It's like a popup but...

Collapse
X
Collapse
 
  • Page of 3
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • system
    PCHF Owner
    • Jan 2015
    • 7635
    #1

    It's like a popup but...

    I’m getting a weird flash like there’s a popup that’s trying to open. Happens every 5 to 10 minutes when I’m online or playing a game. Is there something going on or did I do something I shouldn’t have? Here’s a Hijack This log, hope it helps determine what’s going on. Thanks.
    Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

    Platform: x64 Windows 10 (Home), 10.0.15063 (ReleaseId: 1703), Service Pack: 0
    Time: 05.06.2017 - 05:01
    Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
    Elevated: Yes
    Ran by: Doneff Family (group: Administrator) on DESKTOP-DOB72OG

    Chrome: 58.0.3029.110
    Edge: 11.0.15063.250
    Internet Explorer: 11.0.15063.0

    Boot mode: Normal

    Running processes:
    Number | Path
    1 C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
    1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    1 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    7 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    1 C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.ex e
    1 C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64. exe
    1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    1 C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
    1 C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
    1 C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
    1 C:\Program Files (x86)\Steam\Steam.exe
    2 C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    2 C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
    1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
    1 C:\Program Files\AVAST Software\Avast\afwServ.exe
    1 C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    1 C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    1 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
    1 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    1 C:\Program Files\VoodooShield\VoodooShieldService.exe
    1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
    1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1 705.1302.0_x64__8wekyb3d8bbwe\Calculator.exe
    1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.100 1.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    2 C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe
    1 C:\Users\Doneff Family\Desktop\Toolbox\HiJackThis\HiJackThis.exe
    1 C:\Users\Doneff Family\Desktop\Toolbox\HiJackThis\MemCompression
    1 C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
    1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
    1 C:\Windows\System32\ApplicationFrameHost.exe
    1 C:\Windows\System32\RuntimeBroker.exe
    1 C:\Windows\System32\SearchIndexer.exe
    1 C:\Windows\System32\SecurityHealthService.exe
    1 C:\Windows\System32\SettingSyncHost.exe
    1 C:\Windows\System32\SystemSettingsBroker.exe
    1 C:\Windows\System32\WUDFHost.exe
    1 C:\Windows\System32\audiodg.exe
    2 C:\Windows\System32\csrss.exe
    1 C:\Windows\System32\dllhost.exe
    1 C:\Windows\System32\dwm.exe
    2 C:\Windows\System32\fontdrvhost.exe
    1 C:\Windows\System32\lsass.exe
    1 C:\Windows\System32\services.exe
    1 C:\Windows\System32\sihost.exe
    1 C:\Windows\System32\smartscreen.exe
    1 C:\Windows\System32\smss.exe
    1 C:\Windows\System32\spoolsv.exe
    73 C:\Windows\System32\svchost.exe
    2 C:\Windows\System32\taskhostw.exe
    1 C:\Windows\System32\wininit.exe
    1 C:\Windows\System32\winlogon.exe
    1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe
    1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe
    1 C:\Windows\explorer.exe
    1 C:\Windows\jmesoft\Service.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN
    R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes: DefaultScope = {D79BB3A3-DB24-49D3-A463-680951CD61C4} - Bing - Search - Microsoft Bing {searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
    R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURL = http://api.bing.com/qsml.aspx?query= {searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie :rowHeight}&sectionHeight={ie:sectionHeight}&FORM= IESS02&market={language}
    R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURLFallback = http://api.bing.com/qsml.aspx?query= {searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie :rowHeight}&sectionHeight={ie:sectionHeight}&FORM= IESS02&market={language}
    R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IESR02
    R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - Google - Google {searchTerms}&sourceid=ie7&rls=com.microsoft:{lang uage}:{referrer:source}&ie={inputEncoding?}&oe={ou tputEncoding?}
    R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{D79BB3A3-DB24-49D3-A463-680951CD61C4} - Bing - Search - Microsoft Bing {searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
    O2 - BHO: (no name) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
    O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll
    O2-32 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll
    O2-32 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
    O2-32 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
    O2-32 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe
    O4 - HKCU..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe /AUTO
    O4 - HKCU..\StartupApproved\Run: [Steam] (2017/05/25)C:\Program Files (x86)\Steam\steam.exe -silent --restore-last-session
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
    O4 - HKLM..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
    O4 - HKLM..\Run: [VoodooShield] C:\Program Files\VoodooShield\VoodooShield.exe
    O4 - HKLM..\StartupApproved\Run32: [SunJavaUpdateSched] (2017/05/25)C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll
    O9 - Extra ‘Tools’ menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (HKLM)
    O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (HKLM)
    O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (HKLM)
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (HKLM)
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (HKLM)
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (HKLM)
    O9-32 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (HKLM)
    O9-32 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (HKLM)
    O9-32 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (HKLM)
    O9-32 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (HKLM)
    O17 - DHCP DNS - 1: 209.18.47.61
    O17 - DHCP DNS - 2: 209.18.47.62
    O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O22 - Task (Disabled): \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install - C:\WINDOWS\system32\usoclient.exe ScanInstallWait
    O22 - Task (Ready): Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
    O22 - Task (Ready): CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
    O22 - Task (Ready): GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
    O22 - Task (Ready): GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
    O22 - Task (Ready): PrivaZer_SkipUAC - C:\Program Files (x86)\PrivaZer\PrivaZer.exe $(Arg0)
    O22 - Task (Ready): SafeZone scheduled Autoupdate 1462830905 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
    O22 - Task (Ready): \AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
    O22 - Task (Ready): \Microsoft\Office\Office Automatic Updates - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
    O22 - Task (Ready): \Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService
    O22 - Task (Ready): \Microsoft\Office\OfficeBackgroundTaskHandlerLogon - C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe
    O22 - Task (Ready): \Microsoft\Office\OfficeBackgroundTaskHandlerRegis tration - C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe
    O22 - Task (Ready): \Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},BitLockerPolicy - C:\WINDOWS\System32\edptask.dll
    O22 - Task (Ready): \Microsoft\Windows\BrokerInfrastructure\BgTaskRegi strationMaintenanceTask - {E984D939-0E00-4DD9-AC3A-7ACA04745521} - (no file)
    O22 - Task (Ready): \Microsoft\Windows\DeviceDirectoryClient\RegisterD eviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly -NoLocation - C:\WINDOWS\system32\DeviceDirectoryClient.dll
    O22 - Task (Ready): \Microsoft\Windows\EDP\EDP App Launch Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},AppLaunch - C:\WINDOWS\System32\edptask.dll
    O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Auth Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},ReAuth - C:\WINDOWS\System32\edptask.dll
    O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Inaccessible Credentials Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},MissingCredentials - C:\WINDOWS\System32\edptask.dll
    O22 - Task (Ready): \Microsoft\Windows\EDP\StorageCardEncryption Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},SDCardEncryptionPolicy - C:\WINDOWS\System32\edptask.dll
    O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Cellula r - C:\WINDOWS\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
    O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Logon - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source LogonIdleTask
    O22 - Task (Ready): \Microsoft\Windows\Maps\MapsToastTask - {9885AEF2-BD9F-41E0-B15E-B3141395E803},$(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Ar g4);$(Arg5);$(Arg6);$(Arg7) - C:\WINDOWS\System32\mapstoasttask.dll
    O22 - Task (Ready): \Microsoft\Windows\Subscription\EnableLicenseAcqui sition - C:\WINDOWS\system32\ClipRenew.exe -e
    O22 - Task (Ready): \Microsoft\Windows\UNP\RunCampaignManager - C:\WINDOWS\System32\UNP\UNPCampaignManager.exe
    O22 - Task (Ready): \Microsoft\Windows\WwanSvc\NotificationTask - C:\WINDOWS\System32\WiFiTask.exe wwan
    O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service R2: Avast Firewall Service - (avast! Firewall) - C:\Program Files\AVAST Software\Avast\afwServ.exe
    O23 - Service R2: FastbootService - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
    O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service R2: JME Keyboard Driver - (JME Keyboard) - C:\Windows\jmesoft\Service.exe
    O23 - Service R2: LenovoPortalService - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
    O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
    O23 - Service R2: VoodooShieldService - C:\Program Files\VoodooShield\VoodooShieldService.exe
    O23 - Service R2: ZAM Controller Service - (ZAMSvc) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
    O23 - Service R3: Intel(R) Security Assist - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
    O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service S2: Intel(R) Rapid Storage Technology - (IAStorDataMgrSvc) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service S2: Intel(R) Security Assist Helper - (isaHelperSvc) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
    O23 - Service S2: System Interface Foundation Service - (ImControllerService) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe
    O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service S3: LSCWinService - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
    O23 - Service S3: ShareItSvc - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe
    O23 - Service S3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
    O23 - Service S3: Windows Defender Antivirus Service - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe
    O23 - Service S3: nProtect GameGuard Service - (npggsvc) - C:\WINDOWS\SysWow64\GameMon.des


    End of file - Time spent: 13 sec. - 34820 bytes, CRC32: FFFFFFFF. Sign: ȝ묖
    Tags: None
    • Malnutrition
      PCHF Moderator
      • Jul 2016
      • 7041
      #2
      ZHP Diag Scan

      Download ZHP Diag to your desktop.
      1. Right Click Run as Admin.
      2. Click the Options button.

      Click on Check All
      Then Click Validate
      Then click close.

      Forums - PC Help Forum
      https://pchelpforum.net/attachments/upload_2017-4-26_17-16-39-png.2074/
      PCHF Forums



      2. Click the Scanner button.

      Forums - PC Help Forum
      https://pchelpforum.net/attachments/upload_2017-2-23_3-32-26-png.1647/
      PCHF Forums


      When complete please push the report button.
      A notepad will open… copy and paste the report in your next reply.

        Comment

        • system
          PCHF Owner
          • Jan 2015
          • 7635
          #3
          ~ ZHPDiag v2017.6.5.89 By Nicolas Coolman (2017/06/05)
          ~ Run by Doneff Family (Administrator) (2017/06/05 19:36:34)
          ~ Web: https://www.nicolascoolman.com
          ~ Blog: https://nicolascoolman.eu/
          ~ Facebook: ZHP
          ~ State version: Version OK
          ~ Mode: Scan
          ~ Report: C:\Users\Doneff Family\Desktop\ZHPDiag.txt
          ~ Report: C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag.txt
          ~ UAC: Activate
          ~ System startup: Normal (Normal boot)
          Windows 10 Home, 64-bit (Build 15063) =>.Microsoft Corporation

          —\ Internet Browsers (2) - 0s
          ~ GCIE: Google Chrome v58.0.3029.110
          ~ MSIE: Internet Explorer v11.296.15063.0

          —\ Windows Product Information (3) - 3s
          ~ Windows Server License Manager Script : OK
          System - VBScript Engine not found
          Windows Automatic Updates : OK

          —\ System protection software (2) - 6s
          Avast Internet Security v17.4.2294 (Protection)
          Windows Defender (Deactivate)

          —\ System protection software (Superfluous) (1) - 6s
          ~ Zemana AntiMalware v2.72.0.388 (Superfluous)

          —\ Surveillance software (2) - 6s
          ~ Adobe Flash Player 25 PPAPI (Surveillance)
          ~ Adobe Acrobat Reader DC (Surveillance)

          —\ Information on the system (6) - 0s
          ~ Operating System: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
          ~ Operating System: 64-bit
          ~ Boot mode: Normal (Normal boot)
          Total RAM: 12529.86 MB (65% free) : OK =>.RAM Value
          System Restore: Activé (Enable)
          System drive C: has 773 GB (83%) free of 921 GB : OK =>.Disk Space

          —\ Connection to the system mode (3) - 0s
          ~ Computer Name: DESKTOP-DOB72OG
          ~ User Name: Doneff Family
          ~ Logged in as Administrator

          —\ Enumeration of the disk units (2) - 0s
          ~ Drive C: has 773 GB free of 921 GB (System)
          ~ Drive F: has 6 GB free of 57 GB

          —\ State of the Windows Security Center (7) - 0s
          [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: Modified
          [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
          [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
          [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
          [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
          [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
          [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

          —\ Search Generic System Files (24) - 3s
          [MD5.6314A1E16B2B6D2E0E3FE65C9BA7BD73] - 18/05/2017 - (.Microsoft Corporation - Windows Explorer.) – C:\WINDOWS\Explorer.exe [4848440] =>.Microsoft Windows®
          [MD5.ECB702B8C5650381C0784F1EEABB97BC] - 18/03/2017 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\WINDOWS\System32\rundll32.exe [68608] =>.Microsoft Corporation
          [MD5.9A4BA96E87A1FD69381249557BDE2BF0] - 18/03/2017 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\WINDOWS\System32\Wininit.exe [318232] =>.Microsoft Windows Publisher®
          [MD5.2B1361AFBF330AF9A652A336EE77CBCB] - 18/05/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\WINDOWS\System32\wininet.dll [3307008] =>.Microsoft Corporation
          [MD5.D0F1FB0E90BFBD14865B770E2567BE1D] - 18/05/2017 - (.Microsoft Corporation - Windows Logon Application.) – C:\WINDOWS\System32\Winlogon.exe [707072] =>.Microsoft Corporation
          [MD5.50CDF68A8EA8A2A9165CD573FA6C42D8] - 18/03/2017 - (.Microsoft Corporation - Software Licensing Library.) – C:\WINDOWS\System32\sppcomapi.dll [414208] =>.Microsoft Corporation
          [MD5.0F9FA6A2D4EAE50393DCE473759A9845] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\System32\dnsapi.dll [661224] =>.Microsoft Windows®
          [MD5.3F969D5ADEAB3284ABD500B37D74A8F8] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\Syswow64\dnsapi.dll [508344] =>.Microsoft Windows®
          [MD5.AC1928C2F7505BD556C552F153B062AB] - 18/03/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\WINDOWS\System32\drivers\AFD.sys [610712] =>.Microsoft Windows®
          [MD5.01733BEEE02E51F712330D5909BD701C] - 18/03/2017 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\WINDOWS\System32\drivers\atapi.sys [29088] =>.Microsoft Windows®
          [MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - 18/03/2017 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\WINDOWS\System32\drivers\Cdfs.sys [93184] =>.Microsoft Corporation
          [MD5.ABE77AD954BC3D72F559CF0C381E50BC] - 18/03/2017 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\WINDOWS\System32\drivers\Cdrom.sys [160256] =>.Microsoft Corporation
          [MD5.185A4519B7764F4DEF714D890A7A9FD2] - 18/03/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\WINDOWS\System32\drivers\DfsC.sys [150528] =>.Microsoft Corporation
          [MD5.DD1A6F4998E7E21564FA9BAFE21C87ED] - 18/03/2017 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\WINDOWS\System32\drivers\HDAudBus.sys [86528] =>.Microsoft Corporation
          [MD5.C6C8315E3262FAE460529C6DA2951682] - 18/03/2017 - (.Microsoft Corporation - i8042 Port Driver.) – C:\WINDOWS\System32\drivers\i8042prt.sys [115200] =>.Microsoft Corporation
          [MD5.DCC05E5EAA580C97F13B434FAFACED85] - 18/03/2017 - (.Microsoft Corporation - IP Network Address Translator.) – C:\WINDOWS\System32\drivers\IpNat.sys [214528] =>.Microsoft Corporation
          [MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - 18/03/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\WINDOWS\System32\drivers\MRxSmb.sys [467352] =>.Microsoft Windows®
          [MD5.30C2F67EC84EB11B22011620107E0325] - 18/03/2017 - (.Microsoft Corporation - MBT Transport driver.) – C:\WINDOWS\System32\drivers\netBT.sys [305152] =>.Microsoft Corporation
          [MD5.731FD52461C8107E5B19B9AEDBB82BFB] - 18/03/2017 - (.Microsoft Corporation - NT File System Driver.) – C:\WINDOWS\System32\drivers\ntfs.sys [2328480] =>.Microsoft Windows®
          [MD5.2CC6C325B271C7CA60F374F8F868CB45] - 18/03/2017 - (.Microsoft Corporation - Parallel Port Driver.) – C:\WINDOWS\System32\drivers\Parport.sys [97792] =>.Microsoft Corporation
          [MD5.5279EC98F6218D29EADDFECCC0D80E9A] - 18/03/2017 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\WINDOWS\System32\drivers\Rasl2tp.sys [107008] =>.Microsoft Corporation
          [MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - 18/03/2017 - (.Microsoft Corporation - Microsoft RDP Device redirector.) – C:\WINDOWS\System32\drivers\rdpdr.sys [183296] =>.Microsoft Corporation
          [MD5.2540384EF2EEE5BE930E3FB1061395DC] - 18/03/2017 - (.Microsoft Corporation - TDI Translation Driver.) – C:\WINDOWS\System32\drivers\tdx.sys [120224] =>.Microsoft Windows®
          [MD5.E3429DBBEA3965BB96E24B16EF4A2551] - 18/03/2017 - (.Microsoft Corporation - Volume Shadow Copy driver.) – C:\WINDOWS\System32\drivers\volsnap.sys [397216] =>.Microsoft Windows®

          —\ Non Microsoft non disabled Windows Services (16) - 1s
          O23 - Service: Adobe Genuine Software Integrity Service (AGSService) . (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe =>.Adobe Systems Incorporated®
          O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - Avast Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
          O23 - Service: Avast Firewall Service (avast! Firewall) . (.AVAST Software - Avast firewall service.) - C:\Program Files\AVAST Software\Avast\afwServ.exe =>.AVAST Software s.r.o.®
          O23 - Service: FastbootService (FastbootService) . (.Lenovo - RapidBoot HDD Accelerator Service.) - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe =>.Lenovo
          O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
          O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Rapid Storage Technology®
          O23 - Service: System Interface Foundation Service (ImControllerService) . (.Copyright © 2015 - Lenovo.Modern.ImController.) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe =>.LENOVO®
          O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) . (…) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe =>.Intel Corporation
          O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
          O23 - Service: JME Keyboard Driver (JME Keyboard) . (…) - C:\Windows\jmesoft\Service.exe =>.JMESoft
          O23 - Service: LenovoPortalService (LenovoPortalService) . (.Copyright © 2012 - LenovoPortalService.) - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe =>.LENOVO®
          O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Intel(R) Local Management Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
          O23 - Service: Malwarebytes Service (MBAMService) . (.Malwarebytes - Malwarebytes Service.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
          O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe =>.NVIDIA Corporation®
          O23 - Service: VoodooShieldService (VoodooShieldService) . (.VoodooSoft, LLC - VoodooShield.) - C:\Program Files\VoodooShield\VoodooShieldService.exe =>.VoodooSoft, LLC®
          O23 - Service: ZAM Controller Service (ZAMSvc) . (.Copyright 2017. - ZAM.) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®

          —\ Services not Microsoft (SR=Run, SS=Stop) (23) - 22s
          SR - Auto [18/05/2017] [ 2246256] Adobe Genuine Software Integrity Service (AGSService) . (.Adobe Systems, Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe =>.Adobe Systems Incorporated®
          SR - Demand [09/05/2017] [ 7346208] aswbIDSAgent (aswbIDSAgent) . (.AVAST Software s.r.o..) - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe =>.AVAST Software s.r.o.®
          SR - Auto [09/05/2017] [ 263304] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
          SR - Auto [09/05/2017] [ 310496] Avast Firewall Service (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe =>.AVAST Software s.r.o.®
          SR - Auto [08/09/2015] [ 288768] FastbootService (FastbootService) . (.Lenovo.) - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe =>.Lenovo
          SS - Auto [14/06/2016] [ 154440] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
          SS - Demand [14/06/2016] [ 154440] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
          SS - Auto [23/06/2015] [ 18856] Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Rapid Storage Technology®
          SS - Auto [16/07/2015] [ 30624] System Interface Foundation Service (ImControllerService) . (.Copyright © 2015.) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe =>.LENOVO®
          SS - Demand [22/05/2015] [ 881152] Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe =>.Intel® Trusted Connect Service®
          SR - Demand [19/05/2015] [ 335872] Intel(R) Security Assist (Intel(R) Security Assist) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe =>.Intel Corporation
          SS - Auto [19/05/2015] [ 7680] Intel(R) Security Assist Helper (isaHelperSvc) . (…) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe =>.Intel Corporation
          SR - Auto [11/07/2015] [ 223520] Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
          SR - Auto [16/08/2011] [ 32768] JME Keyboard Driver (JME Keyboard) . (…) - C:\Windows\jmesoft\Service.exe =>.JMESoft
          SR - Auto [08/09/2015] [ 24312] LenovoPortalService (LenovoPortalService) . (.Copyright © 2012.) - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe =>.LENOVO®
          SR - Auto [11/07/2015] [ 415520] Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
          SS - Demand [01/07/2015] [ 271296] LSCWinService (LSCWinService) . (.Lenovo.) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe =>.LENOVO®
          SR - Auto [09/05/2017] [ 4470736] Malwarebytes Service (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
          SR - Auto [29/12/2016] [ 458176] NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe =>.NVIDIA Corporation®
          SS - Demand [31/03/2016] [ 31704] ShareItSvc (ShareItSvc) . (.SHAREit Technologies Co.Ltd.) - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe =>.LENOVO®
          SR - Demand [01/06/2017] [ 1607968] Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe =>.Valve®
          SR - Auto [01/05/2017] [ 129360] VoodooShieldService (VoodooShieldService) . (.VoodooSoft, LLC.) - C:\Program Files\VoodooShield\VoodooShieldService.exe =>.VoodooSoft, LLC®
          SR - Auto [03/04/2017] [14522512] ZAM Controller Service (ZAMSvc) . (.Copyright 2017..) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®

          —\ Task Planned Automatically (13) - 9s
          [MD5.866FF7A49542CDBBF7EE0FD4FD0ADC02] [APT] [Avast Emergency Update] (.AVAST Software.) – C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2326672] (.Activate.) =>.AVAST Software s.r.o.®
          [MD5.E5550587CC154E805433DFC99CE7937E] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) – C:\Program Files\CCleaner\CCleaner.exe [7619288] (.Activate.) =>.Piriform Ltd®
          [MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440] (.Activate.) =>.Google Inc®
          [MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440] (.Activate.) =>.Google Inc®
          [MD5.BDD7B0DEE5A5B880FD522B1780C01FD3] [APT] [PrivaZer_SkipUAC] (.Goversoft LLC.) – C:\Program Files (x86)\PrivaZer\PrivaZer.exe [15056648] (.Activate.) =>.Goversoft®
          [MD5.F485EE3C484D9874E9DD75E6B4FEE332] [APT] [SafeZone scheduled Autoupdate 1462830905] (.Avast Software.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe [927264] (.Activate.) =>.AVAST Software s.r.o.®
          [MD5.283E10FD63971145CC1E750FFA46180E] [APT] [AVAST Software\Avast settings backup] (.AVAST Software.) – C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [826808] (.Activate.) =>.AVAST Software s.r.o.®
          O39 - APT: Avast Emergency Update - (.AVAST Software.) – C:\WINDOWS\System32\Tasks\Avast Emergency Update [4268] =>.AVAST Software s.r.o.®
          O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) – C:\WINDOWS\System32\Tasks\CCleanerSkipUAC [2886] =>.Piriform Ltd®
          O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) – C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore [3120] =>.Google Inc®
          O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) – C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A [3344] =>.Google Inc®
          O39 - APT: PrivaZer_SkipUAC - (.Goversoft LLC.) – C:\WINDOWS\System32\Tasks\PrivaZer_SkipUAC [3204] =>.Goversoft®
          O39 - APT: SafeZone scheduled Autoupdate 1462830905 - (.Avast Software.) – C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1462830905 [3370] =>.AVAST Software s.r.o.®

          —\ Auto loading programs from Registry and folders (10) - 0s
          O4 - HKLM..\Run: [AvastUI.exe] . (.AVAST Software - AvLaunch component.) – C:\Program Files\AVAST Software\Avast\AvLaunch.exe =>.AVAST Software s.r.o.®
          O4 - HKLM..\Run: [Malwarebytes TrayApp] . (.Malwarebytes - Malwarebytes Tray Application.) – C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe =>.Malwarebytes Corporation®
          O4 - HKLM..\Run: [VoodooShield] . (.VoodooSoft, LLC - VoodooShield.) – C:\Program Files\VoodooShield\VoodooShield.exe =>.VoodooSoft, LLC®
          O4 - HKCU..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) – C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
          O4 - HKCU..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
          O4 - HKCU..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) – C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe =>.Superfluous.AkamaiHD
          O4 - HKLM..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) – C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle America, Inc.®
          O4 - HKUS\S-1-5-21-113026621-1705679920-3439515112-1001..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) – C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
          O4 - HKUS\S-1-5-21-113026621-1705679920-3439515112-1001..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
          O4 - HKUS\S-1-5-21-113026621-1705679920-3439515112-1001..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) – C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe =>.Superfluous.AkamaiHD

          —\ Process running (26) - 2s
          [MD5.E2CFDA7E9606FD5ECAB93E4817414661] - (…) – C:\Windows\jmesoft\Service.exe [32768] [PID.3084] =>.JMESoft
          [MD5.B09F2F6281571FBA7387164DE91A24E2] - (.Copyright © 2012 - LenovoPortalService.) – C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312] [PID.3104] =>.LENOVO®
          [MD5.2328568EE63439A4A11F9DC0692E5527] - (.NVIDIA Corporation - NVIDIA Container.) – C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [458176] [PID.3176] =>.NVIDIA Corporation®
          [MD5.CD4546A3ECA0DD8534A6097DF7C2028E] - (.Lenovo - RapidBoot HDD Accelerator Service.) – C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768] [PID.3184] =>.Lenovo
          [MD5.A3B07B40F7AA4A39B202D14BCD72678C] - (.Copyright 2017. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512] [PID.3252] =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®
          [MD5.D76E56108E6482905D3FAEA0649919E4] - (.Malwarebytes - Malwarebytes Service.) – C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736] [PID.3656] =>.Malwarebytes Corporation®
          [MD5.93A49F8ECC625EE8FD3BFC3C5FEB8D47] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) – C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [1285568] [PID.4336] =>.NVIDIA Corporation®
          [MD5.CE9DB06643313387C4E71678880D0412] - (…) – C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x 64__kzf8qxf38zg5c\SkypeHost.exe [74752] [PID.6052] =>.Skype Technologies
          [MD5.33E6E5822E22A5E1DEA523C06155FD07] - (.Google Inc. - Google Crash Handler.) – C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.ex e [288848] [PID.8436] =>.Google Inc®
          [MD5.8FE697AB8A4C28D79C1CDB97C6FB1A17] - (.AVAST Software - Avast Antivirus.) – C:\Program Files\AVAST Software\Avast\AvastUI.exe [8470464] [PID.9068] =>.AVAST Software s.r.o.®
          [MD5.27BEAF3F308ED2276F3863C2F2597556] - (.Google Inc. - Google Crash Handler.) – C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64. exe [366672] [PID.2252] =>.Google Inc®
          [MD5.DE70C5C10803C700DC1CFDE2D5CF207A] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520] [PID.6272] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
          [MD5.1CE3A27B6B0658F4242AB2DECE69704E] - (.Intel Corporation - Intel(R) Local Management Service.) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [415520] [PID.6288] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
          [MD5.9C8F57D022F39AD1FF1B07C51A20B562] - (.VoodooSoft, LLC - VoodooShield.) – C:\Program Files\VoodooShield\VoodooShieldService.exe [129360] [PID.9292] =>.VoodooSoft, LLC®
          [MD5.8213094EA736A9C575AB0E22AD09B0BA] - (.Intel Corporation - Intel(R) Security Assist.) – C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872] [PID.1896] =>.Intel Corporation
          [MD5.078B785A7533B7059A236017B3B060A4] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) – C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256] [PID.916] =>.Adobe Systems Incorporated®
          [MD5.612354D351683C76C5728A5A9A858090] - (.Adobe Systems Inc. - AcroTray.) – C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe [1870928] [PID.8728] =>.Adobe Systems, Incorporated®
          [MD5.7F3D0BC2FE61C249302E0515989C59E2] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) – C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe [4490200] [PID.7244] =>.Superfluous.AkamaiHD
          [MD5.A3B07B40F7AA4A39B202D14BCD72678C] - (.Copyright 2017. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512] [PID.7924] =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®
          [MD5.7FF7826FC27B9DBAF53098DBA207845C] - (…) – C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1 705.1302.0_x64__8wekyb3d8bbwe\Calculator.exe [3982336] [PID.10788] =>.Microsoft Corporation
          [MD5.BA7BFDCD603A7392521E4A688DD40358] - (.Valve Corporation - Steam Client Bootstrapper.) – C:\Program Files (x86)\Steam\Steam.exe [3042592] [PID.11512] =>.Valve®
          [MD5.0E5DE4D8B1E4272B172A82D5E3CE4316] - (.Valve Corporation - Steam Client WebHelper.) – C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [2419488] [PID.12012] =>.Valve®
          [MD5.507367443C3A2D4BA115FE48B96A7D4B] - (.Valve Corporation - Steam Client Service.) – C:\Program Files (x86)\Common Files\Steam\SteamService.exe [1607968] [PID.12528] =>.Valve®
          [MD5.0E5DE4D8B1E4272B172A82D5E3CE4316] - (.Valve Corporation - Steam Client WebHelper.) – C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [2419488] [PID.11412] =>.Valve®
          [MD5.7F3D0BC2FE61C249302E0515989C59E2] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) – C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe [4490200] [PID.12016] =>.Superfluous.AkamaiHD
          [MD5.9BE10B7D1BD613A3270C75CA0863ED0B] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe [2734592] [PID.14716] =>.Nicolas Coolman

          —\ Google Chrome, Start,Search,Extensions (22) - 0s
          G0 - GCSP: Preferences [User Data\Default][HomePage] http://cdnjs.cloudflare.com
          G0 - GCSP: Preferences [User Data\Default][HomePage] http://connect.facebook.net =>.Facebook
          G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.googleapis.com =>.Google Inc.
          G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.gstatic.com =>.Google Inc.
          G0 - GCSP: Preferences [User Data\Default][HomePage] http://nicolascoolman.eu =>.Nicolas Coolman
          G0 - GCSP: Preferences [User Data\Default][HomePage] http://scontent-iad3-1.xx.fbcdn.net
          G0 - GCSP: Preferences [User Data\Default][HomePage] http://staticxx.facebook.com =>.Facebook
          G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook
          G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc.
          G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.paypalobjects.com
          G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.google.com/ =>.Google Inc.
          G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. =>.Google Inc.
          G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc. =>.Google Inc.
          G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
          G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] Google Chrome manifest =>.Google Inc. =>.Google Inc.
          G2 - GCE: Preference [User Data\Default] [iahecghojagkcoehfhfknajofkokndjm] Tab Cookies
          G2 - GCE: Preference [User Data\Default] [ifmhoabcaeehkljcfclfiieohkohdgbb] Social Fixer for Facebook
          G2 - GCE: Preference [User Data\Default] [lgblnfidahcdcjddiepkckcfdhpknnjh]
          G2 - GCE: Preference [User Data\Default] [nmkinhboiljjkhaknpaeaicmdjhagpep] F.B.(FluffBusting)Purity
          G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
          G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.
          G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

          —\ Internet Explorer Extensions, Start, Search (18) - 0s
          R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com =>.Google Inc.
          R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
          R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

          R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
          R1 - HKEY_USERS\S-1-5-21-113026621-1705679920-3439515112-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve =>.Microsoft Corporation
          R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

          —\ Internet Explorer, Proxy Management (9) - 0s
          R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride =
          R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
          R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
          R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
          R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1 = 1
          R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll
          R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
          R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1 = 1
          R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies =>.Microsoft

          —\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
          F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
          F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
          F2 - REG:system.ini: VMApplet=

          —\ Hosts file redirection (1) - 0s
          ~ Le fichier hôte est sain (The hosts file is clean) (21)

          —\ Browser Helper Object (BHO) (4) - 0s
          O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} (.Orphan.)
          O2 - BHO: Adobe Acrobat Create PDF Helper [64Bits] - {AE7CD045-E861-484f-8273-0445EE161910} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) – C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll =>.Adobe Systems, Incorporated®
          O2 - BHO: Microsoft OneDrive for Business Browser Helper [64Bits] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} (.Orphan.)
          O2 - BHO: SmartSelect [64Bits] - {F4971EE7-DAA0-4053-9964-665D8EE6A077} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) – C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll =>.Adobe Systems, Incorporated®

          —\ Global shortcuts Startup (47) - 2s
          O4 - GS\Desktop [Administrator]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
          O4 - GS\Desktop [Administrator]: Fonts - Shortcut.lnk . (…) C:\Windows\Fonts
          O4 - GS\Desktop [Administrator]: Tennafa - Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=“Default” =>.Google Inc®
          O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
          O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
          O4 - GS\Quicklaunch [Administrator]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
          O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
          O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
          O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
          O4 - GS\TaskBar [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
          O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Windows®
          O4 - GS\Desktop [Doneff Family]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
          O4 - GS\Desktop [Doneff Family]: Fonts - Shortcut.lnk . (…) C:\Windows\Fonts
          O4 - GS\Desktop [Doneff Family]: Tennafa - Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=“Default” =>.Google Inc®
          O4 - GS\Desktop [Doneff Family]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
          O4 - GS\Quicklaunch [Doneff Family]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
          O4 - GS\Quicklaunch [Doneff Family]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
          O4 - GS\sendTo [Doneff Family]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
          O4 - GS\sendTo [Doneff Family]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
          O4 - GS\TaskBar [Doneff Family]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
          O4 - GS\TaskBar [Doneff Family]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
          O4 - GS\Programs [Doneff Family]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Windows®
          O4 - GS\Desktop [Guest]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
          O4 - GS\Desktop [Guest]: Fonts - Shortcut.lnk . (…) C:\Windows\Fonts
          O4 - GS\Desktop [Guest]: Tennafa - Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=“Default” =>.Google Inc®
          O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
          O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
          O4 - GS\Quicklaunch [Guest]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
          O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
          O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
          O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
          O4 - GS\TaskBar [Guest]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
          O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Windows®
          O4 - GS\CommonDesktop [Public]: e-Sword.lnk . (.Rick Meyers - e-Sword.exe.) C:\Program Files (x86)\e-Sword\e-Sword.exe
          O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
          O4 - GS\CommonDesktop [Public]: REACHit.lnk . (.Lenovo - REACHit Agent.) C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe =>.LENOVO®
          O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Windows®
          O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
          O4 - GS\ProgramsCommon [Public]: Access 2016.lnk . (.Microsoft Corporation - Microsoft Access.) C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE =>.Microsoft Corporation®
          O4 - GS\ProgramsCommon [Public]: Excel 2016.lnk . (.Microsoft Corporation - Microsoft Excel.) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation®
          O4 - GS\ProgramsCommon [Public]: OneNote 2016.lnk . (.Microsoft Corporation - Microsoft OneNote.) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE =>.Microsoft Corporation®
          O4 - GS\ProgramsCommon [Public]: Outlook 2016.lnk . (.Microsoft Corporation - Microsoft Outlook.) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE =>.Microsoft Corporation®
          O4 - GS\ProgramsCommon [Public]: PowerPoint 2016.lnk . (.Microsoft Corporation - Microsoft PowerPoint.) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE =>.Microsoft Corporation®
          O4 - GS\ProgramsCommon [Public]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
          O4 - GS\ProgramsCommon [Public]: Publisher 2016.lnk . (.Microsoft Corporation - Microsoft Publisher.) C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE =>.Microsoft Corporation®
          O4 - GS\ProgramsCommon [Public]: Word 2016.lnk . (.Microsoft Corporation - Microsoft Word.) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation®

          —\ Lop.com/Domain Hijackers (3) - 0s
          O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 =>.USA Rochester Time Warner Cable Internet LlC
          O17 - HKLM\System\CCS\Services\Tcpip..{22bd1248-b385-4563-bcc2-6588c77ea58a}: DhcpNameServer = 209.18.47.61 209.18.47.62 =>.USA Rochester Time Warner Cable Internet LlC
          O17 - HKLM\System\CCS\Services\Tcpip..{e6e4a17a-d400-42d1-acf0-634be7a09268}: DhcpNameServer = 209.18.47.61 209.18.47.62 =>.USA Rochester Time Warner Cable Internet LlC

          —\ Extra protocols (26) - 0s
          O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
          O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
          O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
          O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
          O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
          O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\SysWOW64\inetcomm.dll =>.Microsoft Corporation
          O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
          O18 - Handler: mso-minsb-roaming.16 [64Bits] - {83C25742-A9F7-49FB-9138-434302C88D07} . (.Microsoft Corporation - Microsoft Office 2016 component.) – C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
          O18 - Handler: mso-minsb.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) – C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
          O18 - Handler: osf-roaming.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) – C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
          O18 - Handler: osf.16 [64Bits] - {5504BE45-A83B-4808-900A-3A5C36E7F77A} . (.Microsoft Corporation - Microsoft Office 2016 component.) – C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
          O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
          O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
          O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
          O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
          O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
          O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
          O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
          O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation

          —\ Software installed (82) - 5s
          O42 - Logiciel: Adobe Acrobat DC - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AC76BA86-1033-FFFF-7760-0C0F074E4100} =>.Adobe Systems Incorporated
          O42 - Logiciel: Adobe Acrobat Reader DC - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AC76BA86-7AD7-1033-7B44-AC0F074E4100} =>.Adobe Systems Incorporated
          O42 - Logiciel: Adobe Flash Player 25 PPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe Flash Player PPAPI =>.Adobe Systems Incorporated®
          O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AC76BA86-0804-1033-1959-001824225037} =>.Adobe Systems Incorporated
          O42 - Logiciel: Aion - (.NC Interactive, LLC.) [HKLM][64Bits] – {B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB} =>.NC Interactive, LLC
          O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU][64Bits] – Akamai =>.Superfluous.AkamaiHD
          O42 - Logiciel: Avast Internet Security - (.AVAST Software.) [HKLM][64Bits] – Avast Antivirus =>.AVAST Software s.r.o.®
          O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] – CCleaner =>.Piriform Ltd®
          O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] – {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} =>.Cisco Systems, Inc.
          O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] – {AF312B06-5C5C-468E-89B3-BE6DE2645722} =>.Cisco Systems, Inc.
          O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] – {0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F} =>.Cisco Systems, Inc.
          O42 - Logiciel: Components - (.Lenovo.) [HKLM][64Bits] – {1720B0E0-C520-43A6-B677-97A1D80F3B99} =>.Lenovo
          O42 - Logiciel: Driver and Application Installation - (.Lenovo.) [HKLM][64Bits] – {6EC299C6-074C-4529-8D5F-2798584BB27B} =>.LENOVO®
          O42 - Logiciel: Echo of Soul - (..) [HKLM][64Bits] – Echo of Soul
          O42 - Logiciel: e-Sword - (.Rick Meyers.) [HKLM][64Bits] – {463178C4-E707-41EE-BE8A-080C62BF526D}
          O42 - Logiciel: Fiesta Online NA version 1.0 - (.gamigo AG.) [HKLM][64Bits] – Fiesta Online NA_is1 =>.gamigo AG
          O42 - Logiciel: Genesys USB Mass Storage Device - (.Genesys Logic.) [HKLM][64Bits] – {959B7F35-2819-40C5-A0CD-3C53B5FCC935} =>.Genesys Logic
          O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] – Google Chrome =>.Google Inc®
          O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] – {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
          O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel Corporation.) [HKLM][64Bits] – {8C91A5EB-2C62-4A6D-8802-CC79FD2ED390} =>.Intel Corporation
          O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] – {3D6D679B-3ECE-48DD-85D6-8ECE8D497080} =>.Intel Corporation
          O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] – {BCD55758-61DB-426D-BC56-72C9ADB2092F} =>.Intel Corporation
          O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] – {DD20EECC-5CAA-4658-B15D-2A5DCE686321} =>.Intel Corporation
          O42 - Logiciel: Intel(R) ME UninstallLegacy - (.Intel Corporation.) [HKLM][64Bits] – {D2E7A6EE-AB1A-4D68-8E1C-FFE2B4B5429B} =>.Intel Corporation
          O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] – {205AE40D-8AD7-4F29-A430-DD2168DA562D} =>.Intel Corporation
          O42 - Logiciel: Intel® Security Assist - (.Intel Corporation.) [HKLM][64Bits] – {4B230374-6475-4A73-BA6E-41015E9C5013} =>.Intel Corporation
          O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] – {7D84E343-A23D-451C-B123-0195B2D903A6} =>.Intel Corporation
          O42 - Logiciel: Java 8 Update 131 - (.Oracle Corporation.) [HKLM][64Bits] – {26A24AE4-039D-4CA4-87B4-2F32180131F0} =>.Oracle Corporation
          O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM][64Bits] – {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
          O42 - Logiciel: Lenovo Accelerator Application - (.Lenovo.) [HKLM][64Bits] – {10672FE6-3D50-4F79-B0C7-A5573A5D415D} =>.LENOVO®
          O42 - Logiciel: Lenovo Blacksilk USB Keyboard Driver - (.Lenovo.) [HKLM][64Bits] – {B266E062-D6C5-485B-B426-51B152B041A6} =>.Lenovo
          O42 - Logiciel: Lenovo Experience Improvement - (.Lenovo.) [HKLM][64Bits] – LenovoExperienceImprovement =>.LENOVO®
          O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] – {40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink Corp.®
          O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink Corp.®
          O42 - Logiciel: Lenovo PowerDVD12 - (.CyberLink Corp..) [HKLM][64Bits] – {B46BEA36-0B71-4A4E-AE41-87241643FA0A} =>.CyberLink Corp.®
          O42 - Logiciel: Lenovo PowerDVD12 - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A} =>.CyberLink Corp.®
          O42 - Logiciel: Lenovo QuickOptimizer - (.Lenovo.) [HKLM][64Bits] – {8D2C871B-1B9F-45AC-9C43-2BB18089CDFA} =>.Lenovo
          O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] – {46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink Corp.®
          O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink Corp.®
          O42 - Logiciel: Lenovo Solution Center - (.Lenovo.) [HKLM][64Bits] – {A5591EC4-8AD6-48EE-9F8D-FACFA8BA4E35} =>.Lenovo
          O42 - Logiciel: Lenovo System Interface Foundation - (.Lenovo.) [HKLM][64Bits] – {C2E5CA37-C862-4A69-AC6D-24F450A20C16} =>.Lenovo
          O42 - Logiciel: Malwarebytes version 3.1.2.1733 - (.Malwarebytes.) [HKLM][64Bits] – {35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1 =>.Malwarebytes Corporation®
          O42 - Logiciel: Manual - (.Lenovo.) [HKLM][64Bits] – {693F92E5-37D1-46B7-A0D6-19A74A2FD0EC} =>.LENOVO®
          O42 - Logiciel: Metric Collection SDK - (.Lenovo Group Limited.) [HKLM][64Bits] – {DDAA788F-52E6-44EA-ADB8-92837B11BF26} =>.Lenovo Group Limited
          O42 - Logiciel: Metric Collection SDK 35 - (.Lenovo Group Limited.) [HKLM][64Bits] – {C2B5B5B0-2545-4E94-B4BA-548D4BF0B196} =>.Lenovo Group Limited
          O42 - Logiciel: Microsoft OneDrive - (.Microsoft Corporation.) [HKCU][64Bits] – OneDriveSetup.exe =>.Microsoft Windows®
          O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] – {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
          O42 - Logiciel: NCSOFT Game Launcher - (.NCSOFT.) [HKLM][64Bits] – NCLauncher_NCWest =>.NCsoft Corp.®
          O42 - Logiciel: NVIDIA 3D Vision Driver 376.54 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision =>.NVIDIA Corporation
          O42 - Logiciel: NVIDIA Control Panel 376.54 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation
          O42 - Logiciel: NVIDIA Display Container - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer =>.NVIDIA Corporation
          O42 - Logiciel: NVIDIA Display Container LS - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS =>.NVIDIA Corporation
          O42 - Logiciel: NVIDIA Graphics Driver 376.54 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation
          O42 - Logiciel: NVIDIA HD Audio Driver 1.3.34.17 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver =>.NVIDIA Corporation
          O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
          O42 - Logiciel: NVIDIA PhysX System Software 9.15.0428 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA Corporation
          O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] – NVIDIAStereo =>.NVIDIA Corporation®
          O42 - Logiciel: Office 16 Click-to-Run Extensibility Component - (.Microsoft Corporation.) [HKLM][64Bits] – {90160000-008C-0000-0000-0000000FF1CE} =>.Microsoft Corporation
          O42 - Logiciel: Office 16 Click-to-Run Extensibility Component 64-bit Registration - (.Microsoft Corporation.) [HKLM][64Bits] – {90160000-00DD-0000-1000-0000000FF1CE} =>.Microsoft Corporation
          O42 - Logiciel: Office 16 Click-to-Run Licensing Component - (.Microsoft Corporation.) [HKLM][64Bits] – {90160000-008F-0000-1000-0000000FF1CE} =>.Microsoft Corporation
          O42 - Logiciel: Office 16 Click-to-Run Localization Component - (.Microsoft Corporation.) [HKLM][64Bits] – {90160000-008C-0409-0000-0000000FF1CE} =>.Microsoft Corporation
          O42 - Logiciel: PrivaZer - (.Goversoft LLC.) [HKLM][64Bits] – PrivaZer =>.Goversoft®
          O42 - Logiciel: REACHit - (.Lenovo.) [HKLM][64Bits] – {4532E4C5-C84D-4040-A044-ECFCC5C6995B} =>.Lenovo
          O42 - Logiciel: REALTEK Bluetooth Filter Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] – {9D3D8C60-A5EF-4123-B2B9-172095903AD} =>.Realtek Semiconductor Corp®
          O42 - Logiciel: Realtek Ethernet Controller All-In-One Windows Driver - (.Realtek.) [HKLM][64Bits] – {F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F} =>.Realtek
          O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp®
          O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] – {9DAABC60-A5EF-41FF-B2B9-17329590CD5} =>.Realtek Semiconductor Corp®
          O42 - Logiciel: SafeZone Stable 3.55.2393.596 - (.Avast Software.) [HKLM][64Bits] – SafeZone 3.55.2393.596 =>.AVAST Software s.r.o.®
          O42 - Logiciel: SHAREit - (.Lenovo.) [HKLM][64Bits] – SHAREit_is1 =>.Lenovo
          O42 - Logiciel: SoftMaker FreeOffice 2016 - (.SoftMaker Software GmbH.) [HKLM][64Bits] – {8EBB8452-274B-465D-8324-00B0832FBB05} =>.SoftMaker Software GmbH
          O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] – Steam =>.Valve®
          O42 - Logiciel: Team Fortress 2 - (.Valve.) [HKLM][64Bits] – Steam App 440 =>.Valve®
          O42 - Logiciel: VoodooShield version 3.59 - (.VoodooSoft, LLC.) [HKLM][64Bits] – {A8644328-A66F-490E-B8FA-901FF649189D}_is1 =>.VoodooSoft, LLC
          O42 - Logiciel: Wheel Of Fortune - (..) [HKLM][64Bits] – Wheel Of Fortune
          O42 - Logiciel: Windows 10 Update and Privacy Settings - (.Microsoft Corporation.) [HKLM][64Bits] – {293F2009-0145-450B-B4AA-063D43FB368C} =>.Microsoft Corporation
          O42 - Logiciel: Windows Driver Package - Genesys Logic (GeneStor) USB (07/13/2015 4.5.0.6) - (.Genesys Logic.) [HKLM][64Bits] – AE2E6FAB44844413B4C6F53C908EACC8AFC838F0 =>.Genesys Logic
          O42 - Logiciel: Windows Driver Package - NVIDIA (nvlddmkm) Display (07/22/2015 10.18.13.53 - (.NVIDIA.) [HKLM][64Bits] – 81C36D5B443FFB6F528F76BD424D750C53ADF10E =>.NVIDIA
          O42 - Logiciel: Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (04/16/2015 1.3. - (.NVIDIA Corporation.) [HKLM][64Bits] – E1EF4D4E1E41BA85DB6DA51424B73AE1B3F0056A =>.NVIDIA Corporation
          O42 - Logiciel: Windows Driver Package - Realtek (rt640x64) Net (05/05/2015 10.001.0505.20 - (.Realtek.) [HKLM][64Bits] – 6A304520C2F25CD034E477A379C47308AA84A2DC =>.Realtek
          O42 - Logiciel: Windows Driver Package - Realtek Semiconductor Corp. (RtkBtFilter) Bluetoot - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – 604A7B07184AD24892732BED4543610976632257 =>.Realtek Semiconductor Corp.
          O42 - Logiciel: Windows Driver Package - Realtek Semiconductor Corp. (RTWlanE) Net (07/09/ - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – 5D078DEFD18360A7A64D38392C9F1007DC86AE23 =>.Realtek Semiconductor Corp.
          O42 - Logiciel: Zemana AntiMalware - (.Zemana Ltd..) [HKLM][64Bits] – {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1 =>.Zemana Ltd.

          —\ HKCU & HKLM Software Keys (91) - 5s
          HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
          HKLM\SOFTWARE\Wow6432Node\Adware Removal Tool by TSA =>.TSA Softwares
          HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies =>.AGEIA Technologies
          HKLM\SOFTWARE\Wow6432Node\AROnline =>.AROnline
          HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
          HKLM\SOFTWARE\Wow6432Node\Corel =>.Corel
          HKLM\SOFTWARE\Wow6432Node\CyberLink =>.CyberLink Corporation
          HKLM\SOFTWARE\Wow6432Node\FFOnline
          HKLM\SOFTWARE\Wow6432Node\Gameforge =>.Gameforge
          HKLM\SOFTWARE\Wow6432Node\Genesys Logic =>.Genesys Logic
          HKLM\SOFTWARE\Wow6432Node\Google =>.Google
          HKLM\SOFTWARE\Wow6432Node\Hasbro Interactive
          HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
          HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
          HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
          HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
          HKLM\SOFTWARE\Wow6432Node\Lake =>.Lake Sofware
          HKLM\SOFTWARE\Wow6432Node\Lenovo =>.Lenovo
          HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
          HKLM\SOFTWARE\Wow6432Node\MAXSOFT-OCRON =>.Maxsoft-Ocron, Inc
          HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
          HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
          HKLM\SOFTWARE\Wow6432Node\NC Interactive, LLC =>.NC Interactive, LLC
          HKLM\SOFTWARE\Wow6432Node\NCWest
          HKLM\SOFTWARE\Wow6432Node\Network Associates =>.Network Associates
          HKLM\SOFTWARE\Wow6432Node\NSCPID =>.NetRatings
          HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
          HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.nVidia Corporation
          HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
          HKLM\SOFTWARE\Wow6432Node\PlayNC
          HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek Semiconductor Corp.
          HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
          HKLM\SOFTWARE\Wow6432Node\RtWLan =>.Realtek Semiconductor Corp.
          HKLM\SOFTWARE\Wow6432Node\SHAREit =>.Lenovo Group Limited
          HKLM\SOFTWARE\Wow6432Node\SoftMaker Software GmbH =>.SoftMaker Software GmbH
          HKLM\SOFTWARE\Wow6432Node\SRS Labs =>.SRS Labs
          HKLM\SOFTWARE\Wow6432Node\TrendMicro =>.TrendMicro
          HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
          HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
          HKLM\SOFTWARE\Wow6432Node\Zemi Interactive =>.Zemi Interactive
          HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
          HKCU\SOFTWARE\9-lab =>.9-lab
          HKCU\SOFTWARE\Adobe =>.Adobe
          HKCU\SOFTWARE\Aeria Games =>.Aeria Games
          HKCU\SOFTWARE\Aion =>.NCsoft Corporation, Ltd.
          HKCU\SOFTWARE\Akamai =>.Superfluous.AkamaiHD
          HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
          HKCU\SOFTWARE\AVAST Software =>.AVAST Software
          HKCU\SOFTWARE\Blizzard Entertainment =>.Blizzard Entertainment
          HKCU\SOFTWARE\Chromium =>.Chromium
          HKCU\SOFTWARE\Corel =>.Corel
          HKCU\SOFTWARE\CyberLink =>.CyberLink Corporation
          HKCU\SOFTWARE\ElswordINT =>.ElswordINT
          HKCU\SOFTWARE\Gameforge4d =>.ZemiInteractive Ltd
          HKCU\SOFTWARE\Google =>.Google
          HKCU\SOFTWARE\HngSync =>.Reto-Moto Aps
          HKCU\SOFTWARE\INCAInternet =>.INCAInternet
          HKCU\SOFTWARE\Intel =>.Intel
          HKCU\SOFTWARE\Jasc =>.Jasc
          HKCU\SOFTWARE\JavaSoft =>.JavaSoft
          HKCU\SOFTWARE\lenovo =>.Lenovo
          HKCU\SOFTWARE\Macromedia =>.Macromedia
          HKCU\SOFTWARE\MakeMusic =>.MakeMusic
          HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
          HKCU\SOFTWARE\MyComGames =>.MyComGames
          HKCU\SOFTWARE\nester
          HKCU\SOFTWARE\Netscape =>.Netscape
          HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
          HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
          HKCU\SOFTWARE\Piriform =>.Piriform
          HKCU\SOFTWARE\plaync
          HKCU\SOFTWARE\QtProject =>.QtProject
          HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
          HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
          HKCU\SOFTWARE\SHAREit =>.Lenovo Group Limited
          HKCU\SOFTWARE\SoftMaker Software GmbH =>.SoftMaker Software GmbH
          HKCU\SOFTWARE\Sysinternals =>.Sysinternals
          HKCU\SOFTWARE\tfdfu =>.Electronic Arts, Inc.
          HKCU\SOFTWARE\TrioSeq
          HKCU\SOFTWARE\Trolltech =>.Trolltech
          HKCU\SOFTWARE\Unity =>.Unity
          HKCU\SOFTWARE\Valve =>.Valve
          HKCU\SOFTWARE\VB and VBA Program Settings =>.Microsoft Corporation
          HKCU\SOFTWARE\Viena
          HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
          HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
          HKCU\SOFTWARE\Zemana =>.Zemana
          HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
          HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
          HKCU\SOFTWARE\AppDataLow\Software\Adobe =>.Adobe
          HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft

          —\ Contents of the Common Files folders (182) - 11s
          O43 - CFD: 25/05/2017 - D – C:\Program Files\9-lab =>.9-lab
          O43 - CFD: 09/05/2016 - D – C:\Program Files\AVAST Software =>.AVAST Software s.r.o.®
          O43 - CFD: 26/05/2017 - AD – C:\Program Files\CCleaner =>.Piriform Ltd
          O43 - CFD: 18/05/2017 - D – C:\Program Files\Common Files =>.Microsoft Corporation
          O43 - CFD: 09/05/2016 - D – C:\Program Files\DIFX =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - D – C:\Program Files\Intel =>.Intel Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
          O43 - CFD: 09/05/2016 - D – C:\Program Files\Lenovo =>.Lenovo
          O43 - CFD: 23/05/2017 - D – C:\Program Files\Malwarebytes =>.Malwarebytes
          O43 - CFD: 12/06/2016 - D – C:\Program Files\Microsoft Office 15 =>.Microsoft Corporation
          O43 - CFD: 13/04/2017 - AD – C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - D – C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
          O43 - CFD: 18/05/2017 - D – C:\Program Files\Realtek =>.Realtek
          O43 - CFD: 18/05/2017 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
          O43 - CFD: 11/05/2017 - AD – C:\Program Files\UNP =>.Microsoft Corporation
          O43 - CFD: 26/05/2017 - AD – C:\Program Files\VoodooShield
          O43 - CFD: 18/03/2017 - RD – C:\Program Files\Windows Defender =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files\Windows Security =>.Unknow
          O43 - CFD: 18/03/2017 - SHD – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
          O43 - CFD: 02/06/2017 - HD – C:\Program Files\WindowsApps =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
          O43 - CFD: 21/02/2017 - D – C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
          O43 - CFD: 25/05/2017 - D – C:\Program Files (x86)\Adware Removal Tool by TSA =>.TSA Softwares
          O43 - CFD: 09/05/2016 - D – C:\Program Files (x86)\Cisco =>.Cisco Systems, Inc.
          O43 - CFD: 03/06/2017 - D – C:\Program Files (x86)\Common Files =>.Microsoft Corporation
          O43 - CFD: 09/05/2016 - D – C:\Program Files (x86)\Cyberlink =>.CyberLink Corporation
          O43 - CFD: 18/06/2016 - AD – C:\Program Files (x86)\e-Sword
          O43 - CFD: 17/05/2017 - D – C:\Program Files (x86)\gamigo =>.gamigo AG®
          O43 - CFD: 09/05/2016 - D – C:\Program Files (x86)\Genesyslogic =>.Microsoft Windows Hardware Compatibility Publisher®
          O43 - CFD: 14/06/2016 - D – C:\Program Files (x86)\Google =>.Google Inc®
          O43 - CFD: 13/02/2017 - D – C:\Program Files (x86)\Hasbro Interactive =>.Hasbro Interactive
          O43 - CFD: 08/06/2016 - HD – C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
          O43 - CFD: 09/05/2016 - D – C:\Program Files (x86)\Intel =>.Intel Corporation
          O43 - CFD: 26/05/2017 - D – C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
          O43 - CFD: 25/05/2017 - D – C:\Program Files (x86)\Java =>.Oracle
          O43 - CFD: 20/06/2016 - D – C:\Program Files (x86)\Lenovo =>.Lenovo
          O43 - CFD: 03/06/2017 - AD – C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
          O43 - CFD: 13/04/2017 - AD – C:\Program Files (x86)\Microsoft Silverlight =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - D – C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - D – C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
          O43 - CFD: 08/06/2016 - D – C:\Program Files (x86)\NCSOFT =>.NCSOFT
          O43 - CFD: 08/06/2016 - D – C:\Program Files (x86)\NCWest =>.NCWest
          O43 - CFD: 18/05/2017 - D – C:\Program Files (x86)\NVIDIA Corporation =>.nVidia Corporation
          O43 - CFD: 05/06/2017 - AD – C:\Program Files (x86)\PrivaZer =>.Goversoft LLC
          O43 - CFD: 09/05/2016 - AD – C:\Program Files (x86)\Realtek =>.Realtek
          O43 - CFD: 09/05/2016 - AD – C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver =>.Realtek Semiconductor Corp.
          O43 - CFD: 18/05/2017 - D – C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
          O43 - CFD: 04/06/2017 - AD – C:\Program Files (x86)\SoftMaker FreeOffice 2016 =>.Microsoft Corporation
          O43 - CFD: 04/06/2017 - D – C:\Program Files (x86)\Steam =>.Steam Games
          O43 - CFD: 18/05/2017 - HD – C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - D – C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
          O43 - CFD: 25/05/2017 - AD – C:\Program Files (x86)\Zemana AntiMalware =>.Zemana
          O43 - CFD: 31/05/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gamigo =>.gamigo
          O43 - CFD: 03/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools =>.Microsoft Corporation
          O43 - CFD: 04/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker FreeOffice 2016 =>.Microsoft Corporation
          O43 - CFD: 28/05/2017 - D – C:\ProgramData\9-lab =>.9-lab
          O43 - CFD: 26/05/2017 - D – C:\ProgramData\Adobe =>.Adobe
          O43 - CFD: 27/05/2017 - D – C:\ProgramData\AVAST Software =>.AVAST Software
          O43 - CFD: 23/05/2017 - D – C:\ProgramData\Malwarebytes =>.Malwarebytes
          O43 - CFD: 05/06/2017 - SD – C:\ProgramData\Microsoft =>.Microsoft Corporation
          O43 - CFD: 26/05/2017 - D – C:\ProgramData\NVIDIA =>.nVidia Corporation
          O43 - CFD: 26/05/2017 - D – C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
          O43 - CFD: 05/06/2017 - D – C:\ProgramData\privazer =>.Goversoft LLC
          O43 - CFD: 03/06/2017 - AD – C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
          O43 - CFD: 04/06/2017 - D – C:\ProgramData\SoftMaker =>.SoftMaker
          O43 - CFD: 26/05/2017 - D – C:\ProgramData\USOPrivate =>.Microsoft Corporation
          O43 - CFD: 26/05/2017 - D – C:\ProgramData\USOShared =>.Microsoft Corporation
          O43 - CFD: 04/06/2017 - D – C:\ProgramData\VoodooShield
          O43 - CFD: 27/05/2017 - AD – C:\Program Files (x86)\Common Files\Adobe =>.Adobe
          O43 - CFD: 13/04/2017 - D – C:\Program Files (x86)\Common Files\AV =>.Avast
          O43 - CFD: 03/06/2017 - AD – C:\Program Files (x86)\Common Files\DESIGNER =>.Designer
          O43 - CFD: 18/06/2016 - AD – C:\Program Files (x86)\Common Files\EzTools
          O43 - CFD: 23/03/2017 - D – C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
          O43 - CFD: 09/05/2016 - D – C:\Program Files (x86)\Common Files\Intel Corporation =>.Intel Corporation
          O43 - CFD: 26/05/2017 - D – C:\Program Files (x86)\Common Files\Java =>.Oracle
          O43 - CFD: 03/06/2017 - AD – C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
          O43 - CFD: 09/05/2016 - D – C:\Program Files (x86)\Common Files\PostureAgent =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
          O43 - CFD: 01/06/2017 - D – C:\Program Files (x86)\Common Files\Steam =>.Steam Games
          O43 - CFD: 18/03/2017 - D – C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
          O43 - CFD: 24/05/2016 - D – C:\Users\Doneff Family\AppData\Roaming.huntedcowcache
          O43 - CFD: 20/11/2016 - D – C:\Users\Doneff Family\AppData\Roaming.mono =>.Legitimate
          O43 - CFD: 25/05/2017 - D – C:\Users\Doneff Family\AppData\Roaming\9-lab =>.9-lab
          O43 - CFD: 21/02/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Adobe =>.Adobe
          O43 - CFD: 29/12/2016 - D – C:\Users\Doneff Family\AppData\Roaming\Advanced Mario Sequencer
          O43 - CFD: 24/05/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Audacity =>.Audacity
          O43 - CFD: 09/05/2016 - D – C:\Users\Doneff Family\AppData\Roaming\AVAST Software =>.AVAST Software
          O43 - CFD: 02/06/2016 - D – C:\Users\Doneff Family\AppData\Roaming\FiestaOnline
          O43 - CFD: 26/04/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Google =>.Google
          O43 - CFD: 05/05/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Hecatu
          O43 - CFD: 23/12/2016 - D – C:\Users\Doneff Family\AppData\Roaming\HeroesAndGeneralsDesktop =>.Reto-Moto
          O43 - CFD: 09/05/2016 - D – C:\Users\Doneff Family\AppData\Roaming\Intel Corporation =>.Intel Corporation
          O43 - CFD: 05/02/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Jasc =>.Jasc
          O43 - CFD: 09/05/2016 - D – C:\Users\Doneff Family\AppData\Roaming\Lenovo =>.Lenovo
          O43 - CFD: 09/05/2016 - D – C:\Users\Doneff Family\AppData\Roaming\LSC =>.LSC
          O43 - CFD: 09/05/2016 - D – C:\Users\Doneff Family\AppData\Roaming\Macromedia =>.Macromedia
          O43 - CFD: 10/11/2016 - D – C:\Users\Doneff Family\AppData\Roaming\MakeMusic =>.MakeMusic
          O43 - CFD: 31/05/2017 - SD – C:\Users\Doneff Family\AppData\Roaming\Microsoft =>.Microsoft Corporation
          O43 - CFD: 02/11/2016 - D – C:\Users\Doneff Family\AppData\Roaming\NCH Software =>.NCH Software
          O43 - CFD: 05/05/2017 - D – C:\Users\Doneff Family\AppData\Roaming\NVIDIA =>.nVidia Corporation
          O43 - CFD: 20/11/2016 - AD – C:\Users\Doneff Family\AppData\Roaming\Pokémon Trading Card Game Online =>.The Pokémon Company
          O43 - CFD: 26/11/2016 - [0] D – C:\Users\Doneff Family\AppData\Roaming\PokΘmon Trading Card Game Online
          O43 - CFD: 26/08/2016 - D – C:\Users\Doneff Family\AppData\Roaming\Skype =>.Skype
          O43 - CFD: 04/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\SoftMaker =>.SoftMaker
          O43 - CFD: 06/12/2016 - [0] D – C:\Users\Doneff Family\AppData\Roaming\Splitscreen Studios
          O43 - CFD: 13/05/2016 - D – C:\Users\Doneff Family\AppData\Roaming\Sun =>.Oracle
          O43 - CFD: 13/02/2017 - D – C:\Users\Doneff Family\AppData\Roaming\SynthFont
          O43 - CFD: 05/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\ZHP =>.Nicolas Coolman
          O43 - CFD: 09/05/2016 - [0] D – C:\Users\Doneff Family\AppData\Local\ActiveSync =>.Microsoft Corporation
          O43 - CFD: 21/02/2017 - D – C:\Users\Doneff Family\AppData\Local\Adobe =>.Adobe
          O43 - CFD: 28/05/2017 - D – C:\Users\Doneff Family\AppData\Local\Akamai =>.Superfluous.AkamaiHD
          O43 - CFD: 18/05/2017 - [0] SHD – C:\Users\Doneff Family\AppData\Local\Application Data =>.Microsoft Corporation
          O43 - CFD: 11/05/2016 - D – C:\Users\Doneff Family\AppData\Local\Audacity =>.Audacity
          O43 - CFD: 23/05/2016 - D – C:\Users\Doneff Family\AppData\Local\CEF =>.CEF
          O43 - CFD: 14/08/2016 - D – C:\Users\Doneff Family\AppData\Local\Comms =>.Microsoft Corporation
          O43 - CFD: 20/05/2017 - D – C:\Users\Doneff Family\AppData\Local\ConnectedDevicesPlatform =>.Microsoft Corporation
          O43 - CFD: 01/06/2017 - [0] D – C:\Users\Doneff Family\AppData\Local\CrashDumps =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - [0] D – C:\Users\Doneff Family\AppData\Local\DBG =>.DBG
          O43 - CFD: 08/05/2017 - [0] D – C:\Users\Doneff Family\AppData\Local\Diagnostics =>.Microsoft Corporation
          O43 - CFD: 18/06/2016 - D – C:\Users\Doneff Family\AppData\Local\Downloaded Installations =>.Microsoft Corporation
          O43 - CFD: 30/10/2016 - D – C:\Users\Doneff Family\AppData\Local\Google =>.Google
          O43 - CFD: 18/05/2017 - [0] SHD – C:\Users\Doneff Family\AppData\Local\History =>.Microsoft Corporation
          O43 - CFD: 10/05/2016 - D – C:\Users\Doneff Family\AppData\Local\Lenovo =>.Lenovo
          O43 - CFD: 18/05/2017 - D – C:\Users\Doneff Family\AppData\Local\Microsoft =>.Microsoft Corporation
          O43 - CFD: 09/05/2016 - D – C:\Users\Doneff Family\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
          O43 - CFD: 09/05/2016 - [0] D – C:\Users\Doneff Family\AppData\Local\NetworkTiles =>.NetworkTiles
          O43 - CFD: 18/05/2017 - D – C:\Users\Doneff Family\AppData\Local\Packages =>.Microsoft Corporation
          O43 - CFD: 09/05/2016 - D – C:\Users\Doneff Family\AppData\Local\Power2Go =>.Power2Go
          O43 - CFD: 05/06/2017 - D – C:\Users\Doneff Family\AppData\Local\PrivaZer =>.Goversoft LLC
          O43 - CFD: 16/05/2016 - D – C:\Users\Doneff Family\AppData\Local\Programs =>.Microsoft Corporation
          O43 - CFD: 09/05/2016 - D – C:\Users\Doneff Family\AppData\Local\Publishers =>.Microsoft Corporation
          O43 - CFD: 20/06/2016 - D – C:\Users\Doneff Family\AppData\Local\SHAREit =>.Lenovo Group Limited
          O43 - CFD: 06/07/2016 - D – C:\Users\Doneff Family\AppData\Local\speech =>.Microsoft Corporation
          O43 - CFD: 19/12/2016 - D – C:\Users\Doneff Family\AppData\Local\Steam =>.Steam Games
          O43 - CFD: 05/06/2017 - D – C:\Users\Doneff Family\AppData\Local\Temp =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - [0] SHD – C:\Users\Doneff Family\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
          O43 - CFD: 23/05/2016 - D – C:\Users\Doneff Family\AppData\Local\TERA =>.Gameforge Productions GmbH
          O43 - CFD: 11/08/2016 - D – C:\Users\Doneff Family\AppData\Local\TianTianData
          O43 - CFD: 09/05/2016 - D – C:\Users\Doneff Family\AppData\Local\TileDataLayer =>.Microsoft Corporation
          O43 - CFD: 11/05/2017 - D – C:\Users\Doneff Family\AppData\Local\UNP =>.Microsoft Corporation
          O43 - CFD: 23/05/2017 - D – C:\Users\Doneff Family\AppData\Local\VirtualStore =>.Microsoft Corporation
          O43 - CFD: 25/05/2017 - D – C:\Users\Doneff Family\AppData\Local\Zemana =>.Zemana
          O43 - CFD: 05/06/2017 - D – C:\Users\Doneff Family\AppData\Local\ZHP =>.Nicolas Coolman
          O43 - CFD: 16/05/2016 - [0] D – C:\Users\Doneff Family\AppData\Local\Programs\Common =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - RD – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - RD – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - RD – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
          O43 - CFD: 21/05/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
          O43 - CFD: 18/03/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
          O43 - CFD: 26/05/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer =>.Goversoft LLC
          O43 - CFD: 18/05/2017 - RD – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
          O43 - CFD: 23/05/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam =>.Steam Games
          O43 - CFD: 18/03/2017 - RD – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - RD – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
          O43 - CFD: 18/03/2017 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
          O43 - CFD: 26/05/2017 - – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\CrashDumps =>.Microsoft Corporation
          O43 - CFD: 18/05/2017 - [0] – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\DBG =>.DBG
          O43 - CFD: 19/05/2017 - D – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation
          O43 - CFD: 25/05/2017 - – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Zemana =>.Zemana

          —\ ShellIconOverlayIdentifiers (SIOI) (8) - 1s
          O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816. 0313\FileSyncShell.dll =>.Microsoft Windows®
          O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816. 0313\FileSyncShell.dll =>.Microsoft Windows®
          O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816. 0313\FileSyncShell.dll =>.Microsoft Windows®
          O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816. 0313\FileSyncShell.dll =>.Microsoft Windows®
          O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816. 0313\FileSyncShell.dll =>.Microsoft Windows®
          O106 - SIOI: ReadOnlyOverlayHandler Class [ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816. 0313\FileSyncShell.dll =>.Microsoft Windows®
          O106 - SIOI: avast [00asw] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) – C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®
          O106 - SIOI: avast [00avast] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) – C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®

          —\ Image File Execution Options (18) - 0s
          O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
          O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\3] =>.Microsoft Windows®
          O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
          O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\256] =>.Microsoft Corporation
          O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\256] =>.Microsoft Corporation
          O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
          O50 - IFEO:C:\WINDOWS\System32\MRT.exe - (.Microsoft Corporation - Microsoft Windows Malicious Software Remova.) [CFGOptions\1] =>.Microsoft Corporation
          O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\256] =>.Microsoft Corporation
          O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\256] =>.Microsoft Corporation
          O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\1118481] =>.Microsoft Corporation
          O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\2097152] =>.Microsoft Corporation
          O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
          O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\4294967296] =>.Microsoft Corporation
          O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
          O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
          O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\2097152] =>.Microsoft Corporation
          O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\32768] =>.Microsoft Windows Publisher®
          O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation

          —\ System Drivers List (83) - 9s
          O58 - SDL:2017/03/18 16:56:25 A . (.LSI - LSI 3ware SCSI Storport Driver.) – C:\WINDOWS\System32\drivers\3ware.sys [107424] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) – C:\WINDOWS\System32\drivers\adp80xx.sys [1135512] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) – C:\WINDOWS\System32\drivers\amdsata.sys [83352] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\WINDOWS\System32\drivers\amdsbs.sys [259488] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\WINDOWS\System32\drivers\amdxata.sys [27040] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\WINDOWS\System32\drivers\arcsas.sys [132000] =>.Microsoft Windows®
          O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) – C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [311808] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) – C:\WINDOWS\System32\drivers\aswbidsha.sys [190256] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software s.r.o. - Logging Driver.) – C:\WINDOWS\System32\drivers\aswbloga.sys [334576] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software s.r.o. - Universal Driver.) – C:\WINDOWS\System32\drivers\aswbuniva.sys [49016] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast HWID.) – C:\WINDOWS\System32\drivers\aswHwid.sys [38296] =>.AVAST Software s.r.o.® (.AVAST Software)
          O58 - SDL:2017/05/09 17:08:56 A . (.AVAST Software - Avast Keyboard Filter Driver.) – C:\WINDOWS\System32\drivers\aswKbd.sys [32600] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast File System Minifilter for Windows 20.) – C:\WINDOWS\System32\drivers\aswMonFlt.sys [128648] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software - Avast Firewall Driver.) – C:\WINDOWS\System32\drivers\aswNetSec.sys [507928] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast WFP Redirect Driver.) – C:\WINDOWS\System32\drivers\aswRdr2.sys [101152] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast Revert.) – C:\WINDOWS\System32\drivers\aswRvrt.sys [75704] =>.AVAST Software s.r.o.® (.AVAST Software)
          O58 - SDL:2017/05/09 17:08:56 A . (.AVAST Software - Avast Virtualization Driver.) – C:\WINDOWS\System32\drivers\aswSnx.sys [1007160] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast self protection module.) – C:\WINDOWS\System32\drivers\aswSP.sys [569192] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/12 17:09:39 A . (.AVAST Software - Stream Filter.) – C:\WINDOWS\System32\drivers\aswstm.sys [158880] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast VM Monitor.) – C:\WINDOWS\System32\drivers\aswVmm.sys [339696] =>.AVAST Software s.r.o.® (.AVAST Software)
          O58 - SDL:2017/03/18 16:56:25 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) – C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R) Win 7 DDK provider
          O58 - SDL:2017/03/18 16:56:23 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) – C:\WINDOWS\System32\drivers\bxvbda.sys [533920] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) – C:\WINDOWS\System32\drivers\cht4dx64.sys [102816] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) – C:\WINDOWS\System32\drivers\cht4sx64.sys [347032] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) – C:\WINDOWS\System32\drivers\cht4vx64.sys [2104224] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:23 A . (.QLogic Corporation - QLogic 10 GigE VBD.) – C:\WINDOWS\System32\drivers\evbda.sys [3419040] =>.Microsoft Windows®
          O58 - SDL:2017/06/05 18:40:18 A . (.Malwarebytes - Malwarebytes Anti-Ransomware Protection.) – C:\WINDOWS\System32\drivers\farflt.sys [113592] =>.Malwarebytes Corporation®
          O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - HDD Accelerator Driver.) – C:\WINDOWS\System32\drivers\Fastboot.sys [67608] =>.Windows (R) Win 7 DDK provider
          O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - fsmon driver.) – C:\WINDOWS\System32\drivers\FBFsmon.sys [39448] =>.Windows (R) Win 7 DDK provider
          O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - Network throttling driver.) – C:\WINDOWS\System32\drivers\FBNetFlt.sys [32792] =>.Windows (R) Win 7 DDK provider
          O58 - SDL:2015/07/15 06:54:02 A . (.GenesysLogic - GeneStor.) – C:\WINDOWS\System32\drivers\GeneStor.sys [115704] =>.GENESYS LOGIC, INC.®
          O58 - SDL:2017/03/18 16:56:25 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\WINDOWS\System32\drivers\HpSAMD.sys [64416] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iagpio.sys [33280] =>.Intel(R) Corporation
          O58 - SDL:2017/03/18 16:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) – C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R) Corporation
          O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656] =>.Intel Corporation
          O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.s ys [85504] =>.Intel Corporation
          O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376] =>.Intel Corporation
          O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448] =>.Intel Corporation
          O58 - SDL:2017/03/18 16:56:23 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
          O58 - SDL:2017/03/18 16:56:19 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
          O58 - SDL:2015/06/23 18:58:58 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver -.) – C:\WINDOWS\System32\drivers\iaStorA.sys [1455552] =>.Intel Corporation - Rapid Storage Technology®
          O58 - SDL:2017/03/18 16:56:26 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) – C:\WINDOWS\System32\drivers\iaStorAV.sys [673184] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) – C:\WINDOWS\System32\drivers\iaStorV.sys [412064] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - InfiniBand Fabric Bus Driver.) – C:\WINDOWS\System32\drivers\ibbus.sys [526240] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas.sys [108960] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas2i.sys [123808] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas3i.sys [103328] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sss.sys [82848] =>.Microsoft Windows®
          O58 - SDL:2017/06/05 18:39:57 A . (.Authors - .) – C:\WINDOWS\System32\drivers\mbae64.sys [77376] =>.Malwarebytes Corporation®
          O58 - SDL:2017/06/05 18:40:17 A . (.Malwarebytes - Malwarebytes Real-Time Protection.) – C:\WINDOWS\System32\drivers\mbam.sys [44960] =>.Malwarebytes Corporation®
          O58 - SDL:2017/06/05 18:40:19 A . (.Malwarebytes - Malwarebytes Chameleon.) – C:\WINDOWS\System32\drivers\MBAMChameleon.sys [188312] =>.Malwarebytes Corporation®
          O58 - SDL:2017/06/05 18:40:16 A . (.Malwarebytes - Malwarebytes SwissArmy.) – C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832] =>.Malwarebytes Corporation®
          O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\megasas.sys [59808] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\MegaSas2i.sys [64416] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\WINDOWS\System32\drivers\megasr.sys [575904] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - MLX4 Bus Driver.) – C:\WINDOWS\System32\drivers\mlx4_bus.sys [842656] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) – C:\WINDOWS\System32\drivers\mvumis.sys [63904] =>.Microsoft Windows®
          O58 - SDL:2017/06/05 18:40:23 A . (.Malwarebytes - Malwarebytes Web Protection.) – C:\WINDOWS\System32\drivers\mwac.sys [93600] =>.Malwarebytes Corporation®
          O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - NetworkDirect Support Filter Driver.) – C:\WINDOWS\System32\drivers\ndfltr.sys [108960] =>.Microsoft Windows®
          O58 - SDL:2017/01/17 06:55:40 A . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) – C:\WINDOWS\System32\drivers\nvhda64v.sys [221640] =>.NVIDIA Corporation®
          O58 - SDL:2017/03/18 16:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\WINDOWS\System32\drivers\nvraid.sys [150432] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\WINDOWS\System32\drivers\nvstor.sys [166304] =>.Microsoft Windows®
          O58 - SDL:2016/02/24 04:43:34 A . (.NVIDIA Corporation - Stereoscopic 3D USB controller driver.) – C:\WINDOWS\System32\drivers\nvstusb.sys [452240] =>.NVIDIA Corporation®
          O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas2i.sys [58784] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas3i.sys [61848] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:26 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.40 64-bit Dri.) – C:\WINDOWS\System32\drivers\rt640x64.sys [604160] =>.Realtek
          O58 - SDL:2015/06/15 18:37:26 A . (.Realtek Semiconductor Corporation - Realtek Bluetooth Filter Driver.) – C:\WINDOWS\System32\drivers\RtkBtfilter.sys [598784] =>.Realtek Semiconductor Corp®
          O58 - SDL:2015/09/30 13:58:16 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) – C:\WINDOWS\System32\drivers\RTKVHD64.sys [4608280] =>.Realtek Semiconductor Corp®
          O58 - SDL:2017/03/18 16:56:20 A . (.Realtek Semiconductor Corporation - Realtek PCIE NDIS Driver 47528 20362.) – C:\WINDOWS\System32\drivers\rtwlane.sys [6320640] =>.Realtek Semiconductor Corporation
          O58 - SDL:2017/03/18 16:56:26 A . (.Authors - .) – C:\WINDOWS\System32\drivers\SDFRd.sys [31128] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid2.sys [44960] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid4.sys [81824] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) – C:\WINDOWS\System32\drivers\stexstor.sys [31136] =>.Microsoft Windows®
          O58 - SDL:2015/09/04 13:29:06 A . (.Intel Corporation - Intel(R) Management Engine Interface.) – C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [195336] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
          O58 - SDL:2017/05/24 18:17:04 A . (.Authors - .) – C:\WINDOWS\System32\drivers\TrueSight.sys [28272] =>.Adlice®
          O58 - SDL:2017/03/18 16:56:25 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\WINDOWS\System32\drivers\vsmraid.sys [166816] =>.Microsoft Windows®
          O58 - SDL:2016/08/18 18:17:00 A . (.VoodooSoft, LLC - VSScanner Filter driver.) – C:\WINDOWS\System32\drivers\vsscanner.sys [29808] =>.Microsoft Windows Hardware Compatibility Publisher®
          O58 - SDL:2017/03/18 16:56:25 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) – C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305568] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - Kernel WinMad.) – C:\WINDOWS\System32\drivers\winmad.sys [32160] =>.Microsoft Windows®
          O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - Kernel WinVerbs.) – C:\WINDOWS\System32\drivers\winverbs.sys [64920] =>.Microsoft Windows®
          O58 - SDL:2012/06/13 20:10:32 A . (."CyberLink - Cyberlink Virtual Disk Driver.) – C:\WINDOWS\System32\drivers\wsvd.sys [102376] =>.CyberLink®
          O58 - SDL:2017/05/25 00:53:11 A . (.Zemana Ltd. - ZAM.) – C:\WINDOWS\System32\drivers\zam64.sys [203680] =>.Zemana Ltd.®
          O58 - SDL:2017/05/25 00:53:11 A . (.Zemana Ltd. - ZAM.) – C:\WINDOWS\System32\drivers\zamguard64.sys [203680] =>.Zemana Ltd.®

          —\ File Associations Shell Spawning (10) - 0s
          O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
          O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
          O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
          O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
          O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
          O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
          O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
          O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
          O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S

          —\ Start Menu Internet (12) - 0s
          O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
          O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\Launcher.exe =>.AVAST Software s.r.o.®
          O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
          O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
          O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
          O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
          O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
          O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
          O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
          O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
          O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software

          —\ Search Browser Infection (5) - 0s
          O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ =>.Bing.com
          O69 - SBI: SearchScopes [HKCU] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
          O69 - SBI: SearchScopes [HKCU] {D79BB3A3-DB24-49D3-A463-680951CD61C4} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
          O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
          O69 - SBI: SearchScopes [HKLM] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.

          —\ Search Svchost Services (46) - 1s
          O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
          O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
          O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\WINDOWS\system32\srvsvc.dll [303616] =>.Microsoft Corporation
          O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\WINDOWS\System32\gpsvc.dll [1269248] =>.Microsoft Corporation
          O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\WINDOWS\System32\ikeext.dll [934912] =>.Microsoft Corporation
          O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\WINDOWS\System32\iphlpsvc.dll [996864] =>.Microsoft Corporation
          O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\WINDOWS\system32\seclogon.dll [31232] =>.Microsoft Corporation
          O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\WINDOWS\System32\appinfo.dll [138752] =>.Microsoft Corporation
          O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\WINDOWS\system32\iscsiexe.dll [150016] =>.Microsoft Corporation
          O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\WINDOWS\System32\eapsvc.dll [108032] =>.Microsoft Corporation
          O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\WINDOWS\system32\schedsvc.dll [877568] =>.Microsoft Corporation
          O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\WINDOWS\system32\wbem\WMIsvc.dll [221696] =>.Microsoft Corporation
          O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\WINDOWS\System32\browser.dll [133120] =>.Microsoft Corporation
          O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\WINDOWS\system32\profsvc.dll [413696] =>.Microsoft Corporation
          O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [385536] =>.Microsoft Corporation
          O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\WINDOWS\System32\wercplsupport.dll [91648] =>.Microsoft Corporation
          O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) – C:\WINDOWS\system32\Windows.SharedPC.AccountManage r.dll [199168] =>.Microsoft Corporation
          O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) – C:\WINDOWS\System32\XblGameSave.dll [1135104] =>.Microsoft Corporation
          O83 - Search Svchost Services: NaturalAuthentication (NaturalAuthentication) . (.Microsoft Corporation - Natural Authentication Service.) – C:\WINDOWS\System32\NaturalAuth.dll [723968] =>.Microsoft Corporation
          O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) – C:\WINDOWS\system32\wlidsvc.dll [2155008] =>.Microsoft Corporation
          O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) – C:\WINDOWS\System32\usermgr.dll [877568] =>.Microsoft Corporation
          O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) – C:\WINDOWS\System32\XblAuthManager.dll [1013248] =>.Microsoft Corporation
          O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) – C:\Windows\System32\Windows.Internal.Management.dl l [536064] =>.Microsoft Corporation
          O83 - Search Svchost Services: xbgm (xbgm) . (.Microsoft Corporation - Xbox Game Monitoring Service.) – C:\WINDOWS\System32\xbgmsvc.dll [301216] =>.Microsoft Windows Publisher®
          O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\WINDOWS\system32\themeservice.dll [69632] =>.Microsoft Corporation
          O83 - Search Svchost Services: TokenBroker (TokenBroker) . (.Microsoft Corporation - Token Broker.) – C:\Windows\System32\TokenBroker.dll [1054208] =>.Microsoft Corporation
          O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) – C:\WINDOWS\System32\lfsvc.dll [43520] =>.Microsoft Corporation
          O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) – C:\WINDOWS\System32\irmon.dll [24576] =>.Microsoft Corporation
          O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\WINDOWS\System32\rasauto.dll [104448] =>.Microsoft Corporation
          O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\WINDOWS\System32\rasmans.dll [871936] =>.Microsoft Corporation
          O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [490496] =>.Microsoft Corporation
          O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\WINDOWS\System32\sens.dll [69632] =>.Microsoft Corporation
          O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\WINDOWS\System32\ipnathlp.dll [537600] =>.Microsoft Corporation
          O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [306688] =>.Microsoft Corporation
          O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\WINDOWS\system32\wuaueng.dll [2443776] =>.Microsoft Corporation
          O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\WINDOWS\System32\qmgr.dll [1159680] =>.Microsoft Corporation
          O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [612864] =>.Microsoft Corporation
          O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) – C:\WINDOWS\system32\flightsettings.dll [699904] =>.Microsoft Corporation
          O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) – C:\WINDOWS\system32\WpnService.dll [276480] =>.Microsoft Corporation
          O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\WINDOWS\System32\bdesvc.dll [385536] =>.Microsoft Corporation
          O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) – C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008] =>.Microsoft Corporation
          O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) – C:\WINDOWS\system32\usocore.dll [681984] =>.Microsoft Corporation
          O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) – C:\WINDOWS\System32\NetSetupSvc.dll [261632] =>.Microsoft Corporation
          O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) – C:\WINDOWS\System32\DeviceSetupManager.dll [233984] =>.Microsoft Corporation
          O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) – C:\WINDOWS\System32\ncasvc.dll [167424] =>.Microsoft Corporation
          O83 - Search Svchost Services: XboxGipSvc (XboxGipSvc) . (.Microsoft Corporation - Xbox Gip Management Service.) – C:\WINDOWS\System32\XboxGipSvc.dll [18944] =>.Microsoft Corporation

          —\ Firewall Active Exception List (2) - 1s
          O87 - FAEL: “{CBA50C44-7642-4E11-A8A5-009022E5EFB1}” [In-None-P6-TRUE] .(…) – C:\AeriaGames\TwinSaga\game.bin (.not file.)
          O87 - FAEL: “{796D6EBD-9B17-4BAC-AD36-F091845E643B}” [In-None-P17-TRUE] .(…) – C:\AeriaGames\TwinSaga\game.bin (.not file.)

          —\ List of CD/DVD Emulators (MBR Hook) (2) - 0s
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fiesta OnlineDownloader_US_RASAPI32 =>PUP.Optional.SoftwareEngine
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fiesta OnlineDownloader_US_RASMANCS =>PUP.Optional.SoftwareEngine

          —\ Additional Scan (O88) (10) - 1s
          C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe =>.Superfluous.AkamaiHD
          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} =>.Superfluous.Orphan
          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} =>.Superfluous.Orphan
          HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} =>.Superfluous.Orphan
          C:\Users\Doneff Family\AppData\Local\Akamai =>.Superfluous.AkamaiHD
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fiesta OnlineDownloader_US_RASAPI32 =>PUP.Optional.SoftwareEngine
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fiesta OnlineDownloader_US_RASMANCS =>PUP.Optional.SoftwareEngine
          C:\WINDOWS\Installer\MSIA5B3.tmp =>.Superfluous.Elex
          C:\WINDOWS\Installer\MSIB03.tmp =>.Superfluous.Elex
          C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic

          —\ Summary of the elements found (4) - 0s
          Logiciels Potentiellement Superflus (LPS). - ZAM =>.Superfluous.AkamaiHD
          https://www.nicolascoolman.com/fr/hijacker-trovigo/ =>PUP.Optional.SoftwareEngine
          Elex, Logiciels Potentiellement Superflus. - ZAM =>.Superfluous.Elex
          Le repaquetage ou l'empaquetage logiciel peut représenter un risque de sécurité - ZAM =>PUP.Optional.Generic

          ~ Unselected Options:
          ~ End of the scan, 25498 items in 02mn22s (940)(0)

            Comment

            • Malnutrition
              PCHF Moderator
              • Jul 2016
              • 7041
              #4
              We need you to run ESET Online Scanner to check and report on your PC.

              As Eset may take an extended time to run it is important to ensure your PC does not enter Sleep Mode. See HERE if you are not sure how to disable sleep mode.

              Click HERE to download ESET Online Scanner and save it to your desktop.
              Disable all Antivirus/Antimalware software. If you are unsure how to do this please ask?
              Right click on the downloaded Esetonlinescanner_enu.exe desktop icon and select “Run as Administrator” from the drop down menu.
              If you receive any security warnings you can safely allow Eset to run.
              On the opening screen click on Accept to agree with the Terms of Use.
              As per picture below

              [ol]
              [li]Click “Enable detection of potentially unsafe applications”[/li][li]Click the Advanced settings link.[/li][li]Ensure all options shown ticked here are selected.[/li][li]Click “Scan”.[/li][/ol]
              [MEDIA=imgur]vqE2ZEA[/MEDIA]

              Eset will download a virus signature database and commence the scan. Depending on the amount of data on your PC this may take some time, please be patient.
              At the completion of the scan Eset will display a results dialogue:

              [MEDIA=imgur]fm7QxeE[/MEDIA]

              [ol]
              [li]Click “Save to text file” Another box will open and ask you to name it and also where to save it. Suggest call it Eset.txt and save it to the Desktop.[/li][li]Then choose “Select all”.[/li][li]Finally “Clean all”.[/li][/ol]
              Another dialogue box will open where you can select Finish to complete the scan and clean.

              Please Copy and paste the contents of the new Eset.txt file in your next replyhttps://pchelpforum.net/styles/defau...foro/clear.png

              AdsFix Scan and clean.
              [ul]
              [li]Disable Windows Defender, Firewall & Antivirus prior to running this tool!![/li][li]Save AdsFix to your desktop.[/li][li]Right Click & Run As Administrator.[/li][li]With an infected machine, it could take several seconds to be charged.[/li][li]You will then be prompted to install Certificates.[/li][li]Install then click OK.[/li][li]Right Click & Run As Administrator Again.[/li][/ul]
              Forums - PC Help Forum
              https://pchelpforum.net/attachments/2017-04-06_08h45_40-png.1937/
              PCHF Forums


              [ul]
              [li]Click Options then select Unlock the deletion.[/li][li]Then click on clean.[/li][li]Enter your country[/li][li]Don’t use the machine while scanning and be patient[/li][li]Once the scan has completed, please copy and paste the report in your next reply.[/li][li]The report will be C:\AdsFix_date_hour.txt or on your desktop with the same name.[/li][/ul]

                Comment

                • system
                  PCHF Owner
                  • Jan 2015
                  • 7635
                  #5
                  I’m not sure I’m doing this right. Can you give instruction on disabling everything I need to disable before running these scans? I have a Windows 10 Home edition.

                    Comment

                    • Malnutrition
                      PCHF Moderator
                      • Jul 2016
                      • 7041
                      #6
                      Make sure and disable AVAST by right clicking the icon in your icon tray, select disable shields until reboot.

                      As far as Defender… Since you have Avast, make sure it is disabled permanent.

                      How to disable windows defender in windows 10.
                      Here are basic instructions on how to disable defender.

                        Comment

                        • system
                          PCHF Owner
                          • Jan 2015
                          • 7635
                          #7
                          Thanks, will hopefully have those files for you soon.

                            Comment

                            • system
                              PCHF Owner
                              • Jan 2015
                              • 7635
                              #8
                              ESet scan didn’t create a text file.
                              AdsFix has done something to my system and I can’t open my start menu anymore. An error message came up and I can’t post it because I can’t open any program to paste it into so I can post the print screen I captured. Can I remove these programs and restore my system a few days? Please don’t ask me to retry AdsFix, I don’t know what it has done to my system but it certainly isn’t helping anything.

                                Comment

                                • Malnutrition
                                  PCHF Moderator
                                  • Jul 2016
                                  • 7041
                                  #9
                                  Originally posted by GamerGirl74
                                  Please don’t ask me to retry AdsFix, I don’t know what it has done to my system but it certainly isn’t helping anything.
                                  Apologize for that, I would restore the system to a few days ago, then please post a new ZHP Diag Log. Also, I will let the developer know about the issue.

                                    Comment

                                    • Malnutrition
                                      PCHF Moderator
                                      • Jul 2016
                                      • 7041
                                      #10
                                      If you have an issue restoring the machine then see here.

                                      I will just do a manual fix if it is needed from this point…

                                        Comment

                                        • system
                                          PCHF Owner
                                          • Jan 2015
                                          • 7635
                                          #11
                                          System restore didn’t work. I still don’t have access to my left click start menu. This is the message it gave me after I restored it twice:
                                          [ATTACH]2329[/ATTACH]

                                            Comment

                                            • system
                                              PCHF Owner
                                              • Jan 2015
                                              • 7635
                                              #12
                                              ZHPDiag3 program isn’t working on my system now. I think maybe disabling my firewall and antivirus opened me up to some bigger nasties than I had before I started. Please advise on what to do. Program won’t work for left clicking OR right clicking and run as admin.

                                              Resetting resolved issues, no response to this post is needed. Please see the following posts for relevant information. Thanks.

                                                Comment

                                                • system
                                                  PCHF Owner
                                                  • Jan 2015
                                                  • 7635
                                                  #13
                                                  Reset my system, here is a list of items removed when the reset took place. Other than my games and antivirus, which ones should I reinstall?
                                                  Apps removed while resetting your PC
                                                  App name Publisher Version
                                                  Adobe Acrobat DC Adobe Systems Incorporated 17.009.20044
                                                  Adobe Acrobat Reader DC Adobe Systems Incorporated 17.009.20044
                                                  Adobe Flash Player 25 PPAPI Adobe Systems Incorporated 25.0.0.171
                                                  Aion NC Interactive, LLC 4.0.0.3
                                                  Akamai NetSession Interface Akamai Technologies, Inc
                                                  Avast Internet Security AVAST Software 17.4.2294
                                                  CCleaner Piriform 5.30
                                                  Echo of Soul
                                                  e-Sword Rick Meyers 10.04.0000
                                                  Fiesta Online NA version 1.0 gamigo AG 1.0
                                                  Google Chrome Google Inc. 58.0.3029.110
                                                  Java 8 Update 131 Oracle Corporation 8.0.1310.11
                                                  Malwarebytes version 3.1.2.1733 Malwarebytes 3.1.2.1733
                                                  Microsoft Office 365 - en-us Microsoft Corporation 16.0.8067.2115
                                                  Microsoft OneDrive Microsoft Corporation 17.3.6816.0313
                                                  Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 9.0.30729.6161
                                                  Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 10.0.40219
                                                  Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 10.0.40219
                                                  NCSOFT Game Launcher NCSOFT
                                                  NVIDIA 3D Vision Driver 376.54 NVIDIA Corporation 376.54
                                                  NVIDIA Graphics Driver 376.54 NVIDIA Corporation 376.54
                                                  NVIDIA HD Audio Driver 1.3.34.17 NVIDIA Corporation 1.3.34.17
                                                  PrivaZer Goversoft LLC 3.0.22.0
                                                  SoftMaker FreeOffice 2016 SoftMaker Software GmbH 1.0.3815
                                                  Steam Valve Corporation 2.10.91.91
                                                  Team Fortress 2 Valve
                                                  VoodooShield version 3.59 VoodooSoft, LLC 3.59
                                                  Wheel Of Fortune
                                                  Windows 10 Update and Privacy Settings Microsoft Corporation 1.0.13.0
                                                  Zemana AntiMalware Zemana Ltd. 2.72.0.388
                                                  Thursday, June 8, 2017 4:13 PM

                                                    Comment

                                                    • system
                                                      PCHF Owner
                                                      • Jan 2015
                                                      • 7635
                                                      #14
                                                      ~ ZHPDiag v2017.6.8.94 By Nicolas Coolman (2017/06/08)
                                                      ~ Run by Doneff Family (Administrator) (2017/06/08 21:51:30)
                                                      ~ Web: https://www.nicolascoolman.com
                                                      ~ Blog: https://nicolascoolman.eu/
                                                      ~ Facebook: ZHP
                                                      ~ State version: Version KO
                                                      ~ Mode: Scan
                                                      ~ Report: C:\Users\Doneff Family\Desktop\ZHPDiag.txt
                                                      ~ Report: C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag.txt
                                                      ~ UAC: Activate
                                                      ~ System startup: Normal (Normal boot)
                                                      Windows 10 Home, 64-bit (Build 15063) =>.Microsoft Corporation

                                                      —\ Internet Browsers (3) - 0s
                                                      ~ GCIE: Google Chrome v59.0.3071.86
                                                      ~ MSIE: Microsoft Edge v40
                                                      ~ MSIE: Internet Explorer v11.0.15063.0

                                                      —\ Windows Product Information (3) - 3s
                                                      ~ Windows Server License Manager Script : OK
                                                      System - VBScript Engine not found
                                                      Windows Automatic Updates : OK

                                                      —\ System protection software (2) - 2s
                                                      Avast Internet Security v17.4.2294 (Protection)
                                                      Windows Defender (Deactivate)

                                                      —\ Surveillance software (2) - 3s
                                                      ~ Adobe Flash Player 25 PPAPI (Surveillance)
                                                      ~ Adobe Reader X (Surveillance)

                                                      —\ Information on the system (6) - 0s
                                                      ~ Operating System: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
                                                      ~ Operating System: 64-bit
                                                      ~ Boot mode: Normal (Normal boot)
                                                      Total RAM: 12529.86 MB (84% free) : OK =>.RAM Value
                                                      System Restore: Activé (Enable)
                                                      System drive C: has 807 GB (87%) free of 921 GB : OK =>.Disk Space

                                                      —\ Connection to the system mode (3) - 0s
                                                      ~ Computer Name: DESKTOP-DOB72OG
                                                      ~ User Name: Doneff Family
                                                      ~ Logged in as Administrator

                                                      —\ Enumeration of the disk units (2) - 0s
                                                      ~ Drive C: has 807 GB free of 921 GB (System)
                                                      ~ Drive F: has 6 GB free of 57 GB

                                                      —\ State of the Windows Security Center (7) - 0s
                                                      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: Modified
                                                      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
                                                      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
                                                      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
                                                      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
                                                      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
                                                      [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

                                                      —\ Search Generic System Files (24) - 5s
                                                      [MD5.4E09D16BD3D98831C42CFD59E88E5807] - 08/06/2017 - (.Microsoft Corporation - Windows Explorer.) – C:\WINDOWS\Explorer.exe [4847928] =>.Microsoft Windows®
                                                      [MD5.ECB702B8C5650381C0784F1EEABB97BC] - 18/03/2017 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\WINDOWS\System32\rundll32.exe [68608] =>.Microsoft Corporation
                                                      [MD5.9A4BA96E87A1FD69381249557BDE2BF0] - 18/03/2017 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\WINDOWS\System32\Wininit.exe [318232] =>.Microsoft Windows Publisher®
                                                      [MD5.032BB369103DAC02606FB919F6658F3C] - 08/06/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\WINDOWS\System32\wininet.dll [3307008] =>.Microsoft Corporation
                                                      [MD5.47FF22F309A19C495E6BDD90DFA92A95] - 08/06/2017 - (.Microsoft Corporation - Windows Logon Application.) – C:\WINDOWS\System32\Winlogon.exe [707584] =>.Microsoft Corporation
                                                      [MD5.50CDF68A8EA8A2A9165CD573FA6C42D8] - 18/03/2017 - (.Microsoft Corporation - Software Licensing Library.) – C:\WINDOWS\System32\sppcomapi.dll [414208] =>.Microsoft Corporation
                                                      [MD5.0F9FA6A2D4EAE50393DCE473759A9845] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\System32\dnsapi.dll [661224] =>.Microsoft Windows®
                                                      [MD5.3F969D5ADEAB3284ABD500B37D74A8F8] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\Syswow64\dnsapi.dll [508344] =>.Microsoft Windows®
                                                      [MD5.AC1928C2F7505BD556C552F153B062AB] - 18/03/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\WINDOWS\System32\drivers\AFD.sys [610712] =>.Microsoft Windows®
                                                      [MD5.01733BEEE02E51F712330D5909BD701C] - 18/03/2017 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\WINDOWS\System32\drivers\atapi.sys [29088] =>.Microsoft Windows®
                                                      [MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - 18/03/2017 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\WINDOWS\System32\drivers\Cdfs.sys [93184] =>.Microsoft Corporation
                                                      [MD5.ABE77AD954BC3D72F559CF0C381E50BC] - 18/03/2017 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\WINDOWS\System32\drivers\Cdrom.sys [160256] =>.Microsoft Corporation
                                                      [MD5.185A4519B7764F4DEF714D890A7A9FD2] - 18/03/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\WINDOWS\System32\drivers\DfsC.sys [150528] =>.Microsoft Corporation
                                                      [MD5.DD1A6F4998E7E21564FA9BAFE21C87ED] - 18/03/2017 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\WINDOWS\System32\drivers\HDAudBus.sys [86528] =>.Microsoft Corporation
                                                      [MD5.C6C8315E3262FAE460529C6DA2951682] - 18/03/2017 - (.Microsoft Corporation - i8042 Port Driver.) – C:\WINDOWS\System32\drivers\i8042prt.sys [115200] =>.Microsoft Corporation
                                                      [MD5.DCC05E5EAA580C97F13B434FAFACED85] - 18/03/2017 - (.Microsoft Corporation - IP Network Address Translator.) – C:\WINDOWS\System32\drivers\IpNat.sys [214528] =>.Microsoft Corporation
                                                      [MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - 18/03/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\WINDOWS\System32\drivers\MRxSmb.sys [467352] =>.Microsoft Windows®
                                                      [MD5.30C2F67EC84EB11B22011620107E0325] - 18/03/2017 - (.Microsoft Corporation - MBT Transport driver.) – C:\WINDOWS\System32\drivers\netBT.sys [305152] =>.Microsoft Corporation
                                                      [MD5.731FD52461C8107E5B19B9AEDBB82BFB] - 18/03/2017 - (.Microsoft Corporation - NT File System Driver.) – C:\WINDOWS\System32\drivers\ntfs.sys [2328480] =>.Microsoft Windows®
                                                      [MD5.2CC6C325B271C7CA60F374F8F868CB45] - 18/03/2017 - (.Microsoft Corporation - Parallel Port Driver.) – C:\WINDOWS\System32\drivers\Parport.sys [97792] =>.Microsoft Corporation
                                                      [MD5.5279EC98F6218D29EADDFECCC0D80E9A] - 18/03/2017 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\WINDOWS\System32\drivers\Rasl2tp.sys [107008] =>.Microsoft Corporation
                                                      [MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - 18/03/2017 - (.Microsoft Corporation - Microsoft RDP Device redirector.) – C:\WINDOWS\System32\drivers\rdpdr.sys [183296] =>.Microsoft Corporation
                                                      [MD5.2540384EF2EEE5BE930E3FB1061395DC] - 18/03/2017 - (.Microsoft Corporation - TDI Translation Driver.) – C:\WINDOWS\System32\drivers\tdx.sys [120224] =>.Microsoft Windows®
                                                      [MD5.E3429DBBEA3965BB96E24B16EF4A2551] - 18/03/2017 - (.Microsoft Corporation - Volume Shadow Copy driver.) – C:\WINDOWS\System32\drivers\volsnap.sys [397216] =>.Microsoft Windows®

                                                      —\ Non Microsoft non disabled Windows Services (16) - 5s
                                                      O23 - Service: McAfee Application Installer Cleanup (0234331496953170) (0234331496953170mcinstcleanup) . (…) - C:\WINDOWS\TEMP\023433~1.EXE (.not file.)
                                                      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
                                                      O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - Avast Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
                                                      O23 - Service: Avast Firewall Service (avast! Firewall) . (.AVAST Software - Avast firewall service.) - C:\Program Files\AVAST Software\Avast\afwServ.exe =>.AVAST Software s.r.o.®
                                                      O23 - Service: FastbootService (FastbootService) . (.Lenovo - RapidBoot HDD Accelerator Service.) - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe =>.Lenovo
                                                      O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
                                                      O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Rapid Storage Technology®
                                                      O23 - Service: System Interface Foundation Service (ImControllerService) . (.Copyright © 2015 - Lenovo.Modern.ImController.) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe =>.LENOVO®
                                                      O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) . (…) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe =>.Intel Corporation
                                                      O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
                                                      O23 - Service: JME Keyboard Driver (JME Keyboard) . (…) - C:\Windows\jmesoft\Service.exe =>.JMESoft
                                                      O23 - Service: LenovoPortalService (LenovoPortalService) . (.Copyright © 2012 - LenovoPortalService.) - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe =>.LENOVO®
                                                      O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Intel(R) Local Management Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
                                                      O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 353.6.) - C:\Windows\system32\nvvsvc.exe =>.NVIDIA Corporation
                                                      O23 - Service: Unchecky (Unchecky) . (.RaMMicHaeL - Unchecky Service.) - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe =>.Reason Software Company Inc.®
                                                      O23 - Service: Update Agent (UpdateAgentService) . (.Copyright (C) 2015 - UpdateAgent Application.) - C:\Program Files\update\UpdateAgent.exe =>.LENOVO®

                                                      —\ Services not Microsoft (SR=Run, SS=Stop) (20) - 23s
                                                      SR - Auto [24/09/2015] [ 81088] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
                                                      SS - Demand [08/06/2017] [ 271864] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\syswow64\Macromed\Flash\FlashPlayerUpda teService.exe =>.Adobe Systems Incorporated®
                                                      SS - Demand [08/06/2017] [ 7346208] aswbIDSAgent (aswbIDSAgent) . (.AVAST Software s.r.o..) - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe =>.AVAST Software s.r.o.®
                                                      SR - Auto [08/06/2017] [ 263304] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
                                                      SR - Auto [08/06/2017] [ 310496] Avast Firewall Service (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe =>.AVAST Software s.r.o.®
                                                      SR - Auto [08/09/2015] [ 288768] FastbootService (FastbootService) . (.Lenovo.) - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe =>.Lenovo
                                                      SS - Auto [08/06/2017] [ 154440] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
                                                      SS - Demand [08/06/2017] [ 154440] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
                                                      SS - Auto [23/06/2015] [ 18856] Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Rapid Storage Technology®
                                                      SS - Auto [16/07/2015] [ 30624] System Interface Foundation Service (ImControllerService) . (.Copyright © 2015.) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.Im Controller.exe =>.LENOVO®
                                                      SS - Demand [22/05/2015] [ 881152] Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe =>.Intel® Trusted Connect Service®
                                                      SS - Demand [19/05/2015] [ 335872] Intel(R) Security Assist (Intel(R) Security Assist) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe =>.Intel Corporation
                                                      SR - Auto [19/05/2015] [ 7680] Intel(R) Security Assist Helper (isaHelperSvc) . (…) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe =>.Intel Corporation
                                                      SR - Auto [11/07/2015] [ 223520] Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
                                                      SR - Auto [16/08/2011] [ 32768] JME Keyboard Driver (JME Keyboard) . (…) - C:\Windows\jmesoft\Service.exe =>.JMESoft
                                                      SR - Auto [08/09/2015] [ 24312] LenovoPortalService (LenovoPortalService) . (.Copyright © 2012.) - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe =>.LENOVO®
                                                      SR - Auto [11/07/2015] [ 415520] Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
                                                      SR - Auto [22/07/2015] [ 937800] NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe =>.NVIDIA Corporation®
                                                      SR - Auto [08/06/2017] [ 304408] Unchecky (Unchecky) . (.RaMMicHaeL.) - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe =>.Reason Software Company Inc.®
                                                      SR - Auto [08/09/2015] [ 226216] Update Agent (UpdateAgentService) . (.Copyright (C) 2015.) - C:\Program Files\update\UpdateAgent.exe =>.LENOVO®

                                                      —\ Task Planned Automatically (27) - 10s
                                                      [MD5.6DC44621EA6A06A7EC2F71C5D788FF3F] [APT] [Adobe Flash Player PPAPI Notifier] (.Adobe Systems Incorporated.) – C:\Windows\syswow64\Macromed\Flash\FlashUtil32_25_ 0_0_171_pepper.exe [1278456] (.Activate.) =>.Adobe Systems Incorporated®
                                                      [MD5.99CE7A1C3AB82125EE3FDB446418865B] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) – C:\Windows\syswow64\Macromed\Flash\FlashPlayerUpda teService.exe [271864] (.Activate.) =>.Adobe Systems Incorporated®
                                                      [MD5.866FF7A49542CDBBF7EE0FD4FD0ADC02] [APT] [Avast Emergency Update] (.AVAST Software.) – C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2326672] (.Activate.) =>.AVAST Software s.r.o.®
                                                      [MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440] (.Activate.) =>.Google Inc®
                                                      [MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440] (.Activate.) =>.Google Inc®
                                                      [MD5.0A7AF85A818C667B72178FF58013D181] [APT] [PDVDServ12 Task] (.CyberLink Corp..) – C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432] (.Activate.) =>.CyberLink Corp.®
                                                      [MD5.BDD7B0DEE5A5B880FD522B1780C01FD3] [APT] [PrivaZer_SkipUAC] (.Goversoft LLC.) – C:\Program Files (x86)\PrivaZer\PrivaZer.exe [15056648] (.Activate.) =>.Goversoft®
                                                      [MD5.F485EE3C484D9874E9DD75E6B4FEE332] [APT] [SafeZone scheduled Autoupdate 1496953941] (.Avast Software.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe [927264] (.Activate.) =>.AVAST Software s.r.o.®
                                                      [MD5.B20E17DEF5802E4282713D07599FE881] [APT] [Lenovo\Experience Improvement] (.Lenovo.) – C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienc eImprovement.exe [287688] (.Activate.) =>.LENOVO®
                                                      [MD5.5165E05EFBC79CEB537E45B54E2DD9D3] [APT] [Lenovo\Lenovo Solution Center Launcher] (.Copyright © 2017.) – C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [264000] (.Activate.) {0ADB0F98F5501B90B7DC533E7F44BCD0}
                                                      [MD5.182160D3B3F70D8D57CBFD5EF1777F7F] [APT] [Lenovo\QuickOptimizer] (.Lenovo.) – C:\Program Files\Lenovo\QuickOptimizer\QuickOptimizerIcon.exe [1149344] (.Activate.) =>.LENOVO®
                                                      [MD5.2AD4632906268AA23F2E52792A5580EB] [APT] [Lenovo\REACHit Agent Startup] (.Lenovo.) – C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [564664] (.Activate.) =>.LENOVO®
                                                      [MD5.2AD4632906268AA23F2E52792A5580EB] [APT] [Lenovo\REACHit Agent Update] (.Lenovo.) – C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [564664] (.Activate.) =>.LENOVO®
                                                      [MD5.AB66299C019B066CD65D3A0F0EB18634] [APT] [Lenovo\SHPrompt] (.Copyright © 2015.) – C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [829344] (.Activate.) =>.LENOVO®
                                                      [MD5.02621F924B63C85E8CBE119452F450AB] [APT] [Lenovo\SHUpdate] (.Copyright © 2015.) – C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [808352] (.Activate.) =>.LENOVO®
                                                      [MD5.9945D817B19B26FB6CB91235678DD86C] [APT] [Lenovo\LSC\Lenovo Solution Center Notifications] (.Lenovo.) – C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321280] (.Activate.) {0ADB0F98F5501B90B7DC533E7F44BCD0} =>.Lenovo
                                                      [MD5.7B15688A2AB515FA6D07A360E117B1E4] [APT] [Lenovo\LSC\LSCHardwareScan] (.Lenovo.) – C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10175808] (.Activate.) {0ADB0F98F5501B90B7DC533E7F44BCD0} =>.Lenovo
                                                      O39 - APT: Adobe Flash Player PPAPI Notifier - (.Adobe Systems Incorporated.) – C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier [4606] =>.Adobe Systems Incorporated®
                                                      O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) – C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater [4412] =>.Adobe Systems Incorporated®
                                                      O39 - APT: Avast Emergency Update - (.AVAST Software.) – C:\WINDOWS\System32\Tasks\Avast Emergency Update [3994] =>.AVAST Software s.r.o.®
                                                      O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) – C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore [3292] =>.Google Inc®
                                                      O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) – C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A [3416] =>.Google Inc®
                                                      O39 - APT: Unknown - (.Microsoft Corporation.) – C:\WINDOWS\System32\Tasks\OFFICE2013ACT [2740] =>.Microsoft Corporation
                                                      O39 - APT: Unknown - (.Microsoft Corporation.) – C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 [3306] =>.Microsoft Corporation
                                                      O39 - APT: PDVDServ12 Task - (.CyberLink Corp..) – C:\WINDOWS\System32\Tasks\PDVDServ12 Task [2212] =>.CyberLink Corp.®
                                                      O39 - APT: PrivaZer_SkipUAC - (.Goversoft LLC.) – C:\WINDOWS\System32\Tasks\PrivaZer_SkipUAC [3204] =>.Goversoft®
                                                      O39 - APT: SafeZone scheduled Autoupdate 1496953941 - (.Avast Software.) – C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1496953941 [4022] =>.AVAST Software s.r.o.®

                                                      —\ Auto loading programs from Registry and folders (15) - 5s
                                                      O4 - HKLM..\Run: [SecurityHealth] . (.Microsoft Corporation - Windows Defender notification icon.) – C:\Program Files\Windows Defender\MSASCuiL.exe =>.Microsoft Windows®
                                                      O4 - HKLM..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) – C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp®
                                                      O4 - HKLM..\Run: [RtHDVBg_LENOVO_MICPKEY] . (.Realtek Semiconductor - HD Audio Background Process.) – C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe =>.Realtek Semiconductor Corp®
                                                      O4 - HKLM..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) – C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe =>.Intel Corporation
                                                      O4 - HKLM..\Run: [UMonit] . (.Copyright (C) 2008 - ChangeIcon MFC Application.) – C:\Windows\syswow64\UMonit64.exe =>.Microsoft Windows Hardware Compatibility Publisher®
                                                      O4 - HKLM..\Run: [AvastUI.exe] . (.AVAST Software - AvLaunch component.) – C:\Program Files\AVAST Software\Avast\AvLaunch.exe =>.AVAST Software s.r.o.®
                                                      O4 - HKCU..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Windows®
                                                      O4 - HKLM..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems, Incorporated®
                                                      O4 - HKLM..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) – C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe =>.CyberLink®
                                                      O4 - HKLM..\Wow6432Node\Run: [jmekey] . (.Lenovo - Lenovo Black Silk USB Keyboard.) – C:\Windows\jmesoft\hotkey.exe =>.Lenovo
                                                      O4 - HKLM..\Wow6432Node\Run: [jmesoft] . (…) – C:\Windows\jmesoft\ServiceLoader.exe =>.Lenovo Group Limited
                                                      O4 - HKLM..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) – C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe =>.CyberLink®
                                                      O4 - HKUS\S-1-5-19..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) – C:\Windows\syswow64\OneDriveSetup.exe =>.Microsoft Windows®
                                                      O4 - HKUS\S-1-5-20..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) – C:\Windows\syswow64\OneDriveSetup.exe =>.Microsoft Windows®
                                                      O4 - HKUS\S-1-5-21-113026621-1705679920-3439515112-1001..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Windows®

                                                      —\ Process running (28) - 4s
                                                      [MD5.00000000000000000000000000000000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 353.6.) – C:\Windows\system32\nvvsvc.exe [0] [PID.1936] =>.NVIDIA Corporation
                                                      [MD5.93A49F8ECC625EE8FD3BFC3C5FEB8D47] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) – C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [1285568] [PID.2152] =>.NVIDIA Corporation®
                                                      [MD5.00000000000000000000000000000000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 353.6.) – C:\WINDOWS\system32\nvvsvc.exe [0] [PID.2228] =>.NVIDIA Corporation
                                                      [MD5.1DFC3CCA51785254C5604238BB1A5467] - (…) – C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680] [PID.3440] =>.Intel Corporation
                                                      [MD5.E2CFDA7E9606FD5ECAB93E4817414661] - (…) – C:\Windows\jmesoft\Service.exe [32768] [PID.3448] =>.JMESoft
                                                      [MD5.B09F2F6281571FBA7387164DE91A24E2] - (.Copyright © 2012 - LenovoPortalService.) – C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312] [PID.3480] =>.LENOVO®
                                                      [MD5.20A45C0EBFABDCAF6FB3BCF6867EB145] - (.RaMMicHaeL - Unchecky Service.) – C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408] [PID.3488] =>.Reason Software Company Inc.®
                                                      [MD5.C04364B8E131D84F0624F1D88FCD2BCC] - (.Copyright (C) 2015 - UpdateAgent Application.) – C:\Program Files\update\UpdateAgent.exe [226216] [PID.3500] =>.LENOVO®
                                                      [MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.3524] =>.Adobe Systems, Incorporated®
                                                      [MD5.CD4546A3ECA0DD8534A6097DF7C2028E] - (.Lenovo - RapidBoot HDD Accelerator Service.) – C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768] [PID.3752] =>.Lenovo
                                                      [MD5.D3590D0F65BBD8A61C814360B5E8AF48] - (.RaMMicHaeL - Unchecky Background Process.) – C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [624920] [PID.6000] =>.Reason Software Company Inc.®
                                                      [MD5.0A7AF85A818C667B72178FF58013D181] - (.CyberLink Corp. - PowerDVD Service.) – C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432] [PID.7320] =>.CyberLink Corp.®
                                                      [MD5.182160D3B3F70D8D57CBFD5EF1777F7F] - (.Lenovo - QuickOptimizerIcon.exe.) – C:\Program Files\Lenovo\QuickOptimizer\QuickOptimizerIcon.exe [1149344] [PID.7328] =>.LENOVO®
                                                      [MD5.5E22E4A24B7F269A7483F346FCE83B15] - (.Realtek Semiconductor - Realtek HD Audio Manager.) – C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16412952] [PID.7584] =>.Realtek Semiconductor Corp®
                                                      [MD5.C22B91B0326ED4B288920B3D849B1E9A] - (.Realtek Semiconductor - HD Audio Background Process.) – C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1413384] [PID.7652] =>.Realtek Semiconductor Corp®
                                                      [MD5.EDBD0648A97D4485E24F21C50F9FCB49] - (.Copyright (C) 2008 - ChangeIcon MFC Application.) – C:\Windows\syswow64\UMonit64.exe [53832] [PID.7768] =>.Microsoft Windows Hardware Compatibility Publisher®
                                                      [MD5.8FE697AB8A4C28D79C1CDB97C6FB1A17] - (.AVAST Software - Avast Antivirus.) – C:\Program Files\AVAST Software\Avast\AvastUI.exe [8470464] [PID.7828] =>.AVAST Software s.r.o.®
                                                      [MD5.0B427D9943C838620AFA30CBB24A6D77] - (.CyberLink - CyberLink MediaLibray Service.) – C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720] [PID.7976] =>.CyberLink®
                                                      [MD5.17716C3DD52BF815291D80FAAF329AC7] - (.Lenovo - Lenovo Black Silk USB Keyboard.) – C:\Windows\jmesoft\hotkey.exe [118784] [PID.8020] =>.Lenovo
                                                      [MD5.CB0B43F1D326AFFA5AA54954B2001233] - (.版权所有 (C) 2011 - Lenovo_LOAD.) – C:\Windows\jmesoft\JME_LOAD.exe [24576] [PID.8176]
                                                      [MD5.8F9FC35D5BF32D39B26ECAE4052E3D62] - (.Intel Corporation - IAStorIcon.) – C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472] [PID.6980] =>.Intel Corporation - Rapid Storage Technology®
                                                      [MD5.DE70C5C10803C700DC1CFDE2D5CF207A] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520] [PID.7820] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
                                                      [MD5.1CE3A27B6B0658F4242AB2DECE69704E] - (.Intel Corporation - Intel(R) Local Management Service.) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [415520] [PID.6912] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
                                                      [MD5.9945D817B19B26FB6CB91235678DD86C] - (.Lenovo - Lenovo Solution Center Notifications.) – C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321280] [PID.11992] {0ADB0F98F5501B90B7DC533E7F44BCD0} =>.Lenovo
                                                      [MD5.FFB9D0049B03ABEF69E271D21FCDE496] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\Doneff Family\Desktop\ZHPDiag3.exe [2741760] [PID.10824] =>.Nicolas Coolman
                                                      [MD5.7B15688A2AB515FA6D07A360E117B1E4] - (.Lenovo - Lenovo Solution Center.) – C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10175808] [PID.1428] {0ADB0F98F5501B90B7DC533E7F44BCD0} =>.Lenovo
                                                      [MD5.BC986F83A536E0BF70DD62EB17F89755] - (.Copyright © 2017 - LSC.ModulesController.Proxy.) – C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.ModulesController.Proxy.exe [268104] [PID.11560] {0ADB0F98F5501B90B7DC533E7F44BCD0}
                                                      [MD5.3E398D5C6B4301EA8D7DD90A32EF126D] - (…) – C:\Program Files\Lenovo\Lenovo Solution Center\QtWebEngineProcess.exe [15360] [PID.10604]

                                                      —\ Google Chrome, Start,Search,Extensions (24) - 2s
                                                      G0 - GCSP: Preferences [User Data\Default][HomePage] http://app.standsapp.org
                                                      G0 - GCSP: Preferences [User Data\Default][HomePage] http://cdnjs.cloudflare.com
                                                      G0 - GCSP: Preferences [User Data\Default][HomePage] http://connect.facebook.net =>.Facebook
                                                      G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.googleapis.com =>.Google Inc.
                                                      G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.gstatic.com =>.Google Inc.
                                                      G0 - GCSP: Preferences [User Data\Default][HomePage] http://nicolascoolman.eu =>.Nicolas Coolman
                                                      G0 - GCSP: Preferences [User Data\Default][HomePage] http://stands-app
                                                      G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook
                                                      G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc.
                                                      G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.paypalobjects.com
                                                      G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.google.com/ =>.Google Inc.
                                                      G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] Google Chrome manifest =>.Google Inc. =>.Google Inc.
                                                      G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. =>.Google Inc.
                                                      G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc. =>.Google Inc.
                                                      G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
                                                      G2 - GCE: Preference [User Data\Default] [dcnofaichneijfbkdkghmhjjbepjmble] Google Chrome manifest =>.Google Inc.
                                                      G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] Google Chrome manifest =>.Google Inc. =>.Google Inc.
                                                      G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] Google Chrome manifest =>.Google Inc. =>.Google Inc.
                                                      G2 - GCE: Preference [User Data\Default] [lgblnfidahcdcjddiepkckcfdhpknnjh] Google Chrome manifest =>.Google Inc.
                                                      G2 - GCE: Preference [User Data\Default] [nmkinhboiljjkhaknpaeaicmdjhagpep] F.B.(FluffBusting)Purity
                                                      G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
                                                      G2 - GCE: Preference [User Data\Default] [pifnaclcibjejklkfjegfcbagcdkidim] Gir Theme
                                                      G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.
                                                      G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

                                                      —\ Internet Explorer Extensions, Start, Search (16) - 0s
                                                      R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo15.msn.com/ =>.Microsoft Corporation
                                                      R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                                      R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                                      R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                                      R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

                                                      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                                      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                                      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
                                                      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
                                                      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                                      R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                                      R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                                      R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                                                      R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
                                                      R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
                                                      R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

                                                      —\ Internet Explorer, Proxy Management (3) - 0s
                                                      R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
                                                      R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
                                                      R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies =>.Microsoft

                                                      —\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
                                                      F2 - REG:system.ini: UserInit=
                                                      F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
                                                      F2 - REG:system.ini: VMApplet=

                                                      —\ Hosts file redirection (1) - 0s
                                                      ~ Le fichier hôte est sain (The hosts file is clean) (60)

                                                      —\ Global shortcuts Startup (57) - 15s
                                                      O4 - GS\Desktop [Administrator]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
                                                      O4 - GS\Desktop [Administrator]: Fonts - Shortcut.lnk . (…) C:\Windows\Fonts
                                                      O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                                                      O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                                      O4 - GS\Quicklaunch [Administrator]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
                                                      O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
                                                      O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
                                                      O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                                      O4 - GS\TaskBar [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
                                                      O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Windows®
                                                      O4 - GS\Desktop [Doneff Family]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
                                                      O4 - GS\Desktop [Doneff Family]: Fonts - Shortcut.lnk . (…) C:\Windows\Fonts
                                                      O4 - GS\Desktop [Doneff Family]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                                                      O4 - GS\Quicklaunch [Doneff Family]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                                      O4 - GS\Quicklaunch [Doneff Family]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
                                                      O4 - GS\sendTo [Doneff Family]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
                                                      O4 - GS\sendTo [Doneff Family]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
                                                      O4 - GS\TaskBar [Doneff Family]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                                      O4 - GS\TaskBar [Doneff Family]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
                                                      O4 - GS\Programs [Doneff Family]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Windows®
                                                      O4 - GS\Desktop [Guest]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
                                                      O4 - GS\Desktop [Guest]: Fonts - Shortcut.lnk . (…) C:\Windows\Fonts
                                                      O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                                                      O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                                      O4 - GS\Quicklaunch [Guest]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
                                                      O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
                                                      O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
                                                      O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                                      O4 - GS\TaskBar [Guest]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
                                                      O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Windows®
                                                      O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                                      O4 - GS\CommonDesktop [Public]: Lenovo Solution Center.lnk . (.Lenovo - .) C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe =>.Lenovo
                                                      O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Windows®
                                                      O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                                      O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
                                                      O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
                                                      O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
                                                      O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
                                                      O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
                                                      O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
                                                      O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
                                                      O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
                                                      O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
                                                      O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
                                                      O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
                                                      O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
                                                      O4 - GS\ProgramsCommon [Public]: Adobe Reader X.lnk . (…) C:\WINDOWS\Installer{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico =>.Adobe Inc.
                                                      O4 - GS\ProgramsCommon [Public]: AION Free-to-Play.lnk . (.NCSOFT Corporation - NCLauncher Module.) C:\Program Files (x86)\Gameforge\NCLauncher\NCLauncher.exe /LauncherID:“GameForge” /CompanyID:“11” /GameID:“AION-LIVE” /LUpdateAddr:“update.aion.gfsrv.net” {366C2B10328E277287161D1967E68BB5} =>.NCSOFT Corporation
                                                      O4 - GS\ProgramsCommon [Public]: Avast Internet Security.lnk . (.AVAST Software - Avast Antivirus.) C:\Program Files\AVAST Software\Avast\AvastUI.exe =>.AVAST Software s.r.o.®
                                                      O4 - GS\ProgramsCommon [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
                                                      O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                                      O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
                                                      O4 - GS\ProgramsCommon [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office.) C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM =>.Microsoft Corporation®
                                                      O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
                                                      O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®
                                                      O4 - GS\ProgramsCommon [Public]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
                                                      O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation

                                                      —\ Lop.com/Domain Hijackers (2) - 0s
                                                      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 =>.USA Rochester Time Warner Cable Internet LlC
                                                      O17 - HKLM\System\CCS\Services\Tcpip..{55cca939-eda2-47d0-8952-4a628b980a60}: DhcpNameServer = 209.18.47.61 209.18.47.62 =>.USA Rochester Time Warner Cable Internet LlC

                                                      —\ Extra protocols (22) - 2s
                                                      O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
                                                      O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
                                                      O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\syswow64\MSVidCtl.dll =>.Microsoft Corporation
                                                      O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
                                                      O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
                                                      O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
                                                      O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
                                                      O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\syswow64\itss.dll =>.Microsoft Corporation
                                                      O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
                                                      O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
                                                      O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
                                                      O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\syswow64\inetcomm.dll =>.Microsoft Corporation
                                                      O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
                                                      O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\syswow64\itss.dll =>.Microsoft Corporation
                                                      O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
                                                      O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\syswow64\tbauth.dll =>.Microsoft Corporation
                                                      O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\syswow64\MSVidCtl.dll =>.Microsoft Corporation
                                                      O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
                                                      O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\syswow64\tbauth.dll =>.Microsoft Corporation
                                                      O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\syswow64\mscoree.dll =>.Microsoft Corporation
                                                      O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\syswow64\mscoree.dll =>.Microsoft Corporation
                                                      O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\syswow64\mscoree.dll =>.Microsoft Corporation

                                                      —\ Software installed (64) - 16s
                                                      O42 - Logiciel: Adobe Flash Player 25 PPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe Flash Player PPAPI =>.Adobe Systems Incorporated®
                                                      O42 - Logiciel: Adobe Reader X (10.1.16) MUI - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AC76BA86-7AD7-FFFF-7B44-AA0000000001} =>.Adobe Systems Incorporated
                                                      O42 - Logiciel: Aion - (.NC Interactive, LLC.) [HKLM][64Bits] – {B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB} =>.NC Interactive, LLC
                                                      O42 - Logiciel: AION Free-to-Play - (.Gameforge 4D GmbH.) [HKLM][64Bits] – {82E73E8D-E1E7-45A4-A311-6D31492AA913}is1 {49D80AD8998E76D517F144E117F53BE1} =>.Gameforge 4D GmbH
                                                      O42 - Logiciel: Avast Internet Security - (.AVAST Software.) [HKLM][64Bits] – Avast Antivirus =>.AVAST Software s.r.o.®
                                                      O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] – {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} =>.Cisco Systems, Inc.
                                                      O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] – {AF312B06-5C5C-468E-89B3-BE6DE2645722} =>.Cisco Systems, Inc.
                                                      O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] – {0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F} =>.Cisco Systems, Inc.
                                                      O42 - Logiciel: Components - (.Lenovo.) [HKLM][64Bits] – {1720B0E0-C520-43A6-B677-97A1D80F3B99} =>.Lenovo
                                                      O42 - Logiciel: Driver and Application Installation - (.Lenovo.) [HKLM][64Bits] – {6EC299C6-074C-4529-8D5F-2798584BB27B} =>.LENOVO®
                                                      O42 - Logiciel: Fiesta Online NA version 1.0 - (.gamigo AG.) [HKLM][64Bits] – Fiesta Online NA_is1 =>.gamigo AG
                                                      O42 - Logiciel: Genesys USB Mass Storage Device - (.Genesys Logic.) [HKLM][64Bits] – {959B7F35-2819-40C5-A0CD-3C53B5FCC935} =>.Genesys Logic
                                                      O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] – Google Chrome =>.Google Inc®
                                                      O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] – {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
                                                      O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel Corporation.) [HKLM][64Bits] – {8C91A5EB-2C62-4A6D-8802-CC79FD2ED390} =>.Intel Corporation
                                                      O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel(R) Corporation.) [HKLM][64Bits] – {60c073df-e736-4210-9c3a-5fc2b651cef3} =>.Intel Corporation - Software and Firmware Products®
                                                      O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] – {1CEAC85D-2590-4760-800F-8DE5E91F3700} =>.Intel Corporation
                                                      O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] – {3D6D679B-3ECE-48DD-85D6-8ECE8D497080} =>.Intel Corporation
                                                      O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] – {BCD55758-61DB-426D-BC56-72C9ADB2092F} =>.Intel Corporation
                                                      O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] – {DD20EECC-5CAA-4658-B15D-2A5DCE686321} =>.Intel Corporation
                                                      O42 - Logiciel: Intel(R) ME UninstallLegacy - (.Intel Corporation.) [HKLM][64Bits] – {D2E7A6EE-AB1A-4D68-8E1C-FFE2B4B5429B} =>.Intel Corporation
                                                      O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] – {205AE40D-8AD7-4F29-A430-DD2168DA562D} =>.Intel Corporation
                                                      O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] – {409CB30E-E457-4008-9B1A-ED1B9EA21140} =>.Intel Corporation
                                                      O42 - Logiciel: Intel® Security Assist - (.Intel Corporation.) [HKLM][64Bits] – {4B230374-6475-4A73-BA6E-41015E9C5013} =>.Intel Corporation
                                                      O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] – {7D84E343-A23D-451C-B123-0195B2D903A6} =>.Intel Corporation
                                                      O42 - Logiciel: Lenovo Accelerator Application - (.Lenovo.) [HKLM][64Bits] – {10672FE6-3D50-4F79-B0C7-A5573A5D415D} =>.LENOVO®
                                                      O42 - Logiciel: Lenovo Blacksilk USB Keyboard Driver - (.Lenovo.) [HKLM][64Bits] – {B266E062-D6C5-485B-B426-51B152B041A6} =>.Lenovo
                                                      O42 - Logiciel: Lenovo Experience Improvement - (.Lenovo.) [HKLM][64Bits] – LenovoExperienceImprovement =>.LENOVO®
                                                      O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] – {40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink Corp.®
                                                      O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield                                                      {40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink Corp.®
                                                      O42 - Logiciel: Lenovo PowerDVD12 - (.CyberLink Corp..) [HKLM][64Bits] – {B46BEA36-0B71-4A4E-AE41-87241643FA0A} =>.CyberLink Corp.®
                                                      O42 - Logiciel: Lenovo PowerDVD12 - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A} =>.CyberLink Corp.®
                                                      O42 - Logiciel: Lenovo QuickOptimizer - (.Lenovo.) [HKLM][64Bits] – {8D2C871B-1B9F-45AC-9C43-2BB18089CDFA} =>.Lenovo
                                                      O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] – {46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink Corp.®
                                                      O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink Corp.®
                                                      O42 - Logiciel: Lenovo Solution Center - (.Lenovo.) [HKLM][64Bits] – {7BB9AAFD-3350-49C8-92D1-833AAFF9E74E} =>.Lenovo
                                                      O42 - Logiciel: Lenovo System Interface Foundation - (.Lenovo.) [HKLM][64Bits] – {C2E5CA37-C862-4A69-AC6D-24F450A20C16} =>.Lenovo
                                                      O42 - Logiciel: Manual - (.Lenovo.) [HKLM][64Bits] – {693F92E5-37D1-46B7-A0D6-19A74A2FD0EC} =>.LENOVO®
                                                      O42 - Logiciel: Metric Collection SDK 35 - (.Lenovo Group Limited.) [HKLM][64Bits] – {C2B5B5B0-2545-4E94-B4BA-548D4BF0B196} =>.Lenovo Group Limited
                                                      O42 - Logiciel: Microsoft OneDrive - (.Microsoft Corporation.) [HKCU][64Bits] – OneDriveSetup.exe =>.Microsoft Windows®
                                                      O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] – {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
                                                      O42 - Logiciel: NCSOFT Game Launcher - (.NCSOFT.) [HKLM][64Bits] – NCLauncher_NCWest =>.NCsoft Corp.®
                                                      O42 - Logiciel: NVIDIA Control Panel 376.54 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation
                                                      O42 - Logiciel: NVIDIA Graphics Driver 353.62 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation
                                                      O42 - Logiciel: NVIDIA HD Audio Driver 1.3.34.3 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver =>.NVIDIA Corporation
                                                      O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
                                                      O42 - Logiciel: NVIDIA PhysX System Software 9.15.0428 - (.NVIDIA Corporation.) [HKLM][64Bits] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA Corporation
                                                      O42 - Logiciel: PrivaZer - (.Goversoft LLC.) [HKLM][64Bits] – PrivaZer =>.Goversoft®
                                                      O42 - Logiciel: REACHit - (.Lenovo.) [HKLM][64Bits] – {4532E4C5-C84D-4040-A044-ECFCC5C6995B} =>.Lenovo
                                                      O42 - Logiciel: REALTEK Bluetooth Filter Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] – {9D3D8C60-A5EF-4123-B2B9-172095903AD} =>.Realtek Semiconductor Corp®
                                                      O42 - Logiciel: Realtek Ethernet Controller All-In-One Windows Driver - (.Realtek.) [HKLM][64Bits] – {F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F} =>.Realtek
                                                      O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp®
                                                      O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] – {9DAABC60-A5EF-41FF-B2B9-17329590CD5} =>.Realtek Semiconductor Corp®
                                                      O42 - Logiciel: SafeZone Stable 3.55.2393.596 - (.Avast Software.) [HKLM][64Bits] – SafeZone 3.55.2393.596 =>.AVAST Software s.r.o.®
                                                      O42 - Logiciel: SHAREit - (.Lenovo.) [HKLM][64Bits] – SHAREit_is1 =>.LENOVO®
                                                      O42 - Logiciel: SoftMaker FreeOffice 2016 - (.SoftMaker Software GmbH.) [HKLM][64Bits] – {8EBB8452-274B-465D-8324-00B0832FBB05} =>.SoftMaker Software GmbH
                                                      O42 - Logiciel: Unchecky v1.0.2 - (.RaMMicHaeL.) [HKLM][64Bits] – Unchecky =>.Reason Software Company Inc.®
                                                      O42 - Logiciel: Windows Driver Package - Genesys Logic (GeneStor) USB (07/13/2015 4.5.0.6) - (.Genesys Logic.) [HKLM][64Bits] – AE2E6FAB44844413B4C6F53C908EACC8AFC838F0 =>.Genesys Logic
                                                      O42 - Logiciel: Windows Driver Package - NVIDIA (nvlddmkm) Display (07/22/2015 10.18.13.53 - (.NVIDIA.) [HKLM][64Bits] – 81C36D5B443FFB6F528F76BD424D750C53ADF10E =>.NVIDIA
                                                      O42 - Logiciel: Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (04/16/2015 1.3. - (.NVIDIA Corporation.) [HKLM][64Bits] – E1EF4D4E1E41BA85DB6DA51424B73AE1B3F0056A =>.NVIDIA Corporation
                                                      O42 - Logiciel: Windows Driver Package - Realtek (rt640x64) Net (05/05/2015 10.001.0505.20 - (.Realtek.) [HKLM][64Bits] – 6A304520C2F25CD034E477A379C47308AA84A2DC =>.Realtek
                                                      O42 - Logiciel: Windows Driver Package - Realtek Semiconductor Corp. (RtkBtFilter) Bluetoot - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – 604A7B07184AD24892732BED4543610976632257 =>.Realtek Semiconductor Corp.
                                                      O42 - Logiciel: Windows Driver Package - Realtek Semiconductor Corp. (RTWlanE) Net (07/09/ - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – 5D078DEFD18360A7A64D38392C9F1007DC86AE23 =>.Realtek Semiconductor Corp.
                                                      O42 - Logiciel: WinRAR 5.40 (32-bit) - (.win.rar GmbH.) [HKLM][64Bits] – WinRAR archiver =>.win.rar GmbH®

                                                      —\ HKCU & HKLM Software Keys (49) - 16s
                                                      HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
                                                      HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies =>.AGEIA Technologies
                                                      HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
                                                      HKLM\SOFTWARE\Wow6432Node\CyberLink =>.CyberLink Corporation
                                                      HKLM\SOFTWARE\Wow6432Node\Gameforge =>.Gameforge
                                                      HKLM\SOFTWARE\Wow6432Node\Genesys Logic =>.Genesys Logic
                                                      HKLM\SOFTWARE\Wow6432Node\Google =>.Google
                                                      HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
                                                      HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
                                                      HKLM\SOFTWARE\Wow6432Node\Lake =>.Lake Sofware
                                                      HKLM\SOFTWARE\Wow6432Node\Lenovo =>.Lenovo
                                                      HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
                                                      HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
                                                      HKLM\SOFTWARE\Wow6432Node\NC Interactive, LLC =>.NC Interactive, LLC
                                                      HKLM\SOFTWARE\Wow6432Node\NCWest
                                                      HKLM\SOFTWARE\Wow6432Node\Network Associates =>.Network Associates
                                                      HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
                                                      HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.nVidia Corporation
                                                      HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
                                                      HKLM\SOFTWARE\Wow6432Node\PlayNC
                                                      HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek Semiconductor Corp.
                                                      HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
                                                      HKLM\SOFTWARE\Wow6432Node\RtWLan =>.Realtek Semiconductor Corp.
                                                      HKLM\SOFTWARE\Wow6432Node\SoftMaker Software GmbH =>.SoftMaker Software GmbH
                                                      HKLM\SOFTWARE\Wow6432Node\SRS Labs =>.SRS Labs
                                                      HKLM\SOFTWARE\Wow6432Node\Unchecky =>.RaMMicHaeL
                                                      HKLM\SOFTWARE\Wow6432Node\WinRAR =>.WinRAR
                                                      HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
                                                      HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
                                                      HKCU\SOFTWARE\Adobe =>.Adobe
                                                      HKCU\SOFTWARE\Aion =>.NCsoft Corporation, Ltd.
                                                      HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
                                                      HKCU\SOFTWARE\AVAST Software =>.AVAST Software
                                                      HKCU\SOFTWARE\Chromium =>.Chromium
                                                      HKCU\SOFTWARE\CyberLink =>.CyberLink Corporation
                                                      HKCU\SOFTWARE\Google =>.Google
                                                      HKCU\SOFTWARE\lenovo =>.Lenovo
                                                      HKCU\SOFTWARE\Netscape =>.Netscape
                                                      HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
                                                      HKCU\SOFTWARE\plaync
                                                      HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
                                                      HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
                                                      HKCU\SOFTWARE\SoftMaker Software GmbH =>.SoftMaker Software GmbH
                                                      HKCU\SOFTWARE\Unchecky =>.RaMMicHaeL
                                                      HKCU\SOFTWARE\WinRAR =>.WinRAR
                                                      HKCU\SOFTWARE\WinRAR SFX =>.RarLab
                                                      HKCU\SOFTWARE\WOW6432Node =>.Microsoft Corporation
                                                      HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
                                                      HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation

                                                      —\ Contents of the Common Files folders (162) - 26s
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\AVAST Software =>.AVAST Software s.r.o.®
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Common Files =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\DIFX =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Intel =>.Intel Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Lenovo =>.Lenovo
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\mcafee =>.McAfee
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\mcafee.com =>.McAfee Inc.
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Realtek =>.Realtek
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\update =>.Unknown
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Windows Defender =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\Windows Security =>.Unknown
                                                      O43 - CFD: 08/06/2017 - SHD – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - HD – C:\Program Files\WindowsApps =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Cisco =>.Cisco Systems, Inc.
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Common Files =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Cyberlink =>.CyberLink Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Gameforge {366C2B10328E277287161D1967E68BB5} =>.Gameforge
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\gamigo =>.gamigo AG®
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Genesyslogic =>.Microsoft Windows Hardware Compatibility Publisher®
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Google =>.Google Inc®
                                                      O43 - CFD: 08/06/2017 - HD – C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Intel =>.Intel Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Lenovo =>.Lenovo
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\McAfee =>.McAfee
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Microsoft Silverlight =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\NCSOFT =>.NCSOFT
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\NCWest =>.NCWest
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\NVIDIA Corporation =>.nVidia Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\PrivaZer =>.Goversoft LLC
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Realtek =>.Realtek
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver =>.Realtek Semiconductor Corp.
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\SoftMaker FreeOffice 2016 =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Unchecky =>.RaMMicHaeL
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\WinRAR =>.win.rar GmbH®
                                                      O43 - CFD: 08/09/2015 - RAD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - RAD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
                                                      O43 - CFD: 08/09/2015 - RAD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gamigo =>.gamigo
                                                      O43 - CFD: 08/06/2017 - AD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel =>.Intel Corporation
                                                      O43 - CFD: 08/06/2017 - AD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo =>.Lenovo
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - AD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT =>.NCSOFT
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest =>.NCWest
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker FreeOffice 2016 =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - RAD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
                                                      O43 - CFD: 10/07/2015 - [0] RHD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky =>.RaMMicHaeL
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\AVAST Software =>.AVAST Software
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Lenovo =>.Lenovo
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\McAfee =>.McAfee
                                                      O43 - CFD: 08/06/2017 - SD – C:\ProgramData\Microsoft =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Microsoft OneDrive =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\NVIDIA =>.nVidia Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Office2013 =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\OneKey Recovery =>.Lenovo Group Limited
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Package Cache =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\privazer =>.Goversoft LLC
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Realtek =>.Realtek
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] D – C:\ProgramData\SoftwareDistribution =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] D – C:\ProgramData\SWCUTemp
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Temp =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\Unchecky =>.RaMMicHaeL
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\USOPrivate =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\USOShared =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\ProgramData\WindowsHolographicDevices
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Common Files\Adobe =>.Adobe
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Common Files\Intel Corporation =>.Intel Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Common Files\LENOVO =>.Lenovo
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Common Files\McAfee =>.McAfee
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Common Files\PostureAgent =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Adobe =>.Adobe
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\AVAST Software =>.AVAST Software
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Google =>.Google
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Intel Corporation =>.Intel Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Lenovo =>.Lenovo
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\LSC =>.LSC
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Macromedia =>.Macromedia
                                                      O43 - CFD: 08/06/2017 - SD – C:\Users\Doneff Family\AppData\Roaming\Microsoft =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\SoftMaker =>.SoftMaker
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\WinRAR =>.WinRAR
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\ZHP =>.Nicolas Coolman
                                                      O43 - CFD: 08/06/2017 - [0] D – C:\Users\Doneff Family\AppData\Local\Adobe =>.Adobe
                                                      O43 - CFD: 08/06/2017 - [0] SHD – C:\Users\Doneff Family\AppData\Local\Application Data =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\CEF =>.CEF
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\Comms =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\ConnectedDevicesPlatform =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\Google =>.Google
                                                      O43 - CFD: 08/06/2017 - [0] SHD – C:\Users\Doneff Family\AppData\Local\History =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\Lenovo =>.Lenovo
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\Microsoft =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\Packages =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\Power2Go =>.Power2Go
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\PrivaZer =>.Goversoft LLC
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\Programs =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\Publishers =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\Temp =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] SHD – C:\Users\Doneff Family\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\TileDataLayer =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] D – C:\Users\Doneff Family\AppData\Local\VirtualStore =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Local\ZHP =>.Nicolas Coolman
                                                      O43 - CFD: 08/06/2017 - [0] D – C:\Users\Doneff Family\AppData\Local\Programs\Common =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - RD – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - RD – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - RD – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer =>.Goversoft LLC
                                                      O43 - CFD: 08/06/2017 - RD – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam =>.Steam Games
                                                      O43 - CFD: 08/06/2017 - RD – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - RD – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
                                                      O43 - CFD: 08/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - [0] – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\DBG =>.DBG
                                                      O43 - CFD: 08/06/2017 - D – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation
                                                      O43 - CFD: 08/06/2017 - D – C:\WINDOWS\System32\Config\systemprofile\AppData\R oaming\Microsoft =>.Microsoft Corporation

                                                      —\ ShellIconOverlayIdentifiers (SIOI) (7) - 0s
                                                      O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816. 0313\FileSyncShell.dll =>.Microsoft Windows®
                                                      O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816. 0313\FileSyncShell.dll =>.Microsoft Windows®
                                                      O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816. 0313\FileSyncShell.dll =>.Microsoft Windows®
                                                      O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816. 0313\FileSyncShell.dll =>.Microsoft Windows®
                                                      O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816. 0313\FileSyncShell.dll =>.Microsoft Windows®
                                                      O106 - SIOI: ReadOnlyOverlayHandler Class [ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816. 0313\FileSyncShell.dll =>.Microsoft Windows®
                                                      O106 - SIOI: avast [00asw] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) – C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®

                                                      —\ Image File Execution Options (17) - 1s
                                                      O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\3] =>.Microsoft Windows®
                                                      O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\256] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\256] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\256] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\256] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\1118481] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\2097152] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\4294967296] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\2097152] =>.Microsoft Corporation
                                                      O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\32768] =>.Microsoft Windows Publisher®
                                                      O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation

                                                      —\ System Drivers List (75) - 8s
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.LSI - LSI 3ware SCSI Storport Driver.) – C:\WINDOWS\System32\drivers\3ware.sys [107424] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) – C:\WINDOWS\System32\drivers\adp80xx.sys [1135512] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) – C:\WINDOWS\System32\drivers\amdsata.sys [83352] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\WINDOWS\System32\drivers\amdsbs.sys [259488] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\WINDOWS\System32\drivers\amdxata.sys [27040] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\WINDOWS\System32\drivers\arcsas.sys [132000] =>.Microsoft Windows®
                                                      O58 - SDL:2017/06/08 16:29:12 A . (.AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) – C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [311808] =>.AVAST Software s.r.o.®
                                                      O58 - SDL:2017/06/08 16:29:13 A . (.AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) – C:\WINDOWS\System32\drivers\aswbidsha.sys [190256] =>.AVAST Software s.r.o.®
                                                      O58 - SDL:2017/06/08 16:29:13 A . (.AVAST Software s.r.o. - Logging Driver.) – C:\WINDOWS\System32\drivers\aswbloga.sys [334576] =>.AVAST Software s.r.o.®
                                                      O58 - SDL:2017/06/08 16:29:13 A . (.AVAST Software s.r.o. - Universal Driver.) – C:\WINDOWS\System32\drivers\aswbuniva.sys [49016] =>.AVAST Software s.r.o.®
                                                      O58 - SDL:2017/06/08 16:29:46 A . (.AVAST Software - Avast HWID.) – C:\WINDOWS\System32\drivers\aswHwid.sys [38296] =>.AVAST Software s.r.o.® (.AVAST Software)
                                                      O58 - SDL:2017/06/08 16:31:29 A . (.AVAST Software - Avast Keyboard Filter Driver.) – C:\WINDOWS\System32\drivers\aswKbd.sys [32600] =>.AVAST Software s.r.o.®
                                                      O58 - SDL:2017/06/08 16:29:47 A . (.AVAST Software - Avast File System Minifilter for Windows 20.) – C:\WINDOWS\System32\drivers\aswMonFlt.sys [128648] =>.AVAST Software s.r.o.®
                                                      O58 - SDL:2017/06/08 16:29:14 A . (.AVAST Software - Avast Firewall Driver.) – C:\WINDOWS\System32\drivers\aswNetSec.sys [507928] =>.AVAST Software s.r.o.®
                                                      O58 - SDL:2017/06/08 16:29:46 A . (.AVAST Software - Avast WFP Redirect Driver.) – C:\WINDOWS\System32\drivers\aswRdr2.sys [101152] =>.AVAST Software s.r.o.®
                                                      O58 - SDL:2017/06/08 16:29:47 A . (.AVAST Software - Avast Revert.) – C:\WINDOWS\System32\drivers\aswRvrt.sys [75704] =>.AVAST Software s.r.o.® (.AVAST Software)
                                                      O58 - SDL:2017/06/08 16:29:19 A . (.AVAST Software - Avast Virtualization Driver.) – C:\WINDOWS\System32\drivers\aswSnx.sys [1007160] =>.AVAST Software s.r.o.®
                                                      O58 - SDL:2017/06/08 16:29:47 A . (.AVAST Software - Avast self protection module.) – C:\WINDOWS\System32\drivers\aswSP.sys [569192] =>.AVAST Software s.r.o.®
                                                      O58 - SDL:2017/06/08 16:30:32 A . (.AVAST Software - Stream Filter.) – C:\WINDOWS\System32\drivers\aswstm.sys [158880] =>.AVAST Software s.r.o.®
                                                      O58 - SDL:2017/06/08 16:29:47 A . (.AVAST Software - Avast VM Monitor.) – C:\WINDOWS\System32\drivers\aswVmm.sys [339696] =>.AVAST Software s.r.o.® (.AVAST Software)
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) – C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R) Win 7 DDK provider
                                                      O58 - SDL:2017/03/18 16:56:23 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) – C:\WINDOWS\System32\drivers\bxvbda.sys [533920] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) – C:\WINDOWS\System32\drivers\cht4dx64.sys [102816] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) – C:\WINDOWS\System32\drivers\cht4sx64.sys [347032] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) – C:\WINDOWS\System32\drivers\cht4vx64.sys [2104224] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:23 A . (.QLogic Corporation - QLogic 10 GigE VBD.) – C:\WINDOWS\System32\drivers\evbda.sys [3419040] =>.Microsoft Windows®
                                                      O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - HDD Accelerator Driver.) – C:\WINDOWS\System32\drivers\Fastboot.sys [67608] =>.Windows (R) Win 7 DDK provider
                                                      O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - fsmon driver.) – C:\WINDOWS\System32\drivers\FBFsmon.sys [39448] =>.Windows (R) Win 7 DDK provider
                                                      O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - Network throttling driver.) – C:\WINDOWS\System32\drivers\FBNetFlt.sys [32792] =>.Windows (R) Win 7 DDK provider
                                                      O58 - SDL:2015/07/15 06:54:02 A . (.GenesysLogic - GeneStor.) – C:\WINDOWS\System32\drivers\GeneStor.sys [115704] =>.GENESYS LOGIC, INC.®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\WINDOWS\System32\drivers\HpSAMD.sys [64416] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iagpio.sys [33280] =>.Intel(R) Corporation
                                                      O58 - SDL:2017/03/18 16:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) – C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R) Corporation
                                                      O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656] =>.Intel Corporation
                                                      O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.s ys [85504] =>.Intel Corporation
                                                      O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376] =>.Intel Corporation
                                                      O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448] =>.Intel Corporation
                                                      O58 - SDL:2017/03/18 16:56:23 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
                                                      O58 - SDL:2017/03/18 16:56:19 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
                                                      O58 - SDL:2015/06/23 18:58:58 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver -.) – C:\WINDOWS\System32\drivers\iaStorA.sys [1455552] =>.Intel Corporation - Rapid Storage Technology®
                                                      O58 - SDL:2017/03/18 16:56:26 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) – C:\WINDOWS\System32\drivers\iaStorAV.sys [673184] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) – C:\WINDOWS\System32\drivers\iaStorV.sys [412064] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - InfiniBand Fabric Bus Driver.) – C:\WINDOWS\System32\drivers\ibbus.sys [526240] =>.Microsoft Windows®
                                                      O58 - SDL:2017/06/08 16:30:32 A . (.Authors - .) – C:\WINDOWS\System32\drivers\lpsport.sys [61304] =>.AVG Technologies CZ, s.r.o.®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas.sys [108960] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas2i.sys [123808] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas3i.sys [103328] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sss.sys [82848] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\megasas.sys [59808] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\MegaSas2i.sys [64416] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\WINDOWS\System32\drivers\megasr.sys [575904] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - MLX4 Bus Driver.) – C:\WINDOWS\System32\drivers\mlx4_bus.sys [842656] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) – C:\WINDOWS\System32\drivers\mvumis.sys [63904] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - NetworkDirect Support Filter Driver.) – C:\WINDOWS\System32\drivers\ndfltr.sys [108960] =>.Microsoft Windows®
                                                      O58 - SDL:2017/01/17 06:55:40 A . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) – C:\WINDOWS\System32\drivers\nvhda64v.sys [221640] =>.NVIDIA Corporation®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\WINDOWS\System32\drivers\nvraid.sys [150432] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\WINDOWS\System32\drivers\nvstor.sys [166304] =>.Microsoft Windows®
                                                      O58 - SDL:2017/01/17 06:56:56 A . (.NVIDIA Corporation - Stereoscopic 3D USB controller driver.) – C:\WINDOWS\System32\drivers\nvstusb.sys [478272] =>.NVIDIA Corporation®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas2i.sys [58784] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas3i.sys [61848] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:26 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.40 64-bit Dri.) – C:\WINDOWS\System32\drivers\rt640x64.sys [604160] =>.Realtek
                                                      O58 - SDL:2015/06/15 18:37:26 A . (.Realtek Semiconductor Corporation - Realtek Bluetooth Filter Driver.) – C:\WINDOWS\System32\drivers\RtkBtfilter.sys [598784] =>.Realtek Semiconductor Corp®
                                                      O58 - SDL:2015/09/30 13:58:16 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) – C:\WINDOWS\System32\drivers\RTKVHD64.sys [4608280] =>.Realtek Semiconductor Corp®
                                                      O58 - SDL:2017/03/18 16:56:20 A . (.Realtek Semiconductor Corporation - Realtek PCIE NDIS Driver 47528 20362.) – C:\WINDOWS\System32\drivers\rtwlane.sys [6320640] =>.Realtek Semiconductor Corporation
                                                      O58 - SDL:2017/03/18 16:56:26 A . (.Authors - .) – C:\WINDOWS\System32\drivers\SDFRd.sys [31128] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid2.sys [44960] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid4.sys [81824] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) – C:\WINDOWS\System32\drivers\stexstor.sys [31136] =>.Microsoft Windows®
                                                      O58 - SDL:2015/09/04 13:29:06 A . (.Intel Corporation - Intel(R) Management Engine Interface.) – C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [195336] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
                                                      O58 - SDL:2016/08/16 03:18:34 A . (.MBB - USB Modem/Serial Device Driver.) – C:\WINDOWS\System32\drivers\usb2ser.sys [159936] =>.NGO®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\WINDOWS\System32\drivers\vsmraid.sys [166816] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) – C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305568] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - Kernel WinMad.) – C:\WINDOWS\System32\drivers\winmad.sys [32160] =>.Microsoft Windows®
                                                      O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - Kernel WinVerbs.) – C:\WINDOWS\System32\drivers\winverbs.sys [64920] =>.Microsoft Windows®
                                                      O58 - SDL:2012/06/13 20:10:32 A . (."CyberLink - Cyberlink Virtual Disk Driver.) – C:\WINDOWS\System32\drivers\wsvd.sys [102376] =>.CyberLink®

                                                      —\ Last modified or created user files (3) - 6s
                                                      O61 - LFC: 2017/06/08 01:10:46 A . (..) – C:\Users\Doneff Family\Desktop\Games\ProjectGorgonLauncherWin\Proj ectGorgonLauncherWin.exe [16834560]
                                                      O61 - LFC: 2017/06/08 01:10:46 A . (..) – C:\Users\Doneff Family\Desktop\Games\ProjectGorgonLauncherWin\Proj ectGorgonLauncherWin_Data\Managed\Assembly-CSharp.dll [58880]
                                                      O61 - LFC: 2017/06/08 01:10:46 A . (..) – C:\Users\Doneff Family\Desktop\Games\ProjectGorgonLauncherWin\Proj ectGorgonLauncherWin_Data\Managed\UnityEngine.dll [972800]

                                                      —\ File Associations Shell Spawning (10) - 1s
                                                      O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
                                                      O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
                                                      O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
                                                      O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
                                                      O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
                                                      O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
                                                      O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                                      O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
                                                      O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
                                                      O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S

                                                      —\ Start Menu Internet (12) - 0s
                                                      O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                                                      O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                                      O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\Launcher.exe =>.AVAST Software s.r.o.®
                                                      O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
                                                      O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
                                                      O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
                                                      O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
                                                      O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
                                                      O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
                                                      O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
                                                      O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
                                                      O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software

                                                      —\ Search Browser Infection (2) - 0s
                                                      O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
                                                      O69 - SBI: SearchScopes [HKLM] {D79BB3A3-DB24-49D3-A463-680951CD61C4} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com

                                                      —\ Search Svchost Services (47) - 1s
                                                      O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\WINDOWS\system32\srvsvc.dll [303616] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\WINDOWS\System32\gpsvc.dll [1269248] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\WINDOWS\System32\ikeext.dll [934912] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\WINDOWS\System32\iphlpsvc.dll [996864] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\WINDOWS\system32\seclogon.dll [31232] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\WINDOWS\System32\appinfo.dll [138752] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\WINDOWS\system32\iscsiexe.dll [150016] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\WINDOWS\System32\eapsvc.dll [108032] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\WINDOWS\system32\schedsvc.dll [877568] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\WINDOWS\system32\wbem\WMIsvc.dll [221696] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\WINDOWS\System32\browser.dll [133120] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\WINDOWS\system32\profsvc.dll [413696] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [385536] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\WINDOWS\System32\wercplsupport.dll [91648] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) – C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) – C:\WINDOWS\system32\WpnService.dll [276480] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) – C:\WINDOWS\system32\flightsettings.dll [699904] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) – C:\WINDOWS\system32\dmwappushsvc.dll [55296] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: TokenBroker (TokenBroker) . (.Microsoft Corporation - Token Broker.) – C:\Windows\System32\TokenBroker.dll [1054720] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: XboxGipSvc (XboxGipSvc) . (.Microsoft Corporation - Xbox Gip Management Service.) – C:\WINDOWS\System32\XboxGipSvc.dll [18944] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) – C:\WINDOWS\System32\DeviceSetupManager.dll [233984] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\WINDOWS\system32\themeservice.dll [69632] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: xbgm (xbgm) . (.Microsoft Corporation - Xbox Game Monitoring Service.) – C:\WINDOWS\System32\xbgmsvc.dll [301216] =>.Microsoft Windows Publisher®
                                                      O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) – C:\WINDOWS\System32\NetSetupSvc.dll [261632] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\WINDOWS\System32\bdesvc.dll [385536] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) – C:\WINDOWS\System32\usermgr.dll [877568] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) – C:\WINDOWS\system32\Windows.SharedPC.AccountManage r.dll [199168] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) – C:\WINDOWS\System32\ncasvc.dll [167424] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) – C:\WINDOWS\system32\wlidsvc.dll [2155008] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) – C:\WINDOWS\System32\XblGameSave.dll [1135104] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) – C:\Windows\System32\Windows.Internal.Management.dl l [536064] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) – C:\WINDOWS\System32\XblAuthManager.dll [1013248] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: NaturalAuthentication (NaturalAuthentication) . (.Microsoft Corporation - Natural Authentication Service.) – C:\WINDOWS\System32\NaturalAuth.dll [723968] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) – C:\WINDOWS\system32\usocore.dll [681984] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) – C:\WINDOWS\System32\lfsvc.dll [43520] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) – C:\WINDOWS\System32\irmon.dll [24576] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\WINDOWS\System32\rasauto.dll [104448] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\WINDOWS\System32\rasmans.dll [871936] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [490496] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\WINDOWS\System32\sens.dll [69632] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\WINDOWS\System32\ipnathlp.dll [537600] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [306688] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\WINDOWS\system32\wuaueng.dll [2443264] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\WINDOWS\System32\qmgr.dll [1159680] =>.Microsoft Corporation
                                                      O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [612864] =>.Microsoft Corporation

                                                      —\ List of CD/DVD Emulators (MBR Hook) (2) - 0s
                                                      HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fiesta OnlineDownloader_US_RASAPI32 =>PUP.Optional.SoftwareEngine
                                                      HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fiesta OnlineDownloader_US_RASMANCS =>PUP.Optional.SoftwareEngine

                                                      —\ Additional Scan (O88) (4) - 1s
                                                      HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fiesta OnlineDownloader_US_RASAPI32 =>PUP.Optional.SoftwareEngine
                                                      HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fiesta OnlineDownloader_US_RASMANCS =>PUP.Optional.SoftwareEngine
                                                      C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.loca lstorage =>.Superfluous.CloudfrontNet
                                                      C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.loca lstorage-journal =>.Superfluous.CloudfrontNet

                                                      —\ Summary of the elements found (2) - 0s
                                                      https://www.nicolascoolman.com/fr/hijacker-trovigo/ =>PUP.Optional.SoftwareEngine
                                                      CloudFront, Réseau de distribution d'Amazon. - ZAM =>.Superfluous.CloudfrontNet

                                                      ~ Unselected Options:
                                                      ~ End of the scan, 18939 items in 03mn30s (850)(0)

                                                        Comment

                                                        • Malnutrition
                                                          PCHF Moderator
                                                          • Jul 2016
                                                          • 7041
                                                          #15
                                                          Some malicious items have returned with the system restore, I will answer your question about the programs in my next post.

                                                          Rogue Killer Scan.

                                                          Download RogueKiller – (Portable) – from one of the following links and save it to your Desktop:

                                                          Link 1
                                                          Link 2

                                                          [ul]
                                                          [li]Close all other the running programs[/li][li]Disable ALL Antivirus – Antimalware – Applications.[/li][li]Right Click Rogue Killer and Run as Administrator.[/li][li]Click the Start Scan button.[/li][li]Allow the scan to run – it can take ten minutes or more.[/li][li]Once the scan is complete check All items for removal.[/li][li]https://pchelpforum.net/attachments/...5-54-png.1658/ [/li]
                                                          [li]After All items are checked then press Remove Selected.[/li]
                                                          [li]Wait until the Status box shows Deleting Finished.[/li][li]Click on open report – then open txt[/li]
                                                          [li]Copy the content of the report and paste it here in your next reply.[/li][/ul]

                                                          JRT Scan.

                                                          Please download Junkware Removal Tool and save it on your desktop.

                                                          [ul]
                                                          [li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]
                                                          Adware Cleaner Scan.

                                                          Please download AdwCleaner by Xplode onto your desktop.

                                                          [ul]
                                                          [li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]
                                                          Malwarebytes.
                                                          [ul]
                                                          [li]Download MalwareBytes Anti-Malware : https://www.malwarebytes.com/mwb-download/ take the free version ( on the left )[/li][li]Perform the installation[/li][li]Uncheck “Enable Free Trial of Malwarebytes Anti-Malware Premium” if it’s asked[/li][li]Malwarebytes will update, let this update,[/li][li]Click on the “Settings” tab and then on the “Detection and Protection” tab, Check the box “Search for Rootkits”[/li][li]Click on the “Analysis” tab and then on “Start analysis”[/li][li]Once the review is complete, check that all detections are checked and then click [Delete Selection][/li][li]If Malwarebytes asks you to restart your PC, click “Yes”[/li][li]When restarting your PC, restarts Malwarebytes[/li][li]Opens the “History” tab and then “Application logs”[/li][li]Double click on the last Scan Log in date (the one above)[/li][li]At the bottom click [Export] → select “Text file (* .txt)”[/li][li]In the explorer selects the desktop, name it mbam.txt, click [Save][/li][/ul]

                                                            Comment

                                                            Previous 1 2 3 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree