• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved Something's wrong, but don't know what.

Status
Not open for further replies.
G

GamerGirl74

#1
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 8
RAM: 12236 Mb
Graphics Card: NVIDIA GeForce GT 730, -2048 Mb
Hard Drives: C: 899 GB (715 GB Free); F: 55 GB (6 GB Free);
Motherboard: LENOVO, SHARKBAY
Antivirus: Avast Antivirus, Enabled and Updated

I'm not the only user of my system, and while we try to monitor where everyone goes on the net, we can't always be sure nobody is wandering into sketchy places. Also, as my username suggests, we game on our system, downloads as well as some browser games. We use Steam client for some games, too. Thing is, there are some issues we've noticed and want to know what we can do to stop the issues or if we need to remove some nasties. We each have our own browser tabs (5 total) and one tab when you click on it, opens one good tab and at least 2 other tag-alongs, things that said user has no interest in and is annoyed by the extra windows popping open. When gaming, I recently noticed that my games aren't running as smoothly as they did a month ago. Lags and delayed responses to game commands, glitches that aren't part of the game, or responses to game commands will work then all of a sudden you are back where you started and not where you were a second ago and you have to run back up to the mob/item you need to kill/collect, aka rubber banding. I could use some help figuring out what is going on and how to remove whatever has attached itself so we can get back to surfing and gaming. I've contacted the game developers to see if there's a problem on their end that may need fixing. Finally, I've attached a Hijack This file to maybe help diagnose the problem. Thanks.
 

Attachments

  • hijackthis.log
    13.2 KB · Views: 22
Last edited by a moderator:
#2
Hi there GamerGirl74 and welcome to PCHF :)

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu.

icon2-jpg.794


If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

frst-disclaimer-jpg.795

Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"

frst-jpg.796


Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

2016-08-12_152002-jpg.797


Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 
#3
Hi,
Here are the two files you requested. Thank you for your help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Doneff Family (administrator) on DESKTOP-DOB72OG (24-05-2017 02:49:58)
Running from C:\Users\Doneff Family\Desktop\Toolbox
Loaded Profiles: Doneff Family (Available Profiles: Doneff Family)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files\update\UpdateAgent.exe
() C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\SysWOW64\UMonit64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16412952 2015-09-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1413384 2015-09-30] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [UMonit] => C:\Windows\SysWOW64\UMonit64.exe [53832 2015-07-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-09] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-04] (Adobe Systems Inc.)
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-07] (Piriform Ltd)
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\...\Run: [GoogleChromeAutoLaunch_DDF34A59040FF57D719F4EF1CA2787C3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640 2017-05-09] (Google Inc.)
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\...\RunOnce: [Uninstall 17.3.6799.0327\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64"
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\...\RunOnce: [Uninstall 17.3.6799.0327] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6799.0327"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{e6e4a17a-d400-42d1-acf0-634be7a09268}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {D79BB3A3-DB24-49D3-A463-680951CD61C4} URL =
SearchScopes: HKLM-x32 -> DefaultScope {D79BB3A3-DB24-49D3-A463-680951CD61C4} URL =
SearchScopes: HKU\S-1-5-21-113026621-1705679920-3439515112-1001 -> DefaultScope {D79BB3A3-DB24-49D3-A463-680951CD61C4} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-14] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-14] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-14] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-14] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-11]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.4loot.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/webhp?sourceid=chrome-instant&espv=210&es_th=1&ie=UTF-8"
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default [2017-05-24]
CHR Extension: (Google Drive) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-09]
CHR Extension: (YouTube) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-09]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-05-03]
CHR Extension: (Fair AdBlocker App) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-05-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-10]
CHR Extension: (Avast SafePrice) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-16]
CHR Extension: (Google Docs Offline) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-09]
CHR Extension: (Avast Online Security) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-17]
CHR Extension: (Fair AdBlocker) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-05-21]
CHR Extension: (Search Manager) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-05-05]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2017-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gir Theme) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifnaclcibjejklkfjegfcbagcdkidim [2016-05-09]
CHR Extension: (Gmail) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-05-24]
CHR Extension: (Google Slides) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-18]
CHR Extension: (Google Docs) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-18]
CHR Extension: (Adblock Plus) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-05-18]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-05-18]
CHR Extension: (Avast SafePrice) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-18]
CHR Extension: (Google Sheets) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-18]
CHR Extension: (GamingJelly Advertising) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flaebdjmginmegnogohmmnofgknehnno [2017-05-18]
CHR Extension: (Google Docs Offline) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-18]
CHR Extension: (Avast Online Security) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-18]
CHR Extension: (Pinterest Save Button) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-05-18]
CHR Extension: (Game Time Party Bus Advertising) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hfegnlbibfofilgojklfejikhcpekfnb [2017-05-18]
CHR Extension: (Dyna Gaming Advertising) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hpkmdjomfcomfiihildoihnbhnbkbppl [2017-05-18]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2017-05-19]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-05-24]
CHR Extension: (Google Slides) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-10]
CHR Extension: (Google Docs) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-10]
CHR Extension: (Google Drive) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-10]
CHR Extension: (YouTube) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-10]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-05-03]
CHR Extension: (Google Sheets) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-10]
CHR Extension: (Google Docs Offline) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-10]
CHR Extension: (Search Manager) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-05-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-10]
CHR Extension: (Chrome Media Router) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-05-24]
CHR Extension: (Google Slides) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-12]
CHR Extension: (Google Docs) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-12]
CHR Extension: (Google Drive) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-12]
CHR Extension: (YouTube) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-21]
CHR Extension: (Google Sheets) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-12]
CHR Extension: (Wolf and the Ice Planet) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2017-01-07]
CHR Extension: (Google Docs Offline) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-16]
CHR Extension: (Avast Online Security) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-19]
CHR Extension: (Search Manager) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-05-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21]
CHR Extension: (Gmail) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-05-24]
CHR Extension: (Google Slides) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-13]
CHR Extension: (Google Docs) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-13]
CHR Extension: (Google Drive) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-13]
CHR Extension: (YouTube) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-13]
CHR Extension: (Adobe Acrobat) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-10]
CHR Extension: (Google Sheets) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-13]
CHR Extension: (Google Docs Offline) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-16]
CHR Extension: (Avast Online Security) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-18]
CHR Extension: (Search Manager) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-05-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-13]
CHR Extension: (Chrome Media Router) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 5 [2017-05-17]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\System Profile [2017-05-17]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-113026621-1705679920-3439515112-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-09] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-09] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-05-09] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768 2015-09-08] (Lenovo) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [30624 2015-07-16] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 LenovoPortalService; C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312 2015-09-08] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-07-01] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [8128688 2016-12-24] (INCA Internet Co., Ltd.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31704 2016-03-31] (SHAREit Technologies Co.Ltd)
R2 UpdateAgentService; C:\Program Files\update\UpdateAgent.exe [226216 2015-09-08] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-09] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-09] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-09] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [507928 2017-05-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-09] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-09] (AVAST Software)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R0 Fastboot; C:\WINDOWS\System32\DRIVERS\Fastboot.sys [67608 2015-09-08] (Windows (R) Win 7 DDK provider) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-23] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-23] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-23] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-23] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-24] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlewu.inf_amd64_f89ffb631f81d1d5\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [598784 2015-06-15] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-18] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-04-14] (Wellbia.com Co., Ltd.)
S3 xspirit; C:\WINDOWS\xspirit.sys [22912 2017-04-14] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-24 02:49 - 2017-05-24 02:49 - 00000000 ____D C:\FRST
2017-05-23 18:51 - 2017-05-24 01:54 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-23 18:51 - 2017-05-23 18:51 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-23 18:51 - 2017-05-23 18:51 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-23 18:51 - 2017-05-23 18:51 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-23 18:51 - 2017-05-23 18:51 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-23 18:51 - 2017-05-23 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-23 18:51 - 2017-05-23 18:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-23 18:51 - 2017-05-23 18:51 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-23 18:51 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-19 22:20 - 2017-05-19 22:20 - 00022023 _____ C:\Users\Doneff Family\Downloads\Unconfirmed 628484.crdownload
2017-05-19 22:16 - 2017-05-19 22:16 - 01750460 _____ C:\Users\Doneff Family\Documents\Unit 8.6 Speaking 1D.m4a
2017-05-19 22:10 - 2017-05-19 22:10 - 02545639 _____ C:\Users\Doneff Family\Documents\Unit 7.8 Speaking 1E.m4a
2017-05-19 22:02 - 2017-05-19 22:02 - 02284292 _____ C:\Users\Doneff Family\Documents\Unit 10.7 Speaking 1D.m4a
2017-05-19 21:57 - 2017-05-19 21:57 - 00440970 _____ C:\Users\Doneff Family\Documents\Unit 10.11 Speaking 1F.m4a
2017-05-18 21:02 - 2017-05-18 21:02 - 00000000 ____D C:\Windows.old
2017-05-18 21:01 - 2017-05-18 21:01 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-18 21:01 - 2017-05-18 21:01 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-18 21:01 - 2017-05-18 21:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-18 21:01 - 2017-05-18 21:01 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-18 21:01 - 2017-05-18 21:01 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-18 21:01 - 2017-05-18 21:01 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-18 21:01 - 2017-05-18 21:01 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-18 21:01 - 2017-05-18 21:01 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-18 21:01 - 2017-05-18 21:01 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-18 21:01 - 2017-05-18 21:01 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-18 21:01 - 2017-05-18 21:01 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-18 21:01 - 2017-05-18 21:01 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-18 20:58 - 2017-05-18 20:58 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-18 20:58 - 2017-05-18 17:05 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-18 20:56 - 2017-05-18 20:56 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-05-18 20:56 - 2017-05-18 20:56 - 00000000 ____D C:\Program Files\MSBuild
2017-05-18 20:56 - 2017-05-18 20:56 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-18 20:56 - 2017-05-18 20:56 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-18 20:55 - 2017-02-10 15:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-18 20:55 - 2017-02-10 15:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-18 20:55 - 2017-02-10 15:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-18 20:55 - 2017-02-10 15:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-05-18 20:55 - 2017-02-10 15:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-18 20:55 - 2017-02-10 15:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-05-18 17:33 - 2017-05-18 17:33 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\DBG
2017-05-18 17:31 - 2017-05-18 17:31 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-18 17:29 - 2017-05-18 17:29 - 00000020 ___SH C:\Users\Doneff Family\ntuser.ini
2017-05-18 17:28 - 2017-05-18 17:28 - 00000000 _SHDL C:\Users\Default\My Documents
2017-05-18 17:26 - 2017-05-18 17:26 - 00000000 ____D C:\ProgramData\USOShared
2017-05-18 17:25 - 2017-05-18 17:27 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-18 17:25 - 2017-05-18 17:27 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-18 17:21 - 2017-05-23 21:10 - 00004182 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{89A43660-E11B-44A9-86AD-BE0003ADF050}
2017-05-18 17:21 - 2017-05-18 17:33 - 00003306 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-18 17:21 - 2017-05-18 17:21 - 00003582 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-18 17:21 - 2017-05-18 17:21 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-18 17:21 - 2017-05-18 17:21 - 00003370 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1462830905
2017-05-18 17:21 - 2017-05-18 17:21 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-18 17:21 - 2017-05-18 17:21 - 00003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-18 17:21 - 2017-05-18 17:21 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-18 17:21 - 2017-05-18 17:21 - 00002942 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-05-18 17:21 - 2017-05-18 17:21 - 00002394 _____ C:\WINDOWS\System32\Tasks\{CF30040C-9FBE-49D9-A5C5-4015AF77EDE5}
2017-05-18 17:21 - 2017-05-18 17:21 - 00002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-05-18 17:21 - 2017-05-18 17:21 - 00002212 _____ C:\WINDOWS\System32\Tasks\PDVDServ12 Task
2017-05-18 17:21 - 2017-05-18 17:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-18 17:21 - 2017-05-18 17:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2017-05-18 17:21 - 2017-05-18 17:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2017-05-18 17:21 - 2017-05-18 17:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-05-18 17:19 - 2017-05-22 21:55 - 01123028 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-18 17:13 - 2017-05-18 17:13 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-18 17:10 - 2017-05-18 17:14 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-18 17:08 - 2017-05-18 17:31 - 00000000 ____D C:\Users\Doneff Family
2017-05-18 17:08 - 2017-05-18 17:08 - 00000000 _SHDL C:\Users\Doneff Family\My Documents
2017-05-18 17:08 - 2017-05-18 17:08 - 00000000 _SHDL C:\Users\Doneff Family\Documents\My Videos
2017-05-18 17:08 - 2017-05-18 17:08 - 00000000 _SHDL C:\Users\Doneff Family\Documents\My Pictures
2017-05-18 17:08 - 2017-05-18 17:08 - 00000000 _SHDL C:\Users\Doneff Family\Documents\My Music
2017-05-18 17:07 - 2017-05-18 17:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-18 17:07 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-18 17:07 - 2016-12-29 09:16 - 06384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-18 17:07 - 2016-12-29 09:16 - 02475968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-18 17:07 - 2016-12-29 09:16 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-18 17:07 - 2016-12-29 09:16 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-18 17:07 - 2016-12-29 09:16 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-18 17:07 - 2016-12-29 09:16 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-18 17:07 - 2016-12-29 09:16 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-18 17:07 - 2016-12-21 19:59 - 07651057 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-18 17:06 - 2017-05-18 17:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-18 17:06 - 2017-05-18 17:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-18 17:06 - 2017-05-18 17:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-18 17:06 - 2017-05-18 17:06 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-05-18 17:06 - 2017-05-18 17:06 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-05-18 17:06 - 2017-05-18 17:06 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-05-18 17:06 - 2017-05-18 17:06 - 00000000 ____D C:\Program Files\Realtek
2017-05-18 17:05 - 2017-05-23 19:45 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-18 17:04 - 2017-05-18 17:15 - 00217000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-18 15:51 - 2017-05-18 17:29 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-17 19:23 - 2017-05-17 19:23 - 00000000 ____D C:\Program Files (x86)\gamigo
2017-05-12 17:41 - 2017-05-12 17:38 - 00528927 _____ C:\Users\Doneff Family\Documents\Unit 9.21 Speaking 3B.m4a
2017-05-12 16:47 - 2017-05-12 16:47 - 00022023 _____ C:\Users\Doneff Family\Downloads\Unconfirmed 771153.crdownload
2017-05-11 19:18 - 2017-05-11 19:18 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\UNP
2017-05-11 19:02 - 2017-05-18 17:14 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-11 19:02 - 2017-05-11 19:03 - 00000000 ____D C:\Program Files\UNP
2017-05-09 18:49 - 2017-03-04 02:26 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-05-09 17:50 - 2017-05-09 17:50 - 00632066 _____ C:\Users\Doneff Family\Desktop\aldi-employment-application.pdf
2017-05-09 17:09 - 2017-05-09 17:09 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-05-05 15:00 - 2017-05-05 15:00 - 00000000 ___HD C:\$AV_ASW
2017-05-05 14:59 - 2017-05-05 14:59 - 00020024 _____ C:\Users\Doneff Family\AppData\Roaming\Nutetorapam
2017-05-05 14:59 - 2017-05-05 14:59 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Hecatu
2017-05-05 14:58 - 2017-05-18 17:29 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-05-05 14:58 - 2017-05-05 18:58 - 00000000 ____D C:\ProgramData\{64B8A1DB-EEFA-2B1D-683C-B55FF27E3E91}
2017-05-04 17:34 - 2017-05-04 17:43 - 00009942 _____ C:\Users\Doneff Family\Downloads\Unconfirmed 740480.crdownload
2017-05-04 01:08 - 2017-05-04 01:08 - 00000000 ____D C:\Users\Doneff Family\.TeamSpeak 3
2017-05-04 01:08 - 2017-05-04 01:08 - 00000000 ____D C:\Users\Doneff Family\.QtWebEngineProcess
2017-04-26 22:21 - 2017-04-26 22:21 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Google
2017-04-26 00:51 - 2017-05-11 16:44 - 00000000 ____D C:\Users\Doneff Family\Desktop\Keep This

