation” “c:\program files\windows media player\wmpnscfg.exe” “14/7/2009 4:09 AM” “”
“\Microsoft\Windows\WindowsBackup\AutomaticBackup” “” “” “File not found: C:\windows\system32\rundll32.exe” “” “”
“\WPD\SqmUpload_S-1-5-21-590680974-46065942-2644484873-1000” “” “” “File not found: C:\windows\system32\rundll32.exe” “” “”
“HKLM\System\CurrentControlSet\Services” “” “” “” “11/3/2017 10:33 AM” “”
“cvhsvc” “Client Virtualization Handler Service (unlocalized description)” “Microsoft Corporation” “c:\program files\common files\microsoft shared\virtualization handler\cvhsvc.exe” “18/3/2015 11:48 PM” “”
“fsssvc” “This service enables Family Safety on the computer. If this service is not running, Family Safety will not work.” “Microsoft Corporation” “c:\program files\windows live\family safety\fsssvc.exe” “23/9/2010 11:16 AM” “”
“Microsoft SharePoint Workspace Audit Service” “Microsoft SharePoint Workspace” “Microsoft Corporation” “c:\program files\microsoft office\office14\groove.exe” “19/12/2013 4:34 AM” “”
“MsMpSvc” “Helps protect users from malware and other potentially unwanted software” “Microsoft Corporation” “c:\program files\microsoft security client\msmpeng.exe” “15/11/2016 7:57 AM” “”
“NisSrv” “Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols” “Microsoft Corporation” “c:\program files\microsoft security client\nissrv.exe” “15/11/2016 7:57 AM” “”
“ose” “Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.” “Microsoft Corporation” “c:\program files\common files\microsoft shared\source engine\ose.exe” “07/11/2012 2:37 PM” “”
“osppsvc” “Enables the download, installation, and enforcement of digital licenses for Microsoft Office applications. These applications require this service for proper operation. It is strongly recommended that you keep this service enabled.” “Microsoft Corporation” “c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.ex e” “06/7/2012 3:41 AM” “”
“sftlist” “Streams and manages applications.” “Microsoft Corporation” “c:\program files\microsoft application virtualization client\sftlist.exe” “25/6/2013 11:04 PM” “”
“sftvsa” “Monitors global service events and launches virtual services.” “Microsoft Corporation” “c:\program files\microsoft application virtualization client\sftvsa.exe” “25/6/2013 11:02 PM” “”
“WinDefend” “Protection against spyware and potentially unwanted software” “Microsoft Corporation” “c:\program files\windows defender\mpsvc.dll” “27/5/2013 8:57 AM” “”
“wlidsvc” “Enables Windows Live ID authentication.” “Microsoft Corp.” “c:\program files\common files\microsoft shared\windows live\wlidsvc.exe” “22/9/2010 1:00 AM” “”
“WMPNetworkSvc” “Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play” “Microsoft Corporation” “c:\program files\windows media player\wmpnetwk.exe” “20/11/2010 2:36 PM” “”
“HKLM\System\CurrentControlSet\Services” “” “” “” “11/3/2017 10:33 AM” “”
“acsock” “Cisco AnyConnect Kernel Driver Framework Socket Layer Interceptor” “Cisco Systems, Inc.” “c:\windows\system32\drivers\acsock.sys” “07/11/2012 6:27 AM” “”
“adp94xx” “Adaptec Windows SAS/SATA Storport Driver” “Adaptec, Inc.” “c:\windows\system32\drivers\adp94xx.sys” “06/12/2008 3:59 AM” “”
“adpahci” “Adaptec Windows SATA Storport Driver” “Adaptec, Inc.” “c:\windows\system32\drivers\adpahci.sys” “01/5/2007 9:29 PM” “”
“adpu320” “Adaptec StorPort Ultra320 SCSI Driver” “Adaptec, Inc.” “c:\windows\system32\drivers\adpu320.sys” “28/2/2007 4:03 AM” “”
“aic78xx” “Adaptec Ultra SCSI miniport” “Adaptec, Inc.” “c:\windows\system32\drivers\djsvs.sys” “12/4/2006 4:20 AM” “”
“aliide” “ALi mini IDE Driver” “Acer Laboratories Inc.” “c:\windows\system32\drivers\aliide.sys” “14/7/2009 3:11 AM” “”
“amdsata” “AHCI 1.2 Device Driver” “Advanced Micro Devices” “c:\windows\system32\drivers\amdsata.sys” “19/3/2010 5:08 AM” “”
“amdsbs” “AMD Technology AHCI Compatible Controller Driver for Windows family” “AMD Technologies Inc.” “c:\windows\system32\drivers\amdsbs.sys” “20/3/2009 10:35 PM” “”
“amdxata” “Storage Filter Driver” “Advanced Micro Devices” “c:\windows\system32\drivers\amdxata.sys” “19/3/2010 8:19 PM” “”
“arc” “Adaptec RAID Storport Driver” “Adaptec, Inc.” “c:\windows\system32\drivers\arc.sys” “25/5/2007 1:31 AM” “”
“arcsas” “Adaptec SAS RAID WS03 Driver” “Adaptec, Inc.” “c:\windows\system32\drivers\arcsas.sys” “14/1/2009 11:26 PM” “”
“athr” “Atheros Extensible Wireless LAN device driver” “Atheros Communications, Inc.” “c:\windows\system32\drivers\athr.sys” “21/6/2011 12:00 PM” “”
“b06bdrv” “Broadcom NetXtreme II GigE VBD” “Broadcom Corporation” “c:\windows\system32\drivers\bxvbdx.sys” “14/2/2009 2:10 AM” “”
“b57nd60x” “Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.” “Broadcom Corporation” “c:\windows\system32\drivers\b57nd60x.sys” “26/4/2009 3:15 PM” “”
“BrFiltLo” “Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver” “Brother Industries, Ltd.” “c:\windows\system32\drivers\brfiltlo.sys” “07/8/2006 1:33 AM” “”
“BrFiltUp” “Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver” “Brother Industries, Ltd.” “c:\windows\system32\drivers\brfiltup.sys” “07/8/2006 1:33 AM” “”
“Brserid” “Brotehr Serial I/F Driver (WDM)” “Brother Industries Ltd.” “c:\windows\system32\drivers\brserid.sys” “07/8/2006 1:33 AM” “”
“BrSerWdm” “Brother Serial driver (WDM version)” “Brother Industries Ltd.” “c:\windows\system32\drivers\brserwdm.sys” “07/8/2006 1:33 AM” “”
“BrUsbMdm” "Brother USB MDM Driver " “Brother Industries Ltd.” “c:\windows\system32\drivers\brusbmdm.sys” “07/8/2006 1:33 AM” “”
“BrUsbSer” “Brother USB Serial Driver” “Brother Industries Ltd.” “c:\windows\system32\drivers\brusbser.sys” “09/8/2006 4:02 PM” “”
“clwvd” “CyberLink WebCam Virtual Driver” “CyberLink Corporation” “c:\windows\system32\drivers\clwvd.sys” “28/7/2010 5:13 AM” “”
“cmdide” “CMD PCI IDE Bus Driver” “CMD Technology, Inc.” “c:\windows\system32\drivers\cmdide.sys” “14/7/2009 3:11 AM” “”
“ebdrv” “Broadcom NetXtreme II 10 GigE VBD” “Broadcom Corporation” “c:\windows\system32\drivers\evbdx.sys” “31/12/2008 8:06 PM” “”
“elxstor” “Storport Miniport Driver for LightPulse HBAs” “Emulex” “c:\windows\system32\drivers\elxstor.sys” “04/2/2009 2:09 AM” “”
“hcw85cir” “Hauppauge WinTV 885 Consumer IR Driver for eHome” “Hauppauge Computer Works, Inc.” “c:\windows\system32\drivers\hcw85cir.sys” “11/5/2009 11:22 AM” “”
“HpSAMD” “Smart Array SAS/SATA Controller Media Driver” “Hewlett-Packard Company” “c:\windows\system32\drivers\hpsamd.sys” “19/5/2009 3:42 AM” “”
“htcnprot” “HTC NDIS Protocol Driver” “Windows (R) Win 7 DDK provider” “c:\windows\system32\drivers\htcnprot.sys” “23/6/2010 6:24 AM” “”
“HtcVCom32” “USB Modem/Serial Device Driver” “QUALCOMM Incorporated” “c:\windows\system32\drivers\htcvcomv32.sys” “26/10/2009 4:01 PM” “”
“HWiNFO32” “HWiNFO x86 Kernel Driver” “REALiX™” “c:\windows\system32\drivers\hwinfo32.sys” “23/11/2014 8:24 PM” “”
“iaStorV” “Intel Matrix Storage Manager driver - ia32” “Intel Corporation” “c:\windows\system32\drivers\iastorv.sys” “11/6/2010 4:45 AM” “”
“IDMWFP” “Internet Download Manager WFP Driver” “Tonec Inc.” “c:\windows\system32\drivers\idmwfp.sys” “26/1/2012 5:47 PM” “”
“igfx” “Intel Graphics Kernel Mode Driver” “Intel Corporation” “c:\windows\system32\drivers\igdkmd32.sys” “20/3/2012 3:26 AM” “”
“iirsp” “Intel/ICP Raid Storport Driver” “Intel Corp./ICP vortex GmbH” “c:\windows\system32\drivers\iirsp.sys” “14/12/2005 1:48 AM” “”
“IntcDAud” “Intel(R) Display Audio Driver” “Intel(R) Corporation” “c:\windows\system32\drivers\intcdaud.sys” “15/10/2010 12:27 PM” “”
“ivusb” “Initio Default Vendor Specific Device Driver” “Initio Corporation” “c:\windows\system32\drivers\ivusb.sys” “14/5/2010 6:41 AM” “”
“L1C” “Atheros L1c PCI-E Gigabit Ethernet Controller” “Atheros Communications, Inc.” “c:\windows\system32\drivers\l1c62x86.sys” “27/9/2010 10:36 AM” “”
“LSI_FC” “LSI Fusion-MPT FC Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_fc.sys” “10/12/2008 2:28 AM” “”
“LSI_SAS” “LSI Fusion-MPT SAS Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_sas.sys” “19/5/2009 4:19 AM” “”
“LSI_SAS2” “LSI SAS Gen2 Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_sas2.sys” “19/5/2009 4:31 AM” “”
“LSI_SCSI” “LSI Fusion-MPT SCSI Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_scsi.sys” “17/4/2009 2:14 AM” “”
“megasas” “MEGASAS RAID Controller Driver for Windows 7 for x86” “LSI Corporation” “c:\windows\system32\drivers\megasas.sys” “19/5/2009 5:09 AM” “”
“MegaSR” “LSI MegaRAID Software RAID Driver” “LSI Corporation, Inc.” “c:\windows\system32\drivers\megasr.sys” “19/5/2009 5:25 AM” “”
“MEI” “Intel(R) Management Engine Interface” “Intel Corporation” “c:\windows\system32\drivers\heci.sys” “20/10/2010 3:33 AM” “”
“netr28u” “Ralink 802.11n Wireless Adapter Driver” “Ralink Technology Corp.” “c:\windows\system32\drivers\netr28u.sys” “13/11/2009 1:44 PM” “”
“nfrd960” “IBM ServeRAID Controller Driver” “IBM Corporation” “c:\windows\system32\drivers\nfrd960.sys” “07/6/2006 1:12 AM” “”
“nvraid” “NVIDIA® nForce™ RAID Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvraid.sys” “20/3/2010 1:00 AM” “”
“nvstor” “NVIDIA® nForce™ Sata Performance Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvstor.sys” “20/3/2010 12:51 AM” “”
“pfmfs_178” “System Extension - Pismo File Mount” “Pismo Technic Inc.” “c:\windows\system32\drivers\pfmfs_178.sys” “01/7/2015 1:56 AM” “”
“ql2300” “QLogic Fibre Channel Stor Miniport Driver” “QLogic Corporation” “c:\windows\system32\drivers\ql2300.sys” “23/1/2009 3:28 AM” “”
“ql40xx” “QLogic iSCSI Storport Miniport Driver” “QLogic Corporation” “c:\windows\system32\drivers\ql40xx.sys” “19/5/2009 5:17 AM” “”
“rbtnfd_srv” “Riverbed Steelhead Mobile NDIS6 filter driver” “Riverbed Technology, Inc” “c:\windows\system32\drivers\rbtnfd.sys” “05/10/2013 3:34 AM” “”
“RSUSBVSTOR” “Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7” “Realtek Semiconductor Corp.” “c:\windows\system32\drivers\rtsuvstor.sys” “15/3/2011 1:57 PM” “”
“RTL8167” "Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver " "Realtek " “c:\windows\system32\drivers\rt86win7.sys” “10/6/2011 10:31 AM” “”
“SiSRaid2” “SiS RAID Stor Miniport Driver” “Silicon Integrated Systems Corp.” “c:\windows\system32\drivers\sisraid2.sys” “24/9/2008 10:19 PM” “”
“SiSRaid4” “SiS AHCI Stor-Miniport Driver” “Silicon Integrated Systems” “c:\windows\system32\drivers\sisraid4.sys” “02/10/2008 1:52 AM” “”
“stexstor” "Promise SuperTrak EX Series Driver for Windows " “Promise Technology” “c:\windows\system32\drivers\stexstor.sys” “18/2/2009 3:03 AM” “”
“TrueSight” “” “” “c:\windows\system32\drivers\truesight.sys” “16/1/2016 12:17 AM” “”
“ujiyodk3” “AVZGuard Driver” “Zaitsev Oleg, 2006” “c:\windows\system32\drivers\ujiyodk3.sys” “31/3/2011 7:04 PM” “”
“USBAAPL” “Apple Mobile Device USB Driver” “Apple, Inc.” “c:\windows\system32\drivers\usbaapl.sys” “28/11/2012 3:37 AM” “”
“utiyodk3” “AVZ Driver” “” “c:\windows\system32\drivers\utiyodk3.sys” “12/1/2008 6:51 PM” “”
“viaide” “VIA Generic PCI IDE Bus Driver” “VIA Technologies, Inc.” “c:\windows\system32\drivers\viaide.sys” “14/7/2009 3:11 AM” “”
“vncmirror” “VNC Mirror Miniport” “RealVNC Ltd.” “c:\windows\system32\drivers\vncmirror.sys” “14/3/2008 9:42 PM” “”
“vpnva” “Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows” “Cisco Systems, Inc.” “c:\windows\system32\drivers\vpnva-6.sys” “15/6/2013 12:18 AM” “”
“vsmraid” “VIA RAID DRIVER FOR AMD-X86-64” “VIA Technologies Inc.,Ltd” “c:\windows\system32\drivers\vsmraid.sys” “31/1/2009 5:13 AM” “”
“WDC_SAM” “Manages WD external storage products.” “Western Digital Technologies” “c:\windows\system32\drivers\wdcsam.sys” “16/4/2008 12:27 PM” “”
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers” “” “” “” “14/7/2009 8:41 AM” “”
“Adobe Type Manager” “Windows NT OpenType/Type 1 Font Driver” “Adobe Systems Incorporated” “c:\windows\system32\atmfd.dll” “02/11/2016 6:53 PM” “”
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32” “” “” “” “23/5/2015 12:37 PM” “”
“msacm.aacacm” “AAC ACM Codec” “fccHandler” “c:\windows\system32\aacacm.acm” “01/10/2011 5:03 AM” “”
“msacm.ac3acm” “AC-3 ACM Codec” “fccHandler” “c:\windows\system32\ac3acm.acm” “22/12/2011 4:14 AM” “”
“msacm.ac3filter” “” “” “c:\windows\system32\ac3filter.acm” “11/8/2009 9:18 PM” “”
“msacm.avis” “ffdshow ACM codec” “” “c:\windows\system32\ff_acm.acm” “28/1/2012 2:10 PM” “”
“msacm.l3acm” “MPEG Layer-3 Audio Codec for MSACM” “Fraunhofer Institut Integrierte Schaltungen IIS” “c:\windows\system32\l3codeca.acm” “14/7/2009 5:06 AM” “”
“msacm.l3pacm” “MPEG Audio Layer-3 Codec for MSACM” “Fraunhofer Institut Integrierte Schaltungen IIS” “c:\windows\system32\l3codecp.acm” “14/7/2009 5:06 AM” “”
“msacm.lameacm” “Lame MP3 codec engine” " http://www.mp3dev.org/ " “c:\windows\system32\lameacm.acm” “24/9/2008 11:41 PM” “”
“vidc.cvid” “Cinepak® Codec” “Radius Inc.” “c:\windows\system32\iccvid.dll” “20/11/2010 3:59 PM” “”
“VIDC.FFDS” “ffdshow VFW” “” “c:\windows\system32\ff_vfw.dll” “28/1/2012 2:54 AM” “”
“VIDC.LAGS” “Lagarith” " " “c:\windows\system32\lagarith.dll” “08/12/2011 4:32 AM” “”
“VIDC.X264” “” “” “c:\windows\system32\x264vfw.dll” “19/1/2012 1:29 PM” “”
“VIDC.XVID” “” “” “c:\windows\system32\xvidvfw.dll” “24/6/2011 6:44 PM” “”
“VIDC.YV12” “” “” “c:\windows\system32\xvidvfw.dll” “24/6/2011 6:44 PM” “”
“HKLM\Software\Classes\CLSID{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance” “” “” “” “28/8/2016 1:55 PM” “”
“AC3File” “” “” “c:\program files\k-lite codec pack\filters\ac3file.ax” “04/8/2009 9:09 AM” “”
“Audio Source” “Windows Media Preview Object” “Microsoft Corporation” “c:\program files\windows media components\encoder\wmprevu.dll” “12/12/2002 5:34 AM” “”
“Capture File Writer” “Windows Live Video Acquisition Filters” “Microsoft Corporation” “c:\program files\windows live\photo gallery\wlxvafilt.dll” “10/11/2010 2:21 PM” “”
“DC-Bass Source” “DirectShow™ Audio Decoder” " http://www.dsp-worx.de " “c:\program files\k-lite codec pack\filters\dcbasssource.ax” “20/6/1992 2:22 AM” “”
“DirectVobSub” “VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth” “MPC-HC Team” “c:\program files\k-lite codec pack\filters\vsfilter.dll” “06/2/2012 2:36 AM” “”
“DirectVobSub (auto-loading version)” “VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth” “MPC-HC Team” “c:\program files\k-lite codec pack\filters\vsfilter.dll” “06/2/2012 2:36 AM” “”
“DXVA Filter” “MPEG-1/2 Decoder Filter for DirectShow” “Gabest” “c:\program files\gretech\gomplayer\codecs\mpeg2decfilter.ax” “05/6/2004 12:09 PM” “”
“ffdshow Audio Decoder” “DirectShow and VFW video and audio decoding/encoding/processing filter” “” “c:\program files\k-lite codec pack\ffdshow\ffdshow.ax” “06/2/2012 10:13 PM” “”
“ffdshow Audio Processor” “DirectShow and VFW video and audio decoding/encoding/processing filter” “” “c:\program files\k-lite codec pack\ffdshow\ffdshow.ax” “06/2/2012 10:13 PM” “”
“ffdshow DXVA Video Decoder” “DirectShow and VFW video and audio decoding/encoding/processing filter” “” “c:\program files\k-lite codec pack\ffdshow\ffdshow.ax” “06/2/2012 10:13 PM” “”
“ffdshow raw video filter” “DirectShow and VFW video and audio decoding/encoding/processing filter” “” “c:\program files\k-lite codec pack\ffdshow\ffdshow.ax” “06/2/2012 10:13 PM” “”
“ffdshow subtitles filter” “DirectShow and VFW video and audio decoding/encoding/processing filter” “” “c:\program files\k-lite codec pack\ffdshow\ffdshow.ax” “06/2/2012 10:13 PM” “”
“ffdshow Video Decoder” “DirectShow and VFW video and audio decoding/encoding/processing filter” “” “c:\program files\k-lite codec pack\ffdshow\ffdshow.ax” “06/2/2012 10:13 PM” “”
“File Source (Monkey Audio)” “” “” “c:\program files\k-lite codec pack\filters\monkeysource.ax” “20/6/1992 2:22 AM” “”
“Gretech AAC Source Filter” “Gretech Source Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\gsfu.ax” “26/12/2013 5:41 AM” “”
“Gretech ASF Source Filter” “Gretech Source Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\gsfu.ax” “26/12/2013 5:41 AM” “”
“Gretech AsfEx Source Filter” “Gretech Source Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\gsfu.ax” “26/12/2013 5:41 AM” “”
“Gretech Audio Filter” “Gretech Audio Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\gaf.ax” “09/6/2016 2:20 PM” “”
“Gretech AVI Source Filter” “Gretech Source Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\gsfu.ax” “26/12/2013 5:41 AM” “”
“Gretech FLV Source Filter” “Gretech Source Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\gsfu.ax” “26/12/2013 5:41 AM” “”
“Gretech MKV Source Filter” “Gretech Source Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\gsfu.ax” “26/12/2013 5:41 AM” “”
“Gretech MP3 Source Filter” “Gretech Source Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\gsfu.ax” “26/12/2013 5:41 AM” “”
“Gretech MP4 Source Filter” “Gretech Source Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\gsfu.ax” “26/12/2013 5:41 AM” “”
“Gretech MPEG Source Filter” “Gretech Source Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\gsfu.ax” “26/12/2013 5:41 AM” “”
“Gretech MPEG Source Filter2” “Gretech Source Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\gsfu.ax” “26/12/2013 5:41 AM” “”
“Gretech Network(AVI) Filter” “Gretech Corp.” “Gretech Corp.” “c:\program files\gretech\gomplayer\gnf.ax” “03/3/2014 1:27 PM” “”
“Gretech Network(FLV) Filter” “Gretech Corp.” “Gretech Corp.” “c:\program files\gretech\gomplayer\gnf.ax” “03/3/2014 1:27 PM” “”
“Gretech Network(GOM) Filter” “Gretech Corp.” “Gretech Corp.” “c:\program files\gretech\gomplayer\gnf.ax” “03/3/2014 1:27 PM” “”
“Gretech Network(MP4) Filter” “Gretech Corp.” “Gretech Corp.” “c:\program files\gretech\gomplayer\gnf.ax” “03/3/2014 1:27 PM” “”
“Gretech Network(OGG) Filter” “Gretech Corp.” “Gretech Corp.” “c:\program files\gretech\gomplayer\gnf.ax” “03/3/2014 1:27 PM” “”
“Gretech Network(SHOUTcast) Filter” “Gretech Corp.” “Gretech Corp.” “c:\program files\gretech\gomplayer\gnf.ax” “03/3/2014 1:27 PM” “”
“Gretech OGG Source Filter” “Gretech Source Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\gsfu.ax” “26/12/2013 5:41 AM” “”
“Gretech OGG Source Filter2” “Gretech Source Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\gsfu.ax” “26/12/2013 5:41 AM” “”
“Gretech Source Filter” “Gretech Media Source Filter” “Gretech Corp.” “c:\program files\gretech\gomplayer\mediasource.ax” “22/7/2016 11:20 AM” “”
“Gretech Video Filter” “Gretech Video Filter” “Gretech” “c:\program files\gretech\gomplayer\gvf.ax” “08/8/2016 10:41 AM” “”
“Haali Matroska Muxer” “Haali Media Splitter” “” “c:\program files\k-lite codec pack\filters\haali\splitter.ax” “08/9/2011 6:01 PM” “”
“Haali Media Splitter” “Haali Media Splitter” “” “c:\program files\k-lite codec pack\filters\haali\splitter.ax” “08/9/2011 6:01 PM” “”
“Haali Media Splitter (AR)” “Haali Media Splitter” “” “c:\program files\k-lite codec pack\filters\haali\splitter.ax” “08/9/2011 6:01 PM” “”
“Haali Simple Media Splitter” “Haali Media Splitter” “” “c:\program files\k-lite codec pack\filters\haali\splitter.ax” “08/9/2011 6:01 PM” “”
“Haali Video Renderer” “” “” “c:\program files\k-lite codec pack\filters\haali\dxr.dll” “08/9/2011 6:00 PM” “”
“Haali Video Sink” “Haali Media Splitter” “” “c:\program files\k-lite codec pack\filters\haali\splitter.ax” “08/9/2011 6:01 PM” “”
“LAV Audio Decoder” “LAV Audio Decoder - DirectShow Audio Decoder” “1f0.de - Hendrik Leppkes” “c:\program files\k-lite codec pack\filters\lav\lavaudio.ax” “06/2/2012 10:27 PM” “”
“LAV Splitter” “LAV Splitter - DirectShow Media Splitter” “1f0.de - Hendrik Leppkes” “c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax” “06/2/2012 10:27 PM” “”
“LAV Splitter Source” “LAV Splitter - DirectShow Media Splitter” “1f0.de - Hendrik Leppkes” “c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax” “06/2/2012 10:27 PM” “”
“LAV Video Decoder” “LAV Video Decoder - DirectShow Video Decoder” “1f0.de - Hendrik Leppkes” “c:\program files\k-lite codec pack\filters\lav\lavvideo.ax” “06/2/2012 10:27 PM” “”
“madFlac Decoder” “DirectShow FLAC Decoder” “www.madshi.net” “c:\program files\k-lite codec pack\filters\madflac.ax” “20/6/1992 2:22 AM” “”
“madFlac Source” “DirectShow FLAC Decoder” “www.madshi.net” “c:\program files\k-lite codec pack\filters\madflac.ax” “20/6/1992 2:22 AM” “”
“madVR” “madshi’s D3D9 based video renderer” “madshi.net” “c:\program files\k-lite codec pack\filters\madvr\madvr.ax” “19/12/2011 12:25 AM” “”
“MONOGRAM AMR Decoder” “AMR Filter Pack” “MONOGRAM Multimedia, s.r.o.” “c:\program files\k-lite codec pack\filters\mmamr.ax” “16/3/2008 5:30 PM” “”
“MONOGRAM AMR Encoder” “AMR Filter Pack” “MONOGRAM Multimedia, s.r.o.” “c:\program files\k-lite codec pack\filters\mmamr.ax” “16/3/2008 5:30 PM” “”
“MONOGRAM AMR Mux” “AMR Filter Pack” “MONOGRAM Multimedia, s.r.o.” “c:\program files\k-lite codec pack\filters\mmamr.ax” “16/3/2008 5:30 PM” “”
“MONOGRAM AMR Splitter” “AMR Filter Pack” “MONOGRAM Multimedia, s.r.o.” “c:\program files\k-lite codec pack\filters\mmamr.ax” “16/3/2008 5:30 PM” “”
“MONOGRAM Musepack Decoder” “mmmpcdec” “” “c:\program files\k-lite codec pack\filters\mmmpcdec.ax” “18/1/2009 3:03 PM” “”
“MONOGRAM Musepack Splitter” “mmmpcdmx” “” “c:\program files\k-lite codec pack\filters\mmmpcdmx.ax” “18/1/2009 8:15 PM” “”
“MPC - DTS/AC3/DD+ Source” “DTS/AC3 Source Filter” “MPC-HC Team” “c:\program files\win7codecs\filters\dtsac3source.ax” “09/2/2012 3:55 PM” “”
“MPC Matroska Source” “Matroska Splitter” “MPC-HC Team” “c:\program files\win7codecs\filters\matroskasplitter.ax” “09/2/2012 3:54 PM” “”
“MPC Matroska Splitter” “Matroska Splitter” “MPC-HC Team” “c:\program files\win7codecs\filters\matroskasplitter.ax” “09/2/2012 3:54 PM” “”
“MPC Ogg Source” “Ogg Splitter” “MPC-HC Team” “c:\program files\win7codecs\filters\oggsplitter.ax” “09/2/2012 3:54 PM” “”
“MPC Ogg Splitter” “Ogg Splitter” “MPC-HC Team” “c:\program files\win7codecs\filters\oggsplitter.ax” “09/2/2012 3:54 PM” “”
“MPC RealAudio Decoder” “RealMedia Splitter” “MPC-HC Team” “c:\program files\win7codecs\filters\realmediasplitter.ax” “06/2/2012 1:45 AM” “”
“MPC RealMedia Source” “RealMedia Splitter” “MPC-HC Team” “c:\program files\win7codecs\filters\realmediasplitter.ax” “06/2/2012 1:45 AM” “”
“MPC RealMedia Splitter” “RealMedia Splitter” “MPC-HC Team” “c:\program files\win7codecs\filters\realmediasplitter.ax” “06/2/2012 1:45 AM” “”
“MPC RealVideo Decoder” “RealMedia Splitter” “MPC-HC Team” “c:\program files\win7codecs\filters\realmediasplitter.ax” “06/2/2012 1:45 AM” “”
“MPEG Audio Decoder (MAD)” “Mpeg Audio Decoder for DirectShow, based on libmad” “Gabest” “c:\program files\gretech\gomplayer\codecs\mpadecfilter.ax” “18/5/2004 8:06 AM” “”
“Mpeg2Dec Filter” “MPEG-1/2 Decoder Filter for DirectShow” “Gabest” “c:\program files\gretech\gomplayer\codecs\mpeg2decfilter.ax” “05/6/2004 12:09 PM” “”
“Nero Digital Parser” “NeroDigital / mp4 / avi / mov parser” “Nero AG” “c:\program files\win7codecs\filters\ndparser.ax” “26/1/2006 8:29 PM” “”
“Nero ES Video Reader” “NeroDigital / mp4 / avi / mov parser” “Nero AG” “c:\program files\win7codecs\filters\ndparser.ax” “26/1/2006 8:29 PM” “”
“RadLight OptimFROG DirectShow Filter” “RLOFRDec” “RadLight” “c:\program files\win7codecs\filters\rlofrdec.ax” “27/4/2004 7:03 PM” “”
“Record Queue” “Windows Live Video Acquisition Filters” “Microsoft Corporation” “c:\program files\windows live\photo gallery\wlxvafilt.dll” “10/11/2010 2:21 PM” “”
“Record Queue” “WME Record Queue” “Microsoft Corporation” “c:\program files\windows media components\encoder\wmedque.dll” “12/12/2002 5:34 AM” “”
“T” “VP7 Decompression Filter” “On2.com Inc.” “c:\program files\k-lite codec pack\filters\vp7dec.ax” “25/3/2006 2:09 AM” “”
“Video Source” “Windows Media Preview Object” “Microsoft Corporation” “c:\program files\windows media components\encoder\wmprevu.dll” “12/12/2002 5:34 AM” “”
“WavPack Audio Decoder” “WavPack Audio DirectShow Decoder” “-” “c:\program files\k-lite codec pack\filters\wavpackdsdecoder.ax” “04/3/2007 1:50 PM” “”
“WavPack Audio Splitter” “WavPack Audio DirectShow Splitter” “-” “c:\program files\k-lite codec pack\filters\wavpackdssplitter.ax” “03/10/2007 2:09 AM” “”
“WM VIH2 Fix” “Windows Live Video Acquisition Filters” “Microsoft Corporation” “c:\program files\windows live\photo gallery\wlxvafilt.dll” “10/11/2010 2:21 PM” “”
“WMEnc Screen Capture Filter” “WMESrcWp Module” “Microsoft Corporation” “c:\program files\windows media components\encoder\wmesrcwp.dll” “12/12/2002 5:34 AM” “”
“WMT DV Extract Filter” “Windows Live Video Acquisition Filters” “Microsoft Corporation” “c:\program files\windows live\photo gallery\wlxvafilt.dll” “10/11/2010 2:21 PM” “”
“WMT Sample Info Filter” “Windows Live Video Acquisition Filters” “Microsoft Corporation” “c:\program files\windows live\photo gallery\wlxvafilt.dll” “10/11/2010 2:21 PM” “”
“WMT Switch Filter” “Windows Live Video Acquisition Filters” “Microsoft Corporation” “c:\program files\windows live\photo gallery\wlxvafilt.dll” “10/11/2010 2:21 PM” “”
“WMT Virtual Renderer” “Windows Live Video Acquisition Filters” “Microsoft Corporation” “c:\program files\windows live\photo gallery\wlxvafilt.dll” “10/11/2010 2:21 PM” “”
“WMT Virtual Source” “Windows Live Video Acquisition Filters” “Microsoft Corporation” “c:\program files\windows live\photo gallery\wlxvafilt.dll” “10/11/2010 2:21 PM” “”
“HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command (Default)” “” “” “” “21/5/2013 11:38 PM” “”
“C:\Program Files\Internet Explorer\iexplore.exe” “Internet Explorer” “Microsoft Corporation” “c:\program files\internet explorer\iexplore.exe” “12/11/2016 8:56 PM” “”
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Au thentication\Credential Providers” “” “” “” “28/2/2012 12:32 AM” “”
“WLIDCredentialProvider” “Microsoft® Windows Live ID Credential Provider” “Microsoft Corp.” “c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll” “22/9/2010 1:01 AM” “”
“HKLM\System\CurrentControlSet\Services\WinSock2\P arameters\NameSpace_Catalog5\Catalog_Entries” “” “” “” “05/6/2015 6:56 PM” “”
“WindowsLive Local NSP” “Microsoft® Windows Live ID Namespace Provider” “Microsoft Corp.” “c:\program files\common files\microsoft shared\windows live\wlidnsp.dll” “22/9/2010 1:00 AM” “”
“WindowsLive NSP” “Microsoft® Windows Live ID Namespace Provider” “Microsoft Corp.” “c:\program files\common files\microsoft shared\windows live\wlidnsp.dll” “22/9/2010 1:00 AM” “”
“HKLM\SYSTEM\CurrentControlSet\Control\Print\Monit ors” “” “” “” “17/10/2016 6:33 PM” “”
“Canon BJ FAX Language Monitor MX420 series” “Canon Inkjet Fax Driver” “CANON INC.” “c:\windows\system32\cncalam.dll” “21/10/2010 4:22 AM” “”
“Canon BJ Language Monitor MX420 series” “IJ Language Monitor” “CANON INC.” “c:\windows\system32\cnmlmam.dll” “13/3/2012 10:15 AM” “”
“Canon BJNP Port” “Canon IJ Network 32bit comm Module” “CANON INC.” “c:\windows\system32\cnmnppm.dll” “14/6/2012 12:18 PM” “”
“MONVNC” “Port Monitor DLL” “” “c:\windows\system32\vncpm.dll” “24/2/2009 8:26 PM” “”
“PDF Converter Elite 3.0 Monitor” “” “” “File not found: pc3PCR2PortMon.dll” “” “”
“PDFill Writer Monitor” “DDK Local Monitor DLL” “Windows (R) Codename Longhorn DDK provider” “c:\program files\plotsoft\pdfill\pdfwriter\driver\pdfillwrite rmon.dll” “21/6/2008 5:24 PM” “”
“HKLM\SYSTEM\CurrentControlSet\Control\NetworkProv ider\Order” “” “” “” “08/9/2015 1:42 PM” “”
“pfmunc” “Pismo File Mount” “Pismo Technic Inc.” “c:\windows\system32\pfmapi_178.dll” “01/7/2015 1:56 AM” “”
“WMI Database Entries - run as Administrator for complete scan” “” “” “” “” “”
“BVTConsumer” “” “” “File not found: KernCap.vbs” “” “”
“HKLM\Software\Microsoft\Office\Outlook\Addins” “” “” “” “20/10/2015 10:17 PM” “”
X “BCSAddin Connect class” “Microsoft Office 2010 component” “Microsoft Corporation” “c:\program files\microsoft office\office14\addins\bcsaddin.dll” “05/11/2012 7:24 PM” “”
“Connect Class” “Outlook Social Connector 2013” “Microsoft Corporation” “c:\program files\microsoft office\office15\socialconnector.dll” “12/5/2015 7:22 PM” “”
“FormRegionAddin Class” “” “” “c:\program files\microsoft office\office15\addins\umoutlookaddin.dll” “13/10/2015 12:52 PM” “”
“Groove OutlookProxyAddIn” “Microsoft SharePoint Workspace Extensions” “Microsoft Corporation” “c:\program files\microsoft office\office14\grooveex.dll” “19/12/2013 4:37 AM” “”
“LyncAddin Class” “Skype for Business” “Microsoft Corporation” “c:\program files\microsoft office\office15\ucaddin.dll” “13/12/2016 10:32 AM” “”
“Microsoft VBA for Outlook Addin” “Outlook VBA Integration Add-In” “Microsoft Corporation” “c:\program files\microsoft office\office15\addins\outlvba.dll” “13/12/2016 10:41 AM” “”
“OneNote Notes about Outlook Items” “Microsoft OneNote Outlook Add-in” “Microsoft Corporation” “c:\program files\microsoft office\office15\onbttnol.dll” “01/11/2016 11:28 AM” “”
“TeamViewerMeetingAddIn.AddIn” “FileDescription” “CompanyName” “c:\program files\teamviewer\outlook\teamviewermeetingaddinshi m.dll” “11/9/2015 7:34 PM” “”
“HKCU\Software\Microsoft\Office\Outlook\Addins” “” “” “” “18/9/2015 7:02 AM” “”
“Access COM Addin for Outlook” “Access Outlook Data Collection Addin” “Microsoft Corporation” “c:\program files\microsoft office\office14\addins\accolk.dll” “13/10/2015 3:40 PM” “”
“ColleagueImportAddIn Class” “Microsoft Office 2013 component” “Microsoft Corporation” “c:\program files\microsoft office\office15\addins\colleagueimport.dll” “15/8/2013 4:14 AM” “”
“OcForms Class” “Skype for Business” “Microsoft Corporation” “c:\program files\microsoft office\office15\ocoffice.dll” “12/7/2016 5:17 PM” “”
“HKLM\Software\Microsoft\Office\Excel\Addins” “” “” “” “09/9/2015 11:58 AM” “”
“ExcelAddin Class” “PDFillPDFButton Module for Excel” “PlotSoft LLC” “c:\program files\plotsoft\pdfill\pdfwriter\pdfillpdfbutton_ex cel.dll” “12/9/2010 1:06 AM” “”
“NativeShim.InquireConnector Class” “” “” “c:\program files\microsoft office\office15\dcf\nativeshim.dll” “07/11/2012 2:39 PM” “”
“HKCU\Software\Microsoft\Office\Excel\Addins” “” “” “” “09/9/2015 12:46 PM” “”
“Ad Hoc Reporting Excel Client Add-In” “Power View for Excel module” “Microsoft Corporation” “c:\program files\microsoft office\office15\addins\power view excel add-in\adhocreportingexcelclient.dll” “26/3/2015 3:55 AM” “”
“ExcelAddin Class” “PDFillPDFButton Module for Excel” “PlotSoft LLC” “c:\program files\plotsoft\pdfill\pdfwriter\pdfillpdfbutton_ex cel.dll” “12/9/2010 1:06 AM” “”
“NativeEntry Class” “Power Pivot for Excel” “Microsoft Corporation” “c:\program files\microsoft office\office15\addins\powerpivot excel add-in\powerpivotexcelclientaddin.dll” “16/10/2014 4:12 AM” “”
“HKLM\Software\Microsoft\Office\PowerPoint\Addins” “” “” “” “14/11/2014 6:19 PM” “”
“PowerpointAddin Class” “PDFillPDFButton Module for PowerPoint” “PlotSoft LLC” “c:\program files\plotsoft\pdfill\pdfwriter\pdfillpdfbutton_po werpoint.dll” “12/9/2010 1:03 AM” “”
“HKCU\Software\Microsoft\Office\PowerPoint\Addins” “” “” “” “14/11/2014 6:19 PM” “”
X “OneNote PowerPoint Add-In Take Notes Content Service Class” “Microsoft OneNote PowerPoint Add-in” “Microsoft Corporation” “c:\program files\microsoft office\office15\onpptaddin.dll” “01/11/2016 11:07 AM” “”
“PowerpointAddin Class” “PDFillPDFButton Module for PowerPoint” “PlotSoft LLC” “c:\program files\plotsoft\pdfill\pdfwriter\pdfillpdfbutton_po werpoint.dll” “12/9/2010 1:03 AM” “”
“HKLM\Software\Microsoft\Office\Word\Addins” “” “” “” “14/11/2014 6:19 PM” “”
“WordAddin Class” “PDFillPDFButton Module for Word” “PlotSoft LLC” “c:\program files\plotsoft\pdfill\pdfwriter\pdfillpdfbutton_wo rd.dll” “12/9/2010 12:56 AM” “”
“HKCU\Software\Microsoft\Office\Word\Addins” “” “” “” “14/11/2014 6:19 PM” “”
X “OneNote Word Add-In Take Notes Content Service Class” “Microsoft OneNote Word Add-in” “Microsoft Corporation” “c:\program files\microsoft office\office15\onwordaddin.dll” “01/11/2016 11:24 AM” “”
“WordAddin Class” “PDFillPDFButton Module for Word” “PlotSoft LLC” “c:\program files\plotsoft\pdfill\pdfwriter\pdfillpdfbutton_wo rd.dll” “12/9/2010 12:56 AM” “”

**toreee** · 03-11-2017, 11:03 AM

[ATTACH]1823[/ATTACH]

**toreee** · 03-11-2017, 11:11 AM

~ ZHPDiag v2017.3.11.43 By Nicolas Coolman (2017/03/09)
~ Run by MSI CR-460 (Administrator) (2017/03/11 15:05:34)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: ZHP
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\MSI CR-460\Desktop\ZHPDiag.txt
~ Report: C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation

—\ Internet Browsers (2) - 0s
~ GCIE: Google Chrome v56.0.2924.87
~ MSIE: Internet Explorer v11.0.9600.18537

—\ Windows Product Information (4) - 3s
~ Windows Server License Manager Script : OK
System - VBScript Engine not found
Windows Automatic Updates : OK
Windows Activation Technologies : KO

—\ System protection software (1) - 2s
Malwarebytes Anti-Malware version 2.2.1.1043 (Protection)

—\ System optimization software (1) - 3s
~ CCleaner v5.27 (Optimize)

—\ Surveillance software (2) - 3s
~ Adobe Flash Player 22 NPAPI (Surveillance)
~ Adobe Reader XI (Surveillance)

—\ Information on the system (6) - 0s
~ Operating System: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 2097.152 MB (57% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 49 GB (16%) free of 305 GB : OK =>.Disk Space

—\ Connection to the system mode (3) - 0s
~ Computer Name: MSICR-460-PC
~ User Name: MSI CR-460
~ Logged in as Administrator

—\ Enumeration of the disk units (1) - 0s
~ Drive C: has 49 GB free of 305 GB (System)

—\ State of the Windows Security Center (23) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoClose: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

—\ Search Generic System Files (22) - 6s
[MD5.6DDCA324434FFA506CF7DC4E51DB7935] - 29/08/2016 - (.Microsoft Corporation - Windows Explorer.) – C:\windows\Explorer.exe [2972672] =>.Microsoft Corporation
[MD5.B5C5DCAD3899512020D135600129D665] - 14/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\windows\System32\Wininit.exe [96256] =>.Microsoft Corporation
[MD5.F4F5123B45BFCFD2F035280FDCB5BBBE] - 12/11/2016 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\windows\System32\wininet.dll [2444800] =>.Microsoft Corporation
[MD5.52449FD429D6053B78AE564DEF303870] - 17/07/2014 - (.Microsoft Corporation - Windows Logon Application.) – C:\windows\System32\Winlogon.exe [304128] =>.Microsoft Corporation
[MD5.E3AE23569749DE12D45BA3B489A036AE] - 21/11/2010 - (.Microsoft Corporation - Software Licensing Library.) – C:\windows\System32\sppcomapi.dll [193536] =>.Microsoft Corporation
[MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - 03/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) – C:\windows\System32\dnsapi.dll [270336] =>.Microsoft Corporation
[MD5.93B49FA857F7036A4EFF32371F6E7391] - 13/10/2015 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\windows\System32\drivers\AFD.sys [338944] =>.Microsoft Corporation
[MD5.338C86357871C167A96AB976519BF59E] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\windows\System32\drivers\atapi.sys [21584] =>.Microsoft Windows®
[MD5.77EA11B065E0A8AB902D78145CA51E10] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\windows\System32\drivers\Cdfs.sys [70656] =>.Microsoft Corporation
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - 21/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\windows\System32\drivers\Cdrom.sys [108544] =>.Microsoft Corporation
[MD5.EA9DBD76CE9254C77BAAB4339DD4C4FB] - 08/09/2016 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\windows\System32\drivers\DfsC.sys [81408] =>.Microsoft Corporation
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - 21/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\windows\System32\drivers\HDAudBus.sys [108544] =>.Microsoft Corporation
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - 14/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) – C:\windows\System32\drivers\i8042prt.sys [80896] =>.Microsoft Corporation
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - 14/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) – C:\windows\System32\drivers\IpNat.sys [101888] =>.Microsoft Corporation
[MD5.6284D46BAA301BEDB9AB7FA7672B2410] - 05/01/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\windows\System32\drivers\MRxSmb.sys [124416] =>.Microsoft Corporation
[MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - 11/05/2016 - (.Microsoft Corporation - MBT Transport driver.) – C:\windows\System32\drivers\netBT.sys [188928] =>.Microsoft Corporation
[MD5.978E7A2E4BF4E8E70D0776EF0D9E97FB] - 11/01/2016 - (.Microsoft Corporation - NT File System Driver.) – C:\windows\System32\drivers\ntfs.sys [1212352] =>.Microsoft Windows®
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - 14/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) – C:\windows\System32\drivers\Parport.sys [79360] =>.Microsoft Corporation
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - 14/07/2009 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\windows\System32\drivers\Rasl2tp.sys [78848] =>.Microsoft Corporation
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - 14/07/2009 - (.Microsoft Corporation - SMB Transport driver.) – C:\windows\System32\drivers\smb.sys [71168] =>.Microsoft Corporation
[MD5.BB8817D0508DD5EA69C770C8DEF5AB67] - 13/10/2015 - (.Microsoft Corporation - TDI Translation Driver.) – C:\windows\System32\drivers\tdx.sys [74752] =>.Microsoft Corporation
[MD5.F497F67932C6FA693D7DE2780631CFE7] - 21/11/2010 - (.Microsoft Corporation - Volume Shadow Copy Driver.) – C:\windows\System32\drivers\volsnap.sys [245632] =>.Microsoft Windows®

—\ Task Planned Automatically (3) - 19s
[MD5.3B2336A8281ABE998D156B580D6FAC4F] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) – C:\Program Files\CCleaner\CCleaner.exe [7347928] (.Activate.) =>.Piriform Ltd®
[MD5.00000000000000000000000000000000] [APT] [Microsoft\Windows\Autochk\Proxy] (…) – C:\windows\system32\rundll32.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) – C:\windows\System32\Tasks\CCleanerSkipUAC [2782] =>.Piriform Ltd®

—\ Auto loading programs from Registry and folders (4) - 1s
O4 - HKCU..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-590680974-46065942-2644484873-1000..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®

—\ Process running (3) - 1s
[MD5.0A70F4022EC2E14C159EFC4F69AA2477] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1710464] [PID.1140] =>.Microsoft Corporation®
[MD5.9C879E1C3B27085FB46EFECCD7120D51] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [193408] [PID.1576] =>.Microsoft Corporation®
[MD5.8E250FADD558485AF6AD0DC33F40C09D] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPDiag3.exe [2708480] [PID.3604] =>.Nicolas Coolman

—\ Google Chrome, Start,Search,Extensions (3) - 1s
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.

—\ Mozilla Firefox,Plugins,Start,Search,Extensions (6) - 5s
P2 - EXT: (.Microsoft Corporation - The plugin allows you to have a better expe.) – C:\Program Files\Mozilla Firefox\Plugins\npMeetingJoinPluginOC.dll =>.Microsoft Corporation®
P2 - EXT FILE: (.Test Pilot - Help make Firefox better by running us.) – C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4 hyy.default\extensions\testpilot@labs.mozilla.com.xpi =>.Test Pilot
P2 - EXT FILE: (.Google - Default Search.) – C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4 hyy.default\searchplugins\Google.xml =>.Google
P2 - EXT: (…) – C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4 hyy.default\extensions\staged
P2 - EXT: (.Riverbed Technology, Inc. - Steelhead Mobile Certificate Manager.) – C:\Users\MSI CR-460\AppData\Roaming\Mozilla\Firefox\Profiles\n6sg4 hyy.default\extensions\SteelheadMobileCertificateManager@riverbed.com =>.Riverbed Technology, Inc.
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) – C:\Windows\System32\Macromed\Flash\NPSWF32_22_0_0_ 209.dll =>.Adobe Systems Incorporated

—\ Internet Explorer Extensions, Start, Search (14) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/ =>.Bing.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/ =>.Bing.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/ =>.Bing.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://www.bing.com/ =>.Bing.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

—\ Internet Explorer, Proxy Management (7) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1 = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 1
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies =>.Microsoft

—\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\windows\system32\SystemPropertiesPerfo rmance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

—\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (1)

—\ Browser Helper Object (BHO) (8) - 2s
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) – C:\Program Files\Microsoft Office\Office15\OCHelper.dll =>.Microsoft Corporation®
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) – C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java™ Platform SE binary.) – C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll =>.Oracle America, Inc.®
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll =>.Microsoft Corporation®
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} . (.Microsoft Corporation - Windows Live Messenger Companion Core.) – C:\Program Files\Windows Live\Companion\companioncore.dll =>.Microsoft Corporation®
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) – C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL =>.Microsoft Corporation®
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) – C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java™ Platform SE binary.) – C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll =>.Oracle America, Inc.®

—\ Global shortcuts Startup (102) - 33s
O4 - GS\Desktop [Administrator]: Documents - Shortcut.lnk . (…) C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Libraries\Do cuments.library-ms
O4 - GS\Desktop [Administrator]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Desktop [Administrator]: PDF Password Remover.lnk . (.Tenorshare - PDF Password Remover.) C:\Program Files\PDF Password Remover\PDF Password Remover.exe =>.Tenorshare
O4 - GS\Desktop [Administrator]: Telegram.lnk . (.Telegram Messenger LLP - .) C:\Users\MSI CR-460\AppData\Roaming\Telegram Desktop\Telegram.exe {0084CF3F73EDB10D86} =>.Telegram Messenger LLP
O4 - GS\Desktop [Administrator]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: GOM Player.lnk . (.Gretech Corp. - GOM Player.) C:\Program Files\GRETECH\GomPlayer\GOM.exe =>.GRETECH®
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time
O4 - GS\sendTo [Administrator]: TeamViewer.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe --sendto =>.TeamViewer®
O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Administrator]: TeamViewer 10.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe =>.TeamViewer®
O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: Documents - Shortcut.lnk . (…) C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Libraries\Do cuments.library-ms
O4 - GS\Desktop [Guest]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Desktop [Guest]: PDF Password Remover.lnk . (.Tenorshare - PDF Password Remover.) C:\Program Files\PDF Password Remover\PDF Password Remover.exe =>.Tenorshare
O4 - GS\Desktop [Guest]: Telegram.lnk . (.Telegram Messenger LLP - .) C:\Users\MSI CR-460\AppData\Roaming\Telegram Desktop\Telegram.exe {0084CF3F73EDB10D86} =>.Telegram Messenger LLP
O4 - GS\Desktop [Guest]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: GOM Player.lnk . (.Gretech Corp. - GOM Player.) C:\Program Files\GRETECH\GomPlayer\GOM.exe =>.GRETECH®
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time
O4 - GS\sendTo [Guest]: TeamViewer.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe --sendto =>.TeamViewer®
O4 - GS\TaskBar [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Guest]: TeamViewer 10.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe =>.TeamViewer®
O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [MSI CR-460]: Documents - Shortcut.lnk . (…) C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Libraries\Do cuments.library-ms
O4 - GS\Desktop [MSI CR-460]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Desktop [MSI CR-460]: PDF Password Remover.lnk . (.Tenorshare - PDF Password Remover.) C:\Program Files\PDF Password Remover\PDF Password Remover.exe =>.Tenorshare
O4 - GS\Desktop [MSI CR-460]: Telegram.lnk . (.Telegram Messenger LLP - .) C:\Users\MSI CR-460\AppData\Roaming\Telegram Desktop\Telegram.exe {0084CF3F73EDB10D86} =>.Telegram Messenger LLP
O4 - GS\Desktop [MSI CR-460]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [MSI CR-460]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\MSI CR-460\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [MSI CR-460]: GOM Player.lnk . (.Gretech Corp. - GOM Player.) C:\Program Files\GRETECH\GomPlayer\GOM.exe =>.GRETECH®
O4 - GS\Quicklaunch [MSI CR-460]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [MSI CR-460]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [MSI CR-460]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [MSI CR-460]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [MSI CR-460]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time
O4 - GS\sendTo [MSI CR-460]: TeamViewer.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe --sendto =>.TeamViewer®
O4 - GS\TaskBar [MSI CR-460]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [MSI CR-460]: TeamViewer 10.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe =>.TeamViewer®
O4 - GS\TaskBar [MSI CR-460]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\Programs [MSI CR-460]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Programs [MSI CR-460]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [MSI CR-460]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\CommonDesktop [Public]: Canon IJ Network Tool.lnk . (.CANON INC. - Canon IJ Network Tool.) C:\Program Files\Canon\Canon IJ Network Tool\CNMNPUT.EXE =>.Canon Inc.®
O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - GS\CommonDesktop [Public]: Family Tree Maker 2012.lnk . (.Ancestry.com - Family Tree Maker 2012.) C:\Program Files\Family Tree Maker 2012\FTM.exe
O4 - GS\CommonDesktop [Public]: GOM Player.lnk . (.Gretech Corp. - GOM Player.) C:\Program Files\GRETECH\GomPlayer\GOM.exe =>.GRETECH®
O4 - GS\CommonDesktop [Public]: Malwarebytes Anti-Malware.lnk . (.Malwarebytes - Malwarebytes Anti-Malware.) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe =>.Malwarebytes Corporation®
O4 - GS\CommonDesktop [Public]: PIXAJOY Editor.lnk . (.Pixajoy - Pixajoy.) C:\Program Files\PIXAJOY Editor\PIXAJOY Editor.exe
O4 - GS\CommonDesktop [Public]: RogueKiller.lnk . (…) C:\Program Files\RogueKiller\RogueKiller.exe =>.Adlice®
O4 - GS\CommonDesktop [Public]: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) C:\Program Files\ZHPFix\ZHPhep.exe =>.Nicolas Coolman
O4 - GS\Programs [Public]: FileHippo App Manager.lnk . (.Copyright © 2014 - FileHippo.AppManager.) C:\Program Files\FileHippo.com\FileHippo.AppManager.exe =>.Well Known Media Ltd®
O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) C:\windows\system32\cmd.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\windows\system32\eudcedit.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Bluetooth File Transfer Wizard.lnk . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\windows\system32\displayswitch.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\windows\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\windows\system32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\windows\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\windows\system32\dfrgui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\windows\system32\cleanmgr.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\windows\system32\perfmon.exe /res =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\windows\system32\msinfo32.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\windows\system32\rstrui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (…) C:\windows\system32\taskschd.msc /s =>..Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Adobe Reader XI.lnk . (…) C:\windows\Installer{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico =>.Adobe Inc.
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Microsoft Security Essentials.lnk . (.Microsoft Corporation - Microsoft Security Client User Interface.) C:\Program Files\Microsoft Security Client\msseces.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files\Windows Sidebar\sidebar.exe /showgadgets =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: TeamViewer 10.lnk . (.TeamViewer GmbH - TeamViewer 10.) C:\Program Files\TeamViewer\TeamViewer.exe =>.TeamViewer®
O4 - GS\ProgramsCommon [Public]: Windows Anytime Upgrade.lnk . (.Microsoft Corporation - Windows Anytime Upgrade User Interface.) C:\windows\system32\WindowsAnytimeUpgradeUI.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Movie Maker.lnk . (.Microsoft Corporation - Windows Live Movie Maker.) C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Photo Gallery.lnk . (.Microsoft Corporation - Windows Live Photo Gallery.) C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\windows\system32\xpsrchvw.exe =>.Microsoft Corporation

—\ Lop.com/Domain Hijackers (4) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip..{50C8F833-76C7-43D8-93AB-4E6D4052CA40}: DhcpNameServer = 192.168.0.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip..{50C8F833-76C7-43D8-93AB-4E6D4052CA40}: DhcpDomain = domain.name

—\ Extra protocols (25) - 1s
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) – C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll =>.Microsoft Corporation®
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} . (.Microsoft Corporation - Microsoft Office 2013 component.) – C:\Program Files\Microsoft Office\Office15\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) – C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation®
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) – C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation®
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) – C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL =>.Microsoft Corporation®

—\ Software installed (113) - 43s
O42 - Logiciel: Adobe Flash Player 22 NPAPI - (.Adobe Systems Incorporated.) [HKLM] – Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Flash Player 24 ActiveX - (.Adobe Systems Incorporated.) [HKLM] – Adobe Flash Player ActiveX =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Reader XI (11.0.13) - (.Adobe Systems Incorporated.) [HKLM] – {AC76BA86-7AD7-1033-7B44-AB0000000001} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM] – {AC76BA86-0804-1033-1959-001824157129} =>.Adobe Systems Incorporated
O42 - Logiciel: Alcor Micro USB Card Reader - (.Alcor Micro Corp..) [HKLM] – {4555BB9E-E715-4260-A178-E8EFD2B653E3} =>.Alcor Micro Corp.
O42 - Logiciel: Alcor Micro USB Card Reader - (.Alcor Micro Corp..) [HKLM] – {AB398DDB-0E7B-400B-A940-7E61FB91A531} =>.Alcor Micro Corp.
O42 - Logiciel: Alcor Micro USB Card Reader - (.Alcor Micro Corp..) [HKLM] – AmUStor =>.Alcor Micro Corp.
O42 - Logiciel: Atheros Client Installation Program - (.Atheros.) [HKLM] – {28006915-2739-4EBE-B5E8-49B25D32EB33} =>.Macrovision Corporation®
O42 - Logiciel: Atheros Client Installation Program - (.Atheros.) [HKLM] – {D3694B69-6F8C-42D3-8A0A-EB2AB528C02C} =>.Macrovision Corporation®
O42 - Logiciel: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM] – {3108C217-BE83-42E4-AE9E-A56A2A92E549} =>.Atheros Communications Inc.®
O42 - Logiciel: AVG PC TuneUp 2015 (en-US) - (.AVG Technologies.) [HKLM] – {4AC74ED1-719B-46DA-8B8A-340FBF892291} =>.AVG Technologies
O42 - Logiciel: Broadcom 802.11 Network Adapter - (.Broadcom Corporation.) [HKLM] – Broadcom 802.11 Network Adapter =>.Broadcom Corporation®
O42 - Logiciel: Canon IJ Network Scanner Selector EX - (..) [HKLM] – Canon_IJ_Network_Scanner_Selector_EX =>.Canon Inc.®
O42 - Logiciel: Canon IJ Network Tool - (.Canon Inc..) [HKLM] – Canon_IJ_Network_UTILITY =>.Canon Inc.®
O42 - Logiciel: Canon MX420 series MP Drivers - (.Canon Inc..) [HKLM] – {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}Canon_MX420_series =>.Canon Inc.®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] – CCleaner =>.Piriform Ltd®
O42 - Logiciel: Cisco AnyConnect Secure Mobility Client - (.Cisco Systems, Inc..) [HKLM] – Cisco AnyConnect Secure Mobility Client =>.Cisco Systems, Inc.®
O42 - Logiciel: Cisco AnyConnect Secure Mobility Client - (.Cisco Systems, Inc..) [HKLM] – {F63E747C-5B51-4A6E-9413-BF258F4653F3} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM] – {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM] – {51C7AD07-C3F6-4635-8E8A-231306D810FE} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM] – {ED5776D5-59B4-46B7-AF81-5F2D94D7C640} =>.Cisco Systems, Inc.
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] – {01FB4998-33C4-4431-85ED-079E3EEFE75D} =>.CyberLink®
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] – InstallShield{01FB4998-33C4-4431-85ED-079E3EEFE75D} =>.CyberLink®
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] – {E09C4DB7-630C-4F06-A631-8EA7239923AF} =>.Microsoft
O42 - Logiciel: Family Tree Maker 2012 - (.Ancestry.com, Inc..) [HKLM] – {1CB0993B-1CD4-4A18-9C85-9732AFD9843F}
O42 - Logiciel: Family Tree Maker 2012 - (.Ancestry.com, Inc..) [HKLM] – Family Tree Maker 2012
O42 - Logiciel: FileHippo App Manager - (.FileHippo.com.) [HKLM] – FileHippo.com =>.FileHippo.com
O42 - Logiciel: FlashGet3.7 - (. http://www.flashget.com .) [HKLM] – FlashGet3.7 =>. http://www.flashget.com
O42 - Logiciel: FormatFactory 2.20 - (.Free Time.) [HKLM] – FormatFactory =>.Free Time
O42 - Logiciel: GOM Player - (.Gretech Corporation.) [HKLM] – GOM Player =>.Gretech Corporation
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] – Google Chrome =>.Google Inc®
O42 - Logiciel: Google Photos Backup - (.Google, Inc..) [HKCU] – Google Photos Backup =>.Google, Inc.
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] – {18455581-E099-4BA8-BC6B-F34B2F06600C} =>.Google Inc.
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] – {2318C2B1-4965-11d4-9B18-009027A5CD4F} =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] – {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: HTC Driver Installer - (.HTC Corporation.) [HKLM] – {4CEEE5D0-F905-4688-B9F9-ECC710507796} =>.HTC Corporation
O42 - Logiciel: HTC Sync Manager - (.HTC.) [HKLM] – {231D0C79-98A6-4693-A366-36DE7D7346EC} =>.HTC
O42 - Logiciel: ImagXpress - (.Nero AG.) [HKLM] – {A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D} =>.Nero AG
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM] – {65153EA5-8B6E-43B6-857B-C6E4FC25798A} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM] – {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation®
O42 - Logiciel: IPTInstaller - (.HTC.) [HKLM] – {08208143-777D-4A06-BB54-71BF0AD1BB70} =>.HTC
O42 - Logiciel: Java 8 Update 121 - (.Oracle Corporation.) [HKLM] – {26A24AE4-039D-4CA4-87B4-2F32180121F0} =>.Oracle Corporation
O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM] – {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] – {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} =>.Microsoft Corporation
O42 - Logiciel: K-Lite Codec Pack 8.3.2 (Full) - (.KLite Inc.) [HKLM] – KLiteCodecPack_is1 =>.KLite Inc
O42 - Logiciel: Lenovo_Wireless_Driver - (.Lenovo.) [HKLM] – {28ABE740-47F3-441B-9437-852F6A64EFF8} =>.Macrovision Corporation®
O42 - Logiciel: Malwarebytes Anti-Malware version 2.2.1.1043 - (.Malwarebytes.) [HKLM] – Malwarebytes Anti-Malware_is1 =>.Malwarebytes
O42 - Logiciel: Master PDF Editor 2.1.65 - (.Code Industry Ltd..) [HKLM] – Master PDF Editor 2.1.65_is1
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM] – {8C6D6116-B724-4810-8F2D-D047E6B7D68E} =>.Microsoft Corporation
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] – {50816F92-1652-4A7C-B9BC-48F682742C4B} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Access MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0015-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Access Setup Metadata MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0117-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Application Error Reporting - (.Microsoft Corporation.) [HKLM] – {95120000-00B9-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft DCF MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0090-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Excel MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0016-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Groove MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-00BA-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft InfoPath MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0044-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Lync MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-012B-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft OneNote MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-00A1-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Outlook MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-001A-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft PowerPoint MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0018-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Publisher MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0019-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] – {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visio MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0054-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visio Professional 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-0051-0000-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visio Professional 2013 - (.Microsoft Corporation.) [HKLM] – Office15.VISPRO =>.Microsoft Corporation®
O42 - Logiciel: Microsoft Word MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] – {90150000-001B-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] – {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} =>.Microsoft
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] – {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} =>.Microsoft Corporation
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] – {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} =>.Microsoft Corporation
O42 - Logiciel: My Photo Creations (Photobookmart Edition) - (.Digilabs.) [HKLM] – {111FC0F4-F93D-4FB1-A91D-B0258A8A1BA5}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] – {56C049BE-79E9-4502-BEA7-9754A3E60F9B} =>.Nero AG
O42 - Logiciel: PDF Password Remover - (.Tenorshare, Inc..) [HKLM] – PDF Password Remover =>.Tenorshare, Inc.
O42 - Logiciel: PDFill PDF Editor with FREE Writer and FREE Tools - (.PlotSoft LLC.) [HKLM] – {D1399216-81B2-457C-A0F7-73B9A2EF6902} =>.PlotSoft LLC
O42 - Logiciel: Photobook Designer - (.Photobook Malaysia.) [HKCU] – Photobook Designer
O42 - Logiciel: Pismo File Mount Audit Package - (..) [HKLM] – PismoFileMountAuditPackage =>.Pismo Technic Inc.®
O42 - Logiciel: PIXAJOY Editor - (.Pixajoy.) [HKCU] – PIXAJOY Editor
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM] – {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek USB 2.0 Reader Driver - (.Realtek Semiconductor Corp..) [HKLM] – {62BBB2F0-E220-4821-A564-730807D2C34D} =>.Realtek Semiconductor Corp®
O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM] – {9D3D8C60-A55F-4123-B2B9-173F09590E16} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Riverbed Steelhead Mobile - (.Riverbed Technology, Inc..) [HKLM] – {09D86FD5-EA7E-4072-997F-4E88AE25ACA2} =>.Riverbed Technology, Inc.
O42 - Logiciel: RogueKiller version 12.9.8.0 - (.Adlice Software.) [HKLM] – 8B3D7924-ED89-486B-8322-E8594065D5CB_is1 =>.Adlice®
O42 - Logiciel: S-Bar - (.MSI.) [HKLM] – {4E18A842-A084-46E0-81BA-31C7EB96B26C} =>.MSI
O42 - Logiciel: TeamViewer 10 - (.TeamViewer.) [HKLM] – TeamViewer =>.TeamViewer®
O42 - Logiciel: Telegram Desktop version 0.10.19 - (.Telegram Messenger LLP.) [HKCU] – {53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1 =>.Telegram Messenger LLP
O42 - Logiciel: TuneUp Utilities 2014 (en-US) - (.TuneUp Software.) [HKLM] – {14C8CE46-C68C-461B-BCA9-E276A85851C6} =>.TuneUp Software
O42 - Logiciel: Update for Skype for Business 2015 (KB3039776) 32-Bit Edition - (.Microsoft.) [HKLM] – {90150000-012B-0409-0000-0000000FF1CE}Office15.PROPLUS{9F6B3627-AF9E-40A5-AAD5-3497C4327616} =>.Microsoft Corporation®
O42 - Logiciel: Update for Skype for Business 2015 (KB3161988) 32-Bit Edition - (.Microsoft.) [HKLM] – {90150000-0011-0000-0000-0000000FF1CE}Office15.PROPLUS{245EB15F-A90C-422B-9D3F-3AEEDF028CCC} =>.Microsoft Corporation®
O42 - Logiciel: Update for Skype for Business 2015 (KB3161988) 32-Bit Edition - (.Microsoft.) [HKLM] – {90150000-012B-0409-0000-0000000FF1CE}Office15.PROPLUS{245EB15F-A90C-422B-9D3F-3AEEDF028CCC} =>.Microsoft Corporation®
O42 - Logiciel: Uplayer - (.D-LINK CORPORATION.) [HKLM] – {246F5A8A-ADB1-4ED9-BE01-C4118E7DB3A5} =>.D-Link Corporation
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM] – {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
O42 - Logiciel: VNC Enterprise Edition E4.5.1 - (.RealVNC Ltd..) [HKLM] – RealVNC_is1 =>.RealVNC Ltd.
O42 - Logiciel: VNC Mirror Driver 1.8.0 - (.RealVNC Ltd..) [HKLM] – VNCMirror_is1 =>.RealVNC Ltd.
O42 - Logiciel: VNC Printer Driver 1.6.0 - (.RealVNC Ltd..) [HKLM] – VNCPrinter_is1 =>.RealVNC Ltd.
O42 - Logiciel: WD Drive Utilities - (.Western Digital Technologies, Inc..) [HKLM] – {E61CFDDA-40DD-4400-95CA-12819C50B5C2} =>.Western Digital Technologies, Inc.
O42 - Logiciel: WD Security - (.Western Digital Technologies, Inc..) [HKLM] – {429a42d7-4c55-44d4-b38a-5872a0d70495} =>.Western Digital Technologies, Inc.®
O42 - Logiciel: WD Security - (.Western Digital Technologies, Inc..) [HKLM] – {F1D5FC88-4EE0-4D0B-917B-60E930142FB9} =>.Western Digital Technologies, Inc.
O42 - Logiciel: WD SES Driver Setup - (.Western Digital.) [HKLM] – {924A274D-38B6-4930-8859-F3F51CFA8DDD} =>.Western Digital
O42 - Logiciel: WD SmartWare - (.Western Digital Technologies, Inc..) [HKLM] – {6EE644CD-FC7F-424C-83EA-9C0285C4FB7F} =>.Western Digital Technologies, Inc.
O42 - Logiciel: Win7codecs - (.Shark007.) [HKLM] – {8C0CAA7A-3272-4991-A808-2C7559DE3409} =>.Shark007
O42 - Logiciel: Windows 7 USB/DVD Download Tool - (.Microsoft Corporation.) [HKLM] – {CCF298AF-9CE1-4B26-B251-486E98A34789} =>.Microsoft Corporation
O42 - Logiciel: Windows Driver Package - ENE (EUCR) USB (12/04/2009 5.89.0.64) - (.ENE.) [HKLM] – 7F523D4F8E191139525DC0260B06BF68E4E581EE =>.ENE Technology Inc.®
O42 - Logiciel: Windows Driver Package - Intel (NETw5s32) net (03/18/2010 13.2.0.30) - (.Intel.) [HKLM] – 5B1D8E9CE6F89F5466353F3E5A7084A126505FEA =>.Microsoft Windows®
O42 - Logiciel: Windows Driver Package - Intel (NETw5s32) net (09/15/2009 13.0.0.107) - (.Intel.) [HKLM] – 261F972493946CC8B32688E5247ADD2EE612DEB9 =>.Microsoft Windows®
O42 - Logiciel: Windows Driver Package - Intel (NETw5v32) net (03/18/2010 13.2.0.30) - (.Intel.) [HKLM] – DA556C9045FE4065F487AF1C9B3992A6AD4C8A66 =>.Microsoft Windows®
O42 - Logiciel: Windows Driver Package - Intel (NETw5v32) net (09/15/2009 13.0.0.107) - (.Intel.) [HKLM] – FB8C5A1BB9B0EB1DBE21E5BBBF6942439C4FB2F9 =>.Microsoft Windows®
O42 - Logiciel: Windows Driver Package - Ralink (netr28u) Net (11/13/2009 3.00.09.0000) - (.Ralink.) [HKLM] – AB8CA567F16EA6E1DF917E5D13C2A15AD9BB4B14 =>.Microsoft Windows Component Publisher®
O42 - Logiciel: Windows Driver Package - Ralink Technology, Corp. (netr28) Net (02/09/2010 - (.Ralink Technology, Corp..) [HKLM] – DA9E83E3434B0A377F6C3573D30A3E6E692E31F2 =>.Microsoft Windows Component Publisher®
O42 - Logiciel: Windows Media Encoder 9 Series - (.Microsoft Corporation.) [HKLM] – {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} =>.Microsoft Corporation
O42 - Logiciel: Windows Media Encoder 9 Series - (.Microsoft Corporation.) [HKLM] – Windows Media Encoder 9 =>.Microsoft Corporation
O42 - Logiciel: WinRAR archiver - (.win.rar GmbH.) [HKLM] – WinRAR archiver =>.win.rar GmbH
O42 - Logiciel: WinZip 15.0 - (.WinZip Computing, S.L..) [HKLM] – {CD95F661-A5C4-44F5-A6AA-ECDD91C240BE} =>.WinZip Computing, S.L.
O42 - Logiciel: ZHPFix 2015 - (.Nicolas Coolman.) [HKLM] – ZHPFix_is1 =>.Nicolas Coolman

—\ HKCU & HKLM Software Keys (129) - 43s
HKLM\SOFTWARE<company>
HKLM\SOFTWARE\Adobe =>.Adobe
HKLM\SOFTWARE\Adware Removal Tool by TSA =>.TSA Softwares
HKLM\SOFTWARE\Ancestry.com
HKLM\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKLM\SOFTWARE\Apple Inc. =>.Apple Inc.
HKLM\SOFTWARE\Atheros =>.Qualcomm Atheros
HKLM\SOFTWARE\ATI Technologies =>.ATI Technologies
HKLM\SOFTWARE\Avg =>.AVG Software
HKLM\SOFTWARE\BCL Technologies =>.BCL Technologies
HKLM\SOFTWARE\Broadcom =>.Broadcom
HKLM\SOFTWARE\Canon =>.Canon
HKLM\SOFTWARE\Caphyon =>.Caphyon
HKLM\SOFTWARE\CBSTEST =>.CBS Test
HKLM\SOFTWARE\Cisco =>.Cisco Systems, Inc.
HKLM\SOFTWARE\CyberLink =>.CyberLink Corporation
HKLM\SOFTWARE\DivXNetworks =>.DivXNetworks
HKLM\SOFTWARE\FlashGet Network
HKLM\SOFTWARE\g3n-h@ckm@n =>.g3n-h@ckm@n
HKLM\SOFTWARE\Gabest =>.Gabest
HKLM\SOFTWARE\GEAR Software =>.GEAR Software
HKLM\SOFTWARE\GNU =>.GNU
HKLM\SOFTWARE\Google =>.Google
HKLM\SOFTWARE\GRETECH =>.Gretech
HKLM\SOFTWARE\HaaliMkx =>.Haali Media
HKLM\SOFTWARE\HTC =>.HTC
HKLM\SOFTWARE\IM Providers =>.IM Providers
HKLM\SOFTWARE\inKline Global
HKLM\SOFTWARE\Intel =>.Intel
HKLM\SOFTWARE\Internet Download Manager =>.Tonec Inc
HKLM\SOFTWARE\InterVideo =>.InterVideo
HKLM\SOFTWARE\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\JreMetrics =>.JreMetrics
HKLM\SOFTWARE\KLCodecPack =>.KLite Inc
HKLM\SOFTWARE\LAV =>.LAV Inc
HKLM\SOFTWARE\Macromedia =>.Macromedia
HKLM\SOFTWARE\MimarSinan =>.Mimar Sinan
HKLM\SOFTWARE\Mozilla =>.Mozilla
HKLM\SOFTWARE\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\MSI =>.MSI
HKLM\SOFTWARE\Nero =>.Ahead Corporation
HKLM\SOFTWARE\Nico Mak Computing =>.Nico Mak Computing
HKLM\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Piriform =>.Piriform
HKLM\SOFTWARE\PlotSoft =>.PlotSoft
HKLM\SOFTWARE\PocketSoft
HKLM\SOFTWARE\PS
HKLM\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\RealVNC =>.RealVNC
HKLM\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKLM\SOFTWARE\Riverbed
HKLM\SOFTWARE\RTLSetup =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Skype =>.Skype
HKLM\SOFTWARE\StarterBackgroundChanger
HKLM\SOFTWARE\sysinternals =>.Sysinternals
HKLM\SOFTWARE\TeamViewer =>.TeamViewer
HKLM\SOFTWARE\Volatile =>.Microsoft Corporation
HKLM\SOFTWARE\WDPA =>.WDPA
HKLM\SOFTWARE\Western Digital =>.Western Digital
HKLM\SOFTWARE\WinRAR =>.WinRAR
HKLM\SOFTWARE\WOW6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\3rd Eye Solutions
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\Ancestry.com
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc. =>.Apple Inc.
HKCU\SOFTWARE\ASProtect =>.ASPack Software
HKCU\SOFTWARE\Avg =>.AVG Software
HKCU\SOFTWARE\BugSplat =>.Bugsplat Game
HKCU\SOFTWARE\Canon =>.Canon
HKCU\SOFTWARE\CanonBJ =>.Canon Inc.
HKCU\SOFTWARE\Caphyon =>.Caphyon
HKCU\SOFTWARE\CDDB =>.Cddb Software
HKCU\SOFTWARE\Cisco =>.Cisco Systems, Inc.
HKCU\SOFTWARE\Code Industry
HKCU\SOFTWARE\CyberLink =>.CyberLink Corporation
HKCU\SOFTWARE\dlink
HKCU\SOFTWARE\DownloadManager =>.DownloadManager
HKCU\SOFTWARE\FileHippo.com =>.FileHippo.com
HKCU\SOFTWARE\FileOpen =>.FileOpen Systems Inc.
HKCU\SOFTWARE\FreeTime =>.FreeTime Inc
HKCU\SOFTWARE\g3n-h@ckm@n =>.g3n-h@ckm@n
HKCU\SOFTWARE\Gabest =>.Gabest
HKCU\SOFTWARE\GNU =>.GNU
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\GRETECH =>.Gretech
HKCU\SOFTWARE\HTC =>.HTC
HKCU\SOFTWARE\ihelper =>.Legitimate
HKCU\SOFTWARE\IM Providers =>.IM Providers
HKCU\SOFTWARE\InstallPath =>.Legitimate
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\Lake =>.Lake Sofware
HKCU\SOFTWARE\LAV =>.LAV Inc
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\MediaInfo =>.Jérôme Martinez
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKCU\SOFTWARE\MSI =>.MSI
HKCU\SOFTWARE\Nero =>.Ahead Corporation
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\Nitro =>.Nitro
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\Opera Software =>.Opera Software
HKCU\SOFTWARE\pdfconverter.com =>.pdfconverter.com
HKCU\SOFTWARE\Photobook Designer
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\PIXAJOY Editor
HKCU\SOFTWARE\PlotSoft =>.PlotSoft
HKCU\SOFTWARE\pocketsoft
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\RealVNC =>.RealVNC
HKCU\SOFTWARE\Riverbed
HKCU\SOFTWARE\Skype =>.Skype
HKCU\SOFTWARE\Sysinternals =>.Sysinternals
HKCU\SOFTWARE\TeamViewer =>.TeamViewer
HKCU\SOFTWARE\Teiron =>.Teiron
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\TuneUp =>.TuneUp
HKCU\SOFTWARE\Western Digital =>.Western Digital
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.RarLab
HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft

—\ Contents of the Common Files folders (293) - 31s
O43 - CFD: 14/03/2015 - D – C:\Program Files\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 11/03/2017 - D – C:\Program Files\Adware Removal Tool by TSA =>.TSA Softwares
O43 - CFD: 27/02/2012 - D – C:\Program Files\AmIcoSingLun =>.Alcor Micro Corporation
O43 - CFD: 22/08/2015 - D – C:\Program Files\Atheros =>.Qualcomm Atheros
O43 - CFD: 07/07/2015 - D – C:\Program Files\AVG =>.AVG Software
O43 - CFD: 18/09/2015 - D – C:\Program Files\BCL Technologies =>.BCL Technologies
O43 - CFD: 27/02/2012 - D – C:\Program Files\Broadcom =>.Broadcom Corporation®
O43 - CFD: 28/10/2016 - D – C:\Program Files\Canon =>.Canon Inc.®
O43 - CFD: 28/10/2016 - HD – C:\Program Files\CanonBJ =>.Canon Inc.
O43 - CFD: 04/02/2017 - D – C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 22/06/2014 - D – C:\Program Files\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 14/11/2014 - D – C:\Program Files\Code Industry
O43 - CFD: 11/03/2017 - D – C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 13/04/2012 - D – C:\Program Files\CyberLink =>.CyberLink Corporation
O43 - CFD: 27/02/2012 - D – C:\Program Files\DIFX =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - D – C:\Program Files\DVD Maker =>.Aone Software
O43 - CFD: 18/09/2015 - D – C:\Program Files\Family Tree Maker 2012 {0617082F262673EB00DF1F193DE22525}
O43 - CFD: 09/10/2016 - D – C:\Program Files\FileHippo.com =>.Well Known Media Ltd®
O43 - CFD: 28/02/2012 - D – C:\Program Files\FlashGet Network =>.FlashGet
O43 - CFD: 21/08/2012 - D – C:\Program Files\FreeTime =>.FreeTime
O43 - CFD: 09/10/2016 - D – C:\Program Files\Google =>.Google Inc®
O43 - CFD: 28/02/2012 - D – C:\Program Files\GRETECH =>.GRETECH®
O43 - CFD: 07/02/2015 - D – C:\Program Files\HTC =>.HTC
O43 - CFD: 12/09/2015 - D – C:\Program Files\inKline Global
O43 - CFD: 12/09/2015 - HD – C:\Program Files\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 13/04/2012 - D – C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 24/07/2016 - D – C:\Program Files\Internet Download Manager =>.Tonec Inc
O43 - CFD: 17/12/2016 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 04/02/2017 - D – C:\Program Files\Java =>.Oracle
O43 - CFD: 28/02/2012 - D – C:\Program Files\K-Lite Codec Pack =>.KLite Inc
O43 - CFD: 27/02/2012 - D – C:\Program Files\Lenovo =>.Lenovo
O43 - CFD: 30/10/2016 - D – C:\Program Files\Malwarebytes Anti-Malware =>.Malwarebytes
O43 - CFD: 16/04/2012 - D – C:\Program Files\Microsoft Analysis Services =>.Microsoft Corporation
O43 - CFD: 21/09/2013 - D – C:\Program Files\Microsoft Application Virtualization Client =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Program Files\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 09/09/2015 - D – C:\Program Files\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 05/02/2017 - D – C:\Program Files\Microsoft Security Client =>.Microsoft Corporation
O43 - CFD: 24/11/2016 - D – C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 09/09/2015 - D – C:\Program Files\Microsoft SQL Server =>.Microsoft Corporation
O43 - CFD: 16/04/2012 - D – C:\Program Files\Microsoft SQL Server Compact Edition =>.Microsoft Corporation
O43 - CFD: 16/04/2012 - D – C:\Program Files\Microsoft Sync Framework =>.Microsoft Corporation
O43 - CFD: 16/04/2012 - D – C:\Program Files\Microsoft Synchronization Services =>.Microsoft Corporation
O43 - CFD: 16/09/2015 - D – C:\Program Files\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 24/11/2016 - D – C:\Program Files\Mozilla Firefox =>.Mozilla
O43 - CFD: 09/09/2015 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 22/08/2015 - D – C:\Program Files\MSECache =>.Microsoft Corporation
O43 - CFD: 02/09/2012 - [0] D – C:\Program Files\MSXML 4.0 =>.Microsoft Corporation
O43 - CFD: 03/02/2014 - D – C:\Program Files\My Photo Creations (Photobookmart Edition) {00B0948F9E29EED75E31BAF47F5061A0D3}
O43 - CFD: 31/01/2014 - D – C:\Program Files\Nero =>.Ahead Corporation
O43 - CFD: 31/01/2014 - D – C:\Program Files\OpenOffice.org 3 =>.SourceForge
O43 - CFD: 22/08/2015 - D – C:\Program Files\Opera =>.Opera Software
O43 - CFD: 03/09/2016 - D – C:\Program Files\PDF Password Remover
O43 - CFD: 25/12/2013 - D – C:\Program Files\Photobook Designer
O43 - CFD: 08/09/2015 - D – C:\Program Files\Pismo File Mount Audit Package =>.Pismo Technic Inc.®
O43 - CFD: 11/10/2014 - D – C:\Program Files\PIXAJOY Editor
O43 - CFD: 14/11/2014 - D – C:\Program Files\PlotSoft =>.PlotSoft
O43 - CFD: 27/02/2012 - D – C:\Program Files\Realtek =>.Realtek
O43 - CFD: 27/02/2012 - D – C:\Program Files\REALTEK PCIE Wireless LAN Driver =>.Realtek Semiconductor Corp.
O43 - CFD: 22/06/2014 - D – C:\Program Files\RealVNC =>.RealVNC
O43 - CFD: 14/07/2009 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 02/11/2014 - D – C:\Program Files\Riverbed
O43 - CFD: 26/02/2017 - D – C:\Program Files\RogueKiller =>.Adlice
O43 - CFD: 13/04/2012 - D – C:\Program Files\S-Bar
O43 - CFD: 24/05/2015 - D – C:\Program Files\Save my Tabs
O43 - CFD: 23/05/2015 - D – C:\Program Files\Sidewise Tree Style Tabs
O43 - CFD: 07/02/2015 - D – C:\Program Files\Spirent Communications =>.Spirent Communications
O43 - CFD: 31/01/2014 - D – C:\Program Files\StarterBackgroundChanger
O43 - CFD: 20/10/2015 - D – C:\Program Files\TeamViewer =>.TeamViewer®
O43 - CFD: 14/07/2009 - [0] HD – C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 07/09/2015 - D – C:\Program Files\Western Digital =>.Western Digital Technologies, Inc.®
O43 - CFD: 28/02/2012 - D – C:\Program Files\Win7codecs =>.Shark007
O43 - CFD: 14/07/2013 - D – C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 23/05/2015 - D – C:\Program Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 18/09/2015 - D – C:\Program Files\Windows Media Components =>.Microsoft Corporation®
O43 - CFD: 07/12/2016 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 16/04/2012 - D – C:\Program Files\WinRAR =>.WinRAR
O43 - CFD: 27/02/2012 - D – C:\Program Files\WinZip =>.WinZip Computing®
O43 - CFD: 11/03/2017 - D – C:\Program Files\ZHPFix =>.Nicolas Coolman
O43 - CFD: 08/09/2015 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 09/07/2015 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 28/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX420 series
O43 - CFD: 28/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities =>.Canon Inc.
O43 - CFD: 21/03/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 22/06/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 28/02/2012 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam =>.CyberLink Corporation
O43 - CFD: 18/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2012
O43 - CFD: 28/02/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
O43 - CFD: 14/07/2009 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 12/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player =>.Gretech Corporation
O43 - CFD: 07/02/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC =>.HTC
O43 - CFD: 28/07/2016 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager =>.Tonec Inc
O43 - CFD: 04/02/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java =>.Oracle
O43 - CFD: 28/02/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack =>.KLite Inc
O43 - CFD: 14/07/2009 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 30/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware =>.Malwarebytes
O43 - CFD: 14/11/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Master PDF Editor =>.CAD-KAS Software
O43 - CFD: 09/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 26/02/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 =>.Microsoft Corporation
O43 - CFD: 13/04/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English) =>.Microsoft Corporation
O43 - CFD: 24/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 03/02/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Photo Creations (Photobookmart Edition)
O43 - CFD: 31/01/2014 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1 =>.SourceForge
O43 - CFD: 14/11/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill =>.PlotSoft L.L.C.
O43 - CFD: 25/12/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photobook Designer
O43 - CFD: 08/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pismo File Mount Audit Package
O43 - CFD: 12/10/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIXAJOY Editor
O43 - CFD: 22/06/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC =>.RealVNC
O43 - CFD: 26/02/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller =>.Adlice
O43 - CFD: 13/04/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S-Bar
O43 - CFD: 16/04/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint =>.Microsoft Corporation
O43 - CFD: 28/02/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs =>.Shark007
O43 - CFD: 21/10/2015 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 02/11/2014 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steelhead Mobile
O43 - CFD: 07/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital =>.Western Digital
O43 - CFD: 28/02/2012 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live =>.Microsoft Corporation
O43 - CFD: 18/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media =>.Microsoft Corporation
O43 - CFD: 16/04/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 27/02/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip =>.WinZip
O43 - CFD: 11/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP =>.Nicolas Coolman
O43 - CFD: 31/01/2014 - D – C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 =>.GEAR Software, Inc.
O43 - CFD: 14/03/2015 - D – C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 27/02/2012 - D – C:\ProgramData\AmUStor =>.Alocr Micro
O43 - CFD: 01/07/2012 - D – C:\ProgramData\Apple =>.Apple Inc.
O43 - CFD: 01/07/2012 - D – C:\ProgramData\Apple Computer =>.Apple Inc.
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 27/02/2012 - D – C:\ProgramData\ashampoo =>.Ashampoo GmbH
O43 - CFD: 27/02/2012 - D – C:\ProgramData\Atheros =>.Qualcomm Atheros
O43 - CFD: 30/06/2012 - D – C:\ProgramData\boost_interprocess =>.boost.org
O43 - CFD: 28/10/2016 - [0] D – C:\ProgramData\Canon IJ Network Tool =>.Canon Inc.
O43 - CFD: 28/10/2016 - HD – C:\ProgramData\CanonBJ =>.Canon Inc.
O43 - CFD: 28/10/2016 - HD – C:\ProgramData\CanonIJFAX =>.Canon Inc.
O43 - CFD: 28/10/2016 - D – C:\ProgramData\CanonIJWSpt =>.Canon Inc.
O43 - CFD: 22/06/2014 - D – C:\ProgramData\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 04/03/2013 - HD – C:\ProgramData\Common Files =>.Microsoft Corporation
O43 - CFD: 19/05/2012 - D – C:\ProgramData\CyberLink =>.CyberLink Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 05/10/2013 - D – C:\ProgramData\FileOpen =>.FileOpen Systems Inc.
O43 - CFD: 09/10/2016 - D – C:\ProgramData\Google =>.Google
O43 - CFD: 06/10/2014 - D – C:\ProgramData\GRETECH =>.Gretech
O43 - CFD: 07/02/2015 - D – C:\ProgramData\HTC =>.HTC
O43 - CFD: 21/03/2015 - D – C:\ProgramData\IsolatedStorage =>.id Software
O43 - CFD: 12/09/2015 - D – C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 21/11/2016 - SD – C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 26/02/2017 - D – C:\ProgramData\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 31/01/2014 - D – C:\ProgramData\Nero =>.Ahead Corporation
O43 - CFD: 25/05/2013 - D – C:\ProgramData\Nitro =>.Nitro
O43 - CFD: 04/02/2017 - D – C:\ProgramData\Oracle =>.Oracle
O43 - CFD: 07/09/2015 - D – C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 27/02/2012 - D – C:\ProgramData\PDVD =>.PDVD
O43 - CFD: 14/11/2014 - [0] D – C:\ProgramData\PlotSoft =>.PlotSoft
O43 - CFD: 21/08/2016 - D – C:\ProgramData\ProductData =>.Microsoft Corporation
O43 - CFD: 09/09/2015 - D – C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 02/11/2014 - D – C:\ProgramData\Riverbed
O43 - CFD: 26/02/2017 - D – C:\ProgramData\RogueKiller =>.Adlice
O43 - CFD: 09/10/2016 - D – C:\ProgramData\Skype =>.Skype
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 09/07/2015 - [0] D – C:\ProgramData\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 04/05/2012 - D – C:\ProgramData\VirtualizedApplications =>.Microsoft Corporation
O43 - CFD: 07/09/2015 - D – C:\ProgramData\Western Digital =>.Western Digital
O43 - CFD: 28/02/2012 - D – C:\ProgramData\Win7codecs =>.Shark007
O43 - CFD: 27/02/2012 - D – C:\ProgramData\WinZip =>.WinZip
O43 - CFD: 07/10/2015 - HD – C:\ProgramData{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
O43 - CFD: 14/03/2015 - D – C:\Program Files\Common Files\Adobe =>.Adobe
O43 - CFD: 09/09/2015 - D – C:\Program Files\Common Files\DESIGNER =>.Designer
O43 - CFD: 12/09/2015 - D – C:\Program Files\Common Files\InstallShield =>.InstallShield
O43 - CFD: 27/02/2012 - D – C:\Program Files\Common Files\Intel =>.Intel Corporation
O43 - CFD: 04/02/2017 - D – C:\Program Files\Common Files\Java =>.Oracle
O43 - CFD: 16/09/2015 - D – C:\Program Files\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 07/02/2015 - D – C:\Program Files\Common Files\Nero =>.Ahead Corporation
O43 - CFD: 27/02/2012 - D – C:\Program Files\Common Files\postureAgent =>.Microsoft Corporation
O43 - CFD: 30/10/2014 - D – C:\Program Files\Common Files\PS
O43 - CFD: 14/07/2009 - D – C:\Program Files\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Program Files\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 16/09/2015 - D – C:\Program Files\Common Files\System =>.Microsoft Corporation
O43 - CFD: 07/09/2015 - D – C:\Program Files\Common Files\Western Digital =>.Western Digital
O43 - CFD: 28/02/2012 - D – C:\Program Files\Common Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 25/02/2014 - D – C:\Users\MSI CR-460\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 08/09/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 01/07/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\BITS =>.BITS
O43 - CFD: 21/11/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\BitTorrent
O43 - CFD: 28/10/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\Canon =>.Canon
O43 - CFD: 19/05/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\CyberLink =>.CyberLink Corporation
O43 - CFD: 14/10/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\dlink
O43 - CFD: 23/07/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\DMCache =>.DMCache
O43 - CFD: 27/11/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 08/08/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\FamilyTreeMaker
O43 - CFD: 05/10/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\FileOpen =>.FileOpen Systems Inc.
O43 - CFD: 01/07/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\FlashGet =>.FlashGet
O43 - CFD: 08/07/2014 - D – C:\Users\MSI CR-460\AppData\Roaming\Google =>.Google
O43 - CFD: 01/07/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\GRETECH =>.Gretech
O43 - CFD: 07/02/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\HTC =>.HTC
O43 - CFD: 13/04/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 28/07/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\IDM =>.IDM
O43 - CFD: 25/08/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\ihelper
O43 - CFD: 06/10/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\ILOVEPHOTOBOOK v2.5.4
O43 - CFD: 23/04/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 21/03/2015 - [0] D – C:\Users\MSI CR-460\AppData\Roaming\Media Player Classic =>.Microsoft Corporation
O43 - CFD: 28/08/2016 - SD – C:\Users\MSI CR-460\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 01/07/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 23/05/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\Nero =>.Ahead Corporation
O43 - CFD: 05/10/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\Nitro =>.Nitro
O43 - CFD: 27/11/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\Nitro PDF =>.Nitro PDF
O43 - CFD: 22/08/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\Opera Software =>.Opera Software
O43 - CFD: 11/10/2014 - D – C:\Users\MSI CR-460\AppData\Roaming\Oracle =>.Oracle
O43 - CFD: 01/01/2014 - D – C:\Users\MSI CR-460\AppData\Roaming\Photobook Designer
O43 - CFD: 12/10/2013 - D – C:\Users\MSI CR-460\AppData\Roaming\PIXAJOY Editor
O43 - CFD: 08/09/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\ProductData =>.Microsoft Corporation
O43 - CFD: 22/06/2014 - D – C:\Users\MSI CR-460\AppData\Roaming\RealVNC =>.RealVNC
O43 - CFD: 13/04/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\RGE
O43 - CFD: 18/09/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Skype =>.Skype
O43 - CFD: 28/10/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 08/09/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\Sun =>.Oracle
O43 - CFD: 21/06/2015 - D – C:\Users\MSI CR-460\AppData\Roaming\TeamViewer =>.TeamViewer
O43 - CFD: 04/02/2017 - D – C:\Users\MSI CR-460\AppData\Roaming\Telegram Desktop =>.Telegram Messenger LLP
O43 - CFD: 13/04/2012 - [0] D – C:\Users\MSI CR-460\AppData\Roaming\TP =>.TP
O43 - CFD: 16/04/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 11/03/2017 - D – C:\Users\MSI CR-460\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 04/02/2017 - D – C:\Users\MSI CR-460\AppData\Local\Adobe =>.Adobe
O43 - CFD: 18/09/2015 - D – C:\Users\MSI CR-460\AppData\Local\Ancestry.com
O43 - CFD: 13/04/2012 - D – C:\Users\MSI CR-460\AppData\Local\Apple =>.Apple Inc.
O43 - CFD: 07/02/2015 - D – C:\Users\MSI CR-460\AppData\Local\Apple Computer =>.Apple Inc.
O43 - CFD: 13/04/2012 - [0] SHD – C:\Users\MSI CR-460\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 03/07/2012 - D – C:\Users\MSI CR-460\AppData\Local\Apps =>.Microsoft Corporation
O43 - CFD: 24/12/2013 - D – C:\Users\MSI CR-460\AppData\Local\cache =>.Legitimate
O43 - CFD: 22/06/2014 - D – C:\Users\MSI CR-460\AppData\Local\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 19/05/2012 - D – C:\Users\MSI CR-460\AppData\Local\CyberLink =>.CyberLink Corporation
O43 - CFD: 26/02/2017 - [0] D – C:\Users\MSI CR-460\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 28/06/2015 - [0] D – C:\Users\MSI CR-460\AppData\Local\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 26/02/2017 - [0] D – C:\Users\MSI CR-460\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 07/07/2015 - [0] SHD – C:\Users\MSI CR-460\AppData\Local\EmieBrowserModeList =>.Enterprise mode Site List Mgr
O43 - CFD: 07/07/2015 - [0] SHD – C:\Users\MSI CR-460\AppData\Local\EmieSiteList =>.Enterprise mode Site List Mgr
O43 - CFD: 07/07/2015 - [0] SHD – C:\Users\MSI CR-460\AppData\Local\EmieUserList =>.Enterprise mode Site List Mgr
O43 - CFD: 23/07/2016 - D – C:\Users\MSI CR-460\AppData\Local\Google =>.Google
O43 - CFD: 13/04/2012 - [0] SHD – C:\Users\MSI CR-460\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 08/08/2016 - D – C:\Users\MSI CR-460\AppData\Local\HTC MediaHub =>.HTC MediaHub
O43 - CFD: 18/09/2015 - D – C:\Users\MSI CR-460\AppData\Local\IsolatedStorage =>.id Software
O43 - CFD: 11/08/2012 - D – C:\Users\MSI CR-460\AppData\Local\Macromedia =>.Macromedia
O43 - CFD: 14/11/2014 - [0] D – C:\Users\MSI CR-460\AppData\Local\Master PDF Editor =>.CAD-KAS Software
O43 - CFD: 13/04/2012 - D – C:\Users\MSI CR-460\AppData\Local\MediaServer =>.MediaServer
O43 - CFD: 23/05/2015 - D – C:\Users\MSI CR-460\AppData\Local\MFAData =>.AVG Software
O43 - CFD: 23/05/2015 - D – C:\Users\MSI CR-460\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 21/08/2016 - D – C:\Users\MSI CR-460\AppData\Local\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 01/07/2012 - D – C:\Users\MSI CR-460\AppData\Local\Mozilla =>.Mozilla Corporation
O43 - CFD: 13/04/2012 - D – C:\Users\MSI CR-460\AppData\Local\MSI =>.MSI
O43 - CFD: 22/08/2015 - D – C:\Users\MSI CR-460\AppData\Local\Opera Software =>.Opera Software
O43 - CFD: 23/07/2016 - D – C:\Users\MSI CR-460\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 21/03/2015 - [0] D – C:\Users\MSI CR-460\AppData\Local\RealVNC =>.RealVNC
O43 - CFD: 01/05/2012 - D – C:\Users\MSI CR-460\AppData\Local\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 11/03/2017 - D – C:\Users\MSI CR-460\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 13/04/2012 - [0] SHD – C:\Users\MSI CR-460\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 20/08/2012 - D – C:\Users\MSI CR-460\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 07/09/2015 - D – C:\Users\MSI CR-460\AppData\Local\Western Digital =>.Western Digital
O43 - CFD: 07/09/2015 - D – C:\Users\MSI CR-460\AppData\Local\Western_Digital_Technolog =>.Western Digital Technologies
O43 - CFD: 30/10/2014 - [0] D – C:\Users\MSI CR-460\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 23/07/2016 - D – C:\Users\MSI CR-460\AppData\Local\Programs\Google =>.Google
O43 - CFD: 14/07/2009 - RD – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 24/11/2016 - RD – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 21/08/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory =>.FormatFactory
O43 - CFD: 23/07/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup =>.Google Inc.
O43 - CFD: 28/07/2016 - [0] D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager =>.Tonec Inc
O43 - CFD: 14/07/2009 - RD – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 03/09/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Password Remover
O43 - CFD: 24/11/2016 - RD – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 28/07/2016 - D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop =>.Telegram Messenger LLP
O43 - CFD: 03/07/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool =>.Microsoft Corporation
O43 - CFD: 16/04/2012 - D – C:\Users\MSI CR-460\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/05/2012 - [0] D – C:\Users\Default\AppData\Local\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/05/2012 - [0] D – C:\Users\Default User\AppData\Local\Microsoft Help =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 25/02/2013 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\Google =>.Google
O43 - CFD: 27/02/2012 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\MediaServer =>.MediaServer
O43 - CFD: 23/05/2015 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation
O43 - CFD: 24/05/2015 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 01/07/2012 - D – C:\windows\System32\Config\systemprofile\AppData\R oaming\Apple Computer =>.Apple Inc.
O43 - CFD: 28/02/2012 - SD – C:\windows\System32\Config\systemprofile\AppData\R oaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 11/03/2017 - D – C:\windows\System32\Config\systemprofile\AppData\R oaming\SoftGrid Client =>.Microsoft Corporation

—\ ShellIconOverlayIdentifiers (SIOI) (10) - 0s
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) [ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) – C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) [ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) – C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 3 (InSync) [ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) – C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) – C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: Groove Explorer Icon Overlay 1 (GFS Unread Stub) [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) – C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Groove Explorer Icon Overlay 2 (GFS Stub) [Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) – C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) – C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Groove Explorer Icon Overlay 3 (GFS Folder) [Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) – C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Groove Explorer Icon Overlay 4 (GFS Unread Mark) [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) – C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) – C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation

—\ ShareTools MSconfig StartupReg (1) - 0s
O53 - SMSR:HKLM...\startupreg\MSC [Key] . (.Microsoft Corporation - Microsoft Security Client User Interface.) – c:\Program Files\Microsoft Security Client\msseces.exe =>.Microsoft Corporation

—\ System Drivers List (88) - 18s
O58 - SDL:2013/08/31 01:51:25 RA . (.Cisco Systems, Inc. - Cisco AnyConnect Kernel Driver Framework So.) – C:\windows\System32\drivers\acsock.sys [92112] =>.Cisco Systems, Inc.®
O58 - SDL:2009/07/14 05:26:15 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) – C:\windows\System32\drivers\adp94xx.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:26:17 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) – C:\windows\System32\drivers\adpahci.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:26:15 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) – C:\windows\System32\drivers\adpu320.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:26:15 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) – C:\windows\System32\drivers\aliide.sys [92112] =>.Microsoft Windows®
O58 - SDL:2011/03/11 09:38:37 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) – C:\windows\System32\drivers\amdsata.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:26:15 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\windows\System32\drivers\amdsbs.sys [92112] =>.Microsoft Windows®
O58 - SDL:2011/03/11 09:38:37 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\windows\System32\drivers\amdxata.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:26:15 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) – C:\windows\System32\drivers\arc.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:26:15 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\windows\System32\drivers\arcsas.sys [92112] =>.Microsoft Windows®
O58 - SDL:2011/06/26 21:37:12 A . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driv.) – C:\windows\System32\drivers\athr.sys [92112] =>.Atheros Communications, Inc.
O58 - SDL:2009/07/14 02:02:49 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) – C:\windows\System32\drivers\b57nd60x.sys [92112] =>.Broadcom Corporation
O58 - SDL:2009/07/14 02:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) – C:\windows\System32\drivers\BrFiltLo.sys [92112] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/14 02:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) – C:\windows\System32\drivers\BrFiltUp.sys [92112] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/14 04:57:25 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) – C:\windows\System32\drivers\BrSerId.sys [92112] =>.Brother Industries Ltd.
O58 - SDL:2009/07/14 02:53:32 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) – C:\windows\System32\drivers\BrSerWdm.sys [92112] =>.Brother Industries Ltd.
O58 - SDL:2009/07/14 02:53:33 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) – C:\windows\System32\drivers\BrUsbMdm.sys [92112] =>.Brother Industries Ltd.
O58 - SDL:2009/07/14 02:53:33 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) – C:\windows\System32\drivers\BrUsbSer.sys [92112] =>.Brother Industries Ltd.
O58 - SDL:2009/07/14 02:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) – C:\windows\System32\drivers\bxvbdx.sys [92112] =>.Broadcom Corporation
O58 - SDL:2010/08/20 22:49:06 A . (.CyberLink Corporation - CyberLink WebCam Virtual Driver.) – C:\windows\System32\drivers\clwvd.sys [92112] =>.CyberLink®
O58 - SDL:2009/07/14 05:26:21 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) – C:\windows\System32\drivers\cmdide.sys [92112] =>.Microsoft Windows®
O58 - SDL:2010/11/11 10:11:08 A . (.Realtek Semiconductor Corp. - Realtek Turbo Mode Filter Driver for 39.) – C:\windows\System32\drivers\diskperf.sys [92112] =>.Realtek Semiconductor Corp®
O58 - SDL:2009/07/14 05:20:28 A . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) – C:\windows\System32\drivers\djsvs.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:20:28 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) – C:\windows\System32\drivers\elxstor.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 02:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) – C:\windows\System32\drivers\evbdx.sys [92112] =>.Broadcom Corporation
O58 - SDL:2009/07/14 02:54:14 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) – C:\windows\System32\drivers\hcw85cir.sys [92112] =>.Hauppauge Computer Works, Inc.
O58 - SDL:2010/10/20 04:33:40 A . (.Intel Corporation - Intel(R) Management Engine Interface.) – C:\windows\System32\drivers\HECI.sys [92112] =>.Intel Corporation
O58 - SDL:2009/07/14 05:20:28 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\windows\System32\drivers\HpSAMD.sys [92112] =>.Microsoft Windows®
O58 - SDL:2013/10/17 11:27:02 A . (.Windows (R) Win 7 DDK provider - RawPacket NDIS Protocol Driver.) – C:\windows\System32\drivers\htcnprot.sys [92112] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2009/10/27 07:01:06 A . (.QUALCOMM Incorporated - USB Modem/Serial Device Driver.) – C:\windows\System32\drivers\HtcVComV32.sys [92112] =>.QUALCOMM Incorporated
O58 - SDL:2015/09/08 08:52:09 A . (.REALiX™ - HWiNFO x86 Kernel Driver.) – C:\windows\System32\drivers\HWiNFO32.SYS [92112] =>.Martin Malik - REALiX®
O58 - SDL:2011/03/11 09:38:51 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) – C:\windows\System32\drivers\iaStorV.sys [92112] =>.Microsoft Windows®
O58 - SDL:2012/01/27 04:48:06 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) – C:\windows\System32\drivers\idmwfp.sys [92112] =>.Tonec Inc.®
O58 - SDL:2012/03/19 19:27:04 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) – C:\windows\System32\drivers\igdkmd32.sys [92112] =>.Intel Corporation
O58 - SDL:2009/07/14 05:20:36 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) – C:\windows\System32\drivers\iirsp.sys [92112] =>.Microsoft Windows®
O58 - SDL:2011/03/30 12:11:38 A . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) – C:\windows\System32\drivers\IntcDAud.sys [92112] =>.Intel(R) Corporation
O58 - SDL:2010/07/28 20:25:02 A . (.Initio Corporation - Initio Default Vendor Specific Device Drive.) – C:\windows\System32\drivers\ivusb.sys [92112] =>.Initio Corporation®
O58 - SDL:2010/10/21 10:57:18 A . (.Atheros Communications, Inc. - Atheros L1c PCI-E Gigabit Ethernet Controll.) – C:\windows\System32\drivers\L1C62x86.sys [92112] =>.Atheros Communications Inc.®
O58 - SDL:2009/07/14 05:20:36 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) – C:\windows\System32\drivers\lsi_fc.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:20:37 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\windows\System32\drivers\lsi_sas.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:20:36 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\windows\System32\drivers\lsi_sas2.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:20:36 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) – C:\windows\System32\drivers\lsi_scsi.sys [92112] =>.Microsoft Windows®
O58 - SDL:2016/03/10 14:08:52 A . (.Malwarebytes - Malwarebytes Anti-Malware.) – C:\windows\System32\drivers\mbam.sys [92112] =>.Malwarebytes Corporation®
O58 - SDL:2016/03/10 14:08:56 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) – C:\windows\System32\drivers\mbamchameleon.sys [92112] =>.Malwarebytes Corporation®
O58 - SDL:2017/02/04 07:54:26 A . (.Malwarebytes - Malwarebytes Anti-Malware.) – C:\windows\System32\drivers\MBAMSwissArmy.sys [92112] =>.Malwarebytes Corporation®
O58 - SDL:2009/07/14 05:20:36 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) – C:\windows\System32\drivers\megasas.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:20:36 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\windows\System32\drivers\MegaSR.sys [92112] =>.Microsoft Windows®
O58 - SDL:2016/03/10 14:09:04 A . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) – C:\windows\System32\drivers\mwac.sys [92112] =>.Malwarebytes Corporation®
O58 - SDL:2009/11/14 05:44:34 A . (.Ralink Technology Corp. - Ralink 802.11n Wireless Adapter Driver.) – C:\windows\System32\drivers\netr28u.sys [92112] =>.Ralink Technology Corp.
O58 - SDL:2009/07/14 05:20:44 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) – C:\windows\System32\drivers\nfrd960.sys [92112] =>.Microsoft Windows®
O58 - SDL:2011/03/11 09:39:00 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\windows\System32\drivers\nvraid.sys [92112] =>.Microsoft Windows®
O58 - SDL:2011/03/11 09:39:00 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\windows\System32\drivers\nvstor.sys [92112] =>.Microsoft Windows®
O58 - SDL:2015/07/01 01:56:32 A . (.Pismo Technic Inc. - System Extension - Pismo File Mount.) – C:\windows\System32\drivers\pfmfs_178.sys [92112] =>.Pismo Technic Inc.®
O58 - SDL:2009/07/14 05:19:04 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) – C:\windows\System32\drivers\ql2300.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:19:04 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) – C:\windows\System32\drivers\ql40xx.sys [92112] =>.Microsoft Windows®
O58 - SDL:2013/10/07 12:36:30 A . (.Riverbed Technology, Inc - Steelhead Mobile Client.) – C:\windows\System32\drivers\rbtnfd.sys [92112]
O58 - SDL:2011/06/10 02:34:52 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Dr.) – C:\windows\System32\drivers\Rt86win7.sys [92112] =>.Realtek Semiconductor Corp®
O58 - SDL:2011/01/04 21:08:58 A . (.Realtek Semiconductor Corporation - Realtek RTL81892CE NDIS Driverr.) – C:\windows\System32\drivers\rtl8192ce.sys [92112] =>.Realtek Semiconductor Corp®
O58 - SDL:2011/03/15 14:09:16 A . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/V.) – C:\windows\System32\drivers\RtsUVStor.sys [92112] =>.Realtek Semiconductor Corp®
O58 - SDL:2009/07/14 00:50:20 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) – C:\windows\System32\drivers\secdrv.sys [92112] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2009/07/14 05:19:04 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\windows\System32\drivers\sisraid2.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:19:04 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\windows\System32\drivers\sisraid4.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/14 05:19:04 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) – C:\windows\System32\drivers\stexstor.sys [92112] =>.Microsoft Windows®
O58 - SDL:2017/02/26 16:10:05 A . (…) – C:\windows\System32\drivers\TrueSight.sys [92112] =>.Adlice®
O58 - SDL:2017/02/25 12:40:53 A . (.Zaitsev Oleg, 2006 - AVZGuard Driver.) – C:\windows\System32\drivers\ujiyodk3.sys [92112]
O58 - SDL:2012/12/13 10:50:38 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) – C:\windows\System32\drivers\usbaapl.sys [92112] =>.Apple, Inc.
O58 - SDL:2017/02/05 13:40:58 A . (.Zaitsev Oleg, Copyright (C) 2004-2006 - AVZ Driver.) – C:\windows\System32\drivers\utiyodk3.sys [92112]
O58 - SDL:2009/07/14 05:19:10 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) – C:\windows\System32\drivers\viaide.sys [92112] =>.Microsoft Windows®
O58 - SDL:2009/07/24 20:21:14 A . (.RealVNC Ltd. - VNC Mirror Miniport.) – C:\windows\System32\drivers\vncmirror.sys [92112] =>.RealVNC Ltd.
O58 - SDL:2013/08/31 01:53:13 A . (.Cisco Systems, Inc. - Cisco AnyConnect Secure Mobility Client Vir.) – C:\windows\System32\drivers\vpnva-6.sys [92112] =>.Cisco Systems, Inc.®
O58 - SDL:2009/07/14 05:19:11 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\windows\System32\drivers\vsmraid.sys [92112] =>.Microsoft Windows®
O58 - SDL:2015/04/30 00:01:06 A . (.Western Digital Technologies - WD SCSI Architecture Model (SAM) driver.) – C:\windows\System32\drivers\wdcsam.sys [92112] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2009/07/14 01:40:41 A . (…) – C:\windows\System32\ANSI.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/10/05 21:31:50 A . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driv.) – C:\windows\System32\athr.sys [92112] =>.Atheros Communications, Inc.
O58 - SDL:2009/07/14 01:40:44 A . (…) – C:\windows\System32\country.sys [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:40 A . (…) – C:\windows\System32\HIMEM.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:43 A . (…) – C:\windows\System32\KEY01.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:43 A . (…) – C:\windows\System32\KEYBOARD.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:23 A . (…) – C:\windows\System32\NTDOS.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:31 A . (…) – C:\windows\System32\NTDOS404.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:35 A . (…) – C:\windows\System32\NTDOS411.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:39 A . (…) – C:\windows\System32\NTDOS412.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:27 A . (…) – C:\windows\System32\NTDOS804.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:11 A . (…) – C:\windows\System32\NTIO.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:15 A . (…) – C:\windows\System32\NTIO404.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:17 A . (…) – C:\windows\System32\NTIO411.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:19 A . (…) – C:\windows\System32\NTIO412.SYS [92112] =>.Microsoft Corporation
O58 - SDL:2009/07/14 01:40:13 A . (…) – C:\windows\System32\NTIO804.SYS [92112] =>.Microsoft Corporation

—\ Last modified or created user files (1) - 34s
O61 - LFC: 2017/03/11 05:26:02 A . (.Copyright © 2015.) – C:\Users\MSI CR-460\Desktop\Adware Removal Tool by TSA.exe [752296] {317DD1C55F51AC2756D9C93C060C6FA5}

—\ File Associations Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S

—\ Start Menu Internet (8) - 0s
O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

—\ Search Browser Infection (4) - 4s
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.

—\ Search Svchost Services (32) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) – C:\Windows\System32\aelupsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\Windows\System32\srvsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\Windows\System32\gpsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\Windows\System32\IKEEXT.DLL [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) – C:\Windows\System32\audiosrv.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\Windows\System32\rasauto.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\Windows\System32\rasmans.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\Windows\System32\Sens.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\Windows\System32\ipnathlp.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) – C:\Windows\System32\termsrv.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\Windows\System32\wuaueng.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\Windows\System32\qmgr.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\Windows\System32\iphlpsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\Windows\System32\seclogon.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\Windows\System32\appinfo.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\Windows\System32\iscsiexe.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) – C:\Windows\System32\mmcss.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\Windows\System32\wercplsupport.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\Windows\System32\eapsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\Windows\System32\profsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\Windows\System32\schedsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) – C:\Windows\System32\KMSVC.DLL [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\Windows\System32\wbem\WMIsvc.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\Windows\System32\browser.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\Windows\System32\themeservice.dll [92112] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\Windows\System32\bdesvc.dll [92112] =>.Microsoft Corporation

—\ Additional Scan (O88) (1) - 0s
~ No malicious or unnecessary items found.

—\ Summary of the elements found (1) - 0s
~ No malicious or unnecessary items found.

~ Unselected Options: O82,
~ End of the scan, 71476 items in 04mn18s (1026)(0)

How to remove rundll32.exe virus.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment