Desktop ethernet connection stopped working overnight... may be an infection

**jmarket** · 06-15-2017, 01:59 AM

Hi Nick1234 and welcome to PCHF Let’s get underway.

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (XP Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

We need you to run ZHPCleaner to get a log, can you please go HERE to download and save it to your desktop. Once downloaded right click the desktop icon https://pchelpforum.net/attachments/zhp1-jpg.554/ and click “Run as administrator” from the menu. Accept the programs terms and conditions, then select “Scanner” from the main interface. It is safe to ignore any security warnings received when installing or running this software.

Forums - PC Help Forum

https://pchelpforum.net/attachments/zhp2-jpg.555/

PCHF Forums

ZHPCleaner may close your browser so do not be concerned. Scanning will begin and on completion may show a dialogue box as shown below, if so simply close it.

Forums - PC Help Forum

https://pchelpforum.net/attachments/zhp10a-jpg.562/

PCHF Forums

The main interface will re-open and this time click “Repair”

Forums - PC Help Forum

https://pchelpforum.net/attachments/zhp14-jpg.602/

PCHF Forums

The main repair options dialogue box will open and any detected infections will be listed under the red tabs and be selected by default. Click “Repair” and ZHPCleaner will place the infections in Quarantine.

Forums - PC Help Forum

https://pchelpforum.net/attachments/zhp13a-jpg.563/

PCHF Forums

If ZHPCleaner asks to reboot please allow it. Upon reboot if necessary, or even if not required there will be log file called ZHPCleaner.txt on your desktop.

Please Copy and Paste the contents of this file in your next post

ZHP Diag Scan

Download ZHP Diag to your desktop.

Right Click Run as Admin.
Click the Options button.

Click on Check All
Then Click Validate
Then click close.

Forums - PC Help Forum

https://pchelpforum.net/attachments/upload_2017-4-26_17-16-39-png.2074

PCHF Forums

2. Click the Scanner button.

Forums - PC Help Forum

https://pchelpforum.net/attachments/upload_2017-2-23_3-32-26-png.1647

PCHF Forums

When complete please push the report button.
A notepad will open… copy and paste the report in your next reply.

I will also tag @Malnutrition to assist you.

**nick1234** · 06-15-2017, 03:06 AM

ZOEK:

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Nick on Wed 06/14/2017 at 22:12:52.30.
Microsoft Windows 10 Pro 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Nick\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

6/14/2017 10:16:27 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\defaultuser0\AppData\LocalLow deleted successfully
C:\Users\defaultuser0\AppData\Local\VirtualStore deleted successfully
C:\Users\Nick\AppData\Local\PeerDistRepub deleted successfully
C:\Users\Nick\AppData\Local\VirtualStore deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Lo cal\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=" MSN "
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=" MSN "
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”=“{012E1000-F331-11DB-8314-0800200C9A66}”

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url=" Google {searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=" Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nick\AppData\Local\Microsoft\Windows\INet Cache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\ Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Nick\AppData\Local\Microsoft\Windows\INet Cache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\ Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=25 folders=29 28110730 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Reset Hosts File ======================

Hosts File Reset Successfully

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Nick\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:$RECYCLE.BIN successfully emptied

==== EOF on Wed 06/14/2017 at 22:57:55.40 ======================

ZHP DIAG:

~ ZHPDiag v2017.6.12.97 By Nicolas Coolman (2017/06/12)
~ Run by Nick (Administrator) (2017/06/14 23:04:10)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: ZHP
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Nick\Desktop\ZHPDiag.txt
~ Report: C:\Users\Nick\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 14393) =>.Microsoft Corporation

—\ Internet Browsers (2) - 0s
~ MSIE: Microsoft Edge v40
~ MSIE: Internet Explorer v11.0.14393.0

—\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK

—\ System protection software (1) - 1s
Windows Defender (Activate) (Protection)

—\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 8330.292 MB (83% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 927 GB (97%) free of 953 GB : OK =>.Disk Space

—\ Connection to the system mode (3) - 0s
~ Computer Name: DESKTOP-SSRSVP2
~ User Name: Nick
~ Logged in as Administrator

—\ Enumeration of the disk units (2) - 0s
~ Drive C: has 927 GB free of 953 GB (System)
~ Drive E: has 7 GB free of 7 GB

—\ State of the Windows Security Center (7) - 0s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

—\ Search Generic System Files (24) - 1s
[MD5.05181A5AC4197D6C5C02ACE6070AF234] - 14/06/2017 - (.Microsoft Corporation - Windows Explorer.) – C:\WINDOWS\Explorer.exe [4673304] =>.Microsoft Windows®
[MD5.C7645D43451C6D94D87F4D07BDE59C89] - 16/07/2016 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\WINDOWS\System32\rundll32.exe [69632] =>.Microsoft Corporation
[MD5.99A19C9A74E2F9820E501DCE77F84F70] - 16/07/2016 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\WINDOWS\System32\Wininit.exe [304240] =>.Microsoft Windows Publisher®
[MD5.6284717704B063B036BE00F2CB512A74] - 14/06/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\WINDOWS\System32\wininet.dll [2630144] =>.Microsoft Corporation
[MD5.770DB86BF679CA34FC927F25FBAA350C] - 14/06/2017 - (.Microsoft Corporation - Windows Logon Application.) – C:\WINDOWS\System32\Winlogon.exe [674304] =>.Microsoft Corporation
[MD5.9600B7F2F89DE60A80D13DE42F672834] - 16/07/2016 - (.Microsoft Corporation - Software Licensing Library.) – C:\WINDOWS\System32\sppcomapi.dll [402432] =>.Microsoft Corporation
[MD5.9BA2C83C355EAC4278F17BEF0852823A] - 14/06/2017 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\System32\dnsapi.dll [646136] =>.Microsoft Windows®
[MD5.6C1D303C703B27FE40D392899BC22E14] - 14/06/2017 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\Syswow64\dnsapi.dll [496872] =>.Microsoft Windows®
[MD5.983266DA83FFF73DBDDD3730A4712228] - 14/06/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\WINDOWS\System32\drivers\AFD.sys [583520] =>.Microsoft Windows®
[MD5.A10F989A812B57B9695F6C305907C9C6] - 16/07/2016 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\WINDOWS\System32\drivers\atapi.sys [28512] =>.Microsoft Windows®
[MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - 16/07/2016 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\WINDOWS\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
[MD5.613D0137C269187FA298A157E3D14A18] - 16/07/2016 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\WINDOWS\System32\drivers\Cdrom.sys [173056] =>.Microsoft Corporation
[MD5.7EAFDEF51136E8F2452CEBD8D084F108] - 14/06/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\WINDOWS\System32\drivers\DfsC.sys [144384] =>.Microsoft Corporation
[MD5.10E3515FE5DBA6656FA62C29342EC4A1] - 16/07/2016 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\WINDOWS\System32\drivers\HDAudBus.sys [83456] =>.Microsoft Corporation
[MD5.B54B30992620C97230013A74461C8517] - 16/07/2016 - (.Microsoft Corporation - i8042 Port Driver.) – C:\WINDOWS\System32\drivers\i8042prt.sys [114176] =>.Microsoft Corporation
[MD5.F1DAECC3B3D6399875D4F10529D6A77C] - 16/07/2016 - (.Microsoft Corporation - IP Network Address Translator.) – C:\WINDOWS\System32\drivers\IpNat.sys [212480] =>.Microsoft Corporation
[MD5.C9BB4E2FCAB693FEB00CF940060D94F4] - 14/06/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\WINDOWS\System32\drivers\MRxSmb.sys [449376] =>.Microsoft Windows®
[MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - 16/07/2016 - (.Microsoft Corporation - MBT Transport driver.) – C:\WINDOWS\System32\drivers\netBT.sys [279040] =>.Microsoft Corporation
[MD5.D1AF837A1555990602A51A3ED238EC80] - 14/06/2017 - (.Microsoft Corporation - NT File System Driver.) – C:\WINDOWS\System32\drivers\ntfs.sys [2257248] =>.Microsoft Windows®
[MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - 16/07/2016 - (.Microsoft Corporation - Parallel Port Driver.) – C:\WINDOWS\System32\drivers\Parport.sys [96768] =>.Microsoft Corporation
[MD5.17E565710172ED71B8531D8822E1C5D1] - 16/07/2016 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\WINDOWS\System32\drivers\Rasl2tp.sys [104960] =>.Microsoft Corporation
[MD5.7135785C21CA79D270D11037C43D3F19] - 16/07/2016 - (.Microsoft Corporation - Microsoft RDP Device redirector.) – C:\WINDOWS\System32\drivers\rdpdr.sys [177152] =>.Microsoft Corporation
[MD5.9D2DD64A0B51C56285512DC9454340F6] - 14/06/2017 - (.Microsoft Corporation - TDI Translation Driver.) – C:\WINDOWS\System32\drivers\tdx.sys [118112] =>.Microsoft Windows®
[MD5.BF2546583BB75F01DDA60A7921DFB230] - 16/07/2016 - (.Microsoft Corporation - Volume Shadow Copy driver.) – C:\WINDOWS\System32\drivers\volsnap.sys [391520] =>.Microsoft Windows®

—\ Non Microsoft non disabled Windows Services (3) - 2s
O23 - Service: AdaptiveSleepService (AdaptiveSleepService) . (…) - C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe =>.ATI
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\WINDOWS\system32\atiesrxx.exe =>.AMD
O23 - Service: DTSAudioSvc (DTSAudioSvc) . (.DTS, Inc - DTS Audio Service.) - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe =>.DTS, Inc.®

—\ Services not Microsoft (SR=Run, SS=Stop) (3) - 15s
SR - Auto [24/06/2016] [ 138752] AdaptiveSleepService (AdaptiveSleepService) . (…) - C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe =>.ATI
SR - Auto [13/09/2016] [ 287232] (AMD External Events Utility) . (.AMD.) - C:\WINDOWS\system32\atiesrxx.exe =>.Microsoft Windows Hardware Compatibility Publisher®
SR - Auto [24/06/2015] [ 249328] DTSAudioSvc (DTSAudioSvc) . (.DTS, Inc.) - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe =>.DTS, Inc.®

—\ Auto loading programs from Registry and folders (9) - 0s
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM..\Run: [WindowsDefender] . (.Microsoft Corporation - Windows Defender notification icon.) – C:\Program Files\Windows Defender\MSASCuiL.exe =>.Microsoft Corporation
O4 - HKLM..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) – C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM..\Run: [RtHDVBg_DTS] . (.Realtek Semiconductor - HD Audio Background Process.) – C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM..\Run: [StartCN] . (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) – C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.®
O4 - HKCU..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-19..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) – C:\Windows\syswow64\OneDriveSetup.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-20..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) – C:\Windows\syswow64\OneDriveSetup.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-21-3720547706-1333832102-3978629174-1001..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®

—\ Process running (8) - 1s
[MD5.00000000000000000000000000000000] - (.AMD - AMD External Events Service Module.) – C:\WINDOWS\system32\atiesrxx.exe [0] [PID.1420] =>.AMD
[MD5.00000000000000000000000000000000] - (.AMD - AMD External Events Client Module.) – C:\WINDOWS\system32\atieclxx.exe [0] [PID.1516] =>.AMD
[MD5.1CFD1A335D08564184F5E406D7E1A2C0] - (.DTS, Inc - DTS Audio Service.) – C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328] [PID.2224] =>.DTS, Inc.®
[MD5.059E8944776CD96C4D48ADECE806D140] - (…) – C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe [138752] [PID.3848] =>.ATI Technologies
[MD5.22EBD5AE3B3220D713E544D1D3AB3FEE] - (.Realtek Semiconductor - Realtek HD Audio Manager.) – C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800] [PID.3284] =>.Realtek Semiconductor Corp®
[MD5.31821EC63BDEDE18E64C11F7248B32AB] - (.Realtek Semiconductor - HD Audio Background Process.) – C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624] [PID.3252] =>.Realtek Semiconductor Corp®
[MD5.6B34B34C61D69D9B7B7A46B364C9FC47] - (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) – C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6613896] [PID.4684] =>.Advanced Micro Devices, Inc.®
[MD5.EA5DD793D0CDAA296F99EB72EA9539C3] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\Nick\Desktop\ZHPDiag3.exe [2742784] [PID.5352] =>.Nicolas Coolman

—\ Internet Explorer Extensions, Start, Search (17) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1

—\ Internet Explorer, Proxy Management (3) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies =>.Microsoft

—\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=

—\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (0)

—\ Global shortcuts Startup (42) - 1s
O4 - GS\Desktop [Administrator]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®
O4 - GS\Desktop [defaultuser0]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [defaultuser0]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\sendTo [defaultuser0]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [defaultuser0]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\Programs [defaultuser0]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
O4 - GS\Programs [defaultuser0]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\Programs [Guest]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Nick]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Nick]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\sendTo [Nick]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Nick]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\Programs [Nick]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
O4 - GS\Programs [Nick]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®

—\ Extra protocols (22) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\syswow64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\syswow64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\syswow64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\syswow64\itss.dll =>.Microsoft Corporation
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\syswow64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\syswow64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\syswow64\tbauth.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\syswow64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\syswow64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\syswow64\mscoree.dll =>.Microsoft Corporation

—\ Software installed (2) - 2s
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM][64Bits] – SynTPDeinstKey =>.Synaptics Incorporated

—\ HKCU & HKLM Software Keys (19) - 2s
HKLM\SOFTWARE\Wow6432Node\ATI =>.ATI
HKLM\SOFTWARE\Wow6432Node\ATI Technologies =>.ATI Technologies
HKLM\SOFTWARE\Wow6432Node\Chicony =>.Chicony
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\SRS Labs =>.SRS Labs
HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\AMD =>.AMD
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\ATI =>.ATI
HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation

—\ Contents of the Common Files folders (90) - 1s
O43 - CFD: 14/06/2017 - D – C:\Program Files\AMD =>.Advanced Micro Devices, Inc.®
O43 - CFD: 14/06/2017 - D – C:\Program Files\ATI Technologies =>.ATI Technologies
O43 - CFD: 14/06/2017 - D – C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Realtek =>.Realtek
O43 - CFD: 14/06/2017 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Synaptics =>.Synaptics
O43 - CFD: 14/06/2017 - [0] HD – C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Defender Advanced Threat Protection =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - SHD – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - HD – C:\Program Files\WindowsApps =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\AMD =>.AMD
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - SHD – C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 14/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings =>.Advanced Micro Devices Inc
O43 - CFD: 14/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - SD – C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\ProgramData\Microsoft OneDrive =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 14/06/2017 - SD – C:\Users\Nick\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\AMD =>.AMD
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Nick\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\Comms =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\ConnectedDevicesPlatfo rm =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Nick\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\Packages =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\Publishers =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Nick\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\TileDataLayer =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 14/06/2017 - RD – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Windows PowerShell =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation

—\ ShellIconOverlayIdentifiers (SIOI) (5) - 0s
O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17. 3.6381.0405\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17. 3.6381.0405\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17. 3.6381.0405\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17. 3.6381.0405\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17. 3.6381.0405\FileSyncShell.dll =>.Microsoft Corporation®

—\ Image File Execution Options (17) - 1s
O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\3] =>.Microsoft Windows®
O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\1118481] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\4294967296] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\32768] =>.Microsoft Windows Publisher®
O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation

—\ System Drivers List (94) - 8s
O58 - SDL:2016/07/16 07:41:53 A . (.LSI - LSI 3ware SCSI Storport Driver.) – C:\WINDOWS\System32\drivers\3ware.sys [107360] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) – C:\WINDOWS\System32\drivers\adp80xx.sys [1135456] =>.Microsoft Windows®
O58 - SDL:2016/03/21 10:37:24 A . (.Advanced Micro Devices, Inc. - AMD Audio Bus Lower Filter.) – C:\WINDOWS\System32\drivers\amdkmafd.sys [23240] =>.Advanced Micro Devices, Inc.®
O58 - SDL:2016/07/16 07:41:53 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) – C:\WINDOWS\System32\drivers\amdsata.sys [83296] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\WINDOWS\System32\drivers\amdsbs.sys [259424] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\WINDOWS\System32\drivers\amdxata.sys [26976] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\WINDOWS\System32\drivers\arcsas.sys [131936] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:50 A . (.Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN de.) – C:\WINDOWS\System32\drivers\athw8x.sys [4233728] =>.Qualcomm Atheros Communications, Inc.
O58 - SDL:2016/04/26 06:26:52 A . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) – C:\WINDOWS\System32\drivers\AtihdWT6.sys [110096] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2016/09/13 22:08:14 A . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) – C:\WINDOWS\System32\drivers\atikmdag.sys [26706432] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2016/09/13 22:08:12 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) – C:\WINDOWS\System32\drivers\atikmpag.sys [518656] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2016/07/16 07:41:53 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) – C:\WINDOWS\System32\drivers\bcmfn.sys [9728] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2016/07/16 07:41:53 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) – C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2016/07/16 07:41:52 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) – C:\WINDOWS\System32\drivers\bxvbda.sys [533856] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) – C:\WINDOWS\System32\drivers\cht4dx64.sys [102752] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) – C:\WINDOWS\System32\drivers\cht4sx64.sys [346976] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) – C:\WINDOWS\System32\drivers\cht4vx64.sys [2104160] =>.Microsoft Windows®
O58 - SDL:2013/08/21 06:09:38 A . (.Intel Corporation - Intel(R) Gigabit Adapter NDIS 6.x driver.) – C:\WINDOWS\System32\drivers\e1c64x64.sys [468240] =>.Intel Corporation®
O58 - SDL:2016/07/16 07:41:54 A . (.Intel Corporation - Intel(R) Gigabit Adapter NDIS 6.x driver.) – C:\WINDOWS\System32\drivers\e1i63x64.sys [524800] =>.Intel Corporation
O58 - SDL:2016/07/16 07:41:52 A . (.QLogic Corporation - QLogic 10 GigE VBD.) – C:\WINDOWS\System32\drivers\evbda.sys [3418976] =>.Microsoft Windows®
O58 - SDL:2012/07/17 18:12:08 A . (.Intel Corporation - Intel(R) Management Engine Interface.) – C:\WINDOWS\System32\drivers\HECIx64.sys [62784] =>.Intel Corporation®
O58 - SDL:2016/07/16 07:41:53 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\WINDOWS\System32\drivers\HpSAMD.sys [64352] =>.Microsoft Windows®
O58 - SDL:2009/08/15 00:58:04 A . (.Windows (R) Codename Longhorn DDK provider - Example Keyboard Filter Driver.) – C:\WINDOWS\System32\drivers\i8042HDR.sys [15920] =>.Chicony Electronics Co., Ltd.®
O58 - SDL:2016/07/16 07:41:54 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iagpio.sys [33280] =>.Intel(R) Corporation
O58 - SDL:2016/07/16 07:41:54 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) – C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R) Corporation
O58 - SDL:2016/07/16 07:41:54 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [64512] =>.Intel Corporation
O58 - SDL:2016/07/16 07:41:54 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [176384] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O58 - SDL:2016/07/16 07:41:52 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
O58 - SDL:2016/07/16 07:41:50 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
O58 - SDL:2016/07/16 07:41:53 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) – C:\WINDOWS\System32\drivers\iaStorAV.sys [673120] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) – C:\WINDOWS\System32\drivers\iaStorV.sys [412000] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - InfiniBand Fabric Bus Driver.) – C:\WINDOWS\System32\drivers\ibbus.sys [526176] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas.sys [108896] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas2i.sys [105824] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas3i.sys [101216] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sss.sys [82776] =>.Microsoft Windows®
O58 - SDL:2012/10/26 16:42:22 A . (.Logitech Inc. - Logitech USB Video Class Filter Driver.) – C:\WINDOWS\System32\drivers\lvbflt64.sys [26784] =>.Logitech, Inc.®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\megasas.sys [59744] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\WINDOWS\System32\drivers\megasr.sys [575840] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - MLX4 Bus Driver.) – C:\WINDOWS\System32\drivers\mlx4_bus.sys [842584] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) – C:\WINDOWS\System32\drivers\mvumis.sys [63840] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - NetworkDirect Support Filter Driver.) – C:\WINDOWS\System32\drivers\ndfltr.sys [108896] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:42:03 A . (.Authors - .) – C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624] =>.Microsoft Corporation
O58 - SDL:2016/07/16 07:41:53 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\WINDOWS\System32\drivers\nvraid.sys [150368] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\WINDOWS\System32\drivers\nvstor.sys [166240] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas2i.sys [58720] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas3i.sys [61792] =>.Microsoft Windows®
O58 - SDL:2015/06/24 22:57:00 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) – C:\WINDOWS\System32\drivers\RTKVHD64.sys [4504320] =>.Realtek Semiconductor Corp®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer RzBTEndPt.) – C:\WINDOWS\System32\drivers\rzbtendpt.sys [51912] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer RzEndPt.) – C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer RzEndPt.) – C:\WINDOWS\System32\drivers\rzendpt.sys [50392] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer Inc. External Display Driver.) – C:\WINDOWS\System32\drivers\rzhnet.sys [29912] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer JoyStick Device.) – C:\WINDOWS\System32\drivers\rzjstk.sys [36568] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer RzEndPt.) – C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [46280] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer RzMPos.) – C:\WINDOWS\System32\drivers\rzmpos.sys [48840] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer RzEndPt.) – C:\WINDOWS\System32\drivers\rzp1endpt.sys [52424] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer Rzudd Engine.) – C:\WINDOWS\System32\drivers\rzudd.sys [202952] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer Keyboard Device.) – C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer Mouse Device.) – C:\WINDOWS\System32\drivers\rzvmouse.sys [42712] =>.Razer Inc.®
O58 - SDL:2016/07/16 07:41:53 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid2.sys [44896] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid4.sys [81760] =>.Microsoft Windows®
O58 - SDL:1999/12/31 20:00:00 A . (.Synaptics Incorporated - Synaptics SMBus Driver.) – C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [33960] =>.Synaptics Incorporated®
O58 - SDL:2016/01/08 04:51:46 A . (.MCCI Corporation - SAMSUNG Android USB Composite Device Driver.) – C:\WINDOWS\System32\drivers\ssadbus.sys [169288] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:46 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\ssadcm.sys [17224] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:46 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\ssadcmnt.sys [17224] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:46 A . (.MCCI Corporation - SAMSUNG Android USB Diagnostic Serial Port.) – C:\WINDOWS\System32\drivers\ssadserd.sys [158024] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:46 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\ssadwh.sys [17736] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:46 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\ssadwhnt.sys [17736] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:52 A . (.MCCI Corporation - SAMSUNG USB Composite Device Driver.) – C:\WINDOWS\System32\drivers\sscdbus.sys [169288] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:52 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscdcm.sys [17224] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:52 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscdcmnt.sys [17224] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:52 A . (.MCCI Corporation - SAMSUNG Mobile Modem Diagnostic Serial Port.) – C:\WINDOWS\System32\drivers\sscdserd.sys [158024] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:52 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscdwh.sys [17736] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:52 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscdwhnt.sys [17736] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:54 A . (.MCCI Corporation - SAMSUNG USB Composite Device V2 Driver.) – C:\WINDOWS\System32\drivers\sscebus.sys [169288] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:54 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscecm.sys [17224] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:54 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscecmnt.sys [17224] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:54 A . (.MCCI Corporation - SAMSUNG Mobile Modem Diagnostic Serial Port.) – C:\WINDOWS\System32\drivers\ssceserd.sys [158024] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:54 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscewh.sys [17736] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:54 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscewhnt.sys [17736] =>.MCCI Corporation®
O58 - SDL:2016/04/25 00:35:52 A . (.Samsung Electronics Co., Ltd. - SAMSUNG USB Composite Device Driver (MSS Ve.) – C:\WINDOWS\System32\drivers\ssudbus.sys [129152] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/01/08 04:51:54 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile DevMgr Device Driver (MS.) – C:\WINDOWS\System32\drivers\ssuddmgr.sys [213088] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/01/08 04:51:54 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile OBEX Device Driver (MSS.) – C:\WINDOWS\System32\drivers\ssudobex.sys [213088] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/04/25 00:36:00 A . (.QUALCOMM Incorporated - Filter Driver for the Qualcomm USB Driver S.) – C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/01/08 04:51:54 A . (.DEVGURU Co., LTD. - USB Rmnet Device Driver.) – C:\WINDOWS\System32\drivers\ssudrmnet.sys [77408] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/01/08 04:51:54 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (M.) – C:\WINDOWS\System32\drivers\ssudserd.sys [213088] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/01/08 04:51:54 A . (.DEVGURU Co., LTD. - MSS CS Connectivity USB driver.) – C:\WINDOWS\System32\drivers\ss_conn_usb_driver.sys [33376] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/07/16 07:41:53 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) – C:\WINDOWS\System32\drivers\stexstor.sys [31072] =>.Microsoft Windows®
O58 - SDL:2015/08/13 11:36:50 A . (.Synaptics Incorporated - Synaptics Touchpad Win64 Driver.) – C:\WINDOWS\System32\drivers\SynTP.sys [615632] =>.Synaptics Incorporated®
O58 - SDL:2016/01/19 18:40:20 A . (.Oracle Corporation - VirtualBox USB Driver.) – C:\WINDOWS\System32\drivers\VBoxUSB.sys [125008] =>.Oracle Corporation®
O58 - SDL:2016/07/16 07:41:53 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\WINDOWS\System32\drivers\vsmraid.sys [166752] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) – C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305504] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - Kernel WinMad.) – C:\WINDOWS\System32\drivers\winmad.sys [32096] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - Kernel WinVerbs.) – C:\WINDOWS\System32\drivers\winverbs.sys [64864] =>.Microsoft Windows®

—\ Last modified or created user files (1) - 1s
O61 - LFC: 2017/06/14 22:09:58 A . (..) – C:\Users\Nick\Desktop\zoek.exe [1309184]

—\ File Associations Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S

—\ Start Menu Internet (4) - 0s
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

—\ Search Browser Infection (3) - 0s
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com

—\ Search Svchost Services (46) - 1s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [193536] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [193536] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\WINDOWS\system32\srvsvc.dll [305152] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\WINDOWS\System32\gpsvc.dll [1225728] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\WINDOWS\System32\ikeext.dll [932352] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) – C:\Windows\System32\appmgmts.dll [197632] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\WINDOWS\System32\iphlpsvc.dll [945664] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\WINDOWS\system32\seclogon.dll [31232] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\WINDOWS\System32\appinfo.dll [125952] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\WINDOWS\system32\iscsiexe.dll [151552] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\WINDOWS\System32\eapsvc.dll [112128] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\WINDOWS\system32\schedsvc.dll [948224] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\WINDOWS\system32\wbem\WMIsvc.dll [222720] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\WINDOWS\System32\browser.dll [134656] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\WINDOWS\system32\profsvc.dll [358400] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [386560] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\WINDOWS\System32\wercplsupport.dll [94208] =>.Microsoft Corporation
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) – C:\WINDOWS\system32\Windows.SharedPC.AccountManage r.dll [161792] =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) – C:\WINDOWS\System32\XblGameSave.dll [1159680] =>.Microsoft Corporation
O83 - Search Svchost Services: DcpSvc (DcpSvc) . (.Microsoft Corporation - dcpsvc Task.) – C:\WINDOWS\system32\dcpsvc.dll [183808] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) – C:\WINDOWS\system32\wlidsvc.dll [2104832] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) – C:\WINDOWS\System32\ncasvc.dll [167936] =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) – C:\WINDOWS\System32\NetSetupSvc.dll [265216] =>.Microsoft Corporation
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) – C:\WINDOWS\system32\WpnService.dll [234496] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\WINDOWS\System32\bdesvc.dll [354304] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) – C:\WINDOWS\system32\XboxNetApiSvc.dll [1025536] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) – C:\WINDOWS\system32\usocore.dll [539136] =>.Microsoft Corporation
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) – C:\WINDOWS\system32\flightsettings.dll [614912] =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) – C:\WINDOWS\system32\dmwappushsvc.dll [57344] =>.Microsoft Corporation
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) – C:\WINDOWS\System32\irmon.dll [25088] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\WINDOWS\System32\rasauto.dll [105472] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\WINDOWS\System32\rasmans.dll [647680] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [495104] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\WINDOWS\System32\sens.dll [70656] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\WINDOWS\System32\ipnathlp.dll [541696] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [309248] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\WINDOWS\system32\wuaueng.dll [2314752] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\WINDOWS\System32\qmgr.dll [1052672] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [617472] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\WINDOWS\system32\themeservice.dll [70656] =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) – C:\Windows\System32\Windows.Internal.Management.dl l [407552] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) – C:\WINDOWS\System32\lfsvc.dll [37376] =>.Microsoft Corporation
O83 - Search Svchost Services: RetailDemo (RetailDemo) . (.Microsoft Corporation - RDXService.) – C:\WINDOWS\system32\RDXService.dll [650752] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) – C:\WINDOWS\System32\XblAuthManager.dll [1012224] =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) – C:\WINDOWS\System32\usermgr.dll [1020928] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) – C:\WINDOWS\System32\DeviceSetupManager.dll [197632] =>.Microsoft Corporation

—\ Additional Scan (O88) (1) - 0s
~ No malicious or unnecessary items found.

—\ Summary of the elements found (1) - 0s
~ No malicious or unnecessary items found.

~ Unselected Options:
~ End of the scan, 9841 items in 00mn56s (529)(0)

ZHP CLEANER:

~ ZHPDiag v2017.6.12.97 By Nicolas Coolman (2017/06/12)
~ Run by Nick (Administrator) (2017/06/14 23:04:10)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: ZHP
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Nick\Desktop\ZHPDiag.txt
~ Report: C:\Users\Nick\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 14393) =>.Microsoft Corporation

—\ Internet Browsers (2) - 0s
~ MSIE: Microsoft Edge v40
~ MSIE: Internet Explorer v11.0.14393.0

—\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK

—\ System protection software (1) - 1s
Windows Defender (Activate) (Protection)

—\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 8330.292 MB (83% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 927 GB (97%) free of 953 GB : OK =>.Disk Space

—\ Connection to the system mode (3) - 0s
~ Computer Name: DESKTOP-SSRSVP2
~ User Name: Nick
~ Logged in as Administrator

—\ Enumeration of the disk units (2) - 0s
~ Drive C: has 927 GB free of 953 GB (System)
~ Drive E: has 7 GB free of 7 GB

—\ State of the Windows Security Center (7) - 0s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

—\ Search Generic System Files (24) - 1s
[MD5.05181A5AC4197D6C5C02ACE6070AF234] - 14/06/2017 - (.Microsoft Corporation - Windows Explorer.) – C:\WINDOWS\Explorer.exe [4673304] =>.Microsoft Windows®
[MD5.C7645D43451C6D94D87F4D07BDE59C89] - 16/07/2016 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\WINDOWS\System32\rundll32.exe [69632] =>.Microsoft Corporation
[MD5.99A19C9A74E2F9820E501DCE77F84F70] - 16/07/2016 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\WINDOWS\System32\Wininit.exe [304240] =>.Microsoft Windows Publisher®
[MD5.6284717704B063B036BE00F2CB512A74] - 14/06/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\WINDOWS\System32\wininet.dll [2630144] =>.Microsoft Corporation
[MD5.770DB86BF679CA34FC927F25FBAA350C] - 14/06/2017 - (.Microsoft Corporation - Windows Logon Application.) – C:\WINDOWS\System32\Winlogon.exe [674304] =>.Microsoft Corporation
[MD5.9600B7F2F89DE60A80D13DE42F672834] - 16/07/2016 - (.Microsoft Corporation - Software Licensing Library.) – C:\WINDOWS\System32\sppcomapi.dll [402432] =>.Microsoft Corporation
[MD5.9BA2C83C355EAC4278F17BEF0852823A] - 14/06/2017 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\System32\dnsapi.dll [646136] =>.Microsoft Windows®
[MD5.6C1D303C703B27FE40D392899BC22E14] - 14/06/2017 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\Syswow64\dnsapi.dll [496872] =>.Microsoft Windows®
[MD5.983266DA83FFF73DBDDD3730A4712228] - 14/06/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\WINDOWS\System32\drivers\AFD.sys [583520] =>.Microsoft Windows®
[MD5.A10F989A812B57B9695F6C305907C9C6] - 16/07/2016 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\WINDOWS\System32\drivers\atapi.sys [28512] =>.Microsoft Windows®
[MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - 16/07/2016 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\WINDOWS\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
[MD5.613D0137C269187FA298A157E3D14A18] - 16/07/2016 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\WINDOWS\System32\drivers\Cdrom.sys [173056] =>.Microsoft Corporation
[MD5.7EAFDEF51136E8F2452CEBD8D084F108] - 14/06/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\WINDOWS\System32\drivers\DfsC.sys [144384] =>.Microsoft Corporation
[MD5.10E3515FE5DBA6656FA62C29342EC4A1] - 16/07/2016 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\WINDOWS\System32\drivers\HDAudBus.sys [83456] =>.Microsoft Corporation
[MD5.B54B30992620C97230013A74461C8517] - 16/07/2016 - (.Microsoft Corporation - i8042 Port Driver.) – C:\WINDOWS\System32\drivers\i8042prt.sys [114176] =>.Microsoft Corporation
[MD5.F1DAECC3B3D6399875D4F10529D6A77C] - 16/07/2016 - (.Microsoft Corporation - IP Network Address Translator.) – C:\WINDOWS\System32\drivers\IpNat.sys [212480] =>.Microsoft Corporation
[MD5.C9BB4E2FCAB693FEB00CF940060D94F4] - 14/06/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\WINDOWS\System32\drivers\MRxSmb.sys [449376] =>.Microsoft Windows®
[MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - 16/07/2016 - (.Microsoft Corporation - MBT Transport driver.) – C:\WINDOWS\System32\drivers\netBT.sys [279040] =>.Microsoft Corporation
[MD5.D1AF837A1555990602A51A3ED238EC80] - 14/06/2017 - (.Microsoft Corporation - NT File System Driver.) – C:\WINDOWS\System32\drivers\ntfs.sys [2257248] =>.Microsoft Windows®
[MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - 16/07/2016 - (.Microsoft Corporation - Parallel Port Driver.) – C:\WINDOWS\System32\drivers\Parport.sys [96768] =>.Microsoft Corporation
[MD5.17E565710172ED71B8531D8822E1C5D1] - 16/07/2016 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\WINDOWS\System32\drivers\Rasl2tp.sys [104960] =>.Microsoft Corporation
[MD5.7135785C21CA79D270D11037C43D3F19] - 16/07/2016 - (.Microsoft Corporation - Microsoft RDP Device redirector.) – C:\WINDOWS\System32\drivers\rdpdr.sys [177152] =>.Microsoft Corporation
[MD5.9D2DD64A0B51C56285512DC9454340F6] - 14/06/2017 - (.Microsoft Corporation - TDI Translation Driver.) – C:\WINDOWS\System32\drivers\tdx.sys [118112] =>.Microsoft Windows®
[MD5.BF2546583BB75F01DDA60A7921DFB230] - 16/07/2016 - (.Microsoft Corporation - Volume Shadow Copy driver.) – C:\WINDOWS\System32\drivers\volsnap.sys [391520] =>.Microsoft Windows®

—\ Non Microsoft non disabled Windows Services (3) - 2s
O23 - Service: AdaptiveSleepService (AdaptiveSleepService) . (…) - C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe =>.ATI
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\WINDOWS\system32\atiesrxx.exe =>.AMD
O23 - Service: DTSAudioSvc (DTSAudioSvc) . (.DTS, Inc - DTS Audio Service.) - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe =>.DTS, Inc.®

—\ Services not Microsoft (SR=Run, SS=Stop) (3) - 15s
SR - Auto [24/06/2016] [ 138752] AdaptiveSleepService (AdaptiveSleepService) . (…) - C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe =>.ATI
SR - Auto [13/09/2016] [ 287232] (AMD External Events Utility) . (.AMD.) - C:\WINDOWS\system32\atiesrxx.exe =>.Microsoft Windows Hardware Compatibility Publisher®
SR - Auto [24/06/2015] [ 249328] DTSAudioSvc (DTSAudioSvc) . (.DTS, Inc.) - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe =>.DTS, Inc.®

—\ Auto loading programs from Registry and folders (9) - 0s
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM..\Run: [WindowsDefender] . (.Microsoft Corporation - Windows Defender notification icon.) – C:\Program Files\Windows Defender\MSASCuiL.exe =>.Microsoft Corporation
O4 - HKLM..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) – C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM..\Run: [RtHDVBg_DTS] . (.Realtek Semiconductor - HD Audio Background Process.) – C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM..\Run: [StartCN] . (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) – C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.®
O4 - HKCU..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-19..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) – C:\Windows\syswow64\OneDriveSetup.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-20..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) – C:\Windows\syswow64\OneDriveSetup.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-21-3720547706-1333832102-3978629174-1001..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®

—\ Process running (8) - 1s
[MD5.00000000000000000000000000000000] - (.AMD - AMD External Events Service Module.) – C:\WINDOWS\system32\atiesrxx.exe [0] [PID.1420] =>.AMD
[MD5.00000000000000000000000000000000] - (.AMD - AMD External Events Client Module.) – C:\WINDOWS\system32\atieclxx.exe [0] [PID.1516] =>.AMD
[MD5.1CFD1A335D08564184F5E406D7E1A2C0] - (.DTS, Inc - DTS Audio Service.) – C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328] [PID.2224] =>.DTS, Inc.®
[MD5.059E8944776CD96C4D48ADECE806D140] - (…) – C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe [138752] [PID.3848] =>.ATI Technologies
[MD5.22EBD5AE3B3220D713E544D1D3AB3FEE] - (.Realtek Semiconductor - Realtek HD Audio Manager.) – C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800] [PID.3284] =>.Realtek Semiconductor Corp®
[MD5.31821EC63BDEDE18E64C11F7248B32AB] - (.Realtek Semiconductor - HD Audio Background Process.) – C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624] [PID.3252] =>.Realtek Semiconductor Corp®
[MD5.6B34B34C61D69D9B7B7A46B364C9FC47] - (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) – C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6613896] [PID.4684] =>.Advanced Micro Devices, Inc.®
[MD5.EA5DD793D0CDAA296F99EB72EA9539C3] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\Nick\Desktop\ZHPDiag3.exe [2742784] [PID.5352] =>.Nicolas Coolman

—\ Internet Explorer Extensions, Start, Search (17) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1

—\ Internet Explorer, Proxy Management (3) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies =>.Microsoft

—\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=

—\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (0)

—\ Global shortcuts Startup (42) - 1s
O4 - GS\Desktop [Administrator]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®
O4 - GS\Desktop [defaultuser0]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [defaultuser0]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\sendTo [defaultuser0]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [defaultuser0]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\Programs [defaultuser0]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
O4 - GS\Programs [defaultuser0]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\Programs [Guest]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Nick]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Nick]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Nick\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\sendTo [Nick]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Nick]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\Programs [Nick]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
O4 - GS\Programs [Nick]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: AMD Radeon Settings.lnk . (.Advanced Micro Devices, Inc. - .) C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe =>.Advanced Micro Devices, Inc.
O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Nick\AppData\Local\Microsoft\OneDrive\One Drive.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®

—\ Extra protocols (22) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\syswow64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\syswow64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\syswow64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\syswow64\itss.dll =>.Microsoft Corporation
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\syswow64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\syswow64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\syswow64\tbauth.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\syswow64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\syswow64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\syswow64\mscoree.dll =>.Microsoft Corporation

—\ Software installed (2) - 2s
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM][64Bits] – SynTPDeinstKey =>.Synaptics Incorporated

—\ HKCU & HKLM Software Keys (19) - 2s
HKLM\SOFTWARE\Wow6432Node\ATI =>.ATI
HKLM\SOFTWARE\Wow6432Node\ATI Technologies =>.ATI Technologies
HKLM\SOFTWARE\Wow6432Node\Chicony =>.Chicony
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\SRS Labs =>.SRS Labs
HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\AMD =>.AMD
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\ATI =>.ATI
HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation

—\ Contents of the Common Files folders (90) - 1s
O43 - CFD: 14/06/2017 - D – C:\Program Files\AMD =>.Advanced Micro Devices, Inc.®
O43 - CFD: 14/06/2017 - D – C:\Program Files\ATI Technologies =>.ATI Technologies
O43 - CFD: 14/06/2017 - D – C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Realtek =>.Realtek
O43 - CFD: 14/06/2017 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Synaptics =>.Synaptics
O43 - CFD: 14/06/2017 - [0] HD – C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Defender Advanced Threat Protection =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - SHD – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - HD – C:\Program Files\WindowsApps =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\AMD =>.AMD
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - SHD – C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 14/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings =>.Advanced Micro Devices Inc
O43 - CFD: 14/06/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - SD – C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\ProgramData\Microsoft OneDrive =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 14/06/2017 - SD – C:\Users\Nick\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\AMD =>.AMD
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Nick\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\Comms =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\ConnectedDevicesPlatfo rm =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Nick\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\Packages =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\Publishers =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Nick\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\TileDataLayer =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 14/06/2017 - RD – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 14/06/2017 - D – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - RD – C:\Users\Nick\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Windows PowerShell =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/06/2017 - D – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation

—\ ShellIconOverlayIdentifiers (SIOI) (5) - 0s
O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17. 3.6381.0405\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17. 3.6381.0405\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17. 3.6381.0405\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17. 3.6381.0405\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17. 3.6381.0405\FileSyncShell.dll =>.Microsoft Corporation®

—\ Image File Execution Options (17) - 1s
O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\3] =>.Microsoft Windows®
O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\1118481] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\4294967296] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\32768] =>.Microsoft Windows Publisher®
O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\3] =>.Microsoft Corporation

—\ System Drivers List (94) - 8s
O58 - SDL:2016/07/16 07:41:53 A . (.LSI - LSI 3ware SCSI Storport Driver.) – C:\WINDOWS\System32\drivers\3ware.sys [107360] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) – C:\WINDOWS\System32\drivers\adp80xx.sys [1135456] =>.Microsoft Windows®
O58 - SDL:2016/03/21 10:37:24 A . (.Advanced Micro Devices, Inc. - AMD Audio Bus Lower Filter.) – C:\WINDOWS\System32\drivers\amdkmafd.sys [23240] =>.Advanced Micro Devices, Inc.®
O58 - SDL:2016/07/16 07:41:53 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) – C:\WINDOWS\System32\drivers\amdsata.sys [83296] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\WINDOWS\System32\drivers\amdsbs.sys [259424] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\WINDOWS\System32\drivers\amdxata.sys [26976] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\WINDOWS\System32\drivers\arcsas.sys [131936] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:50 A . (.Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN de.) – C:\WINDOWS\System32\drivers\athw8x.sys [4233728] =>.Qualcomm Atheros Communications, Inc.
O58 - SDL:2016/04/26 06:26:52 A . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) – C:\WINDOWS\System32\drivers\AtihdWT6.sys [110096] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2016/09/13 22:08:14 A . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) – C:\WINDOWS\System32\drivers\atikmdag.sys [26706432] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2016/09/13 22:08:12 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) – C:\WINDOWS\System32\drivers\atikmpag.sys [518656] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2016/07/16 07:41:53 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) – C:\WINDOWS\System32\drivers\bcmfn.sys [9728] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2016/07/16 07:41:53 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) – C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2016/07/16 07:41:52 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) – C:\WINDOWS\System32\drivers\bxvbda.sys [533856] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) – C:\WINDOWS\System32\drivers\cht4dx64.sys [102752] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) – C:\WINDOWS\System32\drivers\cht4sx64.sys [346976] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) – C:\WINDOWS\System32\drivers\cht4vx64.sys [2104160] =>.Microsoft Windows®
O58 - SDL:2013/08/21 06:09:38 A . (.Intel Corporation - Intel(R) Gigabit Adapter NDIS 6.x driver.) – C:\WINDOWS\System32\drivers\e1c64x64.sys [468240] =>.Intel Corporation®
O58 - SDL:2016/07/16 07:41:54 A . (.Intel Corporation - Intel(R) Gigabit Adapter NDIS 6.x driver.) – C:\WINDOWS\System32\drivers\e1i63x64.sys [524800] =>.Intel Corporation
O58 - SDL:2016/07/16 07:41:52 A . (.QLogic Corporation - QLogic 10 GigE VBD.) – C:\WINDOWS\System32\drivers\evbda.sys [3418976] =>.Microsoft Windows®
O58 - SDL:2012/07/17 18:12:08 A . (.Intel Corporation - Intel(R) Management Engine Interface.) – C:\WINDOWS\System32\drivers\HECIx64.sys [62784] =>.Intel Corporation®
O58 - SDL:2016/07/16 07:41:53 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\WINDOWS\System32\drivers\HpSAMD.sys [64352] =>.Microsoft Windows®
O58 - SDL:2009/08/15 00:58:04 A . (.Windows (R) Codename Longhorn DDK provider - Example Keyboard Filter Driver.) – C:\WINDOWS\System32\drivers\i8042HDR.sys [15920] =>.Chicony Electronics Co., Ltd.®
O58 - SDL:2016/07/16 07:41:54 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iagpio.sys [33280] =>.Intel(R) Corporation
O58 - SDL:2016/07/16 07:41:54 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) – C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R) Corporation
O58 - SDL:2016/07/16 07:41:54 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [64512] =>.Intel Corporation
O58 - SDL:2016/07/16 07:41:54 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [176384] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O58 - SDL:2016/07/16 07:41:52 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
O58 - SDL:2016/07/16 07:41:50 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
O58 - SDL:2016/07/16 07:41:53 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) – C:\WINDOWS\System32\drivers\iaStorAV.sys [673120] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) – C:\WINDOWS\System32\drivers\iaStorV.sys [412000] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - InfiniBand Fabric Bus Driver.) – C:\WINDOWS\System32\drivers\ibbus.sys [526176] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas.sys [108896] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas2i.sys [105824] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas3i.sys [101216] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sss.sys [82776] =>.Microsoft Windows®
O58 - SDL:2012/10/26 16:42:22 A . (.Logitech Inc. - Logitech USB Video Class Filter Driver.) – C:\WINDOWS\System32\drivers\lvbflt64.sys [26784] =>.Logitech, Inc.®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\megasas.sys [59744] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\WINDOWS\System32\drivers\megasr.sys [575840] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - MLX4 Bus Driver.) – C:\WINDOWS\System32\drivers\mlx4_bus.sys [842584] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) – C:\WINDOWS\System32\drivers\mvumis.sys [63840] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - NetworkDirect Support Filter Driver.) – C:\WINDOWS\System32\drivers\ndfltr.sys [108896] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:42:03 A . (.Authors - .) – C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624] =>.Microsoft Corporation
O58 - SDL:2016/07/16 07:41:53 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\WINDOWS\System32\drivers\nvraid.sys [150368] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\WINDOWS\System32\drivers\nvstor.sys [166240] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas2i.sys [58720] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas3i.sys [61792] =>.Microsoft Windows®
O58 - SDL:2015/06/24 22:57:00 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) – C:\WINDOWS\System32\drivers\RTKVHD64.sys [4504320] =>.Realtek Semiconductor Corp®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer RzBTEndPt.) – C:\WINDOWS\System32\drivers\rzbtendpt.sys [51912] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer RzEndPt.) – C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer RzEndPt.) – C:\WINDOWS\System32\drivers\rzendpt.sys [50392] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer Inc. External Display Driver.) – C:\WINDOWS\System32\drivers\rzhnet.sys [29912] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer JoyStick Device.) – C:\WINDOWS\System32\drivers\rzjstk.sys [36568] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer RzEndPt.) – C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [46280] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer RzMPos.) – C:\WINDOWS\System32\drivers\rzmpos.sys [48840] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer RzEndPt.) – C:\WINDOWS\System32\drivers\rzp1endpt.sys [52424] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer Rzudd Engine.) – C:\WINDOWS\System32\drivers\rzudd.sys [202952] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer Keyboard Device.) – C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232] =>.Razer Inc.®
O58 - SDL:2015/08/13 11:36:50 A . (.Razer Inc - Razer Mouse Device.) – C:\WINDOWS\System32\drivers\rzvmouse.sys [42712] =>.Razer Inc.®
O58 - SDL:2016/07/16 07:41:53 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid2.sys [44896] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid4.sys [81760] =>.Microsoft Windows®
O58 - SDL:1999/12/31 20:00:00 A . (.Synaptics Incorporated - Synaptics SMBus Driver.) – C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [33960] =>.Synaptics Incorporated®
O58 - SDL:2016/01/08 04:51:46 A . (.MCCI Corporation - SAMSUNG Android USB Composite Device Driver.) – C:\WINDOWS\System32\drivers\ssadbus.sys [169288] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:46 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\ssadcm.sys [17224] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:46 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\ssadcmnt.sys [17224] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:46 A . (.MCCI Corporation - SAMSUNG Android USB Diagnostic Serial Port.) – C:\WINDOWS\System32\drivers\ssadserd.sys [158024] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:46 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\ssadwh.sys [17736] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:46 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\ssadwhnt.sys [17736] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:52 A . (.MCCI Corporation - SAMSUNG USB Composite Device Driver.) – C:\WINDOWS\System32\drivers\sscdbus.sys [169288] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:52 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscdcm.sys [17224] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:52 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscdcmnt.sys [17224] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:52 A . (.MCCI Corporation - SAMSUNG Mobile Modem Diagnostic Serial Port.) – C:\WINDOWS\System32\drivers\sscdserd.sys [158024] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:52 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscdwh.sys [17736] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:52 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscdwhnt.sys [17736] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:54 A . (.MCCI Corporation - SAMSUNG USB Composite Device V2 Driver.) – C:\WINDOWS\System32\drivers\sscebus.sys [169288] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:54 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscecm.sys [17224] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:54 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscecmnt.sys [17224] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:54 A . (.MCCI Corporation - SAMSUNG Mobile Modem Diagnostic Serial Port.) – C:\WINDOWS\System32\drivers\ssceserd.sys [158024] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:54 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscewh.sys [17736] =>.MCCI Corporation®
O58 - SDL:2016/01/08 04:51:54 A . (.MCCI Corporation - Windows 2000/XP support functions.) – C:\WINDOWS\System32\drivers\sscewhnt.sys [17736] =>.MCCI Corporation®
O58 - SDL:2016/04/25 00:35:52 A . (.Samsung Electronics Co., Ltd. - SAMSUNG USB Composite Device Driver (MSS Ve.) – C:\WINDOWS\System32\drivers\ssudbus.sys [129152] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/01/08 04:51:54 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile DevMgr Device Driver (MS.) – C:\WINDOWS\System32\drivers\ssuddmgr.sys [213088] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/01/08 04:51:54 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile OBEX Device Driver (MSS.) – C:\WINDOWS\System32\drivers\ssudobex.sys [213088] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/04/25 00:36:00 A . (.QUALCOMM Incorporated - Filter Driver for the Qualcomm USB Driver S.) – C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/01/08 04:51:54 A . (.DEVGURU Co., LTD. - USB Rmnet Device Driver.) – C:\WINDOWS\System32\drivers\ssudrmnet.sys [77408] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/01/08 04:51:54 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (M.) – C:\WINDOWS\System32\drivers\ssudserd.sys [213088] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/01/08 04:51:54 A . (.DEVGURU Co., LTD. - MSS CS Connectivity USB driver.) – C:\WINDOWS\System32\drivers\ss_conn_usb_driver.sys [33376] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/07/16 07:41:53 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) – C:\WINDOWS\System32\drivers\stexstor.sys [31072] =>.Microsoft Windows®
O58 - SDL:2015/08/13 11:36:50 A . (.Synaptics Incorporated - Synaptics Touchpad Win64 Driver.) – C:\WINDOWS\System32\drivers\SynTP.sys [615632] =>.Synaptics Incorporated®
O58 - SDL:2016/01/19 18:40:20 A . (.Oracle Corporation - VirtualBox USB Driver.) – C:\WINDOWS\System32\drivers\VBoxUSB.sys [125008] =>.Oracle Corporation®
O58 - SDL:2016/07/16 07:41:53 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\WINDOWS\System32\drivers\vsmraid.sys [166752] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) – C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305504] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - Kernel WinMad.) – C:\WINDOWS\System32\drivers\winmad.sys [32096] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - Kernel WinVerbs.) – C:\WINDOWS\System32\drivers\winverbs.sys [64864] =>.Microsoft Windows®

—\ Last modified or created user files (1) - 1s
O61 - LFC: 2017/06/14 22:09:58 A . (..) – C:\Users\Nick\Desktop\zoek.exe [1309184]

—\ File Associations Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S

—\ Start Menu Internet (4) - 0s
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

—\ Search Browser Infection (3) - 0s
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com

—\ Search Svchost Services (46) - 1s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [193536] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [193536] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\WINDOWS\system32\srvsvc.dll [305152] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\WINDOWS\System32\gpsvc.dll [1225728] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\WINDOWS\System32\ikeext.dll [932352] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) – C:\Windows\System32\appmgmts.dll [197632] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\WINDOWS\System32\iphlpsvc.dll [945664] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\WINDOWS\system32\seclogon.dll [31232] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\WINDOWS\System32\appinfo.dll [125952] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\WINDOWS\system32\iscsiexe.dll [151552] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\WINDOWS\System32\eapsvc.dll [112128] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\WINDOWS\system32\schedsvc.dll [948224] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\WINDOWS\system32\wbem\WMIsvc.dll [222720] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\WINDOWS\System32\browser.dll [134656] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\WINDOWS\system32\profsvc.dll [358400] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [386560] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\WINDOWS\System32\wercplsupport.dll [94208] =>.Microsoft Corporation
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) – C:\WINDOWS\system32\Windows.SharedPC.AccountManage r.dll [161792] =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) – C:\WINDOWS\System32\XblGameSave.dll [1159680] =>.Microsoft Corporation
O83 - Search Svchost Services: DcpSvc (DcpSvc) . (.Microsoft Corporation - dcpsvc Task.) – C:\WINDOWS\system32\dcpsvc.dll [183808] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) – C:\WINDOWS\system32\wlidsvc.dll [2104832] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) – C:\WINDOWS\System32\ncasvc.dll [167936] =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) – C:\WINDOWS\System32\NetSetupSvc.dll [265216] =>.Microsoft Corporation
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) – C:\WINDOWS\system32\WpnService.dll [234496] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\WINDOWS\System32\bdesvc.dll [354304] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) – C:\WINDOWS\system32\XboxNetApiSvc.dll [1025536] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) – C:\WINDOWS\system32\usocore.dll [539136] =>.Microsoft Corporation
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) – C:\WINDOWS\system32\flightsettings.dll [614912] =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) – C:\WINDOWS\system32\dmwappushsvc.dll [57344] =>.Microsoft Corporation
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) – C:\WINDOWS\System32\irmon.dll [25088] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\WINDOWS\System32\rasauto.dll [105472] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\WINDOWS\System32\rasmans.dll [647680] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [495104] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\WINDOWS\System32\sens.dll [70656] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\WINDOWS\System32\ipnathlp.dll [541696] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [309248] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\WINDOWS\system32\wuaueng.dll [2314752] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\WINDOWS\System32\qmgr.dll [1052672] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [617472] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\WINDOWS\system32\themeservice.dll [70656] =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) – C:\Windows\System32\Windows.Internal.Management.dl l [407552] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) – C:\WINDOWS\System32\lfsvc.dll [37376] =>.Microsoft Corporation
O83 - Search Svchost Services: RetailDemo (RetailDemo) . (.Microsoft Corporation - RDXService.) – C:\WINDOWS\system32\RDXService.dll [650752] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) – C:\WINDOWS\System32\XblAuthManager.dll [1012224] =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) – C:\WINDOWS\System32\usermgr.dll [1020928] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) – C:\WINDOWS\System32\DeviceSetupManager.dll [197632] =>.Microsoft Corporation

—\ Additional Scan (O88) (1) - 0s
~ No malicious or unnecessary items found.

—\ Summary of the elements found (1) - 0s
~ No malicious or unnecessary items found.

~ Unselected Options:
~ End of the scan, 9841 items in 00mn56s (529)(0)

**Malnutrition** · 06-15-2017, 10:27 AM

Eliminate restrictive settings with this tool.
[ul]
[li]Temporarily disable your antivirus — Your antivirus may flag this tool as malware, it is safe to run I assure you.[/li]
[li]Download SupRestric.exe save to your desktop.[/li][li]Close all running programs.[/li][li]Double click the file to launch it.[/li][li]Windows: 7/8/10 Vista and run as administrator[/li][li]Click Yes at any prompt.[/li]
[li]The analysis takes only a few moments.[/li][li]The report is on the desktop ( CTR.txt )[/li][li]Copy paste report in next reply.[/li][li]A reboot is needed to complete the repairs.[/li][/ul]

HijackThis.

1- Please Click HERE to download HijackThis. – Unzip to your desktop.
2- Right click run as admin.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

Rogue Killer Scan.

Download RogueKiller – (Portable) – from one of the following links and save it to your Desktop:

Link 1
Link 2

[ul]
[li]Close all other the running programs[/li][li]Disable ALL Antivirus – Antimalware – Applications.[/li][li]Right Click Rogue Killer and Run as Administrator.[/li][li]Click the Start Scan button.[/li][li]Allow the scan to run – it can take ten minutes or more.[/li][li]Once the scan is complete check All items for removal.[/li][li]https://pchelpforum.net/attachments/...5-54-png.1658/ [/li]
[li]After All items are checked then press Remove Selected.[/li]
[li]Wait until the Status box shows Deleting Finished.[/li][li]Click on open report – then open txt[/li]
[li]Copy the content of the report and paste it here in your next reply.[/li][/ul]

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

[ul]
[li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]

**Malnutrition** · 06-15-2017, 11:21 PM

@nick1234 How about an update

**Malnutrition** · 06-17-2017, 10:08 PM

Hello @nick1234

How are you moving along with the instructions? Have you got an update for us?

Please update this thread within 48 hours, or it will be closed. You can however have it re-opened at any time, by sending a private message to a staff member.

Desktop ethernet connection stopped working overnight... may be an infection

Desktop ethernet connection stopped working overnight... may be an infection

Comment

Comment

Comment

Comment

Comment