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-24 02:49 - 2016-07-14 19:07 - 00000000 ____D C:\Users\Doneff Family\Desktop\Toolbox
2017-05-23 20:59 - 2016-05-09 17:35 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\VirtualStore
2017-05-23 20:51 - 2016-07-03 18:30 - 00000092 _____ C:\Users\Doneff Family\Documents\aionmemo_3be6f3da.dat
2017-05-23 18:44 - 2016-12-22 03:42 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-23 18:43 - 2016-05-13 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-23 18:43 - 2016-05-13 23:35 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-23 15:02 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-23 15:02 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-22 20:18 - 2016-05-11 08:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-22 20:17 - 2016-05-11 08:17 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-21 09:49 - 2016-05-26 17:13 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-05-20 23:42 - 2016-12-19 14:33 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-20 22:27 - 2017-04-02 05:21 - 00000000 ____D C:\Users\Doneff Family\Desktop\Games
2017-05-20 03:02 - 2016-08-03 05:55 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\ConnectedDevicesPlatform
2017-05-19 22:16 - 2016-09-20 22:03 - 00000000 ____D C:\Users\Doneff Family\Documents\Sound recordings
2017-05-19 17:46 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-19 04:00 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-18 21:04 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-18 21:02 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-18 21:02 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-18 21:02 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-18 21:02 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-18 21:02 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-18 21:02 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-18 21:02 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-18 21:02 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-18 21:02 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-18 21:02 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-18 21:02 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-18 19:32 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-18 17:46 - 2016-05-09 17:35 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\Packages
2017-05-18 17:33 - 2016-05-09 17:38 - 00002394 _____ C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-18 17:33 - 2016-05-09 17:38 - 00000000 ___RD C:\Users\Doneff Family\OneDrive
2017-05-18 17:29 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-18 17:29 - 2015-07-16 11:49 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-18 17:28 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-18 17:26 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-18 17:26 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-05-18 17:25 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-18 17:25 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-18 17:24 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-18 17:21 - 2017-03-18 22:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-18 17:21 - 2016-05-09 20:20 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-18 17:20 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-18 17:19 - 2016-06-14 19:43 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-18 17:19 - 2015-09-08 09:04 - 00907590 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-05-18 17:16 - 2016-08-03 05:36 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-18 17:15 - 2017-03-18 07:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-05-18 17:14 - 2017-02-21 15:17 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-05-18 17:14 - 2016-12-26 05:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elsword
2017-05-18 17:14 - 2016-12-19 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-18 17:14 - 2016-12-16 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker FreeOffice 2016
2017-05-18 17:14 - 2016-12-16 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-18 17:14 - 2016-08-10 16:46 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2017-05-18 17:14 - 2016-06-12 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-05-18 17:14 - 2016-05-09 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-05-18 17:14 - 2016-05-09 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-05-18 17:14 - 2016-05-09 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-18 17:11 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-18 17:11 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-05-18 17:11 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-18 17:11 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-05-18 17:11 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-18 17:11 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-18 17:11 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-18 17:10 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-18 17:10 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-18 17:10 - 2017-02-18 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-18 17:10 - 2017-02-13 04:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasbro Interactive
2017-05-18 17:10 - 2016-06-20 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoSHAREit
2017-05-18 17:10 - 2016-06-18 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
2017-05-18 17:10 - 2016-06-08 00:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2017-05-18 17:10 - 2016-06-08 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2017-05-18 17:10 - 2015-09-08 09:00 - 00000000 ____D C:\Program Files\Intel
2017-05-18 17:10 - 2015-07-10 07:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-18 17:09 - 2016-05-09 18:36 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamigo
2017-05-18 17:07 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-18 16:43 - 2017-03-18 23:20 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-17 15:25 - 2017-02-21 14:51 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\CrashDumps
2017-05-16 14:04 - 2016-05-11 12:22 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\Audacity
2017-05-14 06:52 - 2015-09-07 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-12 17:09 - 2016-05-09 17:50 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-05-11 20:20 - 2016-06-14 19:43 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-09 17:09 - 2016-05-09 17:55 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-09 17:09 - 2016-05-09 17:50 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-05-09 17:09 - 2016-05-09 17:50 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-05-09 17:09 - 2016-05-09 17:50 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-05-09 17:09 - 2016-05-09 17:50 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-05-09 17:09 - 2016-05-09 17:50 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-05-09 17:09 - 2016-05-09 17:50 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-05-09 17:08 - 2017-03-16 15:39 - 00507928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-05-09 17:08 - 2017-02-18 15:37 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-05-09 17:08 - 2017-02-18 15:37 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-05-09 17:08 - 2017-02-18 15:37 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-05-09 17:08 - 2017-02-18 15:37 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-05-09 17:08 - 2016-05-09 17:52 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-05-09 17:08 - 2016-05-09 17:50 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-05-06 16:44 - 2016-10-20 20:32 - 00000000 ____D C:\Users\Doneff Family\AppData\Local\Facebook
2017-05-05 15:17 - 2016-05-24 03:03 - 00000000 ____D C:\Users\Doneff Family\AppData\Roaming\NVIDIA
2017-05-04 01:07 - 2015-09-07 19:08 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-29 18:41 - 2016-05-09 17:42 - 00000000 ____D C:\Users\Doneff Family\Desktop\PDF Files
2017-04-28 21:05 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-28 21:05 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-05-05 14:59 - 2017-05-05 14:59 - 0020024 _____ () C:\Users\Doneff Family\AppData\Roaming\Nutetorapam
2017-05-18 17:06 - 2017-05-18 17:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-05-23 21:03 - 2017-05-23 21:03 - 0424832 _____ (Sysinternals - www.sysinternals.com) C:\Users\Doneff Family\AppData\Local\Temp\JIY.exe
2017-05-23 21:03 - 2017-05-23 21:03 - 0523136 _____ (Sysinternals - www.sysinternals.com) C:\Users\Doneff Family\AppData\Local\Temp\JPBOLXPIG.exe
2017-05-23 20:57 - 2017-05-23 20:57 - 0465792 _____ (Sysinternals - www.sysinternals.com) C:\Users\Doneff Family\AppData\Local\Temp\MVHI.exe
2017-05-23 21:04 - 2017-05-23 21:04 - 0387968 _____ (Sysinternals - www.sysinternals.com) C:\Users\Doneff Family\AppData\Local\Temp\VHQXBHVXGFA.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-18 17:04

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Doneff Family (24-05-2017 02:50:44)
Running from C:\Users\Doneff Family\Desktop\Toolbox
Windows 10 Home Version 1703 (X64) (2017-05-18 21:29:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-113026621-1705679920-3439515112-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-113026621-1705679920-3439515112-503 - Limited - Disabled)
Doneff Family (S-1-5-21-113026621-1705679920-3439515112-1001 - Administrator - Enabled) => C:\Users\Doneff Family
Guest (S-1-5-21-113026621-1705679920-3439515112-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Components (x32 Version: 1.0.023.00 - Lenovo) Hidden
Driver and Application Installation (HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.02.0803 - Lenovo)
Elsword version v6.1221.1.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v6.1221.1.1 - KOGGAMES)
e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Lenovo Accelerator Application (HKLM-x32\...\{10672FE6-3D50-4F79-B0C7-A5573A5D415D}) (Version: 2.2.0.0701 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.8231 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.)
Lenovo PowerDVD12 (x32 Version: 12.0.5320.55 - CyberLink Corp.) Hidden
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.006.00 - Lenovo)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.4212 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.4212 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{A5591EC4-8AD6-48EE-9F8D-FACFA8BA4E35}) (Version: 3.0.002.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.023.00 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7967.2161 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-113026621-1705679920-3439515112-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.868.060315 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7586 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0269 - REALTEK Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.3.0.1103 - Lenovo)
SoftMaker FreeOffice 2016 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB05}) (Version: 1.0.3815 - SoftMaker Software GmbH)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
Wheel Of Fortune (HKLM-x32\...\Wheel Of Fortune) (Version: - )
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Genesys Logic (GeneStor) USB (07/13/2015 4.5.0.6) (HKLM\...\AE2E6FAB44844413B4C6F53C908EACC8AFC838F0) (Version: 07/13/2015 4.5.0.6 - Genesys Logic)
Windows Driver Package - NVIDIA (nvlddmkm) Display (07/22/2015 10.18.13.5362) (HKLM\...\81C36D5B443FFB6F528F76BD424D750C53ADF10E) (Version: 07/22/2015 10.18.13.5362 - NVIDIA)
Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (04/16/2015 1.3.34.3) (HKLM\...\E1EF4D4E1E41BA85DB6DA51424B73AE1B3F0056A) (Version: 04/16/2015 1.3.34.3 - NVIDIA Corporation)
Windows Driver Package - Realtek (rt640x64) Net (05/05/2015 10.001.0505.2015) (HKLM\...\6A304520C2F25CD034E477A379C47308AA84A2DC) (Version: 05/05/2015 10.001.0505.2015 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. (RtkBtFilter) Bluetooth (06/11/2015 1.3.868.3) (HKLM\...\604A7B07184AD24892732BED4543610976632257) (Version: 06/11/2015 1.3.868.3 - Realtek Semiconductor Corp.)
Windows Driver Package - Realtek Semiconductor Corp. (RTWlanE) Net (07/09/2015 2023.14.0615.2015) (HKLM\...\5D078DEFD18360A7A64D38392C9F1007DC86AE23) (Version: 07/09/2015 2023.14.0615.2015 - Realtek Semiconductor Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E8BDA08-32EF-4690-8150-B91DD902CD28} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-05-09] (Lenovo)
Task: {194F5E8D-4303-4411-A997-5FBE9E66BFA8} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-07-01] ()
Task: {1965A7D1-A727-4E7E-9344-622742807CB9} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {1EB42D4E-007B-43CB-9664-3D2A134DDEDC} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-07-01] (Lenovo)
Task: {202DB1AB-E51E-4B08-858F-C7343A94945E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {2615297F-5FD4-4093-931B-A3E916E448EA} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-07-01] (Lenovo)
Task: {35E0249D-6F88-47F8-8726-F7C76C5C6469} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {494205D8-CB39-4314-9608-7E759651A5F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-14] (Google Inc.)
Task: {4BD4AA48-FEF4-49A8-BC58-2E9DBD4148DF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {51F95BD5-7D2D-44F5-8339-990AEB0975DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-14] (Google Inc.)
Task: {54DE8526-593D-4AE7-B338-727333067C78} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-11] (Adobe Systems Incorporated)
Task: {5FE98310-B9E5-4755-A497-BE0F90779954} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {6599FF25-1EAA-4B2A-91D3-B64A62336FEF} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => sc control iMControllerService 128
Task: {6876366B-BAFF-4D58-A887-11AB11363FA5} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-09] (AVAST Software)
Task: {7AFDC169-FB7D-45C7-92AF-E73656CF6EC8} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-05-20] (CyberLink Corp.)
Task: {8F0B0A34-036A-4CB6-A21F-38E634ADAD3B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-11] (Adobe Systems Incorporated)
Task: {A284BDC4-47AC-4F9A-B83D-964975036135} - System32\Tasks\SafeZone scheduled Autoupdate 1462830905 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {A7E1474D-32D6-4476-B8BF-3221576DF40E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A8D25BD1-7FA8-4E8B-8627-35C255E26722} - System32\Tasks\{CF30040C-9FBE-49D9-A5C5-4015AF77EDE5} => pcalua.exe -a "C:\Users\Doneff Family\AppData\Local\{0DFA3BA6-2952-571E-44CA-72F660A28E6E}\uninst.exe" -c -P=/Uninstall /s /noun /DelSelfDir
Task: {B2610155-2548-4848-953B-FFC75A955A05} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {B74F12EE-CB52-45F4-82C3-5364AB85A6EA} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {C32DB398-26A6-4B9D-B2BA-603AD43E9FE0} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-07-01] ()
Task: {DCC4ED4E-9E4C-4C84-87EC-4C1745FE96CC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {EF50169E-970A-4898-A519-54FC369BBE49} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {F43ED47A-999B-4E8E-820A-F1C30F733770} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-14] (Microsoft Corporation)
Task: {FA7F888E-1C02-41B7-9EDE-FA5B3721D918} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [2015-07-10] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Doneff Family\Desktop\Tennafa - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dcnofaichneijfbkdkghmhjjbepjmble
ShortcutWithArgument: C:\Users\Doneff Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\J.J. - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Doneff Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Jeremy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Doneff Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"

==================== Loaded Modules (Whitelisted) ==============

2015-09-08 09:02 - 2011-08-16 23:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2015-09-08 09:04 - 2015-09-08 09:04 - 00226216 _____ () C:\Program Files\update\UpdateAgent.exe
2015-09-08 09:04 - 2015-09-08 09:04 - 00024312 _____ () C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
2017-05-18 17:07 - 2016-12-29 09:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-06-12 09:53 - 2017-05-14 06:52 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-05-09 17:29 - 2017-05-09 17:29 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-09 17:29 - 2017-05-09 17:29 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-09 17:29 - 2017-05-09 17:29 - 43195904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-09 17:29 - 2017-05-09 17:29 - 02457088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\skypert.dll
2015-09-08 08:59 - 2015-07-15 06:54 - 00053832 _____ () C:\Windows\SysWOW64\UMonit64.exe
2015-09-08 09:02 - 2011-08-16 23:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2017-05-11 20:20 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-11 20:20 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-23 18:51 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-07-11 02:37 - 2015-07-11 02:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-05-09 17:08 - 2017-05-09 17:08 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-09 17:09 - 2017-05-09 17:09 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-09 17:09 - 2017-05-09 17:09 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-09 17:09 - 2017-05-09 17:09 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-09 17:09 - 2017-05-09 17:09 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-09 17:08 - 2017-05-09 17:08 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-09 17:09 - 2017-05-09 17:09 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-19 14:33 - 2017-03-09 20:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-19 14:33 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-19 14:33 - 2017-04-25 19:55 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-19 14:33 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-19 14:33 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-19 14:33 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-19 14:33 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-19 14:33 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-19 14:33 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-19 14:33 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-19 14:33 - 2017-04-25 19:55 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-19 14:33 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2009-12-04 19:59 - 2009-12-04 19:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 20:04 - 2009-12-04 20:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-09-08 09:02 - 2011-05-17 16:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2016-12-19 14:34 - 2017-01-30 17:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-19 14:33 - 2017-04-25 19:55 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-12-19 14:33 - 2015-09-24 19:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2015-07-10 07:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-113026621-1705679920-3439515112-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Doneff Family\Desktop\Pictures\Pretty Pictures from the Internet\Car.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3FAD9C78-0C04-427E-90D4-AF92BB820DBE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{54B7AEF6-BB83-4580-B15D-9DCE95A7D324}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{F45B3ACC-357F-450A-B0FA-15F40E126541}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{2FFCFB4A-424A-411F-ADA2-ABC0EFAC2906}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{4530D4B6-0F20-489A-B2AE-C55E1267F017}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{DD993B38-C637-41FF-822D-5C6791B69BD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{24D30442-7C35-4D49-8C72-A40E17E6F3DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{585F7214-9D28-4694-A670-39D675C179BF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1B606E1D-DF72-4CF8-BBE7-5C97D9089DA6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F34B58B6-C2AD-4775-9E9B-7F379E5A7AB8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{74F5D1F7-6BFF-4532-9082-0DDACE5FF67B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0243C029-FC7A-450D-AA1C-C6AEB8E84F06}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoPortal\Lenovo.Portal.exe
FirewallRules: [{4ABDFE3C-4063-42FA-8633-16C07FE1D9E2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{83792721-3D0E-4051-AEBC-4B7B440CAEF8}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{7A3ED99A-2567-41BC-B818-7AA6B1386CC9}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe

==================== Restore Points =========================

18-05-2017 19:32:02 Windows Update
22-05-2017 20:16:59 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2017 02:31:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DOB72OG)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/24/2017 01:58:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DOB72OG)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/24/2017 01:29:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DOB72OG)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/24/2017 12:58:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DOB72OG)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/24/2017 12:28:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DOB72OG)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/23/2017 11:58:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DOB72OG)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/23/2017 11:31:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DOB72OG)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/23/2017 10:58:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DOB72OG)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/23/2017 10:28:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DOB72OG)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/23/2017 09:58:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DOB72OG)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (05/19/2017 10:14:47 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DOB72OG)
Description: The server Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca did not register with DCOM within the required timeout.

Error: (05/18/2017 05:46:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/18/2017 05:46:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/18/2017 05:46:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/18/2017 05:46:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/18/2017 05:33:14 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DOB72OG)
Description: The server Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (05/18/2017 05:31:38 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-DOB72OG)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (05/18/2017 05:31:38 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-DOB72OG)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (05/18/2017 05:27:53 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (05/18/2017 05:24:51 PM) (Source: WinRM) (EventID: 10142) (User: )
Description: The WinRM service cannot migrate the listener with Address * and Transport HTTP. A listener that has the same Address and Transport configuration already exists.


CodeIntegrity:
===================================
Date: 2017-05-23 18:51:22.118
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-05-23 18:51:22.118
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 46%
Total physical RAM: 12236.19 MB
Available physical RAM: 6567.57 MB
Total Virtual: 14668.19 MB
Available Virtual: 8188.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:899.67 GB) (Free:755.43 GB) NTFS
Drive f: (Extra) (Fixed) (Total:55.93 GB) (Free:6.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9F6FAE00)

Partition: GPT.

========================================================
Disk: 1 (Size: 55.9 GB) (Disk ID: 6635F736)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#6
In the meantime, go ahead and do the following

We will need a log from AdwCleaner for further information.

Please download a copy of AdwCleaner from HERE, it is important to download it to your desktop.

Once downloaded to the desktop AdwCleaner will create an icon
2016-08-13_160702-jpg.828

Should you receive any security warnings or your User Account Control warning appears whilst you are using this application you can safely allow AdwCleaner to continue.

Before running AdwCleaner please ensure all other programs and browsers are closed, then double left click the icon to open it.

AdwCleaner will open, click the scan button to start searching.

adw-scan-jpg.829


The scan may take some time to complete, and when it has any malware found will be automatically selected for quarantining. Click the "Cleaning" button.

adwclean-jpg.830


After a few seconds a message should tell you your computer will now reboot. Allow the reboot.

When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[s#].txt

2016-08-13_162447-jpg.831


Please Copy and Paste the contents of the log file with your next reply.
 
#7
# AdwCleaner v6.047 - Logfile created 24/05/2017 at 03:20:22
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-23.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : Doneff Family - DESKTOP-DOB72OG
# Running from : C:\Users\Doneff Family\Desktop\Toolbox\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\quardata


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Value deleted: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [winwb.exe]


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [946 Bytes] - [24/05/2017 03:20:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [1262 Bytes] - [24/05/2017 03:13:16]
C:\AdwCleaner\AdwCleaner[S1].txt - [1334 Bytes] - [24/05/2017 03:17:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt
 
#8
~ ZHPCleaner v2017.5.21.84 by Nicolas Coolman (2017/05/21)
~ Run by Doneff Family (Administrator) (24/05/2017 03:36:03)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Doneff Family\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 15063)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (1)
~ The hosts file is legitimate (21)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (75)
MOVED file: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nahhmpbckpgdidfnmfkfgiflpjijilce_0.localstorage =>.Superfluous.SearchManager
MOVED file: C:\Windows\Installer\wix{7D84E343-A23D-451C-B123-0195B2D903A6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\au-descriptor-1.8.0_131-b11.xml =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\chrome_installer.log =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\JavaDeployReg.log =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\NCSF0D6.tmp =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.00128AE9-E450-93AE-7460-2E1E44795395_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.00D57B0F-01FA-B79F-08D6-878ED20C4C9B_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.0116DC02-781B-D1D1-FC1C-C80195511E17_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.0251D65D-E887-28BD-A226-3ECD72FB59C6_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.0862A72D-A96C-83E5-AD0F-78B6AA06F9C6_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.0C8CF327-9D17-CCDE-18AF-DFF4F20070E5_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.112ED009-05F6-72AE-08D5-7841C77AEB8A_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.18DDC675-D472-0DB4-9563-7DF7C34F512C_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.1F63B8C3-2D48-9497-0A0A-2CBD462EDE76_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.1FE89C0B-9BED-CC5D-7426-9E4025D6BDD9_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.31A692E0-F967-E4F8-A441-21A804580E9E_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.32A48683-F264-932C-7870-B93BB448ED69_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.3BFD26C9-8DA9-B940-F638-55890012AAB4_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.49F33C48-B2DE-F82A-56F2-64425F298B84_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.50611331-FE19-D366-B049-694B8AC9D758_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.557EA3BB-623E-ADD9-4DFB-629A8648A038_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.558F5D32-0827-EB7B-6AD6-D5DB4138B3AA_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.62B49C0A-499E-A02D-EBCB-EB168E148E52_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.664AA17A-2D25-0823-3315-3708FE16147A_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.674C4C14-7BAA-F782-E214-956DC3BEDF39_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.68BC3251-2D8B-A604-92BA-893638CA72EA_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.68E019EB-0B92-5E08-5D86-9BFE6DBA8517_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.69F3BCAB-8975-C526-30F5-39FA70C77AD9_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.6EA6FC2E-9305-586B-3411-02826D151533_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.70BC17F8-0AA7-CB35-CEE0-EF1B47A0FD3E_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.8D58741E-5E30-5637-0EAE-52CC9C2AF83A_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.8F700A8E-3731-B777-A6DD-000FE1F8FCB2_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.8F8A8567-864F-39DB-960E-585A1F4704D8_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.90B45721-87E6-C5C0-BEE4-C56516B985E9_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.97612282-D1E8-1D6A-9E92-C271E7F177EF_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.993325CD-9CA8-DD49-50C4-377C092AEF1B_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.9ACEADB9-3699-532E-90DA-5E3727B6F74A_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.9D4DED89-CABC-F4FB-8133-BC5EDB1C7EDA_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.A08E012A-7CB2-6C53-AB9F-FCCF90420CFF_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.A715D489-C343-F20B-B22E-F8D749061B0C_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.A8849751-10C4-3F5D-1F42-DA79DB2C7BE9_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.A90B8400-D36D-8235-8BF2-A21A53D3FB65_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.AB7C46F6-66DE-8533-C6B1-FFE36BF92E97_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.B129A7A6-6745-76B0-46EC-978EC03E4444_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.B1B6FBCA-CD11-CB52-6CA7-06B47EB7C197_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.DFBE09D0-1F22-A9C0-2D3D-3F4C6351E58F_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.E336BB8F-16ED-7CBE-AFEE-971DD3041585_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.E6658C19-4221-2EBE-763A-F0493FBA2BB0_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.E6D3B497-80AF-7F14-F9E6-9606EE369FC3_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.EE014C57-7675-711A-5B4B-5A57A6B96F09_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.F6F7D911-D59D-C513-1B0A-55E6A870156D_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.F856B7B9-48E8-EE1E-635D-165C6ECEE47A_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\sa.FACF9DDE-1FF1-B57D-4D1D-CE479FDD42AF_5__.Public.AppUpdate.dat =>.Superfluous.Temporary
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\Setup Log 2017-05-23 #001.txt =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\wct3650.tmp =>.Superfluous.Temporary.Various
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\wct3BC8.tmp =>.Superfluous.Temporary.Various
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\wct6A5B.tmp =>.Superfluous.Temporary.Various
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\wct881E.tmp =>.Superfluous.Temporary.Various
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\wctC21.tmp =>.Superfluous.Temporary.Various
MOVED file: C:\Users\Doneff Family\AppData\Local\Temp\wmsetup.log =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1af033869koo7.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1af033869koo7.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyrics.wikia.com_0.localstorage =>PUP.Optional.AddLyrics
MOVED file: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyrics.wikia.com_0.localstorage-journal =>PUP.Optional.AddLyrics
MOVED file*: C:\Users\Doneff Family\AppData\Roaming\PDAppFlex =>.Superfluous.EmailFanatic
MOVED folder: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce =>.Superfluous.SearchManager
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoSHAREit =>.Superfluous.SHAREit
MOVED folder: C:\WINDOWS\Installer\MSI267E.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI28F1.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI8E0.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI98D.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIF8DA.tmp- =>.Superfluous.Empty


---\\ Registry ( Key, Value, Data) (9)
DELETED key*: HKCU\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [] =>.Superfluous.SearchManager
DELETED key*: [X64] HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [] =>.Superfluous.SearchManager
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [] =>.Superfluous.SearchManager
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\atwola.com [] =>.Superfluous.Atwola
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ol.at.atwola.com [] =>.Superfluous.Atwola
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\atwola.com [] =>.Superfluous.Atwola
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ol.at.atwola.com [] =>.Superfluous.Atwola
DELETED key*: HKCU\Software\undefined [] =>.Superfluous.Downloader
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect


---\\ Summary of the elements found (12)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.SearchManager
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Various
https://nicolascoolman.eu/2017/02/02/superfluous-cloudfrontnet/ =>.Superfluous.CloudfrontNet
https://nicolascoolman.eu/2017/02/24/pup-optional-addlyrics/ =>PUP.Optional.AddLyrics
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.EmailFanatic
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.SHAREit
https://nicolascoolman.eu/2017/02/04/superfluous-atwola/ =>.Superfluous.Atwola
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Downloader
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect


---\\ Other deletions. (6)
~ Registry Keys Tracing deleted (6)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 491
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 84


~ End of clean in 00h00mn13s
~====================
ZHPCleaner-[R]-24052017-03_36_16.txt
ZHPCleaner--24052017-03_35_17.txt
 
#9
Rogue Killer Scan.

Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all other the running programs
  • Disable ALL Antivirus -- Antimalware -- Applications.
  • Right Click Rogue Killer and Run as Administrator.
  • Click the Start Scan button.
  • Allow the scan to run -- it can take ten minutes or more.
  • Once the scan is complete check All items for removal.
  • upload_2017-2-23_10-55-54-png.1658

  • After All items are checked then press Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on open report -- then open txt
  • Copy the content of the report and paste it here in your next reply.

JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.


  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
FRST Fix.

Click Here To Download Fixlist.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    8 KB · Views: 46
#10
I attached the text files to this reply. Thanks for your help.

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by Doneff Family (24-05-2017 19:32:56) Run:1
Running from C:\Users\Doneff Family\Desktop
Loaded Profiles: Doneff Family (Available Profiles: Doneff Family)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
emptytemp:
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\...\Run: [GoogleChromeAutoLaunch_DDF34A59040FF57D719F4EF1CA2787C3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640 2017-05-09] (Google Inc.)
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\...\RunOnce: [Uninstall 17.3.6799.0327\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64"
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\...\RunOnce: [Uninstall 17.3.6799.0327] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6799.0327"
GroupPolicy: Restriction <======= ATTENTION
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {D79BB3A3-DB24-49D3-A463-680951CD61C4} URL =
SearchScopes: HKLM-x32 -> DefaultScope {D79BB3A3-DB24-49D3-A463-680951CD61C4} URL =
SearchScopes: HKU\S-1-5-21-113026621-1705679920-3439515112-1001 -> DefaultScope {D79BB3A3-DB24-49D3-A463-680951CD61C4} URL =
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
CHR HomePage: Default -> hxxp://www.4loot.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/webhp?sourceid=chrome-instant&espv=210&es_th=1&ie=UTF-8"
CHR Extension: (Avast SafePrice) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-16]
CHR Extension: (Fair AdBlocker App) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-05-21]\
CHR Extension: (GamingJelly Advertising) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flaebdjmginmegnogohmmnofgknehnno [2017-05-18]
CHR Extension: (Fair AdBlocker) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-05-21]
CHR Extension: (Search Manager) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-05-05]
CHR Extension: (Search Manager) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-05-05]
CHR HKU\S-1-5-21-113026621-1705679920-3439515112-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-04-14] (Wellbia.com Co., Ltd.)
S3 xspirit; C:\WINDOWS\xspirit.sys [22912 2017-04-14] ()
C:\WINDOWS\xhunter1.sys
C:\WINDOWS\xspirit.sys
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
C:\WINDOWS\System32\Tasks\{CF30040C-9FBE-49D9-A5C5-4015AF77EDE5}
C:\WINDOWS\System32\Tasks\PDVDServ12 Task
C:\WINDOWS\System32\Tasks\NCH Software
C:\WINDOWS\System32\Tasks\Lenovo
C:\Users\Doneff Family\Downloads\Unconfirmed 771153.crdownload
C:\ProgramData\{64B8A1DB-EEFA-2B1D-683C-B55FF27E3E91}
C:\Users\Doneff Family\AppData\Roaming\Nutetorapam
C:\ProgramData\DP45977C.lfl
Task: {0E8BDA08-32EF-4690-8150-B91DD902CD28} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-05-09] (Lenovo)
Task: {194F5E8D-4303-4411-A997-5FBE9E66BFA8} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-07-01] ()
Task: {1965A7D1-A727-4E7E-9344-622742807CB9} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {1EB42D4E-007B-43CB-9664-3D2A134DDEDC} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-07-01] (Lenovo)
Task: {2615297F-5FD4-4093-931B-A3E916E448EA} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-07-01] (Lenovo)
Task: {4BD4AA48-FEF4-49A8-BC58-2E9DBD4148DF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {5FE98310-B9E5-4755-A497-BE0F90779954} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {6599FF25-1EAA-4B2A-91D3-B64A62336FEF} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => sc control iMControllerService 128
Task: {7AFDC169-FB7D-45C7-92AF-E73656CF6EC8} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-05-20] (CyberLink Corp.)
Task: {8F0B0A34-036A-4CB6-A21F-38E634ADAD3B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-11] (Adobe Systems Incorporated)
Task: {A7E1474D-32D6-4476-B8BF-3221576DF40E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A8D25BD1-7FA8-4E8B-8627-35C255E26722} - System32\Tasks\{CF30040C-9FBE-49D9-A5C5-4015AF77EDE5} => pcalua.exe -a "C:\Users\Doneff Family\AppData\Local\{0DFA3BA6-2952-571E-44CA-72F660A28E6E}\uninst.exe" -c -P=/Uninstall /s /noun /DelSelfDir
Task: {B74F12EE-CB52-45F4-82C3-5364AB85A6EA} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {C32DB398-26A6-4B9D-B2BA-603AD43E9FE0} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-07-01] ()
Task: {EF50169E-970A-4898-A519-54FC369BBE49} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {FA7F888E-1C02-41B7-9EDE-FA5B3721D918} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [2015-07-10] (Lenovo)
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
CMD: ipconfig /flushdns
reboot:
end

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_DDF34A59040FF57D719F4EF1CA2787C3 => value not found.
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 17.3.6799.0327\amd64 => value not found.
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 17.3.6799.0327 => value not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\Wow6432Node\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
HKCR\PROTOCOLS\Handler\gopher => key not found.
HKCR\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b} => key not found.
HKCR\PROTOCOLS\Filter\deflate => key not found.
HKCR\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
HKCR\PROTOCOLS\Filter\gzip => key not found.
HKCR\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
HKCR\PROTOCOLS\Filter\lzdhtml => key not found.
HKCR\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble\ => moved successfully
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flaebdjmginmegnogohmmnofgknehnno => moved successfully
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh => moved successfully
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => moved successfully
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => not found
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\daanglpcpkjjlkhcbladppjphglbigam => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key not found.
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully
xhunter1 => service removed successfully
HKLM\System\CurrentControlSet\Services\xspirit => key removed successfully
xspirit => service removed successfully
C:\WINDOWS\xhunter1.sys => moved successfully
C:\WINDOWS\xspirit.sys => moved successfully
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 => moved successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier => moved successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => moved successfully
C:\WINDOWS\System32\Tasks\{CF30040C-9FBE-49D9-A5C5-4015AF77EDE5} => moved successfully
C:\WINDOWS\System32\Tasks\PDVDServ12 Task => moved successfully
C:\WINDOWS\System32\Tasks\NCH Software => moved successfully
C:\WINDOWS\System32\Tasks\Lenovo => moved successfully
C:\Users\Doneff Family\Downloads\Unconfirmed 771153.crdownload => moved successfully
C:\ProgramData\{64B8A1DB-EEFA-2B1D-683C-B55FF27E3E91} => moved successfully
C:\Users\Doneff Family\AppData\Roaming\Nutetorapam => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E8BDA08-32EF-4690-8150-B91DD902CD28} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E8BDA08-32EF-4690-8150-B91DD902CD28} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Experience Improvement => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Experience Improvement => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{194F5E8D-4303-4411-A997-5FBE9E66BFA8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{194F5E8D-4303-4411-A997-5FBE9E66BFA8} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\LSC\LSCHardwareScanPostpone => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1965A7D1-A727-4E7E-9344-622742807CB9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1965A7D1-A727-4E7E-9344-622742807CB9} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\PLA\LSC Memory => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA\LSC Memory => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1EB42D4E-007B-43CB-9664-3D2A134DDEDC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EB42D4E-007B-43CB-9664-3D2A134DDEDC} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Solution Center Launcher => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Solution Center Launcher => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2615297F-5FD4-4093-931B-A3E916E448EA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2615297F-5FD4-4093-931B-A3E916E448EA} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\LSC\Lenovo Solution Center Notifications => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4BD4AA48-FEF4-49A8-BC58-2E9DBD4148DF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BD4AA48-FEF4-49A8-BC58-2E9DBD4148DF} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FE98310-B9E5-4755-A497-BE0F90779954} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FE98310-B9E5-4755-A497-BE0F90779954} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6599FF25-1EAA-4B2A-91D3-B64A62336FEF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6599FF25-1EAA-4B2A-91D3-B64A62336FEF} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AFDC169-FB7D-45C7-92AF-E73656CF6EC8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFDC169-FB7D-45C7-92AF-E73656CF6EC8} => key removed successfully
C:\WINDOWS\System32\Tasks\PDVDServ12 Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PDVDServ12 Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F0B0A34-036A-4CB6-A21F-38E634ADAD3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F0B0A34-036A-4CB6-A21F-38E634ADAD3B} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7E1474D-32D6-4476-B8BF-3221576DF40E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7E1474D-32D6-4476-B8BF-3221576DF40E} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8D25BD1-7FA8-4E8B-8627-35C255E26722} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8D25BD1-7FA8-4E8B-8627-35C255E26722} => key removed successfully
C:\WINDOWS\System32\Tasks\{CF30040C-9FBE-49D9-A5C5-4015AF77EDE5} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CF30040C-9FBE-49D9-A5C5-4015AF77EDE5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B74F12EE-CB52-45F4-82C3-5364AB85A6EA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B74F12EE-CB52-45F4-82C3-5364AB85A6EA} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\REACHit Agent Startup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\REACHit Agent Startup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C32DB398-26A6-4B9D-B2BA-603AD43E9FE0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C32DB398-26A6-4B9D-B2BA-603AD43E9FE0} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\LSC\LSCHardwareScan => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\LSC\LSCHardwareScan => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF50169E-970A-4898-A519-54FC369BBE49} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF50169E-970A-4898-A519-54FC369BBE49} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\REACHit Agent Update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\REACHit Agent Update => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA7F888E-1C02-41B7-9EDE-FA5B3721D918} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA7F888E-1C02-41B7-9EDE-FA5B3721D918} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\QuickOptimizer => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\QuickOptimizer => key removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-113026621-1705679920-3439515112-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state On =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14965098 B
Java, Flash, Steam htmlcache => 690477972 B
Windows/system/drivers => 1503563 B
Edge => 580390015 B
Chrome => 2095540827 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4102 B
NetworkService => 138061080 B
Doneff Family => 100346766 B

RecycleBin => 883 B
EmptyTemp: => 3.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:34:05 ====


RogueKiller V12.10.10.0 (x64) [May 22 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Doneff Family [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 05/24/2017 18:17:04 (Duration : 00:22:57)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[Tr.Gen] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UpdateAgentService (C:\Program Files\update\UpdateAgent.exe) -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e6e4a17a-d400-42d1-acf0-634be7a09268} | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X]) -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Tr.Gen][Folder] C:\Program Files\update -> Deleted
[Tr.Gen][File] C:\Program Files\update\msvcm90.dll -> Deleted
[Tr.Gen][File] C:\Program Files\update\msvcp90.dll -> Deleted
[Tr.Gen][File] C:\Program Files\update\msvcr90.dll -> Deleted
[Tr.Gen][File] C:\Program Files\update\reaper.dll -> Deleted
[Tr.Gen][File] C:\Program Files\update\run.bat -> Deleted
[Tr.Gen][File] C:\Program Files\update\ua.log -> Deleted
[Tr.Gen][File] C:\Program Files\update\UpdateAgent.exe -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.4loot.com/] -> Not selected
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [http://www.forsyth.cc/library/|http://co-davidson-nc.beta.libguides.com/lexingtonpubliclibrary] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] ce72b05d37d96c5a7c152999e6eaedf1
[BSP] 62b7f321b219208eac246c5e77b206b7 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 921260 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1887537152 | Size: 1000 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1889585152 | Size: 30720 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1952499712 | Size: 500 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] d6f4c328bfe13e036b6e0982f8a5c63f
[BSP] a41170e66910ca5b7ad7aff948443128 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 57275 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

Attachments

  • Addition.txt
    33.1 KB · Views: 12
  • Fixlog.txt
    23.1 KB · Views: 10
  • FRST.txt
    79.8 KB · Views: 10
  • JRT.txt
    563 bytes · Views: 13
  • rk_3DC.tmp.txt
    4.1 KB · Views: 11
  • rk_55B3.tmp.txt
    7.4 KB · Views: 12
Last edited by a moderator:
#11
Eliminate restrictive settings with this tool.
  • Temporarily disable your antivirus --- Your antivirus may flag this tool as malware, it is safe to run I assure you.
  • Download SupRestric.exe save to your desktop.
  • Close all running programs.
  • Double click the file to launch it.
  • Windows: 7/8/10 Vista and run as administrator
  • Click Yes at any prompt.
  • The analysis takes only a few moments.
  • The report is on the desktop ( CTR.txt )
  • Copy paste report in next reply.
  • A reboot is needed to complete the repairs.

HijackThis.


1- Please Click HERE to download HijackThis. -- Unzip to your desktop.
2- Right click run as admin.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

ZHP Diag Scan


Download ZHP Diag to your desktop.


1. Right Click Run as Admin.

2. Click the Options button.

Click on Check All
Then Click Validate
Then click close.

upload_2017-4-26_17-16-39-png.2074





2. Click the Scanner button.

upload_2017-2-23_3-32-26-png.1647



When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.
 
#14
Report Restricted to Pierre13 (CTR version 2.5.0.0) of 24 \ 05 \ 2017 at 23:26:14
PC of Doneff Family
Microsoft Windows 10 Home (64-bit) [10.0.15063]

Repair error 2203 performed.

Control presence restrictions

[TROJ_POWELIKS.B] feature_browser_emulation key deleted.
[BKDR_BLACKEN.A] key DisableFirstRunCustomize deleted.
[BKDR_BLACKEN.A] key WarnOnClose corrected.
Authorization installation Java (x86) deleted.
Authorization installation Java (x64) deleted.
Restriction Display Recent documents deleted.
Restriction Display Documents deleted.
Restriction Synchronization Background Information Streams and Web Slices Removed.
Restriction discovery of RSS feeds and Web Slices deleted.
Numeric keypad active.
User Restriction for Windows Installer Removed.
Windows Update Configuration Reverted.
Windows Firewall service enabled.
Windows Firewall settings restored by default and enabled.

240 controlled restrictions.

13 restriction (s) repaired.
Reboot the PC to take the repair (s) into account.


The report is on the desktop (C: \ Users \ Doneff Family \ Desktop \ CTR.txt)


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:27:58 PM, on 5/24/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0000)


Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\SysWOW64\UMonit64.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Users\Doneff Family\Desktop\ZHPDiag3.exe
C:\Users\Doneff Family\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background --restore-last-session
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent --restore-last-session
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" --restore-last-session
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: System Interface Foundation Service (ImControllerService) - Unknown owner - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LenovoPortalService - Unknown owner - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: ShareItSvc - SHAREit Technologies Co.Ltd - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12622 bytes
~ ZHPDiag v2017.5.21.84 By Nicolas Coolman (2017/05/21)
~ Run by Doneff Family (Administrator) (2017/05/24 23:26:36)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Doneff Family\Desktop\ZHPDiag.txt
~ Report: C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Home, 64-bit (Build 15063) =>.Microsoft Corporation

---\\ Internet Browsers (2) - 0s
~ GCIE: Google Chrome v58.0.3029.110
~ MSIE: Internet Explorer v11.296.15063.0

---\\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
System - VBScript Engine not found
Windows Automatic Updates : OK

---\\ System protection software (2) - 1s
Avast Internet Security v17.4.2294 (Protection)
Windows Defender (Deactivate)

---\\ Surveillance software (2) - 1s
~ Adobe Flash Player 25 PPAPI (Surveillance)
~ Adobe Acrobat Reader DC (Surveillance)

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 12529.86 MB (81% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 776 GB (84%) free of 921 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: DESKTOP-DOB72OG
~ User Name: Doneff Family
~ Logged in as Administrator

---\\ Enumeration of the disk units (2) - 0s
~ Drive C: has 776 GB free of 921 GB (System)
~ Drive F: has 6 GB free of 57 GB

---\\ State of the Windows Security Center (7) - 1s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (24) - 1s
[MD5.6314A1E16B2B6D2E0E3FE65C9BA7BD73] - 18/05/2017 - (.Microsoft Corporation - Windows Explorer.) -- C:\WINDOWS\Explorer.exe [4848440] =>.Microsoft Windows®
[MD5.ECB702B8C5650381C0784F1EEABB97BC] - 18/03/2017 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\WINDOWS\System32\rundll32.exe [68608] =>.Microsoft Corporation
[MD5.9A4BA96E87A1FD69381249557BDE2BF0] - 18/03/2017 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\WINDOWS\System32\Wininit.exe [318232] =>.Microsoft Windows Publisher®
[MD5.2B1361AFBF330AF9A652A336EE77CBCB] - 18/05/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\WINDOWS\System32\wininet.dll [3307008] =>.Microsoft Corporation
[MD5.D0F1FB0E90BFBD14865B770E2567BE1D] - 18/05/2017 - (.Microsoft Corporation - Windows Logon Application.) -- C:\WINDOWS\System32\Winlogon.exe [707072] =>.Microsoft Corporation
[MD5.50CDF68A8EA8A2A9165CD573FA6C42D8] - 18/03/2017 - (.Microsoft Corporation - Software Licensing Library.) -- C:\WINDOWS\System32\sppcomapi.dll [414208] =>.Microsoft Corporation
[MD5.0F9FA6A2D4EAE50393DCE473759A9845] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\System32\dnsapi.dll [661224] =>.Microsoft Windows®
[MD5.3F969D5ADEAB3284ABD500B37D74A8F8] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\Syswow64\dnsapi.dll [508344] =>.Microsoft Windows®
[MD5.AC1928C2F7505BD556C552F153B062AB] - 18/03/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\WINDOWS\System32\drivers\AFD.sys [610712] =>.Microsoft Windows®
[MD5.01733BEEE02E51F712330D5909BD701C] - 18/03/2017 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\WINDOWS\System32\drivers\atapi.sys [29088] =>.Microsoft Windows®
[MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - 18/03/2017 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\WINDOWS\System32\drivers\Cdfs.sys [93184] =>.Microsoft Corporation
[MD5.ABE77AD954BC3D72F559CF0C381E50BC] - 18/03/2017 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\WINDOWS\System32\drivers\Cdrom.sys [160256] =>.Microsoft Corporation
[MD5.185A4519B7764F4DEF714D890A7A9FD2] - 18/03/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\WINDOWS\System32\drivers\DfsC.sys [150528] =>.Microsoft Corporation
[MD5.DD1A6F4998E7E21564FA9BAFE21C87ED] - 18/03/2017 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\WINDOWS\System32\drivers\HDAudBus.sys [86528] =>.Microsoft Corporation
[MD5.C6C8315E3262FAE460529C6DA2951682] - 18/03/2017 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\WINDOWS\System32\drivers\i8042prt.sys [115200] =>.Microsoft Corporation
[MD5.DCC05E5EAA580C97F13B434FAFACED85] - 18/03/2017 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\drivers\IpNat.sys [214528] =>.Microsoft Corporation
[MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - 18/03/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\WINDOWS\System32\drivers\MRxSmb.sys [467352] =>.Microsoft Windows®
[MD5.30C2F67EC84EB11B22011620107E0325] - 18/03/2017 - (.Microsoft Corporation - MBT Transport driver.) -- C:\WINDOWS\System32\drivers\netBT.sys [305152] =>.Microsoft Corporation
[MD5.731FD52461C8107E5B19B9AEDBB82BFB] - 18/03/2017 - (.Microsoft Corporation - NT File System Driver.) -- C:\WINDOWS\System32\drivers\ntfs.sys [2328480] =>.Microsoft Windows®
[MD5.2CC6C325B271C7CA60F374F8F868CB45] - 18/03/2017 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\WINDOWS\System32\drivers\Parport.sys [97792] =>.Microsoft Corporation
[MD5.5279EC98F6218D29EADDFECCC0D80E9A] - 18/03/2017 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [107008] =>.Microsoft Corporation
[MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - 18/03/2017 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\WINDOWS\System32\drivers\rdpdr.sys [183296] =>.Microsoft Corporation
[MD5.2540384EF2EEE5BE930E3FB1061395DC] - 18/03/2017 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\WINDOWS\System32\drivers\tdx.sys [120224] =>.Microsoft Windows®
[MD5.E3429DBBEA3965BB96E24B16EF4A2551] - 18/03/2017 - (.Microsoft Corporation - Volume Shadow Copy driver.) -- C:\WINDOWS\System32\drivers\volsnap.sys [397216] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (15) - 1s
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) . (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe =>.Adobe Systems Incorporated®
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - Avast Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
O23 - Service: Avast Firewall Service (avast! Firewall) . (.AVAST Software - Avast firewall service.) - C:\Program Files\AVAST Software\Avast\afwServ.exe =>.AVAST Software s.r.o.®
O23 - Service: FastbootService (FastbootService) . (.Lenovo - RapidBoot HDD Accelerator Service.) - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe =>.Lenovo
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Rapid Storage Technology®
O23 - Service: System Interface Foundation Service (ImControllerService) . (.Copyright © 2015 - Lenovo.Modern.ImController.) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe =>.LENOVO®
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) . (...) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe =>.Intel Corporation
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O23 - Service: JME Keyboard Driver (JME Keyboard) . (...) - C:\Windows\jmesoft\Service.exe =>.JMESoft
O23 - Service: LenovoPortalService (LenovoPortalService) . (.Copyright © 2012 - LenovoPortalService.) - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe =>.LENOVO®
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Intel(R) Local Management Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O23 - Service: Malwarebytes Service (MBAMService) . (.Malwarebytes - Malwarebytes Service.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe =>.NVIDIA Corporation®

---\\ Services not Microsoft (SR=Run, SS=Stop) (23) - 20s
SR - Auto [25/04/2017] [ 83056] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
SS - Demand [11/05/2017] [ 271864] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SR - Auto [27/02/2017] [ 2227312] Adobe Genuine Software Integrity Service (AGSService) . (.Adobe Systems, Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe =>.Adobe Systems Incorporated®
SS - Demand [09/05/2017] [ 7346208] aswbIDSAgent (aswbIDSAgent) . (.AVAST Software s.r.o..) - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe =>.AVAST Software s.r.o.®
SR - Auto [09/05/2017] [ 263304] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
SR - Auto [09/05/2017] [ 310496] Avast Firewall Service (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe =>.AVAST Software s.r.o.®
SR - Auto [08/09/2015] [ 288768] FastbootService (FastbootService) . (.Lenovo.) - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe =>.Lenovo
SS - Auto [14/06/2016] [ 154440] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [14/06/2016] [ 154440] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Auto [23/06/2015] [ 18856] Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Rapid Storage Technology®
SS - Auto [16/07/2015] [ 30624] System Interface Foundation Service (ImControllerService) . (.Copyright © 2015.) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe =>.LENOVO®
SS - Demand [22/05/2015] [ 881152] Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe =>.Intel® Trusted Connect Service®
SR - Demand [19/05/2015] [ 335872] Intel(R) Security Assist (Intel(R) Security Assist) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe =>.Intel Corporation
SS - Auto [19/05/2015] [ 7680] Intel(R) Security Assist Helper (isaHelperSvc) . (...) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe =>.Intel Corporation
SR - Auto [11/07/2015] [ 223520] Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
SR - Auto [16/08/2011] [ 32768] JME Keyboard Driver (JME Keyboard) . (...) - C:\Windows\jmesoft\Service.exe =>.JMESoft
SR - Auto [08/09/2015] [ 24312] LenovoPortalService (LenovoPortalService) . (.Copyright © 2012.) - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe =>.LENOVO®
SR - Auto [11/07/2015] [ 415520] Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
SS - Demand [01/07/2015] [ 271296] LSCWinService (LSCWinService) . (.Lenovo.) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe =>.LENOVO®
SR - Auto [09/05/2017] [ 4470736] Malwarebytes Service (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
SR - Auto [29/12/2016] [ 458176] NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe =>.NVIDIA Corporation®
SS - Demand [31/03/2016] [ 31704] ShareItSvc (ShareItSvc) . (.SHAREit Technologies Co.Ltd.) - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe =>.LENOVO®
SR - Demand [25/04/2017] [ 1590048] Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe =>.Valve®

---\\ Task Planned Automatically (12) - 9s
[MD5.99CE7A1C3AB82125EE3FDB446418865B] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [271864] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.866FF7A49542CDBBF7EE0FD4FD0ADC02] [APT] [Avast Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2326672] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.3B2336A8281ABE998D156B580D6FAC4F] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [7347928] (.Activate.) =>.Piriform Ltd®
[MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440] (.Activate.) =>.Google Inc®
[MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440] (.Activate.) =>.Google Inc®
[MD5.F485EE3C484D9874E9DD75E6B4FEE332] [APT] [SafeZone scheduled Autoupdate 1462830905] (.Avast Software.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe [927264] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.283E10FD63971145CC1E750FFA46180E] [APT] [AVAST Software\Avast settings backup] (.AVAST Software.) -- C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [826808] (.Activate.) =>.AVAST Software s.r.o.®
O39 - APT: Avast Emergency Update - (.AVAST Software.) -- C:\WINDOWS\System32\Tasks\Avast Emergency Update [4268] =>.AVAST Software s.r.o.®
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\WINDOWS\System32\Tasks\CCleanerSkipUAC [2218] =>.Piriform Ltd®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore [3120] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA [3344] =>.Google Inc®
O39 - APT: SafeZone scheduled Autoupdate 1462830905 - (.Avast Software.) -- C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1462830905 [3370] =>.AVAST Software s.r.o.®

---\\ Auto loading programs from Registry and folders (23) - 0s
O4 - HKLM\..\Run: [SecurityHealth] . (.Microsoft Corporation - Windows Defender notification icon.) -- C:\Program Files\Windows Defender\MSASCuiL.exe =>.Microsoft Windows®
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM\..\Run: [RtHDVBg_LENOVO_MICPKEY] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe =>.Intel Corporation
O4 - HKLM\..\Run: [UMonit] . (.Copyright (C) 2008 - ChangeIcon MFC Application.) -- C:\Windows\SysWOW64\UMonit64.exe =>.Microsoft Windows Hardware Compatibility Publisher®
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated®
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - AvLaunch component.) -- C:\Program Files\AVAST Software\Avast\AvLaunch.exe =>.AVAST Software s.r.o.®
O4 - HKLM\..\Run: [Malwarebytes TrayApp] . (.Malwarebytes - Malwarebytes Tray Application.) -- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe =>.Malwarebytes Corporation®
O4 - HKCU\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] . (.Adobe Systems Incorporated - Adobe Collaboration Synchronizer 17.9.) -- C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe =>.Adobe Systems, Incorporated®
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe =>.CyberLink®
O4 - HKLM\..\Wow6432Node\Run: [jmekey] . (.Lenovo - Lenovo Black Silk USB Keyboard.) -- C:\Windows\jmesoft\hotkey.exe =>.Lenovo
O4 - HKLM\..\Wow6432Node\Run: [jmesoft] . (...) -- C:\Windows\jmesoft\ServiceLoader.exe =>.Lenovo Group Limited
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe =>.CyberLink®
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe =>.Adobe Systems, Incorporated®
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-21-113026621-1705679920-3439515112-1001\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-21-113026621-1705679920-3439515112-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKUS\S-1-5-21-113026621-1705679920-3439515112-1001\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - HKUS\S-1-5-21-113026621-1705679920-3439515112-1001\..\Run: [Adobe Acrobat Synchronizer] . (.Adobe Systems Incorporated - Adobe Collaboration Synchronizer 17.9.) -- C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe =>.Adobe Systems, Incorporated®

---\\ Process running (30) - 2s
[MD5.8D6BA8E7676038A27FD4ECF12CC744B0] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83056] [PID.3168] =>.Adobe Systems, Incorporated®
[MD5.E2CFDA7E9606FD5ECAB93E4817414661] - (...) -- C:\Windows\jmesoft\Service.exe [32768] [PID.3248] =>.JMESoft
[MD5.B09F2F6281571FBA7387164DE91A24E2] - (.Copyright © 2012 - LenovoPortalService.) -- C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312] [PID.4104] =>.LENOVO®
[MD5.2328568EE63439A4A11F9DC0692E5527] - (.NVIDIA Corporation - NVIDIA Container.) -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176] [PID.4140] =>.NVIDIA Corporation®
[MD5.CD4546A3ECA0DD8534A6097DF7C2028E] - (.Lenovo - RapidBoot HDD Accelerator Service.) -- C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768] [PID.4208] =>.Lenovo
[MD5.A32EA26C90A47B2BC93D7B0B94994B11] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312] [PID.4236] =>.Adobe Systems Incorporated®
[MD5.D76E56108E6482905D3FAEA0649919E4] - (.Malwarebytes - Malwarebytes Service.) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736] [PID.4388] =>.Malwarebytes Corporation®
[MD5.93A49F8ECC625EE8FD3BFC3C5FEB8D47] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [1285568] [PID.5060] =>.NVIDIA Corporation®
[MD5.5602FF42444B4991E69C62E493BDAEC4] - (.Malwarebytes - Malwarebytes Tray Application.) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704] [PID.9112] =>.Malwarebytes Corporation®
[MD5.C96ABFB05F21F50FE06C5995AD707F75] - (...) -- C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe [74752] [PID.3340] =>.Skype Technologies
[MD5.5E22E4A24B7F269A7483F346FCE83B15] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16412952] [PID.4816] =>.Realtek Semiconductor Corp®
[MD5.C22B91B0326ED4B288920B3D849B1E9A] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1413384] [PID.5368] =>.Realtek Semiconductor Corp®
[MD5.33E6E5822E22A5E1DEA523C06155FD07] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe [288848] [PID.436] =>.Google Inc®
[MD5.EDBD0648A97D4485E24F21C50F9FCB49] - (.Copyright (C) 2008 - ChangeIcon MFC Application.) -- C:\Windows\SysWOW64\UMonit64.exe [53832] [PID.5676] =>.Microsoft Windows Hardware Compatibility Publisher®
[MD5.8FE697AB8A4C28D79C1CDB97C6FB1A17] - (.AVAST Software - Avast Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [8470464] [PID.5860] =>.AVAST Software s.r.o.®
[MD5.3F218819210022E0D585957FB155D4A3] - (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe [3019552] [PID.5904] =>.Valve®
[MD5.3F6B014280D8A98ACC323BB28CA5BCA7] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe [9363672] [PID.8160] =>.Piriform Ltd®
[MD5.27BEAF3F308ED2276F3863C2F2597556] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe [366672] [PID.7400] =>.Google Inc®
[MD5.0B427D9943C838620AFA30CBB24A6D77] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720] [PID.6512] =>.CyberLink®
[MD5.17716C3DD52BF815291D80FAAF329AC7] - (.Lenovo - Lenovo Black Silk USB Keyboard.) -- C:\Windows\jmesoft\hotkey.exe [118784] [PID.2020] =>.Lenovo
[MD5.612354D351683C76C5728A5A9A858090] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe [1870928] [PID.7932] =>.Adobe Systems, Incorporated®
[MD5.CB0B43F1D326AFFA5AA54954B2001233] - (.版权所有 (C) 2011 - Lenovo_LOAD.) -- C:\Windows\jmesoft\JME_LOAD.exe [24576] [PID.6840]
[MD5.34DDAAA25080F42F38575F7872CFFB82] - (.Valve Corporation - Steam Client WebHelper.) -- C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [2190624] [PID.2200] =>.Valve®
[MD5.C8DC0C34715627ABF7A265ED27D1F75A] - (.Valve Corporation - Steam Client Service.) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe [1590048] [PID.3136] =>.Valve®
[MD5.DE70C5C10803C700DC1CFDE2D5CF207A] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520] [PID.2472] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
[MD5.1CE3A27B6B0658F4242AB2DECE69704E] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [415520] [PID.6728] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
[MD5.8F9FC35D5BF32D39B26ECAE4052E3D62] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472] [PID.9916] =>.Intel Corporation - Rapid Storage Technology®
[MD5.8213094EA736A9C575AB0E22AD09B0BA] - (.Intel Corporation - Intel(R) Security Assist.) -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872] [PID.9844] =>.Intel Corporation
[MD5.7FF7826FC27B9DBAF53098DBA207845C] - (...) -- C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1302.0_x64__8wekyb3d8bbwe\Calculator.exe [3982336] [PID.6740] =>.Microsoft Corporation
[MD5.6C88188108262E1C54DBECBF1D82C710] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Doneff Family\Desktop\ZHPDiag3.exe [2731520] [PID.2808] =>.Nicolas Coolman

---\\ Google Chrome, Start,Search,Extensions (20) - 0s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://windstream.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://bs.serving-sys.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://se.monetate.net
G0 - GCSP: Preferences [User Data\Default][HomePage] http://secure-ds.serving-sys.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://vt.myvisualiq.net
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.windstream.com
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.google.com/ =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [lgblnfidahcdcjddiepkckcfdhpknnjh]
G2 - GCE: Preference [User Data\Default] [nmkinhboiljjkhaknpaeaicmdjhagpep] F.B.(FluffBusting)Purity
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pifnaclcibjejklkfjegfcbagcdkidim] Gir Theme
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

---\\ Internet Explorer Extensions, Start, Search (17) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com =>.Google Inc.
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com =>.Lenovo Group Limited
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

---\\ Internet Explorer, Proxy Management (3) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)

---\\ Browser Helper Object (BHO) (4) - 0s
O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} (.Orphan.)
O2 - BHO: Adobe Acrobat Create PDF Helper [64Bits] - {AE7CD045-E861-484f-8273-0445EE161910} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll =>.Adobe Systems, Incorporated®
O2 - BHO: Microsoft OneDrive for Business Browser Helper [64Bits] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} (.Orphan.)
O2 - BHO: SmartSelect [64Bits] - {F4971EE7-DAA0-4053-9964-665D8EE6A077} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll =>.Adobe Systems, Incorporated®

---\\ Global shortcuts Startup (67) - 2s
O4 - GS\Desktop [Administrator]: Aion.lnk . (.NCSOFT Corporation - NCLauncher.) C:\Program Files (x86)\NCWest\NCLauncher\NCLauncher.exe /LauncherID:"NCWest" /CompanyID:"12" /GameID:"AION" /LUpdateAddr:"updater.nclauncher.ncsoft.com" {366C2B10328E277287161D1967E68BB5} =>.NCSOFT Corporation
O4 - GS\Desktop [Administrator]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
O4 - GS\Desktop [Administrator]: Fonts - Shortcut.lnk . (...) C:\Windows\Fonts
O4 - GS\Desktop [Administrator]: Tennafa - Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Default" =>.Google Inc®
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - GS\Desktop [Doneff Family]: Aion.lnk . (.NCSOFT Corporation - NCLauncher.) C:\Program Files (x86)\NCWest\NCLauncher\NCLauncher.exe /LauncherID:"NCWest" /CompanyID:"12" /GameID:"AION" /LUpdateAddr:"updater.nclauncher.ncsoft.com" {366C2B10328E277287161D1967E68BB5} =>.NCSOFT Corporation
O4 - GS\Desktop [Doneff Family]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
O4 - GS\Desktop [Doneff Family]: Fonts - Shortcut.lnk . (...) C:\Windows\Fonts
O4 - GS\Desktop [Doneff Family]: Tennafa - Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Default" =>.Google Inc®
O4 - GS\Desktop [Doneff Family]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Doneff Family]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [Doneff Family]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Doneff Family]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Doneff Family]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Doneff Family]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Doneff Family]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - GS\Desktop [Guest]: Aion.lnk . (.NCSOFT Corporation - NCLauncher.) C:\Program Files (x86)\NCWest\NCLauncher\NCLauncher.exe /LauncherID:"NCWest" /CompanyID:"12" /GameID:"AION" /LUpdateAddr:"updater.nclauncher.ncsoft.com" {366C2B10328E277287161D1967E68BB5} =>.NCSOFT Corporation
O4 - GS\Desktop [Guest]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
O4 - GS\Desktop [Guest]: Fonts - Shortcut.lnk . (...) C:\Windows\Fonts
O4 - GS\Desktop [Guest]: Tennafa - Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Default" =>.Google Inc®
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - GS\CommonDesktop [Public]: e-Sword.lnk . (.Rick Meyers - e-Sword.exe.) C:\Program Files (x86)\e-Sword\e-Sword.exe
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: REACHit.lnk . (.Lenovo - REACHit Agent.) C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe =>.LENOVO®
O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Access 2016.lnk . (.Microsoft Corporation - Microsoft Access.) C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.) C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico =>.Flexera Software LLC
O4 - GS\ProgramsCommon [Public]: Adobe Acrobat DC.lnk . (.Flexera Software LLC - InstallShield.) C:\WINDOWS\Installer\{AC76BA86-1033-FFFF-7760-0C0F074E4100}\_SC_Acrobat.ico =>.Flexera Software LLC
O4 - GS\ProgramsCommon [Public]: Adobe Acrobat Distiller DC.lnk . (.Adobe Systems Incorporated. - Acrobat Distiller.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrodist.exe =>.Adobe Systems, Incorporated®
O4 - GS\ProgramsCommon [Public]: Avast Internet Security.lnk . (.AVAST Software - Avast Antivirus.) C:\Program Files\AVAST Software\Avast\avastui.exe =>.AVAST Software s.r.o.®
O4 - GS\ProgramsCommon [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\ProgramsCommon [Public]: Excel 2016.lnk . (.Microsoft Corporation - Microsoft Excel.) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: OneNote 2016.lnk . (.Microsoft Corporation - Microsoft OneNote.) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Outlook 2016.lnk . (.Microsoft Corporation - Microsoft Outlook.) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: PowerPoint 2016.lnk . (.Microsoft Corporation - Microsoft PowerPoint.) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Publisher 2016.lnk . (.Microsoft Corporation - Microsoft Publisher.) C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Word 2016.lnk . (.Microsoft Corporation - Microsoft Word.) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation®

---\\ Lop.com/Domain Hijackers (2) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 =>.USA Rochester Time Warner Cable Internet LlC
O17 - HKLM\System\CCS\Services\Tcpip\..\{e6e4a17a-d400-42d1-acf0-634be7a09268}: DhcpNameServer = 209.18.47.61 209.18.47.62 =>.USA Rochester Time Warner Cable Internet LlC

---\\ Extra protocols (26) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\SysWOW64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: mso-minsb-roaming.16 [64Bits] - {83C25742-A9F7-49FB-9138-434302C88D07} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: mso-minsb.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: osf-roaming.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: osf.16 [64Bits] - {5504BE45-A83B-4808-900A-3A5C36E7F77A} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation

---\\ Software installed (81) - 4s
O42 - Logiciel: Adobe Acrobat DC - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-1033-FFFF-7760-0C0F074E4100} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Acrobat Reader DC - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1033-7B44-AC0F074E4100} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Flash Player 25 PPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player PPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-0804-1033-1959-001824225037} =>.Adobe Systems Incorporated
O42 - Logiciel: Aion - (.NC Interactive, LLC.) [HKLM][64Bits] -- {B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB} =>.NC Interactive, LLC
O42 - Logiciel: Avast Internet Security - (.AVAST Software.) [HKLM][64Bits] -- Avast Antivirus =>.AVAST Software s.r.o.®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {AF312B06-5C5C-468E-89B3-BE6DE2645722} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F} =>.Cisco Systems, Inc.
O42 - Logiciel: Components - (.Lenovo.) [HKLM][64Bits] -- {1720B0E0-C520-43A6-B677-97A1D80F3B99} =>.Lenovo
O42 - Logiciel: Driver and Application Installation - (.Lenovo.) [HKLM][64Bits] -- {6EC299C6-074C-4529-8D5F-2798584BB27B} =>.LENOVO®
O42 - Logiciel: Elsword version v6.1221.1.1 - (.KOGGAMES.) [HKLM][64Bits] -- {E655DDFC-24DB-4FC3-8474-271E911309B4}_is1 {009A7691257184F608}
O42 - Logiciel: e-Sword - (.Rick Meyers.) [HKLM][64Bits] -- {463178C4-E707-41EE-BE8A-080C62BF526D}
O42 - Logiciel: Genesys USB Mass Storage Device - (.Genesys Logic.) [HKLM][64Bits] -- {959B7F35-2819-40C5-A0CD-3C53B5FCC935} =>.Genesys Logic
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel Corporation.) [HKLM][64Bits] -- {8C91A5EB-2C62-4A6D-8802-CC79FD2ED390} =>.Intel Corporation
O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel(R) Corporation.) [HKLM][64Bits] -- {60c073df-e736-4210-9c3a-5fc2b651cef3} =>.Intel Corporation - Software and Firmware Products®
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {1CEAC85D-2590-4760-800F-8DE5E91F3700} =>.Intel Corporation
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {3D6D679B-3ECE-48DD-85D6-8ECE8D497080} =>.Intel Corporation
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {BCD55758-61DB-426D-BC56-72C9ADB2092F} =>.Intel Corporation
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {DD20EECC-5CAA-4658-B15D-2A5DCE686321} =>.Intel Corporation
O42 - Logiciel: Intel(R) ME UninstallLegacy - (.Intel Corporation.) [HKLM][64Bits] -- {D2E7A6EE-AB1A-4D68-8E1C-FFE2B4B5429B} =>.Intel Corporation
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {205AE40D-8AD7-4F29-A430-DD2168DA562D} =>.Intel Corporation
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {409CB30E-E457-4008-9B1A-ED1B9EA21140} =>.Intel Corporation
O42 - Logiciel: Intel® Security Assist - (.Intel Corporation.) [HKLM][64Bits] -- {4B230374-6475-4A73-BA6E-41015E9C5013} =>.Intel Corporation
O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] -- {7D84E343-A23D-451C-B123-0195B2D903A6} =>.Intel Corporation
O42 - Logiciel: Java 8 Update 121 - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F32180121F0} =>.Oracle Corporation
O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM][64Bits] -- {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
O42 - Logiciel: Lenovo Accelerator Application - (.Lenovo.) [HKLM][64Bits] -- {10672FE6-3D50-4F79-B0C7-A5573A5D415D} =>.LENOVO®
O42 - Logiciel: Lenovo Blacksilk USB Keyboard Driver - (.Lenovo.) [HKLM][64Bits] -- {B266E062-D6C5-485B-B426-51B152B041A6} =>.Lenovo
O42 - Logiciel: Lenovo Experience Improvement - (.Lenovo.) [HKLM][64Bits] -- LenovoExperienceImprovement =>.LENOVO®
O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] -- {40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo PowerDVD12 - (.CyberLink Corp..) [HKLM][64Bits] -- {B46BEA36-0B71-4A4E-AE41-87241643FA0A} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo PowerDVD12 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo QuickOptimizer - (.Lenovo.) [HKLM][64Bits] -- {8D2C871B-1B9F-45AC-9C43-2BB18089CDFA} =>.Lenovo
O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] -- {46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo Solution Center - (.Lenovo.) [HKLM][64Bits] -- {A5591EC4-8AD6-48EE-9F8D-FACFA8BA4E35} =>.Lenovo
O42 - Logiciel: Lenovo System Interface Foundation - (.Lenovo.) [HKLM][64Bits] -- {C2E5CA37-C862-4A69-AC6D-24F450A20C16} =>.Lenovo
O42 - Logiciel: Malwarebytes version 3.1.2.1733 - (.Malwarebytes.) [HKLM][64Bits] -- {35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1 =>.Malwarebytes Corporation®
O42 - Logiciel: Manual - (.Lenovo.) [HKLM][64Bits] -- {693F92E5-37D1-46B7-A0D6-19A74A2FD0EC} =>.LENOVO®
O42 - Logiciel: Metric Collection SDK - (.Lenovo Group Limited.) [HKLM][64Bits] -- {DDAA788F-52E6-44EA-ADB8-92837B11BF26} =>.Lenovo Group Limited
O42 - Logiciel: Metric Collection SDK 35 - (.Lenovo Group Limited.) [HKLM][64Bits] -- {C2B5B5B0-2545-4E94-B4BA-548D4BF0B196} =>.Lenovo Group Limited
O42 - Logiciel: Microsoft OneDrive - (.Microsoft Corporation.) [HKCU][64Bits] -- OneDriveSetup.exe =>.Microsoft Windows®
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: NCSOFT Game Launcher - (.NCSOFT.) [HKLM][64Bits] -- NCLauncher_NCWest =>.NCsoft Corp.®
O42 - Logiciel: NVIDIA 3D Vision Driver 376.54 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Control Panel 376.54 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Container LS - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Graphics Driver 376.54 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA HD Audio Driver 1.3.34.17 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA PhysX System Software 9.15.0428 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIAStereo =>.NVIDIA Corporation®
O42 - Logiciel: Office 16 Click-to-Run Extensibility Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0000-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Extensibility Component 64-bit Registration - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-00DD-0000-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Licensing Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008F-0000-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Localization Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: REACHit - (.Lenovo.) [HKLM][64Bits] -- {4532E4C5-C84D-4040-A044-ECFCC5C6995B} =>.Lenovo
O42 - Logiciel: REALTEK Bluetooth Filter Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {9D3D8C60-A5EF-4123-B2B9-172095903AD} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek Ethernet Controller All-In-One Windows Driver - (.Realtek.) [HKLM][64Bits] -- {F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F} =>.Realtek
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp®
O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {9DAABC60-A5EF-41FF-B2B9-17329590CD5} =>.Realtek Semiconductor Corp®
O42 - Logiciel: RogueKiller version 12.10.10.0 - (.Adlice Software.) [HKLM][64Bits] -- 8B3D7924-ED89-486B-8322-E8594065D5CB_is1 =>.Adlice®
O42 - Logiciel: SafeZone Stable 3.55.2393.596 - (.Avast Software.) [HKLM][64Bits] -- SafeZone 3.55.2393.596 =>.AVAST Software s.r.o.®
O42 - Logiciel: SHAREit - (.Lenovo.) [HKLM][64Bits] -- SHAREit_is1 =>.Lenovo
O42 - Logiciel: SoftMaker FreeOffice 2016 - (.SoftMaker Software GmbH.) [HKLM][64Bits] -- {8EBB8452-274B-465D-8324-00B0832FBB05} =>.SoftMaker Software GmbH
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] -- Steam =>.Valve®
O42 - Logiciel: Team Fortress 2 - (.Valve.) [HKLM][64Bits] -- Steam App 440 =>.Valve®
O42 - Logiciel: Wheel Of Fortune - (..) [HKLM][64Bits] -- Wheel Of Fortune
O42 - Logiciel: Windows 10 Update and Privacy Settings - (.Microsoft Corporation.) [HKLM][64Bits] -- {293F2009-0145-450B-B4AA-063D43FB368C} =>.Microsoft Corporation
O42 - Logiciel: Windows Driver Package - Genesys Logic (GeneStor) USB (07/13/2015 4.5.0.6) - (.Genesys Logic.) [HKLM][64Bits] -- AE2E6FAB44844413B4C6F53C908EACC8AFC838F0 =>.Genesys Logic
O42 - Logiciel: Windows Driver Package - NVIDIA (nvlddmkm) Display (07/22/2015 10.18.13.53 - (.NVIDIA.) [HKLM][64Bits] -- 81C36D5B443FFB6F528F76BD424D750C53ADF10E =>.NVIDIA
O42 - Logiciel: Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (04/16/2015 1.3. - (.NVIDIA Corporation.) [HKLM][64Bits] -- E1EF4D4E1E41BA85DB6DA51424B73AE1B3F0056A =>.NVIDIA Corporation
O42 - Logiciel: Windows Driver Package - Realtek (rt640x64) Net (05/05/2015 10.001.0505.20 - (.Realtek.) [HKLM][64Bits] -- 6A304520C2F25CD034E477A379C47308AA84A2DC =>.Realtek
O42 - Logiciel: Windows Driver Package - Realtek Semiconductor Corp. (RtkBtFilter) Bluetoot - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- 604A7B07184AD24892732BED4543610976632257 =>.Realtek Semiconductor Corp.
O42 - Logiciel: Windows Driver Package - Realtek Semiconductor Corp. (RTWlanE) Net (07/09/ - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- 5D078DEFD18360A7A64D38392C9F1007DC86AE23 =>.Realtek Semiconductor Corp.

---\\ HKCU & HKLM Software Keys (84) - 4s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies =>.AGEIA Technologies
HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
HKLM\SOFTWARE\Wow6432Node\Corel =>.Corel
HKLM\SOFTWARE\Wow6432Node\CyberLink =>.CyberLink Corporation
HKLM\SOFTWARE\Wow6432Node\FFOnline
HKLM\SOFTWARE\Wow6432Node\Gameforge =>.Gameforge
HKLM\SOFTWARE\Wow6432Node\Genesys Logic =>.Genesys Logic
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\Hasbro Interactive
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\kpzs
HKLM\SOFTWARE\Wow6432Node\Lake =>.Lake Sofware
HKLM\SOFTWARE\Wow6432Node\Lenovo =>.Lenovo
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\MAXSOFT-OCRON =>.Maxsoft-Ocron, Inc
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\NC Interactive, LLC =>.NC Interactive, LLC
HKLM\SOFTWARE\Wow6432Node\NCWest
HKLM\SOFTWARE\Wow6432Node\Network Associates =>.Network Associates
HKLM\SOFTWARE\Wow6432Node\NSCPID =>.NetRatings
HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.nVidia Corporation
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\PlayNC
HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\RtWLan =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\SHAREit =>.Lenovo Group Limited
HKLM\SOFTWARE\Wow6432Node\SoftMaker Software GmbH =>.SoftMaker Software GmbH
HKLM\SOFTWARE\Wow6432Node\SRS Labs =>.SRS Labs
HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\Zemi Interactive =>.Zemi Interactive
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\Aion =>.NCsoft Corporation, Ltd.
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\Blizzard Entertainment =>.Blizzard Entertainment
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\Corel =>.Corel
HKCU\SOFTWARE\CyberLink =>.CyberLink Corporation
HKCU\SOFTWARE\ElswordINT =>.ElswordINT
HKCU\SOFTWARE\Gameforge4d =>.ZemiInteractive Ltd
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\HngSync =>.Reto-Moto Aps
HKCU\SOFTWARE\INCAInternet =>.INCAInternet
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\Jasc =>.Jasc
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\lenovo =>.Lenovo
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\MakeMusic =>.MakeMusic
HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKCU\SOFTWARE\nester
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\plaync
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\SHAREit =>.Lenovo Group Limited
HKCU\SOFTWARE\SoftMaker Software GmbH =>.SoftMaker Software GmbH
HKCU\SOFTWARE\Sysinternals =>.Sysinternals
HKCU\SOFTWARE\tfdfu =>.Electronic Arts, Inc.
HKCU\SOFTWARE\TrioSeq
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\Unity =>.Unity
HKCU\SOFTWARE\Valve =>.Valve
HKCU\SOFTWARE\VB and VBA Program Settings =>.Microsoft Corporation
HKCU\SOFTWARE\Viena
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\Adobe =>.Adobe
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft

---\\ Contents of the Common Files folders (222) - 11s
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files\AVAST Software =>.AVAST Software s.r.o.®
O43 - CFD: 09/05/2016 - [] AD -- C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files\DIFX =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files\Lenovo =>.Lenovo
O43 - CFD: 23/05/2017 - [] D -- C:\Program Files\Malwarebytes =>.Malwarebytes
O43 - CFD: 12/06/2016 - [] D -- C:\Program Files\Microsoft Office 15 =>.Microsoft Corporation
O43 - CFD: 13/04/2017 - [] AD -- C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\Realtek =>.Realtek
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [] D -- C:\Program Files\RogueKiller =>.Adlice
O43 - CFD: 10/07/2015 - [0] HD -- C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 11/05/2017 - [] AD -- C:\Program Files\UNP =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Security =>.Unknow
O43 - CFD: 18/03/2017 - [] SHD -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [] HD -- C:\Program Files\WindowsApps =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 21/02/2017 - [] D -- C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files (x86)\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files (x86)\Cyberlink =>.CyberLink Corporation
O43 - CFD: 18/06/2016 - [] AD -- C:\Program Files (x86)\e-Sword
O43 - CFD: 17/05/2017 - [] D -- C:\Program Files (x86)\gamigo {3931890515635D7FF98CCCC47AF992B5} =>.gamigo
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files (x86)\Genesyslogic =>.Microsoft Windows Hardware Compatibility Publisher®
O43 - CFD: 14/06/2016 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 14/06/2016 - [] D -- C:\Program Files (x86)\GUMFE8C.tmp =>.Google Inc®
O43 - CFD: 13/02/2017 - [] D -- C:\Program Files (x86)\Hasbro Interactive =>.Hasbro Interactive
O43 - CFD: 08/06/2016 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files (x86)\Intel =>.Intel Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 23/05/2017 - [] D -- C:\Program Files (x86)\Java =>.Oracle
O43 - CFD: 20/06/2016 - [] D -- C:\Program Files (x86)\Lenovo =>.Lenovo
O43 - CFD: 14/05/2017 - [] AD -- C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 13/04/2017 - [] AD -- C:\Program Files (x86)\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 08/06/2016 - [] D -- C:\Program Files (x86)\NCSOFT =>.NCSOFT
O43 - CFD: 08/06/2016 - [] D -- C:\Program Files (x86)\NCWest =>.NCWest
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files (x86)\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 09/05/2016 - [] AD -- C:\Program Files (x86)\Realtek =>.Realtek
O43 - CFD: 09/05/2016 - [] AD -- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver =>.Realtek Semiconductor Corp.
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 16/12/2016 - [] AD -- C:\Program Files (x86)\SoftMaker FreeOffice 2016 =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [] D -- C:\Program Files (x86)\Steam =>.Steam Games
O43 - CFD: 08/09/2015 - [0] HD -- C:\Program Files (x86)\Temp =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] HD -- C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] SHD -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elsword
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasbro Interactive =>.Hasbro Interactive
O43 - CFD: 18/05/2017 - [] AD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel =>.Intel Corporation
O43 - CFD: 23/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java =>.Oracle
O43 - CFD: 18/05/2017 - [] AD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo =>.Lenovo
O43 - CFD: 18/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 23/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes =>.Malwarebytes
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT =>.NCSOFT
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest =>.NCWest
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 24/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller =>.Adlice
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker FreeOffice 2016 =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam =>.Steam Games
O43 - CFD: 18/03/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
O43 - CFD: 20/11/2016 - [] D -- C:\ProgramData\.mono =>.Legitimate
O43 - CFD: 21/02/2017 - [] D -- C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 18/05/2017 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 25/02/2017 - [] D -- C:\ProgramData\AVAST Software =>.AVAST Software
O43 - CFD: 05/11/2016 - [] D -- C:\ProgramData\Battle.net =>.Games Software
O43 - CFD: 22/12/2016 - [] D -- C:\ProgramData\boost_interprocess =>.boost.org
O43 - CFD: 16/07/2016 - [0] D -- C:\ProgramData\Comms =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\ProgramData\CyberLink =>.CyberLink Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\ProgramData\install_clap =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\ProgramData\Intel =>.Intel Corporation
O43 - CFD: 20/06/2016 - [] D -- C:\ProgramData\Lenovo =>.Lenovo
O43 - CFD: 10/11/2016 - [] D -- C:\ProgramData\MakeMusic =>.MakeMusic
O43 - CFD: 23/05/2017 - [] D -- C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 09/05/2016 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 18/05/2017 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\Microsoft OneDrive =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [] D -- C:\ProgramData\NVIDIA =>.nVidia Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 12/06/2016 - [0] D -- C:\ProgramData\Office2013 =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\ProgramData\OneKey Recovery =>.Lenovo Group Limited
O43 - CFD: 27/07/2016 - [] D -- C:\ProgramData\Oracle =>.Oracle
O43 - CFD: 04/05/2017 - [] D -- C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\ProgramData\Realtek =>.Realtek
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\regid.1986-12.com.adobe =>.Adobe Inc.
O43 - CFD: 18/05/2017 - [] AD -- C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [] D -- C:\ProgramData\RogueKiller =>.Adlice
O43 - CFD: 21/04/2017 - [] D -- C:\ProgramData\SoftMaker =>.SoftMaker
O43 - CFD: 18/03/2017 - [0] D -- C:\ProgramData\SoftwareDistribution =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [0] D -- C:\ProgramData\SWCUTemp
O43 - CFD: 09/05/2016 - [] D -- C:\ProgramData\Temp =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\ProgramData\WindowsHolographicDevices
O43 - CFD: 21/02/2017 - [] AD -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 13/04/2017 - [] D -- C:\Program Files (x86)\Common Files\AV =>.Avast
O43 - CFD: 14/05/2017 - [] AD -- C:\Program Files (x86)\Common Files\DESIGNER =>.Designer
O43 - CFD: 18/06/2016 - [] AD -- C:\Program Files (x86)\Common Files\EzTools
O43 - CFD: 23/03/2017 - [] D -- C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files (x86)\Common Files\Intel Corporation =>.Intel Corporation
O43 - CFD: 20/01/2017 - [] D -- C:\Program Files (x86)\Common Files\Java =>.Oracle
O43 - CFD: 18/05/2017 - [] AD -- C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files (x86)\Common Files\PostureAgent =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 06/05/2017 - [] D -- C:\Program Files (x86)\Common Files\Steam =>.Steam Games
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 24/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\.huntedcowcache
O43 - CFD: 20/11/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\.mono =>.Legitimate
O43 - CFD: 21/02/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 29/12/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Advanced Mario Sequencer
O43 - CFD: 24/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Audacity =>.Audacity
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\AVAST Software =>.AVAST Software
O43 - CFD: 02/06/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\FiestaOnline
O43 - CFD: 26/04/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Google =>.Google
O43 - CFD: 05/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Hecatu
O43 - CFD: 23/12/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\HeroesAndGeneralsDesktop =>.Reto-Moto
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Intel Corporation =>.Intel Corporation
O43 - CFD: 05/02/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Jasc =>.Jasc
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Lenovo =>.Lenovo
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\LSC =>.LSC
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 10/11/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\MakeMusic =>.MakeMusic
O43 - CFD: 23/05/2017 - [] SD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/11/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\NCH Software =>.NCH Software
O43 - CFD: 05/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\NVIDIA =>.nVidia Corporation
O43 - CFD: 20/11/2016 - [] AD -- C:\Users\Doneff Family\AppData\Roaming\Pokémon Trading Card Game Online =>.The Pokémon Company
O43 - CFD: 26/11/2016 - [0] D -- C:\Users\Doneff Family\AppData\Roaming\PokΘmon Trading Card Game Online
O43 - CFD: 26/08/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Skype =>.Skype
O43 - CFD: 01/02/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\SoftMaker =>.SoftMaker
O43 - CFD: 06/12/2016 - [0] D -- C:\Users\Doneff Family\AppData\Roaming\Splitscreen Studios
O43 - CFD: 13/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Sun =>.Oracle
O43 - CFD: 13/02/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\SynthFont
O43 - CFD: 24/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 09/05/2016 - [0] D -- C:\Users\Doneff Family\AppData\Local\ActiveSync =>.Microsoft Corporation
O43 - CFD: 21/02/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Adobe =>.Adobe
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Doneff Family\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 11/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Audacity =>.Audacity
O43 - CFD: 23/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\CEF =>.CEF
O43 - CFD: 14/08/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Comms =>.Microsoft Corporation
O43 - CFD: 20/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\ConnectedDevicesPlatform =>.Microsoft Corporation
O43 - CFD: 17/05/2017 - [0] D -- C:\Users\Doneff Family\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] D -- C:\Users\Doneff Family\AppData\Local\DBG =>.DBG
O43 - CFD: 08/05/2017 - [0] D -- C:\Users\Doneff Family\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 18/06/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 06/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Facebook =>.Facebook
O43 - CFD: 30/10/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Google =>.Google
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Doneff Family\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 10/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Lenovo =>.Lenovo
O43 - CFD: 18/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [0] D -- C:\Users\Doneff Family\AppData\Local\NetworkTiles =>.NetworkTiles
O43 - CFD: 18/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Packages =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Power2Go =>.Power2Go
O43 - CFD: 16/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Publishers =>.Microsoft Corporation
O43 - CFD: 20/06/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\SHAREit =>.Lenovo Group Limited
O43 - CFD: 06/07/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\speech =>.Microsoft Corporation
O43 - CFD: 19/12/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Steam =>.Steam Games
O43 - CFD: 24/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Doneff Family\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 23/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\TERA =>.Gameforge Productions GmbH
O43 - CFD: 11/08/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\TianTianData
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\TileDataLayer =>.Microsoft Corporation
O43 - CFD: 11/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\UNP =>.Microsoft Corporation
O43 - CFD: 23/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 16/05/2016 - [0] D -- C:\Users\Doneff Family\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 21/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
O43 - CFD: 18/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamigo =>.gamigo
O43 - CFD: 18/03/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 23/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam =>.Steam Games
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 24/05/2017 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\DBG =>.DBG
O43 - CFD: 19/05/2017 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation

---\\ ShellIconOverlayIdentifiers (SIOI) (8) - 0s
O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: ReadOnlyOverlayHandler Class [ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: avast [00asw] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) -- C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®
O106 - SIOI: avast [00avast] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) -- C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®

---\\ Image File Execution Options (18) - 1s
O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\\3] =>.Microsoft Windows®
O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\MRT.exe - (.Microsoft Corporation - Microsoft Windows Malicious Software Remova.) [CFGOptions\\1] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\\1118481] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\\4294967296] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\\32768] =>.Microsoft Windows Publisher®
O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation

---\\ System Drivers List (80) - 9s
O58 - SDL:2017/03/18 16:56:25 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\WINDOWS\System32\drivers\3ware.sys [107424] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\WINDOWS\System32\drivers\adp80xx.sys [1135512] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\WINDOWS\System32\drivers\amdsata.sys [83352] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\WINDOWS\System32\drivers\amdsbs.sys [259488] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\WINDOWS\System32\drivers\amdxata.sys [27040] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\WINDOWS\System32\drivers\arcsas.sys [132000] =>.Microsoft Windows®
O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) -- C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [311808] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) -- C:\WINDOWS\System32\drivers\aswbidsha.sys [190256] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software s.r.o. - Logging Driver.) -- C:\WINDOWS\System32\drivers\aswbloga.sys [334576] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software s.r.o. - Universal Driver.) -- C:\WINDOWS\System32\drivers\aswbuniva.sys [49016] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast HWID.) -- C:\WINDOWS\System32\drivers\aswHwid.sys [38296] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/05/09 17:08:56 A . (.AVAST Software - Avast Keyboard Filter Driver.) -- C:\WINDOWS\System32\drivers\aswKbd.sys [32600] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast File System Minifilter for Windows 20.) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [128648] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software - Avast Firewall Driver.) -- C:\WINDOWS\System32\drivers\aswNetSec.sys [507928] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast WFP Redirect Driver.) -- C:\WINDOWS\System32\drivers\aswRdr2.sys [101152] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast Revert.) -- C:\WINDOWS\System32\drivers\aswRvrt.sys [75704] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/05/09 17:08:56 A . (.AVAST Software - Avast Virtualization Driver.) -- C:\WINDOWS\System32\drivers\aswSnx.sys [1007160] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast self protection module.) -- C:\WINDOWS\System32\drivers\aswSP.sys [569192] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/12 17:09:39 A . (.AVAST Software - Stream Filter.) -- C:\WINDOWS\System32\drivers\aswstm.sys [158880] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast VM Monitor.) -- C:\WINDOWS\System32\drivers\aswVmm.sys [339696] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/03/18 16:56:25 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2017/03/18 16:56:23 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) -- C:\WINDOWS\System32\drivers\bxvbda.sys [533920] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) -- C:\WINDOWS\System32\drivers\cht4dx64.sys [102816] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) -- C:\WINDOWS\System32\drivers\cht4sx64.sys [347032] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) -- C:\WINDOWS\System32\drivers\cht4vx64.sys [2104224] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:23 A . (.QLogic Corporation - QLogic 10 GigE VBD.) -- C:\WINDOWS\System32\drivers\evbda.sys [3419040] =>.Microsoft Windows®
O58 - SDL:2017/05/24 19:42:17 A . (.Malwarebytes - Malwarebytes Anti-Ransomware Protection.) -- C:\WINDOWS\System32\drivers\farflt.sys [113592] =>.Malwarebytes Corporation®
O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - HDD Accelerator Driver.) -- C:\WINDOWS\System32\drivers\Fastboot.sys [67608] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - fsmon driver.) -- C:\WINDOWS\System32\drivers\FBFsmon.sys [39448] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - Network throttling driver.) -- C:\WINDOWS\System32\drivers\FBNetFlt.sys [32792] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2015/07/15 06:54:02 A . (.GenesysLogic - GeneStor.) -- C:\WINDOWS\System32\drivers\GeneStor.sys [115704] =>.GENESYS LOGIC, INC.®
O58 - SDL:2017/03/18 16:56:25 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\WINDOWS\System32\drivers\HpSAMD.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iagpio.sys [33280] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) -- C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656] =>.Intel Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504] =>.Intel Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376] =>.Intel Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448] =>.Intel Corporation
O58 - SDL:2017/03/18 16:56:23 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
O58 - SDL:2017/03/18 16:56:19 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
O58 - SDL:2015/06/23 18:58:58 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver -.) -- C:\WINDOWS\System32\drivers\iaStorA.sys [1455552] =>.Intel Corporation - Rapid Storage Technology®
O58 - SDL:2017/03/18 16:56:26 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) -- C:\WINDOWS\System32\drivers\iaStorAV.sys [673184] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\WINDOWS\System32\drivers\iaStorV.sys [412064] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - InfiniBand Fabric Bus Driver.) -- C:\WINDOWS\System32\drivers\ibbus.sys [526240] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas.sys [108960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas2i.sys [123808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas3i.sys [103328] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sss.sys [82848] =>.Microsoft Windows®
O58 - SDL:2017/05/09 16:37:58 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\mbae64.sys [77440] =>.Malwarebytes Corporation®
O58 - SDL:2017/05/24 19:42:17 A . (.Malwarebytes - Malwarebytes Real-Time Protection.) -- C:\WINDOWS\System32\drivers\mbam.sys [43968] =>.Malwarebytes Corporation®
O58 - SDL:2017/05/23 18:51:29 A . (.Malwarebytes - Malwarebytes Chameleon.) -- C:\WINDOWS\System32\drivers\MBAMChameleon.sys [187320] =>.Malwarebytes Corporation®
O58 - SDL:2017/05/24 19:42:16 A . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\megasas.sys [59808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\MegaSas2i.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\WINDOWS\System32\drivers\megasr.sys [575904] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - MLX4 Bus Driver.) -- C:\WINDOWS\System32\drivers\mlx4_bus.sys [842656] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\WINDOWS\System32\drivers\mvumis.sys [63904] =>.Microsoft Windows®
O58 - SDL:2017/05/24 19:42:17 A . (.Malwarebytes - Malwarebytes Web Protection.) -- C:\WINDOWS\System32\drivers\mwac.sys [93624] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - NetworkDirect Support Filter Driver.) -- C:\WINDOWS\System32\drivers\ndfltr.sys [108960] =>.Microsoft Windows®
O58 - SDL:2017/01/17 06:55:40 A . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\WINDOWS\System32\drivers\nvhda64v.sys [221640] =>.NVIDIA Corporation®
O58 - SDL:2017/03/18 16:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys [150432] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys [166304] =>.Microsoft Windows®
O58 - SDL:2016/02/24 04:43:34 A . (.NVIDIA Corporation - Stereoscopic 3D USB controller driver.) -- C:\WINDOWS\System32\drivers\nvstusb.sys [452240] =>.NVIDIA Corporation®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas2i.sys [58784] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas3i.sys [61848] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:26 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.40 64-bit Dri.) -- C:\WINDOWS\System32\drivers\rt640x64.sys [604160] =>.Realtek
O58 - SDL:2015/06/15 18:37:26 A . (.Realtek Semiconductor Corporation - Realtek Bluetooth Filter Driver.) -- C:\WINDOWS\System32\drivers\RtkBtfilter.sys [598784] =>.Realtek Semiconductor Corp®
O58 - SDL:2015/09/30 13:58:16 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RTKVHD64.sys [4608280] =>.Realtek Semiconductor Corp®
O58 - SDL:2017/03/18 16:56:20 A . (.Realtek Semiconductor Corporation - Realtek PCIE NDIS Driver 47528 20362.) -- C:\WINDOWS\System32\drivers\rtwlane.sys [6320640] =>.Realtek Semiconductor Corporation
O58 - SDL:2017/03/18 16:56:26 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\SDFRd.sys [31128] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid2.sys [44960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid4.sys [81824] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\WINDOWS\System32\drivers\stexstor.sys [31136] =>.Microsoft Windows®
O58 - SDL:2015/09/04 13:29:06 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [195336] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O58 - SDL:2017/05/24 18:17:04 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\TrueSight.sys [28272] =>.Adlice®
O58 - SDL:2017/03/18 16:56:25 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\WINDOWS\System32\drivers\vsmraid.sys [166816] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305568] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - Kernel WinMad.) -- C:\WINDOWS\System32\drivers\winmad.sys [32160] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - Kernel WinVerbs.) -- C:\WINDOWS\System32\drivers\winverbs.sys [64920] =>.Microsoft Windows®
O58 - SDL:2012/06/13 20:10:32 A . (."CyberLink - Cyberlink Virtual Disk Driver.) -- C:\WINDOWS\System32\drivers\wsvd.sys [102376] =>.CyberLink®

---\\ Last modified or created user files (4) - 9s
O61 - LFC: 2017/05/18 13:12:16 A . (..) -- C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin [272]
O61 - LFC: 2017/05/23 20:58:46 A . (.Trend Micro Incorporated.) -- C:\Users\Doneff Family\Desktop\Toolbox\cwshredder.exe [532480]
O61 - LFC: 2017/05/24 02:55:13 A . (.NC Interactive..) -- C:\Users\Doneff Family\Desktop\Toolbox\GameAdvisor.exe [1042736] {1592355207FA3A7D5F0292591D1BC66E}
O61 - LFC: 2017/05/21 17:51:30 A . (.TechGuy, Inc..) -- C:\Users\Doneff Family\Desktop\Toolbox\SysInfo.exe [748192] {00C786324C9D57D27F8C10069AFC5A2B2C}

---\\ File Associations Shell Spawning (10) - 1s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

---\\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\Launcher.exe =>.AVAST Software s.r.o.®
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ShowIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ReinstallCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\HideIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software

---\\ Search Browser Infection (2) - 0s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com

---\\ Search Svchost Services (47) - 0s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [303616] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\WINDOWS\System32\gpsvc.dll [1269248] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\WINDOWS\System32\ikeext.dll [934912] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\WINDOWS\System32\iphlpsvc.dll [996864] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\WINDOWS\system32\seclogon.dll [31232] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\WINDOWS\System32\appinfo.dll [138752] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\WINDOWS\system32\iscsiexe.dll [150016] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\WINDOWS\System32\eapsvc.dll [108032] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\WINDOWS\system32\schedsvc.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [221696] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [133120] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\WINDOWS\system32\profsvc.dll [413696] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\WINDOWS\System32\wercplsupport.dll [91648] =>.Microsoft Corporation
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) -- C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [199168] =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) -- C:\WINDOWS\System32\XblGameSave.dll [1135104] =>.Microsoft Corporation
O83 - Search Svchost Services: NaturalAuthentication (NaturalAuthentication) . (.Microsoft Corporation - Natural Authentication Service.) -- C:\WINDOWS\System32\NaturalAuth.dll [723968] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\WINDOWS\system32\wlidsvc.dll [2155008] =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) -- C:\WINDOWS\System32\usermgr.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) -- C:\WINDOWS\System32\XblAuthManager.dll [1013248] =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) -- C:\Windows\System32\Windows.Internal.Management.dll [536064] =>.Microsoft Corporation
O83 - Search Svchost Services: xbgm (xbgm) . (.Microsoft Corporation - Xbox Game Monitoring Service.) -- C:\WINDOWS\System32\xbgmsvc.dll [301216] =>.Microsoft Windows Publisher®
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\WINDOWS\system32\themeservice.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: TokenBroker (TokenBroker) . (.Microsoft Corporation - Token Broker.) -- C:\Windows\System32\TokenBroker.dll [1054208] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) -- C:\WINDOWS\System32\lfsvc.dll [43520] =>.Microsoft Corporation
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) -- C:\WINDOWS\System32\irmon.dll [24576] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll [104448] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll [871936] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [490496] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\System32\sens.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\System32\ipnathlp.dll [537600] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [306688] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\WINDOWS\system32\wuaueng.dll [2443776] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\WINDOWS\System32\qmgr.dll [1159680] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [612864] =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\WINDOWS\system32\dmwappushsvc.dll [55296] =>.Microsoft Corporation
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) -- C:\WINDOWS\system32\flightsettings.dll [699904] =>.Microsoft Corporation
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) -- C:\WINDOWS\system32\WpnService.dll [276480] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\WINDOWS\System32\bdesvc.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) -- C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) -- C:\WINDOWS\system32\usocore.dll [681984] =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) -- C:\WINDOWS\System32\NetSetupSvc.dll [261632] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\WINDOWS\System32\DeviceSetupManager.dll [233984] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\WINDOWS\System32\ncasvc.dll [167424] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxGipSvc (XboxGipSvc) . (.Microsoft Corporation - Xbox Gip Management Service.) -- C:\WINDOWS\System32\XboxGipSvc.dll [18944] =>.Microsoft Corporation

---\\ Additional Scan (O88) (3) - 0s
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} =>.Superfluous.Orphan
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} =>.Superfluous.Orphan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} =>.Superfluous.Orphan

---\\ Summary of the elements found (1) - 0s
~ No malicious or unnecessary items found.

~ Unselected Options: O82,
~ End of the scan, 28978 items in 01mn24s (956)(0)
 
#15
ZHP Diag Fix.


ZHP Fix
4bd9Ugb.png

  • Disable your antivirus prior to this fix!
  • Download ZHP-Fix from here.
  • UnZip it to your desktop -- Tool Here if needed.... 7-Zip
  • Install it.
  • Click Suivant 5 Times.
  • Then Installer.
  • Then Terminer.
  • Then right clcick the ZHP Fix icon Run as admin.
  • Copy the entire content of the code box below, the next step will grab it from your clipboard.
  • Then click on import.
  • Then click GO.
  • If you see any Prompts like the one below, select Oui. = Yes in French.
  • upload_2017-5-24_21-17-40-png.2248

  • Allow completion.
  • A log file will appear on your desktop.
  • Post it here in your next reply.

Code: 
Script ZhpFix
SysRestore
EmptyFlash
ProxyFix
EmptyCLSID
C:\Users\Doneff Family\AppData\Local\TianTianData
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
SS - Demand [11/05/2017] [ 271864] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKUS\S-1-5-21-113026621-1705679920-3439515112-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
G0 - GCSP: Preferences [User Data\Default][HomePage] http://windstream.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://bs.serving-sys.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://se.monetate.net
G0 - GCSP: Preferences [User Data\Default][HomePage] http://secure-ds.serving-sys.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://vt.myvisualiq.net
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.windstream.com
G2 - GCE: Preference [User Data\Default] [nmkinhboiljjkhaknpaeaicmdjhagpep] F.B.(FluffBusting)Purity
O42 - Logiciel: Lenovo Experience Improvement - (.Lenovo.) [HKLM][64Bits] -- LenovoExperienceImprovement =>.LENOVO®
HKLM\SOFTWARE\Wow6432Node\kpzs
HKCU\SOFTWARE\Chromium =>.Chromium
O43 - CFD: 14/06/2016 - [] D -- C:\Program Files (x86)\GUMFE8C.tmp =>.Google Inc®
O43 - CFD: 09/05/2016 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 06/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Facebook =>.Facebook
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\WINDOWS\system32\dmwappushsvc.dll [55296] =>.Microsoft Corporation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} =>.Superfluous.Orphan
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} =>.Superfluous.Orphan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} =>.Superfluous.Orphan
EmptyTemp



The version of HijackThis you are using is outdated, please use my link.
 
#16
Do you have any idea what this relates to?

C:\Users\Doneff Family\AppData\Local\TianTianData

Full Zemana Scan.

Zemana Deep Scan
    • Right click on Zemana and run as admin.
    • Click the Cog/Sproket Wheel, at the top right of Zemana
    • Select Advanced - I have read the warning and wish to proceed.
    • Place a tick next to Detect Suspicious (Root CA) Certificates.
    • Then click the house icon in Zemana.
    • Then hit your start button at the lower left hand corner of your desktop.
    • Then left click on Computer.
    • Drag Local Disk C: or whichever drive you decide to check first.
    • Into the area of Zemana that reads Drag and drop files here to scan them.
    • bOVO6lY.png
    • Once the scan has completed click graph icon on the top right of the programs User interface.
    • Double click to open the latest log-file.
    • Copy it to your clipboard.
    • Post the log here in your next reply.
Security Check Scan.

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
 
#19
Scan Result : Completed
Scan Date : 2017/5/25
Operating System : Windows 10 64-bit
Processor : 8X Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
BIOS Mode : UEFI
CUID : 12E0126C8F1F094BA59947
Scan Type : System Scan
Duration : 7m 23s
Scanned Objects : 93334
Detected Objects : 5
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Chrome Shortcut
Status : Scanned
Object : --profile-directory="Profile 4"
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Shortcut

Chrome Homepage
Status : Scanned
Object : http://www.4loot.com/
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Homepage

Dyna Gaming Advertising
Status : Scanned
Object : %localappdata%\google\chrome\user data\profile 1\extensions\hpkmdjomfcomfiihildoihnbhnbkbppl
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - Dyna Gaming Advertising

Game Time Party Bus Advertising
Status : Scanned
Object : %localappdata%\google\chrome\user data\profile 1\extensions\hfegnlbibfofilgojklfejikhcpekfnb
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - Game Time Party Bus Advertising

ccsetup530.exe
Status : Scanned
Object : %userprofile%\desktop\toolbox\ccsetup530.exe
MD5 : 1D8371C6AC1FC1534EB5FC89E07D4E54
Publisher : Superb Delivery (Alpha Criteria Ltd.)
Size : 1242128
Version : 0.0.0.0
Detection : Adware:Win32/AutoBulk.a92104!Ep
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\desktop\toolbox\ccsetup530.exe

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

Platform: x64 Windows 10 (Home), 10.0.15063 (ReleaseId: 1703), Service Pack: 0
Time: 25.05.2017 - 01:08
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: Doneff Family (group: Administrator) on DESKTOP-DOB72OG

Chrome: 58.0.3029.110
Edge: 11.0.15063.250
Internet Explorer: 11.0.15063.0

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
1 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
1 C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
1 C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
1 C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
1 C:\Program Files (x86)\Steam\Steam.exe
1 C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
2 C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\afwServ.exe
1 C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\Windows Defender\MSASCuiL.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1302.0_x64__8wekyb3d8bbwe\Calculator.exe
1 C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1 C:\Users\Doneff Family\Desktop\HiJackThis\HiJackThis.exe
1 C:\Users\Doneff Family\Desktop\HiJackThis\MemCompression
1 C:\Windows\SysWOW64\UMonit64.exe
1 C:\Windows\SysWOW64\ctfmon.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SystemSettingsBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
68 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
1 C:\Windows\jmesoft\JME_LOAD.exe
1 C:\Windows\jmesoft\Service.exe
1 C:\Windows\jmesoft\hotkey.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURL = http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURLFallback = http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
O2 - BHO: (no name) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O2-32 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2-32 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O2-32 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2-32 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe --restore-last-session
O4 - HKCU\..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_DDF34A59040FF57D719F4EF1CA2787C3] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [OneDrive] C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background --restore-last-session
O4 - HKCU\..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe -silent --restore-last-session
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKLM\..\Run: [UMonit] C:\Windows\SysWOW64\UMonit64.exe
O4 - HKLM\..\Run: [ZAM] C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe /minimized
O4 - HKLM\..\StartupApproved\Run32: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
O4 - HKLM\..\StartupApproved\Run32: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\StartupApproved\Run: [RtHDVBg_LENOVO_MICPKEY] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /LENOVO_MICPKEY
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4-32 - HKLM\..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe
O4-32 - HKLM\..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe
O4-32 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (HKLM)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (HKLM)
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (HKLM)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (HKLM)
O9-32 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9-32 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (HKLM)
O9-32 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9-32 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (HKLM)
O17 - DHCP DNS - 1: 209.18.47.61
O17 - DHCP DNS - 2: 209.18.47.62
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O22 - Task (Disabled): \Microsoft\Windows\Subscription\LicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe
O22 - Task (Disabled): \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install - C:\WINDOWS\system32\usoclient.exe ScanInstallWait
O22 - Task (Ready): Adobe Flash Player Updater - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (Ready): Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task (Ready): CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task (Ready): GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task (Ready): GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task (Ready): SafeZone scheduled Autoupdate 1462830905 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task (Ready): \AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
O22 - Task (Ready): \Microsoft\Office\Office Automatic Updates - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
O22 - Task (Ready): \Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService
O22 - Task (Ready): \Microsoft\Office\Office Subscription Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\compattelrunner.exe
O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\WINDOWS\system32\compattelrunner.exe -maintenance
O22 - Task (Ready): \Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},BitLockerPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask - {E984D939-0E00-4DD9-AC3A-7ACA04745521} - (no file)
O22 - Task (Ready): \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly -NoLocation - C:\WINDOWS\system32\DeviceDirectoryClient.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP App Launch Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},AppLaunch - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Auth Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},ReAuth - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Inaccessible Credentials Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},MissingCredentials - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\StorageCardEncryption Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},SDCardEncryptionPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Cellular - C:\WINDOWS\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Logon - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source LogonIdleTask
O22 - Task (Ready): \Microsoft\Windows\Maps\MapsToastTask - {9885AEF2-BD9F-41E0-B15E-B3141395E803},$(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Arg4);$(Arg5);$(Arg6);$(Arg7) - C:\WINDOWS\System32\mapstoasttask.dll
O22 - Task (Ready): \Microsoft\Windows\Subscription\EnableLicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe -e
O22 - Task (Ready): \Microsoft\Windows\UNP\RunCampaignManager - C:\WINDOWS\System32\UNP\UNPCampaignManager.exe
O22 - Task (Ready): \Microsoft\Windows\WwanSvc\NotificationTask - C:\WINDOWS\System32\WiFiTask.exe wwan
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: Avast Firewall Service - (avast! Firewall) - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service R2: FastbootService - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: JME Keyboard Driver - (JME Keyboard) - C:\Windows\jmesoft\Service.exe
O23 - Service R2: LenovoPortalService - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service R2: ZAM Controller Service - (ZAMSvc) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
O23 - Service R3: Intel(R) Security Assist - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S2: Intel(R) Rapid Storage Technology - (IAStorDataMgrSvc) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service S2: Intel(R) Security Assist Helper - (isaHelperSvc) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service S2: System Interface Foundation Service - (ImControllerService) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service S3: LSCWinService - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service S3: ShareItSvc - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe
O23 - Service S3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
O23 - Service S3: Windows Defender Antivirus Service - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe
O23 - Service S3: nProtect GameGuard Service - (npggsvc) - C:\WINDOWS\SysWow64\GameMon.des

--
End of file - Time spent: 14 sec. - 37910 bytes, CRC32: FFFFFFFF. Sign: 螷댍

I can't get the ZHP Fix to work. I followed all your instructions and I get a little box that only gives me the option to click "Ok"
 
#20
I got it to work, forgot to copy the code you requested I copy.

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre :
Run by Doneff Family at 5/25/2017 1:13:46 AM
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (15063)

Recycle Bin emptied (47mn AMs)

========== Registry keys ==========
REMOVES: Service: AdobeARMservice
REMOVES: HKLM\SOFTWARE\Wow6432Node\kpzs
REMOVES: HKCU\SOFTWARE\Chromium
REMOVES: Services Svchost: dmwappushservice
REMOVES:* HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
REMOVES:* HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value
REMOVES RunValue: CCleaner Monitoring

========== Preferences browser ==========
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://windstream.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://apis.google.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://bs.serving-sys.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://se.monetate.net
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://secure-ds.serving-sys.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://ssl.gstatic.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://vt.myvisualiq.net
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.gstatic.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.windstream.com
REMOVES Folder Chrome: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep

========== Folders ==========
No folders empty CLSID Local user
REMOVES: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep
REMOVES: C:\Program Files (x86)\GUMFE8C.tmp
REMOVES: C:\ProgramData\McAfee
REMOVES: C:\Users\Doneff Family\AppData\Local\Facebook
Deletes temporary Windows (0)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES: c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
REMOVES: c:\program files\ccleaner\ccleaner64.exe
REMOVES Reboot: c:\program files\ccleaner\ccleaner64.exe
Deletes temporary Windows (0) (0 octets)

========== System restore ==========
The system successfully created restore point


========== Summary ==========
7 : Registry keys
7 : Registry values
6 : Folders
5 : Files
19 : Preferences browser
1 : System restore


End of clean in 15mn AMs

========== Path to file report ==========
C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPFix[R1].txt - 5/25/2017 1:17:33 AM [3547]
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu