IE/ Foxfire question

**veeg** · 03-28-2017, 08:01 PM

Hello

From what i have heard and seen,neither one works particularity good these days.

Hopefully some more of our members will chime in soon. @gus @Rustys

**jmarket** · 03-28-2017, 11:41 PM

For starters I think we should move this thread to malware forum and get your system checked out

**Malnutrition** · 03-29-2017, 10:18 AM

@g3n-h@ckm@n

Quick Diag Scan.

Download Quick Diag to your desktop.
Very Important!! – Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.

Forums - PC Help Forum

https://pchelpforum.net/attachments/upload_2017-2-23_9-27-51-png.1654/

PCHF Forums

Post the log that is generated in your next post.

**Hilton_Heflin** · 03-29-2017, 05:59 PM

Thanks guys…appreciate the come feed back.
Like I said..it is no big deal ..just inquiring old mind was wondering..
But what are the alterntives to those two other than Chrome ?
Does it hurt to have all three browser on the computer ?

Thanks,hefs

**Malnutrition** · 03-29-2017, 09:32 PM

I’d advise you to run the tool and post the log, there may be something lurking that needs cleaned.

**Hilton_Heflin** · 03-30-2017, 04:34 PM

Originally posted by Malnutrition

I’d advise you to run the tool and post the log, there may be something lurking that needs cleaned.

ok..here goes..hope it helps…thanks
--------------- QuickDiag | g3n-h@ckm@n | V3_27.03.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 30/03/2017 12:17:34

Updated 27/03/2017 | 07.45 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC-05:00) Eastern Time (US & Canada)
[hilton (Administrator)] - [HILTON-PC] (S-1-5-21-3292114827-816517840-1514174382-1000)

System: Microsoft Windows 7 Professional - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Professional |C:\Windows|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: OptiPlex 755 - Dell Inc. - IdNumber: 6Q1PVG1 - UUID: 4C4C4544-0051-3110-8050-B6C04F564731
Processor : X64 - 1862 Mhz - Intel(R) Core™2 CPU 6300 @ 1.86GHz
Phoenix ROM BIOS PLUS Version 1.10 A22 - en|US|iso8859-1 - Dell Inc. - S/N: 6Q1PVG1 - A22 - DELL - 15
CoreTemp : ? Celsius

----------| Quick

---------- | SoundDevice

SoundMAX Integrated Digital HD Audio Device - Status: OK - Manufacturer: Analog Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1984&SUBSYS_10280211& REV_1004\4&851744B&0&0001

---------- | Video

Intel(R) Q35 Express Chipset Family - Resolution: 1440x900 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_29B2&SUBSYS_02111028&REV_02\3&172 E68DD&1&10 - AdapterCompatibility: Intel Corporation - RAM: 268435456
Intel(R) Q35 Express Chipset Family - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_29B3&SUBSYS_02111028&REV_02\3&172 E68DD&1&11 - AdapterCompatibility: Intel Corporation - RAM:
Inegrated Video Chipset DeviceName: Intel(R) Q35 Express Chipset Family - DriverVersion: 8.14.10.1930 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31744 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 50176 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 64000 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Radius Inc. - Status: OK

---------- | CPU

CPU #1 value:0 %
CPU #2 value:0 %
Total Overall CPU Usage value:0 %

---------- | Network

Intel[R] 82566DM-2 Gigabit Network Connection : SENT:576 bytes/sec / RECVD:576 bytes/sec
isatap.{B78AF187-32FB-4F20-86D2-C40DA41B6832} : SENT:0 bytes/sec / RECVD:0 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall → SEND Maxium:576 bytes/sec, / RECEIVE Maximum:576 bytes/sec

WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000
Intel(R) 82566DM-2 Gigabit Network Connection - Ethernet 802.3 - Intel - Status: - PnPID : PCI\VEN_8086&DEV_10BD&SUBSYS_02111028&REV_02\3&172 E68DD&1&C8
WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT*ISATAP\0000
RAS Async Adapter - Wide Area Network (WAN) - Microsoft - Status: - PnPID : SW{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT*ISATAP\0001
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
avast! SecureLine TAP Adapter v3 - - TAP-Windows Provider V9 - Status: - PnPID : ROOT\NET\0000
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT*ISATAP\0002
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT*TEREDO\0000

---------- | Memory

RAM = Total (MB) : 3396 | Free (MB) : 2040
Pagefile = Total (MB) : 6791 | Free (MB) : 5098
Virtual = Total (MB) : 2097 | Free (MB) : 1929

Physical Memory 0 : Capacity: 1073741824 - DIMM_1 - Posit.: 1 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863RZS-CE6 - S/N: 5532D4BF
Physical Memory 1 : Capacity: 1073741824 - DIMM_3 - Posit.: 1 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863DZS-CE6 - S/N: 851CA99B
Physical Memory 2 : Capacity: 1073741824 - DIMM_2 - Posit.: 2 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863QZS-CE6 - S/N: 87036A38
Physical Memory 3 : Capacity: 1073741824 - DIMM_4 - Posit.: 2 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863DZS-CE6 - S/N: 870F0EE8

---------- | SID Users

Administrator : [S-1-5-21-3292114827-816517840-1514174382-500]
Guest : [S-1-5-21-3292114827-816517840-1514174382-501]
hilton : [S-1-5-21-3292114827-816517840-1514174382-1000]
HomeGroupUser$ : [S-1-5-21-3292114827-816517840-1514174382-1002]
Administrators : [S-1-5-32-544]
Backup Operators : [S-1-5-32-551]
Cryptographic Operators : [S-1-5-32-569]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Network Configuration Operators : [S-1-5-32-556]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Power Users : [S-1-5-32-547]
Remote Desktop Users : [S-1-5-32-555]
Replicator : [S-1-5-32-552]
Users : [S-1-5-32-545]
HomeUsers : [S-1-5-21-3292114827-816517840-1514174382-1001]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ → [Fixed] | [Windows] | Total : 1859.99 Go | Free : 1818.16 Go → NTFS [ATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec

Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : IDE\DISKHITACHI_HUA722020ALA331_________________JK AOA3NH\5&1590E63B&0&0.0.0

---------- | Windows updates

Last detection : 2017-03-29 22:14:32
Downloaded last ones : 2017-03-14 19:23:58
Installed last ones : 2017-03-15 07:07:26
Next search : 2017-03-30 18:46:01

Windows Is Activated

---------- | Browsers

IE : 11.0.9600.18616 (© Microsoft Corporation.)
FF : 52.0.2.6291 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 56.0.2924.87 (Copyright 2016 Google Inc.)

Default : “C:\Program Files\Mozilla Firefox\firefox.exe” -osint -url “%1”

---------- | FlashPlayer

FlashPlayer ActiveX : 25.0.0.127

---------- | Security

FW : Avast Antivirus Enabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running

---------- | Running processes

320 | [Owner : SYSTEM | Parent : 4(System) | 0.78 Mo] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.23677) = C:\Windows\System32\smss.exe [14/03/2017 15:23:32] CPU Usage:0 %
424 | [Owner : SYSTEM | Parent : 396() | 3.99 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 19:11:09] CPU Usage:0 %
468 | [Owner : SYSTEM | Parent : 396() | 3.14 Mo] - (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [13/07/2009 19:36:49] CPU Usage:0 %
488 | [Owner : SYSTEM | Parent : 476() | 10.95 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 19:11:09] CPU Usage:0 %
524 | [Owner : SYSTEM | Parent : 468(wininit.exe) | 8.77 Mo] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [01/07/2016 13:14:35] CPU Usage:0 %
548 | [Owner : SYSTEM | Parent : 468(wininit.exe) | 12.81 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23677) = C:\Windows\System32\lsass.exe [14/03/2017 15:23:32] CPU Usage:0 %
556 | [Owner : SYSTEM | Parent : 468(wininit.exe) | 3.2 Mo] - (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [20/11/2010 17:29:11] CPU Usage:0 %
608 | [Owner : SYSTEM | Parent : 476() | 4.57 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [01/07/2016 13:12:55] CPU Usage:0 %
716 | [Owner : SYSTEM | Parent : 524(services.exe) | 7.02 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
808 | [Owner : NETWORK SERVICE | Parent : 524(services.exe) | 6.29 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
872 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 15.09 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
944 | [Owner : SYSTEM | Parent : 524(services.exe) | 88.6 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
988 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 23.55 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1024 | [Owner : SYSTEM | Parent : 524(services.exe) | 35.39 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1308 | [Owner : NETWORK SERVICE | Parent : 524(services.exe) | 13.18 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1360 | [Owner : SYSTEM | Parent : 524(services.exe) | 40.97 Mo] - (.AVAST Software - Avast Service.) - (17.2.3419.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [12/03/2017 08:26:55] CPU Usage:0 %
1468 | [Owner : SYSTEM | Parent : 524(services.exe) | 9.47 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe [02/07/2016 14:33:16] CPU Usage:0 %
1524 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 10.11 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1588 | [Owner : SYSTEM | Parent : 524(services.exe) | 11.7 Mo] - (.AVAST Software - Avast firewall service.) - (17.2.3419.0) = C:\Program Files\AVAST Software\Avast\afwServ.exe [12/03/2017 08:26:15] CPU Usage:0 %
1684 | [Owner : SYSTEM | Parent : 524(services.exe) | 2.67 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.21.1354) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [19/12/2016 23:38:14] CPU Usage:0 %
1724 | [Owner : SYSTEM | Parent : 524(services.exe) | 3.27 Mo] - (.Intel Corporation - Displays state of Intel® Active Management Technology..) - (3.0.0.6) = C:\Program Files\Intel\AMT\atchksrv.exe [23/07/2012 19:53:32] CPU Usage:0 %
1748 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 3.53 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1768 | [Owner : SYSTEM | Parent : 524(services.exe) | 4.33 Mo] - (.Broadcom Corporation. - Bluetooth Support Server.) - (6.5.1.2700) = C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [01/04/2012 13:22:20] CPU Usage:0 %
1812 | [Owner : SYSTEM | Parent : 524(services.exe) | 9.72 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1860 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 10.25 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1888 | [Owner : SYSTEM | Parent : 524(services.exe) | 3.18 Mo] - (.Intel Corporation - Intel(R) Wireless Bluetooth(R) iBtSiva Service.) - (19.0.1629.3590) = C:\Program Files\Intel\Bluetooth\ibtsiva.exe [03/02/2016 14:28:54] CPU Usage:0 %
1932 | [Owner : SYSTEM | Parent : 524(services.exe) | 4.04 Mo] - (.Intel Corporation - Intel® PROSet Monitoring Service.) - (19.5.302.0) = C:\Windows\System32\IPROSetMonitor.exe [16/10/2014 14:38:56] CPU Usage:0 %
1960 | [Owner : SYSTEM | Parent : 524(services.exe) | 3.94 Mo] - (.Intel - Local Manageability Service.) - (3.0.10.1053) = C:\Program Files\Intel\AMT\LMS.exe [23/07/2012 19:53:32] CPU Usage:0 %
372 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 4.64 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
400 | [Owner : SYSTEM | Parent : 524(services.exe) | 6.17 Mo] - (.Intel - User Notification Service.) - (3.2.0.1053) = C:\Program Files\Intel\AMT\UNS.exe [23/07/2012 19:53:32] CPU Usage:0 %
2760 | [Owner : NETWORK SERVICE | Parent : 524(services.exe) | 4.48 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
3164 | [Owner : SYSTEM | Parent : 524(services.exe) | 25.51 Mo] - (.AVAST Software s.r.o. - Avast Behavior Shield.) - (17.2.2.60911) = C:\Program Files\AVAST Software\Avast\aswidsagent.exe [12/03/2017 08:26:19] CPU Usage:0 %
3492 | [Owner : hilton | Parent : 1024(svchost.exe) | 4.29 Mo] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [20/11/2010 17:29:06] CPU Usage:0 %
3524 | [Owner : hilton | Parent : 524(services.exe) | 37.14 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [29/06/2016 16:50:18] CPU Usage:0 %
3596 | [Owner : hilton | Parent : 944(svchost.exe) | 6.51 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [13/07/2009 19:24:23] CPU Usage:0 %
3604 | [Owner : hilton | Parent : 1024(svchost.exe) | 4.8 Mo] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [20/11/2010 17:29:06] CPU Usage:0 %
3660 | [Owner : hilton | Parent : 3604(taskeng.exe) | 4.44 Mo] - (.SlimWare Utilities, Inc. - DriverUpdate.) - (4.0.0.0) = C:\Program Files\DriverUpdate\DriverUpdate.exe [01/08/2016 10:37:58] CPU Usage:0 %
3676 | [Owner : hilton | Parent : 3560() | 55.33 Mo] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.23537) = C:\Windows\explorer.exe [16/10/2016 12:49:31] CPU Usage:0 %
3792 | [Owner : SYSTEM | Parent : 3668() | 0.53 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.32.7) = C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.ex e [25/12/2016 17:13:27] CPU Usage:0 %
3924 | [Owner : hilton | Parent : 3676(explorer.exe) | 4.86 Mo] - (.Intel Corporation - Displays state of Intel® Active Management Technology..) - (3.0.0.9) = C:\Program Files\Intel\AMT\atchk.exe [23/07/2012 19:53:32] CPU Usage:0 %
3948 | [Owner : hilton | Parent : 3676(explorer.exe) | 5.58 Mo] - (.Analog Devices, Inc. - SMax4PNP.) - (6.1.7200.179) = C:\Program Files\Analog Devices\Core\smax4pnp.exe [26/09/2016 12:42:46] CPU Usage:0 %
3980 | [Owner : hilton | Parent : 3676(explorer.exe) | 20.72 Mo] - (.CANON INC. - Canon Quick Menu.) - (2.7.1.0) = C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [28/01/2017 15:19:07] CPU Usage:0 %
4016 | [Owner : hilton | Parent : 3960() | 16.41 Mo] - (.AVAST Software - Avast Antivirus.) - (17.2.3419.64) = C:\Program Files\AVAST Software\Avast\avastui.exe [15/03/2017 08:27:35] CPU Usage:0 %
4028 | [Owner : hilton | Parent : 3676(explorer.exe) | 5.17 Mo] - (.Microsoft Corporation - Windows Mobile Device Center.) - (6.1.6965.0) = C:\Windows\WindowsMobile\wmdc.exe [31/05/2007 10:21:28] CPU Usage:0 %
4040 | [Owner : hilton | Parent : 3676(explorer.exe) | 9.04 Mo] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe [13/07/2009 19:41:43] CPU Usage:0 %
4060 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 5.27 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1284 | [Owner : hilton | Parent : 3492(taskeng.exe) | 1.96 Mo] - (.Piriform Ltd - CCleaner.) - (5.28.0.6005) = C:\Program Files\CCleaner\CCleaner.exe [03/03/2017 14:10:26] CPU Usage:0 %
2584 | [Owner : NETWORK SERVICE | Parent : 716(svchost.exe) | 12.57 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 17:29:20] CPU Usage:0 %
3052 | [Owner : SYSTEM | Parent : 524(services.exe) | 15.81 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe [01/07/2016 13:15:49] CPU Usage:0 %
3108 | [Owner : NETWORK SERVICE | Parent : 524(services.exe) | 8.52 Mo] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe [20/11/2010 17:29:49] CPU Usage:0 %
3408 | [Owner : SYSTEM | Parent : 524(services.exe) | 5.29 Mo] - (.SlimWare Utilities Holdings, Inc. - SlimWare.Services Service.) - (1.0.0.0) = C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe [01/08/2016 10:37:58] CPU Usage:0 %
3772 | [Owner : SYSTEM | Parent : 716(svchost.exe) | 7.87 Mo] - (.SlimWare Utilities Holdings, Inc. - SlimWare.Session Server.) - (1.0.0.0) = C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe [01/08/2016 10:37:58] CPU Usage:0 %
3428 | [Owner : SYSTEM | Parent : 524(services.exe) | 5.5 Mo] - (.Motorola Solutions, Inc. - Bluetooth Device Monitor.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\devmonsrv.exe [18/07/2016 15:43:38] CPU Usage:0 %
1220 | [Owner : SYSTEM | Parent : 524(services.exe) | 5.79 Mo] - (.Motorola Solutions, Inc. - Bluetooth OBEX Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\obexsrv.exe [18/07/2016 15:43:52] CPU Usage:0 %
3228 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 12.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
4172 | [Owner : SYSTEM | Parent : 524(services.exe) | 7.01 Mo] - (.Motorola Solutions, Inc. - Bluetooth Media Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\mediasrv.exe [18/07/2016 15:43:44] CPU Usage:0 %
4268 | [Owner : hilton | Parent : 716(svchost.exe) | 5.41 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe [13/07/2009 19:30:28] CPU Usage:0 %
4728 | [Owner : hilton | Parent : 3676(explorer.exe) | 23.47 Mo] - (.Dell - Dell System Detect.) - (7.11.0.6) = C:\Users\hilton\AppData\Local\Apps\2.0\3VGPG9W0.MP E\2E0VXQW4.WA5\dell..tion_6d0a76327dca4869_0007.00 0b_df227eeaae3cac0d\DellSystemDetect.exe [07/02/2017 16:29:05] CPU Usage:0 %
4812 | [Owner : hilton | Parent : 3676(explorer.exe) | 35.5 Mo] - (.Siber Systems - RoboForm TaskBar Icon.) - (8.3.1.1) = C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe [12/08/2016 15:03:22] CPU Usage:0 %
4860 | [Owner : hilton | Parent : 3676(explorer.exe) | 10.78 Mo] - (.Broadcom Corporation. - Bluetooth Tray Application.) - (6.5.1.2700) = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [01/04/2012 13:22:18] CPU Usage:0 %
5320 | [Owner : hilton | Parent : 4580() | 0.95 Mo] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe [13/07/2009 19:41:43] CPU Usage:0 %
4408 | [Owner : hilton | Parent : 3980(CNQMMAIN.EXE) | 24.54 Mo] - (.CANON INC. - Canon Quick Menu Updater.) - (2.7.1.0) = C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE [28/01/2017 15:19:07] CPU Usage:0 %
3572 | [Owner : hilton | Parent : 2108() | 9.42 Mo] - (.Amazon Services LLC - Amazon Music Helper.) - (5.3.6.1743) = C:\Users\hilton\AppData\Local\Amazon Music\Amazon Music Helper.exe [05/07/2016 14:36:58] CPU Usage:0 %
5472 | [Owner : hilton | Parent : 4144() | 179.85 Mo] - (.eM Client s.r.o. - eM Client.) - (7.0.27943.0) = C:\Program Files\eM Client\MailClient.exe [21/10/2016 18:10:42] CPU Usage:0 %
5496 | [Owner : hilton | Parent : 5472(MailClient.exe) | 70.95 Mo] - (.eM Client s.r.o. - eM Client.) - (7.0.27943.0) = C:\Program Files\eM Client\MailClient.exe [21/10/2016 18:10:42] CPU Usage:0 %
5180 | [Owner : LOCAL SERVICE | Parent : 872(svchost.exe) | ???] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (6.1.7601.23471) = C:\Windows\System32\audiodg.exe [12/10/2016 06:10:31] CPU Usage:0 %
4924 | [Owner : hilton | Parent : 4016(avastui.exe) | 3.51 Mo] - (.Microsoft Corporation - CTF Loader.) - (6.1.7600.16385) = C:\Windows\System32\ctfmon.exe [13/07/2009 19:26:10] CPU Usage:0 %
5592 | [Owner : hilton | Parent : 1776() | 28.6 Mo] - (.SosVirus - QuickDiag.) - (27.3.17.1) = C:\Users\hilton\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\S270N135\quickdiag_3_27.03.17.1. exe [30/03/2017 12:17:06] CPU Usage:0 %
5416 | [Owner : SYSTEM | Parent : 716(svchost.exe) | 4.93 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 17:29:20] CPU Usage:0 %
1104 | [Owner : NETWORK SERVICE | Parent : 524(services.exe) | 11.36 Mo] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [20/11/2010 17:29:12] CPU Usage:0 %

---------- | MD5

[MD5.6DDCA324434FFA506CF7DC4E51DB7935] - [16/10/2016 12:49:31] - (.© Microsoft Corporation. - Windows Explorer.) - [2903 Ko] - (6.1.7601.23537) : C:\Windows\Explorer.exe
[MD5.AD7B9C14083B52BC532FBA5948342B98] - [20/11/2010 17:29:12] - (.© Microsoft Corporation. - Windows Command Processor.) - [295.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe
[MD5.342271F6142E7C70805B8A81E1BA5F5C] - [13/07/2009 19:11:09] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [6 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - [13/07/2009 19:43:52] - (.© Microsoft Corporation. - COM Surrogate.) - [7 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe
[MD5.4D1BC518FF64EB70F6B9218A6FBFDEF6] - [01/07/2016 13:19:26] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [852 Ko] - (6.1.7601.23392) : C:\Windows\System32\Kernel32.dll
[MD5.083D9DCFFF8C71BF0797535C85C24492] - [14/03/2017 15:23:32] - (.© Microsoft Corporation. - Local Security Authority Process.) - [21.5 Ko] - (6.1.7601.23677) : C:\Windows\System32\lsass.exe
[MD5.1F54F58D7FA2B3442084E32CDE5E309E] - [01/07/2016 13:20:24] - (.© Microsoft Corporation. - Distributed COM Services.) - [367.5 Ko] - (6.1.7601.19143) : C:\Windows\System32\rpcss.dll
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - [13/07/2009 19:41:43] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [43.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe
[MD5.0780A42DBD7D9969F9BF4A19AA4285B5] - [01/07/2016 13:14:35] - (.© Microsoft Corporation. - Services and Controller app.) - [253 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe
[MD5.54A47F6B5E09A77E61649109C6A08866] - [13/07/2009 19:19:28] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [20.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe
[MD5.91D4629DA1EBD286D8A7C24FBC5DC641] - [14/12/2016 00:57:02] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [792.5 Ko] - (6.1.7601.23594) : C:\Windows\System32\user32.dll
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [20/11/2010 17:29:06] - (.© Microsoft Corporation. - Userinit Logon Application.) - [26 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [13/07/2009 19:36:49] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [94 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe
[MD5.52449FD429D6053B78AE564DEF303870] - [01/07/2016 13:12:55] - (.© Microsoft Corporation. - Windows Logon Application.) - [297 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe
[MD5.93B49FA857F7036A4EFF32371F6E7391] - [01/07/2016 13:17:38] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [331 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\afd.sys
[MD5.338C86357871C167A96AB976519BF59E] - [13/07/2009 19:11:15] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.08 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys
[MD5.DDCE686D76C2B4DB435A3AF5BD0E691D] - [01/07/2016 13:13:16] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [129.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys
[MD5.77EA11B065E0A8AB902D78145CA51E10] - [13/07/2009 19:11:15] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [69 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - [20/11/2010 17:29:03] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.EA9DBD76CE9254C77BAAB4339DD4C4FB] - [12/10/2016 06:10:32] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [79.5 Ko] - (6.1.7601.23542) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - [20/11/2010 17:29:03] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - [13/07/2009 19:11:24] - (.© Microsoft Corporation. - i8042 Port Driver.) - [79 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - [13/07/2009 19:54:29] - (.© Microsoft Corporation. - IP Network Address Translator.) - [99.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.E3DFD23D6205F839BFB946392A0CC347] - [14/03/2017 15:23:33] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [121.5 Ko] - (6.1.7601.23677) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.9804FB2E46077F2977552347DFCA7E05] - [01/07/2016 13:17:10] - (.© Microsoft Corporation. - NDIS 6.20 driver.) - [695.94 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys
[MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - [01/07/2016 13:11:58] - (.© Microsoft Corporation. - MBT Transport driver.) - [184.5 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys
[MD5.978E7A2E4BF4E8E70D0776EF0D9E97FB] - [01/07/2016 13:10:21] - (.© Microsoft Corporation. - NT File System Driver.) - [1183.94 Ko] - (6.1.7601.19116) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - [13/07/2009 19:45:35] - (.© Microsoft Corporation. - Parallel Port Driver.) - [77.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - [13/07/2009 19:54:34] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [77 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.B973FCFC50DC1434E1970A146F7E3885] - [20/11/2010 17:29:49] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [130.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rdpdr.sys
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - [13/07/2009 19:53:41] - (.© Microsoft Corporation. - SMB Transport driver.) - [69.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys
[MD5.C7E41209132B9CF084CCEA8593F61328] - [18/09/2016 13:52:16] - (.© Microsoft Corporation. - TCP/IP Driver.) - [1279.23 Ko] - (6.1.7601.23496) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.BB8817D0508DD5EA69C770C8DEF5AB67] - [01/07/2016 13:17:38] - (.© Microsoft Corporation. - TDI Translation Driver.) - [73 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\tdx.sys
[MD5.F497F67932C6FA693D7DE2780631CFE7] - [20/11/2010 17:29:03] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [239.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys

---------- | Locked Applications

---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.AVAST Software s.r.o..-.Hook Library.) - (17.2.2.60911) – C:\Program Files\AVAST Software\Avast\aswhookx.dll
(.AVAST Software.-.Avast Shell Extension.) - (17.2.3419.0) – C:\Program Files\AVAST Software\Avast\ashShell.dll
(.AVAST Software.-.Avast AAVM Remote Procedure Call Library.) - (17.2.3419.0) – C:\Program Files\AVAST Software\Avast\AavmRpch.dll
(.AVAST Software.-.Avast Logging Library.) - (17.2.3419.0) – C:\Program Files\AVAST Software\Avast\log.dll
(.Stardock.-.Stardock Fences Shell Extension.) - (3.0.3.0) – C:\Program Files\Stardock\Fences\FencesMenu.dll
(..-..) - (0.0.0.0) – :\program files\stardock\fences\DesktopDock.dll
(..-..) - (0.0.0.0) – :\program files\stardock\fences\SdAppServices.dll
(.Broadcom Corporation..-.Multimedia Keys Hook DLL.) - (6.5.1.2700) – C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll
(.Broadcom Corporation..-.KeyBoard Hook DLL.) - (6.5.1.2700) – C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.AVAST Software s.r.o..-.Hook Library.) - (17.2.2.60911) – C:\Program Files\AVAST Software\Avast\aswhookx.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
CCleaner Monitoring - (“C:\Program Files\CCleaner\CCleaner.exe” /MONITOR [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE...\Run]) - User: hilton-PC\hilton
Amazon Music - (“C:\Users\hilton\AppData\Local\Amazon Music\Amazon Music Helper.exe” [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE...\Run]) - User: hilton-PC\hilton
Fences - (“C:\Program Files\Stardock\Fences\Fences.exe” /startup [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE...\Run]) - User: hilton-PC\hilton
eM Client - (“C:\Program Files\eM Client\MailClient.exe” /startup [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE...\Run]) - User: hilton-PC\hilton
RoboForm - (“C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe” [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE...\Run]) - User: hilton-PC\hilton
DellSystemDetect - (C:\Users\hilton\AppData\Local\Apps\2.0\3VGPG9W0.M PE\2E0VXQW4.WA5\dell..tion_6d0a76327dca4869_0007.0 00b_df227eeaae3cac0d\DellSystemDetect.exe 4zZn5oeQk9WMM5ZBt7fsYA== [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE...\Run]) - User: hilton-PC\hilton
Bluetooth - (C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [Common Startup]) - User: Public
atchk - (“C:\Program Files\Intel\AMT\atchk.exe” [HKLM\SOFTWARE...\Run]) - User: Public
SoundMAXPnP - (C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKLM\SOFTWARE...\Run]) - User: Public
AvastUI.exe - (“C:\Program Files\AVAST Software\Avast\AvLaunch.exe” /gui [HKLM\SOFTWARE...\Run]) - User: Public
Fences - (“C:\Program Files\Stardock\Fences\Fences.exe” /startup [HKLM\SOFTWARE...\Run]) - User: Public
CanonQuickMenu - (C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon [HKLM\SOFTWARE...\Run]) - User: Public
Windows Mobile Device Center - (%windir%\WindowsMobile\wmdc.exe [HKLM\SOFTWARE...\Run]) - User: Public
BTMTrayAgent - (rundll32.exe “C:\Program Files\Intel\Bluetooth\btmshellex.dll”,TrayApp [HKLM\SOFTWARE...\Run]) - User: Public

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Command Processor]
“CompletionChar”=9
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=9

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Run]
“CCleaner Monitoring”=“C:\Program Files\CCleaner\CCleaner.exe” /MONITOR
“Amazon Music”=“C:\Users\hilton\AppData\Local\Amazon Music\Amazon Music Helper.exe”
“Fences”=“C:\Program Files\Stardock\Fences\Fences.exe” /startup
“eM Client”=“C:\Program Files\eM Client\MailClient.exe” /startup
“RoboForm”=“C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
“DellSystemDetect”=C:\Users\hilton\AppData\Local\A pps\2.0\3VGPG9W0.MPE\2E0VXQW4.WA5\dell..tion_6d0a7 6327dca4869_0007.000b_df227eeaae3cac0d\DellSystemD etect.exe 4zZn5oeQk9WMM5ZBt7fsYA==

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“DebugOptions”=2048
“Documents”=
“DosPrint”=no
“Load”=
“NetMessage”=no
“NullPort”=None
“Programs”=com exe bat pif cmd
“Device”=Canon MG3200 series Printer,winspool,Ne00:
“UserSelectedDefault”=1

[HKLM\Software\Microsoft\Command Processor]
“CompletionChar”=64
“DefaultColor”=0
“EnableExtensions”=1
“PathCompletionChar”=64

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
“atchk”=“C:\Program Files\Intel\AMT\atchk.exe”
“SoundMAXPnP”=C:\Program Files\Analog Devices\Core\smax4pnp.exe [26/09/2016 12:42:46]
“AvastUI.exe”=“C:\Program Files\AVAST Software\Avast\AvLaunch.exe” /gui
“Fences”=“C:\Program Files\Stardock\Fences\Fences.exe” /startup
“CanonQuickMenu”=C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
“Windows Mobile Device Center”=%windir%\WindowsMobile\wmdc.exe
“BTMTrayAgent”=rundll32.exe “C:\Program Files\Intel\Bluetooth\btmshellex.dll”,TrayApp

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler]
“{1984DD45-52CF-49cd-AB77-18F378FEA264}”=FencesShellExt

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“IconServiceLib”=IconCodecService.dll
“DdeSendTimeout”=0
“DesktopHeapLogging”=1
“GDIProcessHandleQuota”=10000
“ShutdownWarningDialogTimeout”=4294967295
“USERNestedWindowLimit”=50
“USERPostMessageLimit”=10000
“USERProcessHandleQuota”=10000
“”=mnmsrvc
“DeviceNotSelectedTimeout”=15
“Spooler”=yes
“TransmissionRetryTimeout”=90
“AppInit_DLLs”=
“LoadAppInit_DLLs”=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
“WebCheck”={E6FB5E20-DE35-11CF-9C87-00AA005127ED}

---------- | Win.ini :

---------- | System.ini :

---------- | Config.sys :

FILES=40

---------- | Planified Tasks

Adobe Acrobat Update Task
Adobe Flash Player Updater
Avast Emergency Update
CCleanerSkipUAC
Driver Support
Driver Support-RTMRules
Driver Support-RTMScan
Driver Support-RTMUpdater
DriverUpdate Scan
DriverUpdate Startup.job
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
Open URL by RoboForm
Run RoboForm TaskBar Icon
SafeZone scheduled Autoupdate 1482114147

---------- | Startings up registry ¦ Folder

---------- | Other keys

[HKLM\System\CurrentControlSet\Control\SecurityProv iders]
“SecurityProviders”=credssp.dll

[HKLM\System\CurrentControlSet\Control\Terminal Server]
“RCDependentServices”=CertPropSvc
SessionEnv
“NotificationTimeOut”=0
“SnapshotMonitors”=1
“ProductVersion”=5.1
“AllowRemoteRPC”=0
“DelayConMgrTimeout”=0
“fDenyTSConnections”=1
“StartRCM”=0
“TSAdvertise”=0
“DeleteTempDirsOnExit”=1
“fSingleSessionPerUser”=1
“PerSessionTempDir”=0
“TSUserEnabled”=0
“InstanceID”=48d3a40b-43bb-4a8a-928a-3e9ce49
“fCredentialLessLogonSupported”=1
“fCredentialLessLogonSupportedTSS”=1
“fCredentialLessLogonSupportedKMRDP”=1

[HKLM\System\CurrentControlSet\Control\Session Manager]
“CriticalSectionTimeout”=2592000
“GlobalFlag”=0
“HeapDeCommitFreeBlockThreshold”=0
“HeapDeCommitTotalFreeThreshold”=0
“HeapSegmentCommit”=0
“HeapSegmentReserve”=0
“ProcessorControl”=2
“ResourceTimeoutCount”=648000
“BootExecute”=autocheck autochk *
“ExcludeFromKnownDlls”=
“ObjectDirectories”=\Windows
\RPC Control
“ProtectionMode”=1
“NumberOfInitialSessions”=2
“SetupExecute”=

[HKLM\System\CurrentControlSet\Control]
“PreshutdownOrder”=wuauserv
gpsvc
trustedinstaller
“WaitToKillServiceTimeout”=200
“CurrentUser”=USERNAME
“BootDriverFlags”=0
“ServiceControlManagerExtension”=%systemroot%\syst em32\scext.dll
“SystemStartOptions”= NOEXECUTE=OPTIN
“SystemBootDevice”=multi(0)disk(0)rdisk(0)partitio n(2)
“FirmwareBootDevice”=multi(0)disk(0)rdisk(0)partit ion(1)

[HKLM\System\CurrentControlSet\Control\lsa]
“auditbaseobjects”=0
“auditbasedirectories”=0
“crashonauditfail”=0
“fullprivilegeauditing”=0x00
“Bounds”=0x0030000000200000
“LimitBlankPasswordUse”=1
“NoLmHash”=1
“Notification Packages”=scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
“Security Packages”=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
“Authentication Packages”=msv1_0
“LsaPid”=548
“SecureBoot”=1
“ProductType”=6
“disabledomaincreds”=0
“everyoneincludesanonymous”=0
“forceguest”=0
“restrictanonymous”=0
“restrictanonymoussam”=1

---------- | .LNK with Arguments

---------- | AppCertDlls

---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll → OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Control Panel\Desktop]
“ScreenSaveActive”=1
“ActiveWndTrackTimeout”=0
“BlockSendInputResets”=0
“CaretWidth”=1
“ClickLockTime”=1200
“CoolSwitchColumns”=7
“CoolSwitchRows”=3
“CursorBlinkRate”=530
“DockMoving”=1
“DragFromMaximize”=1
“DragFullWindows”=1
“DragHeight”=4
“DragWidth”=4
“FocusBorderHeight”=1
“FocusBorderWidth”=1
“FontSmoothing”=2
“FontSmoothingGamma”=0
“FontSmoothingOrientation”=1
“FontSmoothingType”=2
“ForegroundFlashCount”=7
“ForegroundLockTimeout”=200000
“LeftOverlapChars”=3
“MenuShowDelay”=250
“PaintDesktopVersion”=0
“Pattern”=0
“RightOverlapChars”=3
“SnapSizing”=1
“TileWallpaper”=0
“WallpaperOriginX”=0
“WallpaperOriginY”=0
“WallpaperStyle”=10
“WheelScrollChars”=3
“WheelScrollLines”=3
“WindowArrangementActive”=1
“UserPreferencesMask”=0x9E3E078012000000
“Wallpaper”=C:\Users\hilton\AppData\Roaming\Micros oft\Windows\Themes\TranscodedWallpaper.jpg [29/06/2016 16:31:01]
“WaitToKillAppTimeout”=200

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer]
“NoDriveTypeAutoRun”=145

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ShellState”=0x24000000382800000000000000000000000 0000001000000120000000000000022000000
“CleanShutdown”=0
“ExplorerStartupTraceRecorded”=1
“Browse For Folder Width”=318
“Browse For Folder Height”=288
“link”=0x15000000

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“Start_SearchFiles”=2
“ServerAdminUI”=0
“Hidden”=2
“ShowCompColor”=1
“HideFileExt”=1
“DontPrettyPath”=0
“ShowInfoTip”=1
“HideIcons”=0
“MapNetDrvBtn”=0
“WebView”=1
“Filter”=0
“SuperHidden”=0
“SeparateProcess”=0
“AutoCheckSelect”=0
“IconsOnly”=0
“ShowTypeOverlay”=1
“ListviewAlphaSelect”=1
“ListviewShadow”=1
“TaskbarAnimations”=1
“Start_ShowMyGames”=0
“StartMenuInit”=4
“”=0
“ThumbnailLivePreviewHoverTime”=250
“ExtendedUIHoverTime”=250

[HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System]
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableInstallerDetection”=1
“EnableLUA”=1
“EnableSecureUIAPaths”=1
“EnableUIADesktopToggle”=0
“EnableVirtualization”=1
“PromptOnSecureDesktop”=1
“ValidateAdminCodeSignatures”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“scforceoption”=0
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“FilterAdministratorToken”=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\NewStartPanel]
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=1
“{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=1
“{208D2C60-3AEA-1069-A2D7-08002B30309D}”=1
“{871C5380-42A0-1069-A2EA-08002B30309D}”=1
“{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}”=1
“{59031a47-3f72-44a7-89c5-5595fe6b30ee}”=1
“{031E4825-7B94-4dc3-B131-E946B44C8DD5}”=1
“{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}”=1
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\HideDesktopIcons\ClassicStartMenu]
“{871C5380-42A0-1069-A2EA-08002B30309D}.default”=0
“{9343812e-1c37-4a49-a12e-4b2d810d956b}”=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL]
“RegPath”=Software\Microsoft\Windows\CurrentVersio n\Explorer\Advanced
“Text”=@shell32.dll,-30500
“Type”=radio
“CheckedValue”=1
“ValueName”=Hidden
“DefaultValue”=2
“HKeyRoot”=2147483649
“HelpID”=shell.hlp#51105

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer]
“ListViewPopupControl”={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
“BrowserCFCreator”={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}
“GlobalFolderSettings”={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
“LVPopupSearchControl”={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
“FileOpenDialog”={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
“IconUnderline”=2
“GlobalAssocChangedCounter”=54
“”=

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced]
“TaskbarSizeMove”=0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations]
“Application”= open %s file - Search

---------- | Winlogon

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“ExcludeProfileDirs”=AppData\Local;AppData\LocalLo w;$Recycle.Bin
“BuildNumber”=7601
“FirstLogon”=0
“ParseAutoexec”=1

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
“ReportBootOk”=1
“Shell”=explorer.exe
“PreCreateKnownFolders”={A520A1A4-1780-4FF6-BD18-167343C5AF16}
“Userinit”=C:\Windows\system32\userinit.exe,
“VMApplet”=SystemPropertiesPerformance.exe /pagefile
“AutoRestartShell”=1
“Background”=0 0 0
“CachedLogonsCount”=10
“DebugServerCommand”=no
“ForceUnlockLogon”=0
“LegalNoticeCaption”=
“LegalNoticeText”=
“PasswordExpiryWarning”=5
“PowerdownAfterShutdown”=0
“ShutdownWithoutLogon”=0
“WinStationsDisabled”=0
“DisableCAD”=1
“scremoveoption”=0
“ShutdownFlags”=43
“AutoAdminLogon”=0
“DefaultUserName”=hilton

---------- | Associations

[HKLM\Software\Classes.exe]
“”=exefile
“Content Type”=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
“”=“%1” %*
“IsolatedCommand”=“%1” %*

[HKLM\Software\Classes.com]
“”=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.reg]
“”=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
“”=regedit.exe “%1”

[HKLM\Software\Classes.scr]
“”=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
“”=“%1” /S

[HKLM\Software\Classes.bat]
“”=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.cmd]
“”=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.pif]
“”=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
“”=“%1” %*

[HKLM\Software\Classes.inf]
“”=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
“”=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes.url]
“”=InternetShortcut

[HKLM\Software\Classes.lnk]
“”=lnkfile

[HKLM\Software\Classes.hta]
“PerceivedType”=text
“”=htafile
“Content Type”=application/hta

[HKLM\Software\Classes\htafile\Shell\Open\Command]
“”=C:\Windows\System32\mshta.exe “%1” %*

[HKLM\Software\Classes\InternetShortcut]
“NeverShowExt”=
“InfoTip”=prop:System.Link.TargetUrl;System.Rating ;System.Link.Description;System.Link.Comment
“EditFlags”=2
“FullDetails”=prop:System.Link.TargetUrl;System.Ra ting;System.Link.Description;System.Link.Comment
“IsShortcut”=
“FriendlyTypeName”=@C:\Windows\system32\ieframe.dl l,-10046
“PreviewDetails”=prop:System.Link.TargetUrl;System .Rating;System.History.VisitCount;System.History.D ateChanged;System.Link.DateVisited;System.Link.Des cription;System.Link.Comment
“”=Internet Shortcut

[HKLM\Software\Classes\Application.Manifest]
“”=Application Manifest
“EditFlags”=65536
“BrowserFlags”=4096
“FriendlyTypeName”=@dfshim.dll,-200

[HKLM\Software\Classes\Application.Reference]
“NeverShowExt”=
“”=Application Reference
“IsShortcut”=
“EditFlags”=131072
“FriendlyTypeName”=@dfshim.dll,-201

[HKLM\Software\Classes\Folder]
“ContentViewModeLayoutPatternForBrowse”=delta
“ContentViewModeForBrowse”=prop:~System.ItemNameDi splay;~System.LayoutPattern.PlaceHolder;~System.La youtPattern.PlaceHolder;~System.LayoutPattern.Plac eHolder;System.DateModified
“ContentViewModeLayoutPatternForSearch”=alpha
“ContentViewModeForSearch”=prop:~System.ItemNameDi splay;System.DateModified;~System.ItemFolderPathDi splay
“”=Folder
“EditFlags”=0xD2030000
“FullDetails”=prop:System.PropGroup.Description;Sy stem.ItemNameDisplay;System.ItemTypeText;System.Si ze
“NoRecentDocs”=
“ThumbnailCutoff”=0
“TileInfo”=prop:System.Title;System.ItemTypeText

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EX E\Shell\open\Command]
“”=“C:\Program Files\Mozilla Firefox\firefox.exe”
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EX E\InstallInfo]
“ReinstallCommand”=“C:\Program Files\Mozilla Firefox\uninstall\helper.exe” /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
“”=“C:\Program Files\Google\Chrome\Application\chrome.exe”
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
“ReinstallCommand”=“C:\Program Files\Google\Chrome\Application\chrome.exe” --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\Shell\open\Command]
“”=iexplore.exe
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.E XE\InstallInfo]
“ReinstallCommand”=“C:\Windows\System32\ie4uinit.e xe” -reinstall

[HKLM\Software\Clients\StartMenuInternet\SafeZoneSt able\Shell\open\Command]
“”=“C:\Program Files\AVAST Software\SZBrowser\Launcher.exe”
[HKLM\Software\Clients\StartMenuInternet\SafeZoneSt able\InstallInfo]
“ReinstallCommand”=“C:\Program Files\AVAST Software\SZBrowser\Launcher.exe” --makedefaultbrowser

---------- | AppcompatFlags

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
“c:\SWSetup\SP73091\Setup.exe”=1
“c:\SWSetup\SP73091\Win32\setup.exe”=1
“C:\DRIVERS\WIN\TPBTooth\Setup.exe”=1
“C:\DRIVERS\WIN\TPBTooth\Win32\setup.exe”=1
“C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe”=1
“C:\Program Files\DriverUpdate\DriverUpdate.UpdateLauncher.exe ”=1
“C:\Users\hilton\Downloads\Stardock\ObjectDock_set up.exe”=1
“C:\Users\hilton\Downloads\Apache_OpenOffice_4.1.3 _Win_x86_install_en-US.exe”=1
“C:\Users\hilton\Downloads\xp68-win-mg3200-5_60a-ejs.exe”=1
“C:\Users\hilton\Downloads\qm__-win-2_7_1-ea31_2.exe”=1
“C:\Users\hilton\Downloads\ccsetup526(2).exe”=1
“C:\Users\hilton\Downloads\ccsetup528(1).exe”=1
“C:\Users\hilton\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\G2JQRX6H\Firefox Setup Stub 52.0.2.exe”=1

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
“C:\Program Files\AVAST Software\SZBrowser\Launcher.exe”=32

---------- | IFEO

---------- | Mountpoints2

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
“MouseSpeed”=#USR:Control Panel\Mouse
“MouseThreshold1”=#USR:Control Panel\Mouse
“MouseThreshold2”=#USR:Control Panel\Mouse
“SwapMouseButtons”=#USR:Control Panel\Mouse
“Beep”=#USR:Control Panel\Sound
“DoubleClickSpeed”=#USR:Control Panel\Mouse
“CoolSwitch”=USR:Control Panel\Desktop
“DoubleClickHeight”=#USR:Control Panel\Mouse
“DoubleClickWidth”=#USR:Control Panel\Mouse
“DragFullWindows”=USR:Control Panel\Desktop
“InitialKeyboardIndicators”=USR:Control Panel\Keyboard
“LowPowerActive”=#USR:Control Panel\Desktop
“LowPowerTimeOut”=#USR:Control Panel\Desktop
“PowerOffActive”=#USR:Control Panel\Desktop
“PowerOffTimeOut”=#USR:Control Panel\Desktop
“ScreenSaveActive”=#USR:Control Panel\Desktop
“ScreenSaveTimeOut”=#USR:Control Panel\Desktop
“SnapToDefaultButton”=#USR:Control Panel\Mouse
“”=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
“Spooler”=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
“TRANSMISSIONRETRYTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DEFAULTSEPARATEVDM”=\REGISTRY\MACHINE\SYSTEM\CURR ENTCONTROLSET\CONTROL\WOW
“APPINIT_DLLS”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“DEVICENOTSELECTEDTIMEOUT”=#SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS
“SWAPDISK”=SYS:MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
“”=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
“ScreenSaverActive”=USR:Control Panel\Desktop
“ScreenSaverIsSecure”=USR:Control Panel\Desktop
“SCRNSAVE.EXE”=USR:Control Panel\Desktop
“Shell”=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
“windows”=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
“cval”=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
“VistaSp1”=128920209537502489
“AntiVirusOverride”=0
“AntiSpywareOverride”=0
“FirewallOverride”=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
“DisableAntiSpyware”=0
“DisableRoutinelyTakingAction”=0
“ProductStatus”=0
“InstallTime”=0x49D898D4C7D0D101

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall”=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\PublicProfile]
“EnableFirewall”=1

---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcapexe]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McNaiAnn]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeplk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeplk.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)

---------- | Hosts

---------- | Ping

Pinging google.com [2607:f8b0:4004:803::200e] with 32 bytes of data:
Reply from 2607:f8b0:4004:803::200e: time=21ms
Reply from 2607:f8b0:4004:803::200e: time=24ms
Reply from 2607:f8b0:4004:803::200e: time=26ms
Reply from 2607:f8b0:4004:803::200e: time=24ms

Ping statistics for 2607:f8b0:4004:803::200e:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 26ms, Average = 23ms

---------- | @

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Internet Explorer\Main]
“Disable Script Debugger”=yes
“Anchor Underline”=yes
“Cache_Update_Frequency”=Once_Per_Session
“Display Inline Images”=yes
“Do404Search”=0x01000000
“Local Page”=C:\Windows\system32\blank.htm
“Save_Session_History_On_Exit”=no
“Show_FullURL”=no
“Show_StatusBar”=yes
“Show_ToolBar”=yes
“Show_URLinStatusBar”=yes
“Show_URLToolBar”=yes
“Use_DlgBox_Colors”=yes
“Search Page”= Search - Microsoft Bing
“XMLHTTP”=1
“NoUpdateCheck”=1
“Enable Browser Extensions”=yes
“Play_Background_Sounds”=yes
“Play_Animations”=yes
“Start Page Redirect Cache AcceptLangs”=en-US
“NotifyDownloadComplete”=yes
“DisableScriptDebuggerIE”=yes
“ImageStoreRandomFolder”=13euj9h
“DoNotTrack”=0
“IE10RunOncePerInstallCompleted”=1
“IE10RunOnceCompletionTime”=0x93C7F956736BD201
“IE10TourShown”=1
“IE10TourShownTime”=0xC73E542CDB69D201
“DownloadWindowPlacement”=0x2C00000000000000000000 000083FFFF0083FFFFFFFFFFFFFFFFFFFF6001000097000000 E003000077020000
“SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy”=
“DefSpellLang”=en-AU
en-US
“SuppressScriptDebuggerDialog”=0
“FormSuggest Passwords”=yes
“FormSuggest PW Ask”=no
“ScriptDebugger_EnableHiddenTabs”=0
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“StatusBarWeb”=1
“ForceGDIPlus”=0
“AlwaysShowMenus”=0
“ShutdownWaitForOnUnload”=0
“DNSPreresolution”=8
“SpellChecking”=1
“LangToolsBroker”={5bbd58bb-993e-4c17-8af6-3af8e908fca8}
“DisablePasswordReveal”=0
“Check_Associations”=no
“DisableRequiresActiveXPrompt”=
“GotoIntranetSiteForSingleWordEntry”=0
“AutoSearch”=1
“PredictedViewExpansion”=100
“PredictedViewChangeThreshold”=10
“PredictedViewChangeThresholdPaint”=10
“ContentLayerCacheExpansion”=300
“RenderingLoopMaxTime”=250
“NscSingleExpand”=0
“Error Dlg Displayed On Every Error”=no
“Friendly http errors”=yes
“CSS_Compat”=doctype
“Expand Alt Text”=no
“Display Inline Videos”=1
“Print_Background”=no
“Use Stylesheets”=1
“SmoothScroll”=1
“Show image placeholders”=0
“Disable Diagnostics Mode”=no
“Move System Caret”=no
“Enable AutoImageResize”=yes
“UseThemes”=1
“UseHR”=0
“Q300829”=0
“Cleanup HTCs”=0
“XDomainRequest”=1
“DOMStorage”=1
“EnableAlternativeCodec”=yes
“JScriptProfileCacheEventDelay”=5000
“CrossfadeMinTimeoutInMS”=30000
“CrossfadeMaxTimeoutInMS”=30000
“CrossfadeCurrentTimeoutInMS”=30000
“ScrollTimeoutInMS”=6000
“IE10RunOnceLastShown”=1
“IE10TourNoShow”=0
“IE10RecommendedSettingsNo”=0
“FrameTabWindow”=1
“AdminTabProcs”=1
“SessionMerging”=1
“FrameMerging”=1
“HangRecovery”=1
“DesktopTransparentCoverWindowTime”=8
“TSEnable”=1
“Isolation”=PMIL
“Isolation64Bit”=0
“IsolationImmersive”=PMEM
“TabShutdownDelay”=60000
“FrameShutdownDelay”=0
“Search Bar”=Preserve
“MinIEEnabled”=1
“RefcountTracker”=0
“TabDragOnSingleProc”=0
“ForceBFCacheCandidacyPass”=0
“Fasterback”=1
“BackForwardInstrumentation”=0
“Start Page”= http://go.microsoft.com/fwlink/p/?Li...9&ocid=UE09DHP
“Start Page_TIMESTAMP”=0x17896B66BFA0D201
“OperationalData”=5
“CompatibilityFlags”=0
“FullScreen”=no
“Window_Placement”=0x2C0000000200000003000000FFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFAF000000AF000000CF03000 0DB020000
“IE10RunOnceLastShown_TIMESTAMP”=0x9114367EA56AD20 1
“Start Page Redirect Cache_TIMESTAMP”=0x52A46C8BB6A1D201
“Use FormSuggest”=yes
“Start Page Redirect Cache”= MSN

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“IE5_UA_Backup_Flag”=5.0
“User Agent”=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
“EmailName”=IEUser@
“PrivDiscUiShown”=1
“EnableHttp1_1”=1
“WarnOnIntranet”=1
“MimeExclusionListForCache”=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
“AutoConfigProxy”=wininet.dll
“UseSchannelDirectly”=0x01000000
“WarnOnPost”=0x01000000
“UrlEncoding”=0
“SecureProtocols”=2688
“PrivacyAdvanced”=1
“ZonesSecurityUpgrade”=0x31CCA11F50D2D101
“DisableCachingOfSSLPages”=0
“WarnonZoneCrossing”=0
“CertificateRevocation”=1
“EnableNegotiate”=1
“MigrateProxy”=1
“EnableAutodial”=0
“NoNetAutodial”=0
“ProxyHttp1.1”=1
“EnableSPDY3_0”=0
“BackgroundConnections”=1
“EnableSSL3Fallback”=1
“EnablePunycode”=1
“ShowPunycode”=0
“CreateUriCacheSize”=80
“CoInternetCombineIUriCacheSize”=80
“SecurityIdIUriCacheSize”=30
“SpecialFoldersCacheSize”=8
“SyncMode5”=4
“DisableIDNPrompt”=0
“WarnonBadCertRecving”=1
“WarnOnPostRedirect”=1
“ProxyEnable”=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
“AutoHide”=yes
“Security Risk Page”=about:SecurityRisk
“Extensions Off Page”=about:NoAdd-ons
“Default_Search_URL”= Search - Microsoft Bing
“Default_Page_URL”= MSN
“Anchor_Visitation_Horizon”=0x01000000
“Cache_Percent_of_Disk”=0x0A000000
“Placeholder_Width”=0x1A000000
“Placeholder_Height”=0x1A000000
“Default_Secondary_Page_URL”=
“Use_Async_DNS”=yes
“Start Page”= Yahoo on osa Yahoo-konsernia.
“Local Page”=C:\Windows\System32\blank.htm
“Search Page”= Search - Microsoft Bing
“Delete_Temp_Files_On_Exit”=yes
“Enable_Disk_Cache”=yes
“Check_Associations”=yes
“ApplicationTileImmersiveActivation”=1
“AssociationActivationMode”=0
“x86AppPath”=C:\Program Files\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
“blank”=res://mshtml.dll/blank.htm
“NoAdd-onsInfo”=res://ieframe.dll/noaddoninfo.htm
“InPrivate”=res://ieframe.dll/inprivate_win7.htm
“NavigationFailure”=res://ieframe.dll/navcancl.htm
“NoAdd-ons”=res://ieframe.dll/noaddon.htm
“Home”=270
“PostNotCached”=res://ieframe.dll/repost.htm
“DesktopItemNavigationFailure”=res://ieframe.dll/navcancl.htm
“NavigationCanceled”=res://ieframe.dll/navcancl.htm
“SecurityRisk”=res://ieframe.dll/securityatrisk.htm
“Compat”=res://mshtml.dll/compat.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \DefaultPrefix]
“”=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes]
“mosaic”=http://
“www”=http://
“home”=http://
“ftp”=ftp://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet settings]
“EnablePunycode”=1
“CodeBaseSearchPath”=CODEBASE
“WarnOnIntranet”=1
“MinorVersion”=0
“ActiveXCache”=C:\Windows\Downloaded Program Files

---------- | reparsepoint

---------- | Detection of offsets

---------- | Notify

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll

---------- | Execution FileExts

---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} – C:\Program Files\AVAST Software\Avast\ashShell.dll [12/03/2017 08:26:56]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\EnhancedStorageS hell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} – %SystemRoot%\system32\EhStorShell.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} – %SystemRoot%\System32\cscui.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} – %SystemRoot%\system32\ntshrui.dll

---------- | Toolbar

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“Locked”=1

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{724D43A0-0D85-11D4-9908-00400523E39A}”=0xA0434D72850DD411990800400523E39A
“ITBar7Layout”=0x130000000000000000000000200000001 00000001500000001000000000700005E01000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000
“ITBar7Height”=21

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
“UpgradeTime”=0x79396929DB69D201
“DefaultPackCorrection”=1
“DefaultPackNTCorrection”=1
“TopResult”=1
“ShowSearchSuggestionsGlobal”=1
“ShowSearchSuggestionsInAddressGlobal”=1
“KnownProvidersUpgradeTime”=0xA8D48D28DB69D201
“Version”=4

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{724d43a0-0d85-11d4-9908-00400523e39a}”=0x00

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}] : () -
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}] : (@C:\Windows\WindowsMobile\INetRepl.dll,-223) -
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{320AF880-6646-11D3-ABEE-C5DBF3571F46}] : (Fill Forms) -
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{320AF880-6646-11D3-ABEE-C5DBF3571F49}] : (Save Forms) -
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions{724d43aa-0d85-11d4-9908-00400523e39a}] : (Show RoboForm Toolbar) -

---------- | SearchScopes

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE10 :
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (Bing) - Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IESR02 :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Yahoo! Powered) - Yahoo on osa Yahoo-konsernia. {searchTerms} :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (@ieframe.dll,-12512) - Search - Microsoft Bing {searchTerms}&FORM=IE8SRC :

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{724d43a9-0d85-11d4-9908-00400523e39a}] → (RoboForm Toolbar Helper) : C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [12/08/2016 15:03:22]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] → (avast! Online Security) : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [12/03/2017 08:26:54]

---------- | Chrome

C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhon fmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfi lokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigk jlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [ http://docs.google.com/http://drive....ve.google.com/ ] - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\bmnlcjabgnpnenekpadlanbbko oimhnj = : Automatically find and apply coupon codes when you shop online! - Honey - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihc jkigck = : Avast SafePrice - safe shopping extension. - Avast SafePrice - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpeb giejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi = : MSG_extDesc - MSG_extName - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegiea cbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\hdokiejnpimakedhajhdlcegep lioahd = : Google & co - version_name: 4.1.42 - http://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccm gmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoe jaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleuserco ntent.com - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pnlccmojcmeohlpggmfnbbiapk mbliob = : RoboForm the #1 ranked Password Manager makes your life easier by remembering passwords and logging you into websites automatically - short_name: RoboForm - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\eofcbnmajmj mplflapaojjnihcjkigck]
[HKLM\Software\Google\Chrome\Extensions\gomekmidlod glbbmalcneegieacbdmki]
[HKLM\Software\Google\Chrome\Extensions\okmhneofinp ilciglijihehjpaegledb]
[HKLM\Software\Google\Chrome\Extensions\pnlccmojcme ohlpggmfnbbiapkmbliob]

---------- | Opera

---------- | Firefox

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\mozilla\Firefox\Extensions]
“{22119944-ED35-4ab1-910B-E619EA06A115}”=C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi
[HKLM\Software\mozilla\Firefox\Extensions]
“sp@avast.com”=C:\Program Files\AVAST Software\Avast\SafePrice\FF48
“wrc@avast.com”=C:\Program Files\AVAST Software\Avast\WebRep\FF48
“{22119944-ED35-4ab1-910B-E619EA06A115}”=C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi
[HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll
[HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKLM\Software\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Pr ofiles\pc153f57.default-1485114558992\Prefs.js

user_pref(“browser.startup.homepage_override.build ID”, “20170323105023”);
user_pref(“browser.startup.homepage_override.mston e”, “52.0.2”);
user_pref(“extensions.adblockplus.currentVersion”, “2.8.2”);
user_pref(“extensions.adblockplus.notificationdata ”, “{"lastCheck":1490728374792,"softExpiration":14908 04253080,"hardExpiration":1490900996549,"data":{"n otifications":,"version":"201703281910"},"lastErro r":0,"downloadStatus":"synchronize_ok","downloadCo unt":17}”);
user_pref(“extensions.blocklist.pingCountTotal”, 15);
user_pref(“extensions.blocklist.pingCountVersion”, -1);
user_pref(“extensions.bootstrappedAddons”, “{"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}":{"version":"2.8.2","type":"extensio n","descriptor":"C:\\Users\\hilton\\AppData\\Roami ng\\Mozilla\\Firefox\\Profiles\\pc153f57.default-1485114558992\\extensions\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi","multiprocessCompatible":true," runInSafeMode":false,"dependencies":,"hasEmbeddedW ebExtension":false},"deployment-checker@mozilla.org":{"version":"1.0","type":"extension","descriptor" :"C:\\Users\\hilton\\AppData\\Roaming\\Mozilla\\Fi refox\\Profiles\\pc153f57.default-1485114558992\\features\\{e5b8abb3-2955-4a02-8bbe-dcbb897fcf3f}\\deployment-checker@mozilla.org.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false },"e10srollout@mozilla.org":{"version":"1.12","type":"extension","descriptor ":"C:\\Users\\hilton\\AppData\\Roaming\\Mozilla\\F irefox\\Profiles\\pc153f57.default-1485114558992\\features\\{e5b8abb3-2955-4a02-8bbe-dcbb897fcf3f}\\e10srollout@mozilla.org.xpi","multiprocessCompatible":true,"runInSafeMode":tr ue,"dependencies":,"hasEmbeddedWebExtension":false },"{22119944-ED35-4ab1-910B-E619EA06A115}":{"version":"8.2.9.5","type":"extens ion","descriptor":"C:\\Program Files\\Siber Systems\\AI RoboForm\\Firefox\\roboform.xpi","multiprocessComp atible":true,"runInSafeMode":false,"dependencies": ,"hasEmbeddedWebExtension":false}}”);
user_pref(“extensions.databaseSchema”, 19);
user_pref(“extensions.e10s.rollout.blocklist”, “{dc572301-7619-498c-a57d-39143191b318};firefox@mega.co.nzsupport@lastpass.com;”);
user_pref(“extensions.e10s.rollout.hasAddon”, true);
user_pref(“extensions.e10s.rollout.policy”, “50allmpc”);
user_pref(“extensions.e10sBlockedByAddons”, false);
user_pref(“extensions.enabledAddons”, “%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0.2”);
user_pref(“extensions.getAddons.cache.lastUpdate”, 1490722983);
user_pref(“extensions.getAddons.databaseSchema”, 5);
user_pref(“extensions.hotfix.lastVersion”, “20170302.01”);
user_pref(“extensions.lastAppVersion”, “52.0.2”);
user_pref(“extensions.lastPlatformVersion”, “52.0.2”);
user_pref(“extensions.pendingOperations”, false);
user_pref(“extensions.systemAddonSet”, “{"schema":1,"directory":"{e5b8abb3-2955-4a02-8bbe-dcbb897fcf3f}","addons":{"deployment-checker@mozilla.org":{"version":"1.0"},"e10srollout@mozilla.org":{"version":"1.12"}}}”);
user_pref(“extensions.xpiState”, “{"app-profile":{"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}":{"d":"C:\\Users\\hilton\\AppData\\R oaming\\Mozilla\\Firefox\\Profiles\\pc153f57.defau lt-1485114558992\\extensions\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi","e":true,"v":"2.8.2","st":14861 53401130}},"app-system-addons":{"deployment-checker@mozilla.org":{"d":"C:\\Users\\hilton\\AppData\\Roaming\\Mozil la\\Firefox\\Profiles\\pc153f57.default-1485114558992\\features\\{e5b8abb3-2955-4a02-8bbe-dcbb897fcf3f}\\deployment-checker@mozilla.org.xpi","e":true,"v":"1.0","st":1490449778263},"e10srollout@mozilla.org":{"d":"C:\\Users\\hilton\\AppData\\Roaming\\Mozil la\\Firefox\\Profiles\\pc153f57.default-1485114558992\\features\\{e5b8abb3-2955-4a02-8bbe-dcbb897fcf3f}\\e10srollout@mozilla.org.xpi","e":true,"v":"1.12","st":1490449778352}},"wi nreg-app-user":{"{22119944-ED35-4ab1-910B-E619EA06A115}":{"d":"C:\\Program Files\\Siber Systems\\AI RoboForm\\Firefox\\roboform.xpi","e":true,"v":"8.2 .9.5","st":1490449717851}},"app-global":{"{972ce4c6-7e08-4474-a285-3208198ce6fd}":{"d":"C:\\Program Files\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi","e":true,"v":"52.0.2","st":1490 296975000}},"winreg-app-global":{"sp@avast.com":{"d":"C:\\Program Files\\AVAST Software\\Avast\\SafePrice\\FF48","e":false,"v":"1 2.0.163","st":1483460168395,"mt":1489321603344},"wrc@avast.com":{"d":"C:\\Program Files\\AVAST Software\\Avast\\WebRep\\FF48","e":false,"v":"12.0 .163","st":1483460168535,"mt":1489321610098},"{221 19944-ED35-4ab1-910B-E619EA06A115}":{"d":"C:\\Program Files\\Siber Systems\\AI RoboForm\\Firefox\\roboform.xpi","e":false,"v":"8. 2.9.5","st":1490449717851}}}”);

[Profile0] - Name=default-1485114558992 → Profiles/pc153f57.default-1485114558992

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters]
“DhcpNameServer”=209.18.47.61 209.18.47.62
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameter s\Interfaces{7F3D0977-3F81-48D1-8A0D-5B6CF1496778}]
“NameServer”=77.234.40.79
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameter s\Interfaces{B78AF187-32FB-4F20-86D2-C40DA41B6832}]
“DhcpNameServer”=209.18.47.61 209.18.47.62
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameter s\Interfaces{7F3D0977-3F81-48D1-8A0D-5B6CF1496778}]
“NameServer”=77.234.40.79
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameter s\Interfaces{B78AF187-32FB-4F20-86D2-C40DA41B6832}]
“DhcpNameServer”=209.18.47.61 209.18.47.62
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces{7F3D0977-3F81-48D1-8A0D-5B6CF1496778}]
“NameServer”=77.234.40.79
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces{B78AF187-32FB-4F20-86D2-C40DA41B6832}]
“DhcpNameServer”=209.18.47.61 209.18.47.62

---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : “C:\Windows\eHome\ehshell.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : “C:\Program Files\Internet Explorer\iexplore.exe” %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe “%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll”, ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\SZBrowser.exe] : “C:\Program Files\AVAST Software\SZBrowser\Launcher.exe” “%1”
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : “%ProgramFiles%\Windows Media Player\wmplayer.exe” /Open “%L”
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : “%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE” “%1”

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
“regsvc”=RemoteRegistry
“DcomLaunch”=Power
PlugPlay
DcomLaunch
“secsvcs”=WinDefend
“bthsvcs”=bthserv
“PeerDist”=PeerDistSvc
“WindowsMobile”=wcescomm
rapimgr
“LocalServiceRestricted”=WcesComm
RapiMgr

---------- | SvcHost - Netsvcs (Whitelist)

Term - :

---------- | Software

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\ACPTab]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Adobe]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Amazon]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Amazon Services LLC]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Analog Devices]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\AppDataLow]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\AVAST Software]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Canon]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Clients]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\csastats]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Dashlane_profiles]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\DriverSupport]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\eM Client]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\eSupport.com]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\FromDocToPDF]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Google]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\InSTab]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Intel]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\jtosjykc]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Kodi]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Macromedia]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Mozilla]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\MozillaPlugins]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Netscape]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\OpenOffice]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\ovbrx]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\PCPitstop]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Piriform]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Policies]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\ProductSetup]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\QtProject]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Safer Technologies]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Samsung]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Siber Systems]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\SlimWare Utilities Inc]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Stardock]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Sysinternals]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\undefined]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Widcomm]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Adobe]
[HKLM\Software\Analog Devices]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVAST Software]
[HKLM\Software\Canon]
[HKLM\Software\CBSTEST]
[HKLM\Software\Clients]
[HKLM\Software\DriverSupport]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice]
[HKLM\Software\PCPitstop]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SAMSUNG]
[HKLM\Software\Siber Systems]
[HKLM\Software\SlimWare Utilities Inc]
[HKLM\Software\SlimWare Utilities, Inc.]
[HKLM\Software\SlimWare.Utilities]
[HKLM\Software\Sonic]
[HKLM\Software\Stardock]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\Volatile]
[HKLM\Software\Widcomm]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnosti cs]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnostic sProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImperso nation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestr icted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestri cted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesk topPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WindowsMobile]

---------- | Drives

---------- | C:

[13/07/2009 22:36:15] - |SHD| - [9655] - C:$Recycle.Bin
[10/08/2016 13:52:39] - |D| - [0] - C:\95fcae343f4f0cedab9b17240bf8
[MD5.D9EBEC6668A6092FCBD1713C347AA5E0] - [13/07/2009 22:04:04] - |A| - (.-.) - [24] - (0.0.0.0) - C:\autoexec.bat
[MD5.ED4FC5980BD8B1AD869FF725C7776338] - [13/07/2009 22:04:04] - |A| - (.-.) - [10] - (0.0.0.0) - C:\config.sys
[20/08/2016 14:06:16] - |D| - [49262943] - C:\Dell
[MD5.B819A5003CEFCA15B52A9EE823EC7620] - [23/07/2012 20:44:40] - |A| - (.-.) - [37] - (0.0.0.0) - C:\DevMgr.bat
[14/07/2009 00:53:55] - |SHD| - [0] - C:\Documents and Settings
[01/08/2016 14:18:40] - |D| - [189142349] - C:\DRIVERS
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/06/2016 18:58:58] - |ASH| - (.-.) - [2608287744] - (0.0.0.0) - C:\hiberfil.sys
[01/08/2016 14:35:27] - |D| - [1515578] - C:\Intel
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/06/2016 18:58:58] - |ASH| - (.-.) - [3477721088] - (0.0.0.0) - C:\pagefile.sys
[13/07/2009 22:37:05] - |D| - [0] - C:\PerfLogs
[13/07/2009 22:37:05] - |RD| - [3647032121] - C:\Program Files
[13/07/2009 22:37:05] - |HD| - [5991858299] - C:\ProgramData
[30/03/2017 12:06:11] - |D| - [262068] - C:\QuickDiag
[MD5.1FF8F6F7A588DE345393B64FBFBBCB0D] - [30/03/2017 12:17:34] - |A| - (.-.) - [102838] - (0.0.0.0) - C:\QuickDiag.txt
[29/06/2016 16:30:46] - |SHD| - [148457388] - C:\Recovery
[23/07/2012 20:44:40] - |AHD| - [1874344] - C:\RPKTools
[05/07/2016 14:05:37] - |D| - [329162094] - C:\SWSetup
[27/06/2016 18:58:58] - |SHD| - [0] - C:\System Volume Information
[23/07/2012 20:44:40] - |HD| - [281] - C:\Tools
[13/07/2009 22:37:05] - |RD| - [11041350425] - C:\Users
[13/07/2009 22:37:05] - |D| - [15479368276] - C:\Windows

---------- | C:\Windows

[14/07/2009 00:52:30] - |D| - [802] - C:\Windows\addins
[13/07/2009 22:37:05] - |D| - [10312754] - C:\Windows\AppCompat
[13/07/2009 22:37:05] - |D| - [9867762] - C:\Windows\AppPatch
[13/07/2009 22:37:05] - |RSD| - [825091803] - C:\Windows\assembly
[MD5.12EBDA58437CD1EA7066FCB6455241D2] - [18/12/2016 22:20:33] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\Windows\avastSS.scr
[MD5.DBD14D0DB0382DFE96D7B5007DDD5ABE] - [20/11/2010 17:29:04] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [65024] - (6.1.7601.17514) - C:\Windows\bfsvc.exe
[13/07/2009 22:37:06] - |D| - [18320168] - C:\Windows\Boot
[MD5.65F45F6B0892C97FC111EF97E234E056] - [14/07/2009 00:57:37] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[13/07/2009 22:37:06] - |D| - [2418176] - C:\Windows\Branding
[23/07/2012 20:44:34] - |D| - [144984548] - C:\Windows\ConfigSetRoot
[27/06/2016 18:59:20] - |D| - [0] - C:\Windows\CSC
[13/07/2009 22:37:06] - |D| - [2113488] - C:\Windows\Cursors
[14/07/2009 00:34:21] - |D| - [17090] - C:\Windows\debug
[14/07/2009 00:52:30] - |D| - [3001676] - C:\Windows\diagnostics
[20/11/2010 20:38:49] - |D| - [0] - C:\Windows\DigitalLocker
[14/07/2009 00:52:30] - |D| - [4340996] - C:\Windows\Downloaded Program Files
[20/11/2010 20:47:17] - |D| - [106176151] - C:\Windows\ehome
[20/11/2010 20:38:49] - |D| - [110080] - C:\Windows\en-US
[MD5.2A66E81AE941E54A237490FC35D387C8] - [29/06/2016 18:07:44] - |A| - (.-.) - [1945] - (0.0.0.0) - C:\Windows\epplauncher.mif
[MD5.6DDCA324434FFA506CF7DC4E51DB7935] - [16/10/2016 12:49:31] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [2972672] - (6.1.7601.23537) - C:\Windows\explorer.exe
[13/07/2009 22:37:06] - |RSD| - [370634595] - C:\Windows\Fonts
[MD5.F9202335BBA03A02F084FE588564BBF5] - [13/07/2009 19:12:58] - |A| - (.© Microsoft Corporation. - BitLocker Drive Encryption Servicing Utility.) - [13824] - (6.1.7600.16385) - C:\Windows\fveupdate.exe
[13/07/2009 22:37:06] - |D| - [32090797] - C:\Windows\Globalization
[13/07/2009 22:37:06] - |D| - [30365914] - C:\Windows\Help
[MD5.155DA2D5BCA16FB7B017D0F3A7C93C03] - [14/03/2017 15:23:33] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [497152] - (6.1.7601.23674) - C:\Windows\HelpPane.exe
[MD5.9B90B0C78671A4881D06C91941F6F379] - [13/07/2009 20:12:22] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [15360] - (6.1.7600.16385) - C:\Windows\hh.exe
[13/07/2009 22:37:06] - |D| - [143546732] - C:\Windows\IME
[13/07/2009 22:37:06] - |D| - [134360351] - C:\Windows\inf
[23/07/2012 19:49:39] - |SHD| - [999172483] - C:\Windows\Installer
[13/07/2009 22:37:06] - |D| - [48371] - C:\Windows\L2Schemas
[13/07/2009 22:37:06] - |D| - [0] - C:\Windows\LiveKernelReports
[13/07/2009 22:37:06] - |D| - [65664698] - C:\Windows\Logs
[13/07/2009 22:37:06] - |RSD| - [13327133] - C:\Windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [13/07/2009 19:55:01] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[13/07/2009 22:37:07] - |D| - [562262215] - C:\Windows\Microsoft.NET
[02/07/2016 03:18:15] - |D| - [3634] - C:\Windows\Migration
[02/07/2016 13:55:15] - |D| - [109366] - C:\Windows\Minidump
[13/07/2009 22:37:07] - |D| - [0] - C:\Windows\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [13/07/2009 22:04:57] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini
[MD5.A4F6DF0E33E644E802C8798ED94D80EA] - [01/07/2016 13:19:59] - |A| - (.© Microsoft Corporation. - Notepad.) - [179712] - (6.1.7601.18917) - C:\Windows\notepad.exe
[23/07/2012 20:44:40] - |D| - [18052] - C:\Windows\OEM
[14/07/2009 00:52:30] - |D| - [65] - C:\Windows\Offline Web Pages
[23/07/2012 20:45:04] - |D| - [1243676] - C:\Windows\Panther
[14/07/2009 00:52:30] - |D| - [62693450] - C:\Windows\Performance
[MD5.349E9263BD6436D560A96763AD081213] - [28/03/2017 15:03:14] - |A| - (.-.) - [3804] - (0.0.0.0) - C:\Windows\PFRO.log
[13/07/2009 22:37:07] - |D| - [1117380] - C:\Windows\PLA
[13/07/2009 22:37:07] - |D| - [4880510] - C:\Windows\PolicyDefinitions
[23/07/2012 19:46:20] - |D| - [40516661] - C:\Windows\Prefetch
[MD5.FFB8B91BD19E5BC10A3344AAF34880F3] - [20/11/2010 20:47:53] - |A| - (.-.) - [53551] - (0.0.0.0) - C:\Windows\Professional.xml
[MD5.8A4883F5E7AC37444F23279239553878] - [13/07/2009 19:17:08] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [398336] - (6.1.7600.16385) - C:\Windows\regedit.exe
[13/07/2009 22:37:07] - |D| - [21544] - C:\Windows\registration
[13/07/2009 22:37:07] - |D| - [9103503] - C:\Windows\rescache
[13/07/2009 22:37:07] - |D| - [1674534] - C:\Windows\Resources
[13/07/2009 22:37:07] - |D| - [0] - C:\Windows\SchCache
[13/07/2009 22:37:07] - |D| - [58021] - C:\Windows\schemas
[13/07/2009 22:37:07] - |D| - [5281068] - C:\Windows\security
[14/07/2009 00:34:13] - |D| - [69420548] - C:\Windows\ServiceProfiles
[13/07/2009 22:37:07] - |D| - [61201423] - C:\Windows\servicing
[14/07/2009 00:34:16] - |D| - [42] - C:\Windows\Setup
[MD5.D74E3C688AA4F552EB9F55CB8EA67170] - [28/03/2017 15:03:20] - |A| - (.-.) - [56] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [28/03/2017 15:03:20] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[27/06/2016 19:00:19] - |D| - [643096841] - C:\Windows\SoftwareDistribution
[13/07/2009 22:37:07] - |D| - [181021214] - C:\Windows\Speech
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 00:48:09] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml
[13/07/2009 22:37:07] - |D| - [700380] - C:\Windows\system
[MD5.286A9EDB379DC3423A528B0864A0F111] - [13/07/2009 22:04:23] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[13/07/2009 22:37:07] - |D| - [3267679335] - C:\Windows\System32
[13/07/2009 22:37:09] - |D| - [15] - C:\Windows\TAPI
[13/07/2009 22:37:09] - |D| - [43258] - C:\Windows\Tasks
[13/07/2009 22:37:09] - |D| - [394650] - C:\Windows\Temp
[13/07/2009 22:37:09] - |D| - [0] - C:\Windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 17:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll
[14/07/2009 00:52:30] - |D| - [6144] - C:\Windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [20/11/2010 17:29:41] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 18:47:26] - |A| - (.- Twain_32.dll Client’s 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [13/07/2009 20:14:40] - |A| - (.- Twain.dll Client’s 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe
[MD5.015B30309491A911E75748AD69C9E680] - [18/12/2016 22:20:37] - |A| - (.© Microsoft Corporation. - Microsoft® C Runtime Library.) - [921280] - (10.0.10586.212) - C:\Windows\ucrtbase.dll
[13/07/2009 22:37:09] - |D| - [12420] - C:\Windows\Vss
[13/07/2009 22:37:09] - |D| - [40681427] - C:\Windows\Web
[MD5.162904DAA5412143F5403233E77F787E] - [13/07/2009 22:04:23] - |A| - (.-.) - [403] - (0.0.0.0) - C:\Windows\win.ini
[12/02/2017 15:08:20] - |D| - [85838997] - C:\Windows\WindowsMobile
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 00:41:57] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.F0719465DE663FC69F18C6A93189F955] - [27/06/2016 19:00:19] - |A| - (.-.) - [2037711] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.8E6F7D51A5CB299C25621C6C1AB57E84] - [13/07/2009 16:29:46] - |A| - (.Copyright © Microsoft Corp. 1991-1992 - Windows Help Engine application file.) - [256192] - (3.10.0.425) - C:\Windows\winhelp.exe
[MD5.1D420D66250BCAAAED05724FB34008CF] - [13/07/2009 20:12:29] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe
[13/07/2009 22:37:09] - |D| - [7516126629] - C:\Windows\winsxs
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 17:34:23] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.6E8EACC0B339365D79A2C06896865D3D] - [13/07/2009 19:41:00] - |A| - (.© Microsoft Corporation. - Windows Write.) - [9216] - (6.1.7600.16385) - C:\Windows\write.exe
[MD5.B317B33694BAC49D492DD3F23E374899] - [13/07/2009 17:30:30] - |A| - (.-.) - [707] - (0.0.0.0) - C:\Windows_default.pif

---------- | C:\Windows\System32\GroupPolicy

[MD5.6D3BF95C2CCAD94EF493A7B393A4134D] - [30/06/2016 15:55:47] - |A| - (.-.) - [127] - (0.0.0.0) - C:\Windows\System32\GroupPolicy\gpt.ini
[30/06/2016 15:55:47] - |D| - [94] - C:\Windows\System32\GroupPolicy\Machine
[30/06/2016 15:55:47] - |D| - [0] - C:\Windows\System32\GroupPolicy\User

---------- | Systemroot\System

[13/07/2009 19:00:47] - |A| - [69584] - C:\Windows\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL)
[13/07/2009 19:00:47] - |A| - [109456] - C:\Windows\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library)
[13/07/2009 17:41:42] - |A| - [32816] - C:\Windows\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Common Dialogs libraries)
[13/07/2009 17:41:23] - |A| - [2000] - C:\Windows\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Keyboard Driver Module)
[13/07/2009 16:29:46] - |A| - [9936] - C:\Windows\System\lzexpand.dll (Copyright © Microsoft Corp. 1989-1992) - (Windows file expansion library)
[13/07/2009 19:00:47] - |A| - [73376] - C:\Windows\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI)
[13/07/2009 19:00:47] - |A| - [25264] - C:\Windows\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer)
[13/07/2009 19:00:47] - |A| - [28160] - C:\Windows\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio)
[13/07/2009 17:41:32] - |A| - [68992] - C:\Windows\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (System APIs for Multimedia)
[13/07/2009 17:41:32] - |A| - [1152] - C:\Windows\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Multimedia background task support module)
[13/07/2009 17:41:27] - |A| - [2032] - C:\Windows\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW MOUSE Driver Module)
[10/06/2009 17:21:50] - |A| - [126912] - C:\Windows\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL)
[13/07/2009 16:29:46] - |A| - [82944] - C:\Windows\System\olecli.dll (Copyright © Microsoft Corp. 1991-1993) - (Object Linking and Embedding Client Library)
[13/07/2009 17:41:50] - |A| - [24064] - C:\Windows\System\OLESVR.DLL (Copyright © Microsoft Corp. 1991-1996) - (Object Linking and Embedding Server Library)
[13/07/2009 17:41:22] - |A| - [5120] - C:\Windows\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Shell library)
[13/07/2009 17:41:23] - |A| - [1744] - C:\Windows\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW SOUND Driver Module)
[13/07/2009 18:00:27] - |A| - [5532] - C:\Windows\System\stdole.tlb (Copyright © Microsoft Corp. 1993-1995) - (OLE 2.1 16/32 Interoperability Type Library)
[13/07/2009 17:41:21] - |A| - [3360] - C:\Windows\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows System Driver core component)
[13/07/2009 17:41:39] - |A| - [4048] - C:\Windows\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Timer driver for PC compatibles)
[13/07/2009 16:29:46] - |A| - [9008] - C:\Windows\System\ver.dll (Copyright © Microsoft Corp. 1991) - (Version Checking and File Installation Libraries)
[13/07/2009 17:41:26] - |A| - [2176] - C:\Windows\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Display Driver Module)
[13/07/2009 17:41:45] - |A| - [12704] - C:\Windows\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows for Workgroups network driver)

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[05/05/2015 14:23:16] - C:\Windows\Installer\178720f.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/09/2016 12:21:44] - C:\Windows\Installer\19ae0f09.msi : (OpenOffice 4.1.3 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/07/2016 22:19:14] - C:\Windows\Installer\1c9d2e.msi : (Intel(R) Wireless Bluetooth(R) - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/09/2016 12:01:33] - C:\Windows\Installer\1e561dab.msi : (Looks for updates for your computer’s software and drivers to improve performance. - Slimware Utilities Holdings, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2014 15:04:56] - C:\Windows\Installer\1ebc2c9f.msi : (Intel(R) Network Connections - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 04:42:22] - C:\Windows\Installer\1f3b9bd.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/04/2012 01:06:44] - C:\Windows\Installer\223b8e.msi : (WIDCOMM Bluetooth Profile Pack - Broadcom Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[03/02/2017 13:51:45] - C:\Windows\Installer\23fd2d27.msi : (eM Client - eM Client Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/01/2017 11:05:43] - C:\Windows\Installer\450e743.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/12/2016 17:13:23] - C:\Windows\Installer\99d9d8.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/11/2016 16:09:45] - C:\Windows\Installer\f249c6.msi : (Blank Project Template - Samsung Electronics Co., Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%*.in*

[14/07/2009 00:42:29] - [73] - C:\Windows\System32\desktop.ini
[29/06/2016 16:51:31] - [16303] - C:\Windows\System32\ieuinit.inf
[14/07/2009 00:42:26] - [535] - C:\Windows\System32\mapisvc.inf
[20/11/2010 17:01:02] - [781298] - C:\Windows\System32\PerfStringBackup.INI
[10/06/2009 17:39:59] - [60124] - C:\Windows\System32\tcpmon.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.D41D8CD98F00B204E9800998ECF8427E] - |N| - [11/12/2016 11:34:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\atchk.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |N| - [23/07/2012 19:53:34] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\atchksrv.log
[MD5.00000000000000000000000000000000] - |D| - [19/03/2017 15:54:00] - [313.99 Ko] - C:\Windows\Temp\avast_ash2
[MD5.EA1798F1AFDE24A6BC55CCDE109A8B00] - |A| - [26/03/2017 01:00:01] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\Temp\coinlog.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/03/2017 03:26:30] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.590_0SZBrowser_autoupda te.download.lock
[MD5.31A5527E08DFDB6DAEC90D1C04742E83] - |A| - [28/03/2017 15:14:00] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\fwtsqmfile00.sqm
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 03:57:12] - [5.39 Ko] - C:\Windows\Temp\HP
[MD5.00000000000000000000000000000000] - |D| - [18/12/2016 22:22:19] - [65.39 Ko] - C:\Windows\Temp\SafeZone Installer
[MD5.00000000000000000000000000000000] - |D| - [18/12/2016 22:21:19] - [0 Ko] - C:\Windows\Temp_avast_
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [0 Ko] - C:\Windows\System32\0409
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 00:34:15] - (.-.) - [21.19 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 00:34:15] - (.-.) - [21.19 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.8AAD333C876590293F72B315E162BCC7] - |A| - [13/07/2009 17:40:41] - (.-.) - [8.82 Ko] - (0.0.0.0) - C:\Windows\System32\ANSI.SYS
[MD5.D753EEE17725526A67ACDDAA5D63EF68] - |A| - [13/07/2009 17:40:49] - (.-.) - [12.21 Ko] - (0.0.0.0) - C:\Windows\System32\append.exe
[MD5.00000000000000000000000000000000] - |D| - [27/02/2017 14:24:53] - [0 Ko] - C:\Windows\System32\appmgmt
[MD5.00000000000000000000000000000000] - |D| - [03/07/2016 03:49:28] - [9293.73 Ko] - C:\Windows\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [201.5 Ko] - C:\Windows\System32\ar-SA
[MD5.15FC01D1317A95D50EA23CA132C4F73F] - |A| - [12/03/2017 08:27:10] - (.Copyright (c) 2014 AVAST Software - Avast start-up scanner.) - [320.52 Ko] - (17.2.3419.0) - C:\Windows\System32\aswBoot.exe
[MD5.30475F091008E24550523515A023270D] - |A| - [13/07/2009 22:04:04] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\Windows\System32\autoexec.nt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [173 Ko] - C:\Windows\System32\bg-BG
[MD5.84BDB1E378591D930482B896A1648C53] - |A| - [10/06/2009 17:42:54] - (.-.) - [27.75 Ko] - (0.0.0.0) - C:\Windows\System32\bios1.rom
[MD5.B44C4C9CA9D4BCC8430F3276576F562B] - |A| - [13/07/2009 17:30:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\bios4.rom
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [1043.2 Ko] - C:\Windows\System32\Boot
[MD5.278EE111CB021686C7BDB45C12EAC6E2] - |A| - [13/07/2009 20:59:14] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [17 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll
[MD5.D1E5E5826ECB8F87BDB0CF9E28B48465] - |A| - [13/07/2009 19:51:43] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [72 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |HD| - [28/01/2017 15:13:43] - [824.17 Ko] - C:\Windows\System32\CanonIJ Uninstaller Information
[MD5.40DF43CA1A8752CAA135E27DCC6645B3] - |A| - [13/07/2009 19:41:26] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\Windows\System32\CardGames.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [44208.56 Ko] - C:\Windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [20184.07 Ko] - C:\Windows\System32\catroot2
[MD5.6F6C16E5D711E35FABE3FCD8C49E7A69] - |A| - [05/07/2016 14:17:02] - (.-.) - [75.75 Ko] - (0.0.0.0) - C:\Windows\System32\CNC1762D.TBL
[MD5.E564016FA6663C04A97D754F522632EE] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2012 All Rights Reserved - WIA Scanner Driver.) - [260.5 Ko] - (20.0.0.4) - C:\Windows\System32\CNC_B8C.dll
[MD5.90CF774CA09A5BF87854B63110D543FD] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2012 All Rights Reserved - WIA Scanner Driver Image Enhancement dll.) - [94.5 Ko] - (20.0.0.4) - C:\Windows\System32\CNC_B8I.dll
[MD5.86802456CB4AD11942447D1112242CA0] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2012 All Rights Reserved - LLD.) - [312.5 Ko] - (1.0.0.0) - C:\Windows\System32\CNC_B8L.dll
[MD5.D16CF34B17899F90A8FCF2A3F77B4A27] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2007-2008 All Rights Reserved - Canon Device Dependent Informations for Scanner Library.) - [15.5 Ko] - (1.4.1.1) - C:\Windows\System32\CNHMCA.dll
[MD5.35096FFA4D72432B6795E310A991D757] - |A| - [05/07/2016 14:17:54] - (.Copyright CANON INC. 2000-2012 All Rights Reserved - IJ Language Monitor.) - [307.5 Ko] - (0.3.0.1) - C:\Windows\System32\CNMLMB8.DLL
[MD5.C37A74199944B29D736DFE59974A3A34] - |A| - [28/01/2017 15:13:38] - (.Copyright CANON INC. 2007-2012 All Rights Reserved - IJ Language Monitor.) - [309 Ko] - (0.3.0.1) - C:\Windows\System32\CNMXLMB8.DLL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [4568.56 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [302.5 Ko] - C:\Windows\System32\com
[MD5.BA597F9A4BB90F038266CE1A3C3BE3FB] - |A| - [13/07/2009 17:40:48] - (.-.) - [49.46 Ko] - (0.0.0.0) - C:\Windows\System32\COMMAND.COM
[MD5.00000000000000000000000000000000] - |SD| - [03/07/2016 03:49:29] - [3421.69 Ko] - C:\Windows\System32\CompatTel
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [263794.93 Ko] - C:\Windows\System32\config
[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - |A| - [13/07/2009 22:04:04] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\Windows\System32\config.nt
[MD5.0FE9F16075C9ACB941C957B7C649176E] - |A| - [13/07/2009 17:40:44] - (.-.) - [26.46 Ko] - (0.0.0.0) - C:\Windows\System32\country.sys
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [432 Ko] - C:\Windows\System32\cs-CZ
[MD5.4B2E28731AC72530E58ED1F1EB0A93A1] - |A| - [01/08/2016 14:11:40] - (.Copyright 2011 - CSVer.) - [52 Ko] - (9.4.0.1027) - C:\Windows\System32\CSVer.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [427.5 Ko] - C:\Windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [457.5 Ko] - C:\Windows\System32\de-DE
[MD5.C17AFA0AAD78C621F818DD6729572C48] - |A| - [13/07/2009 17:40:52] - (.-.) - [20.15 Ko] - (0.0.0.0) - C:\Windows\System32\debug.exe
[MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 00:42:29] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [4135 Ko] - C:\Windows\System32\Dism
[MD5.03783D0840B2C54D7665248425C74417] - |A| - [20/11/2010 17:29:20] - (.-.) - [52.34 Ko] - (0.0.0.0) - C:\Windows\System32\dosx.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [52488.54 Ko] - C:\Windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [1054105.33 Ko] - C:\Windows\System32\DriverStore
[MD5.F61E145D8A9AF7CDAB47CD810DE7DC56] - |A| - [01/08/2016 14:12:31] - (.-.) - [2.65 Ko] - (0.0.0.0) - C:\Windows\System32\e1e6232.din
[MD5.F6E368E10B600836DD349FF937B183A2] - |A| - [10/06/2009 17:42:32] - (.-.) - [68.25 Ko] - (0.0.0.0) - C:\Windows\System32\edit.com
[MD5.8AA8DCC96FA0492E3B5D415537FAB8FE] - |A| - [10/06/2009 17:42:32] - (.-.) - [10.54 Ko] - (0.0.0.0) - C:\Windows\System32\EDIT.HLP
[MD5.B7A0AA49CBB604B2C3A42A49C36D8A4F] - |A| - [13/07/2009 17:40:50] - (.-.) - [12.35 Ko] - (0.0.0.0) - C:\Windows\System32\edlin.exe
[MD5.52E91EAC2F3175B1A5B0150382B6D771] - |A| - [13/07/2009 16:31:17] - (.-.) - [124.23 Ko] - (0.0.0.0) - C:\Windows\System32\ega.cpi
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [457 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [1804 Ko] - C:\Windows\System32\en
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [36261.52 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [448 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [160.5 Ko] - C:\Windows\System32\et-EE
[MD5.683626544E81387771ED55E1A0F2047B] - |A| - [13/07/2009 17:40:51] - (.-.) - [8.23 Ko] - (0.0.0.0) - C:\Windows\System32\exe2bin.exe
[MD5.68062C0ECE86AB7801B5B47FDC855A06] - |A| - [13/07/2009 17:41:02] - (.-.) - [0.86 Ko] - (0.0.0.0) - C:\Windows\System32\fastopen.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [430 Ko] - C:\Windows\System32\fi-FI
[MD5.1773BC78010F9C4B354F83E3CE2054C6] - |A| - [14/07/2009 00:33:53] - (.-.) - [283.45 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [454 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 17:19:05] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.F58BC2273B8D60E457A73FAD18C38F9C] - |A| - [03/07/2016 12:22:54] - (.-.) - [57.42 Ko] - (0.0.0.0) - C:\Windows\System32\GDIPFONTCACHEV1.DAT
[MD5.6E4E7884E6489AC4F5E6DAB176A73E52] - |A| - [13/07/2009 17:41:01] - (.-.) - [19.23 Ko] - (0.0.0.0) - C:\Windows\System32\GRAPHICS.COM
[MD5.BC33AA625D6B807F718627386DF78426] - |A| - [10/06/2009 17:42:32] - (.-.) - [20.73 Ko] - (0.0.0.0) - C:\Windows\System32\graphics.pro
[MD5.00000000000000000000000000000000] - |HD| - [13/07/2009 22:37:08] - [0.22 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - |A| - [13/07/2009 17:40:40] - (.-.) - [4.66 Ko] - (0.0.0.0) - C:\Windows\System32\HIMEM.SYS
[MD5.52DF780DF7CA0697B4BCF777C98D35B1] - |A| - [21/07/2016 15:26:48] - (.© 2015 HPDC LP - DeviceCoInstaller.) - [258.67 Ko] - (40.2.1065.64451) - C:\Windows\System32\hpinkcoiDC11.dll
[MD5.8F7C9ABD28273C7B5BA577EC1C824E13] - |A| - [21/07/2016 15:26:52] - (.© 2015 HPDC LP - hpinkins.exe.) - [2098.17 Ko] - (40.2.1065.64451) - C:\Windows\System32\hpinkinsDC11.exe
[MD5.5E29CE485622B317F13DC8E3634B400E] - |A| - [21/07/2016 15:26:56] - (.© 2015 HPDC LP - Print Status Language Monitor.) - [308.67 Ko] - (40.2.1065.64451) - C:\Windows\System32\hpinkstsDC11LM.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [168 Ko] - C:\Windows\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [434.5 Ko] - C:\Windows\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [5.36 Ko] - C:\Windows\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.4B2BDDFB7C44498E9FF47C8F65918867] - |A| - [23/09/2009 19:27:44] - (.Copyright (C) 2009 - Intel® Graphics Media Accelerator Driver Coinstaller.) - [152 Ko] - (1.1.17.0) - C:\Windows\System32\igfxCoIn_v1930.dll
[MD5.99AF886F548DFA1AEC9868A8BF0F74FC] - |A| - [23/09/2009 18:45:12] - (.-.) - [1876.24 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa32.cpa
[MD5.7FEF5563D091D8A44B96DD4EBE0350AA] - |A| - [23/09/2009 18:45:12] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa32.vp
[MD5.A16E966DEBE65033E703CA9514753E11] - |A| - [23/09/2009 18:45:12] - (.-.) - [58.81 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc32.vp
[MD5.251D22DE1DF611739E4D0C7BAB2E80D6] - |A| - [23/09/2009 18:45:12] - (.-.) - [58.84 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg32.vp
[MD5.CB4DCAF11675F52D39035BCEE14ABA77] - |A| - [23/09/2009 18:45:12] - (.-.) - [58.61 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo32.vp
[MD5.68B4E32B9D5AAC08DF18C288676E9B82] - |A| - [23/09/2009 19:45:20] - (.-.) - [38.52 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxs32.vp
[MD5.1B24EC543ADEA0AFB520B4F104134CBB] - |A| - [02/07/2016 03:24:36] - (.Copyright © 2009 - Intel® Graphics Media Accelerator Driver installer.) - [978.52 Ko] - (1.1.33.0) - C:\Windows\System32\igxpun.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [34097.44 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [0 Ko] - C:\Windows\System32\inetsrv
[MD5.C24A7C74FE4219F9940FC77AB548FB34] - |A| - [20/11/2010 17:18:30] - (.-.) - [29.09 Ko] - (0.0.0.0) - C:\Windows\System32\InstallPackage_ETW.Log
[MD5.4D7E256377A5E934EA1820B2CEA79131] - |A| - [13/07/2009 17:40:59] - (.-.) - [14.37 Ko] - (0.0.0.0) - C:\Windows\System32\KB16.COM
[MD5.492090267B9608C62B956CD29BE3AFB7] - |A| - [13/07/2009 17:40:43] - (.-.) - [41.81 Ko] - (0.0.0.0) - C:\Windows\System32\KEY01.SYS
[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - |A| - [13/07/2009 17:40:43] - (.-.) - [41.54 Ko] - (0.0.0.0) - C:\Windows\System32\KEYBOARD.SYS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [360 Ko] - C:\Windows\System32\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [13/07/2009 22:05:05] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [23/07/2012 19:52:49] - [108 Ko] - C:\Windows\System32\Lang
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/01/2017 12:16:53] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\System32\last.dump
[MD5.536460507B20AE0F03D7BEE8111028CF] - |A| - [13/07/2009 17:40:57] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\LOADFIX.COM
[MD5.E89C001FB4D9E08CC7072CE774CDB999] - |A| - [20/11/2010 16:58:07] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\Windows\System32\LocalGroupAdminAdd.log
[MD5.9EB325EC6E6DC9418A391C852F96B623] - |A| - [20/11/2010 16:58:08] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\System32\Local_LLU.log
[MD5.CB630C50170F16E21D12A572E6F39ED0] - |A| - [23/07/2012 19:53:34] - (.-.) - [0.42 Ko] - (0.0.0.0) - C:\Windows\System32\log(27).txt
[MD5.C9D2FC4C5D6D59730557F5E97FDE4874] - |A| - [23/07/2012 19:53:34] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\Windows\System32\log.txt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [2576.59 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [165 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [166 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [04/07/2016 15:23:51] - [22178.3 Ko] - C:\Windows\System32\Macromed
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 16:22:04] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [2029.01 Ko] - C:\Windows\System32\manifeststore
[MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 00:42:26] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\System32\mapisvc.inf
[MD5.4C7271F0C6F45C80453B7374F232B651] - |A| - [27/04/2016 18:41:38] - (.Copyright 2016 Motorola Solutions, Inc. - Bluetooth Low Energy SDK Implementation Dll.) - [317.98 Ko] - (19.0.1603.630) - C:\Windows\System32\mbtleapi.dll
[MD5.390762963E6B4C861E5E0CA5A3E56E40] - |A| - [13/07/2009 17:40:56] - (.-.) - [38.35 Ko] - (0.0.0.0) - C:\Windows\System32\mem.exe
[MD5.331854AA634AF7755185B97BF3494C43] - |A| - [23/07/2012 19:53:32] - (.Copyright © 2009 - Intel® Active Management Technology Device Software installer.) - [986.52 Ko] - (1.1.19.9) - C:\Windows\System32\mesoludlg.exe
[MD5.DB0D176B243020E189AE852C36A7D888] - |A| - [05/09/2016 14:16:30] - (.Copyright© 1995-2016 McAfee, Inc. - McAfee Process Validation Service.) - [310.52 Ko] - (15.5.0.4350) - C:\Windows\System32\mfevtps(26).exe
[MD5.00000000000000000000000000000000] - |SD| - [14/07/2009 00:34:06] - [7.86 Ko] - C:\Windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [3563.43 Ko] - C:\Windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [32669.71 Ko] - C:\Windows\System32\migwiz
[MD5.A311363F3C887D8C3A524A51B7F20D69] - |A| - [14/07/2009 00:42:29] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [03/07/2016 03:09:41] - [0 Ko] - C:\Windows\System32\MRT
[MD5.52C7505D68C3CE8496EC8DC17D8FF75A] - |A| - [13/07/2009 17:41:05] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\System32\mscdexnt.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [4148.28 Ko] - C:\Windows\System32\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [11.33 Ko] - C:\Windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [422.5 Ko] - C:\Windows\System32\nb-NO
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [13/07/2009 18:10:48] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [68 Ko] - C:\Windows\System32\NetworkList
[MD5.8E24A7BCAEF2045DA1FF29217622843E] - |A| - [20/11/2010 16:58:08] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\Network_LLU.log
[MD5.5E835121A3899CFA37E285E0CA2B4E7D] - |A| - [13/07/2009 17:40:57] - (.-.) - [6.89 Ko] - (0.0.0.0) - C:\Windows\System32\nlsfunc.exe
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [13/07/2009 22:05:05] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\noise.kor
[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - |A| - [13/07/2009 17:40:23] - (.-.) - [27.21 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS.SYS
[MD5.CF9ED169FF86D935E47999E82359E898] - |A| - [13/07/2009 17:40:31] - (.-.) - [28.46 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS404.SYS
[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - |A| - [13/07/2009 17:40:35] - (.-.) - [28.68 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS411.SYS
[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - |A| - [13/07/2009 17:40:39] - (.-.) - [28.59 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS412.SYS
[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - |A| - [13/07/2009 17:40:27] - (.-.) - [28.46 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS804.SYS
[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - |A| - [13/07/2009 17:40:11] - (.-.) - [33.16 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO.SYS
[MD5.A98EBD4C2DF983665BF2D1AF49949974] - |A| - [13/07/2009 17:40:15] - (.-.) - [33.86 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO404.SYS
[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - |A| - [13/07/2009 17:40:17] - (.-.) - [34.94 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO411.SYS
[MD5.3E64D681B776CC57BDC38A46D881F85B] - |A| - [13/07/2009 17:40:19] - (.-.) - [34.7 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO412.SYS
[MD5.D86B6435729231C171432B4E77801BDB] - |A| - [13/07/2009 17:40:13] - (.-.) - [33.86 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO804.SYS
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 16:30:24] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [12211.77 Ko] - C:\Windows\System32\oobe
[MD5.8415390CA856E6E40E325F0FA548FDF8] - |A| - [13/07/2009 22:05:48] - (.-.) - [118.68 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 17:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [13/07/2009 22:05:48] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.9BD5F35F69CF70BDDF61EEF33E72C7D0] - |A| - [13/07/2009 22:05:48] - (.-.) - [646.15 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.3539B4942C90B6223728B7D12D0677C6] - |A| - [20/11/2010 17:01:02] - (.-.) - [762.99 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [439 Ko] - C:\Windows\System32\pl-PL
[MD5.EB6C16CE0163AD282E95FCE5EE9BA518] - |A| - [20/11/2010 17:29:26] - (.Copyright (C) 2001 - PrintBrm Application.) - [64.5 Ko] - (1.0.0.0) - C:\Windows\System32\PrintBrmUi.exe
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:48] - [413.88 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.BBB40CA86B88918864D16CFAC9D4ABA4] - |A| - [13/07/2009 17:41:04] - (.-.) - [2.78 Ko] - (0.0.0.0) - C:\Windows\System32\redir.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [0.07 Ko] - C:\Windows\System32\restore
[MD5.1682110FF204D2185C5B8024C6A891E2] - |A| - [02/07/2016 15:56:45] - (.-.) - [32.06 Ko] - (0.0.0.0) - C:\Windows\System32\rnd_chunk.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [169 Ko] - C:\Windows\System32\ro-RO
[MD5.BB01B19CA1FB76C65F900B0CB47007F1] - |A| - [23/07/2012 19:50:11] - (.-.) - [19.7 Ko] - (0.0.0.0) - C:\Windows\System32\rpkdriverinst.log
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [434 Ko] - C:\Windows\System32\ru-RU
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [20/11/2010 17:29:06] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.7753FC56F9CAC4B5AFDA3196DB654F21] - |A| - [31/08/2016 14:54:34] - (.Copyright © 2004-2010 MAPILab Ltd. & Add-in Express Ltd. - Security Manager Component for Microsoft Outlook allows to turn off and on Outlook Object Model Security Guard.) - [141.27 Ko] - (3.0.0.0) - C:\Windows\System32\secman.dll
[MD5.8C3D0C73A0850A0EE62DF9EC36DBDE80] - |N| - [01/08/2016 14:15:28] - (.-.) - [1.86 Ko] - (0.0.0.0) - C:\Windows\System32\SetupBD.din
[MD5.AD7B906FC883959E56E210B2B077CA00] - |A| - [13/07/2009 17:40:54] - (.-.) - [11.48 Ko] - (0.0.0.0) - C:\Windows\System32\setver.exe
[MD5.68062C0ECE86AB7801B5B47FDC855A06] - |A| - [13/07/2009 17:41:02] - (.-.) - [0.86 Ko] - (0.0.0.0) - C:\Windows\System32\share.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [169.5 Ko] - C:\Windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [166 Ko] - C:\Windows\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [37.8 Ko] - C:\Windows\System32\slmgr
[MD5.7AF22B12467D4E3B3831E65E1D12179D] - |A| - [26/09/2016 12:42:46] - (.Copyright (C) Analog Devices, Inc. 2008 - SoundMAX coinstaller (32 bit).) - [33.5 Ko] - (7.0.1.1020) - C:\Windows\System32\SmaxCo.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [13634.02 Ko] - C:\Windows\System32\SMI
[MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 17:46:53] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [25835 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [134472.48 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [2168.98 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [30.19 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [170 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [426.5 Ko] - C:\Windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [274.53 Ko] - C:\Windows\System32\sysprep
[MD5.B8CBB46B42570D373C9933FBDF25EBCE] - |A| - [20/11/2010 17:29:24] - (.-.) - [143.41 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [328.02 Ko] - C:\Windows\System32\Tasks
[MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 17:39:59] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [157 Ko] - C:\Windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [424 Ko] - C:\Windows\System32\tr-TR
[MD5.579E54636405735FEB2BC37C1AE757FD] - |A| - [23/09/2009 19:30:50] - (.Copyright © 2006 - Intel(R) TVWizard.) - [8006.52 Ko] - (1.0.1.0) - C:\Windows\System32\TVWSetup.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [166.5 Ko] - C:\Windows\System32\uk-UA
[MD5.52BAA773D4A2CC3A7767598C21F532C8] - |A| - [14/07/2009 00:34:00] - (.-.) - [18 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl
[MD5.FDC9FB711442ADC6EDD34BE7F27F16CD] - |A| - [14/07/2009 00:34:00] - (.-.) - [45 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl
[MD5.86491AD7BC0964089CD4E703E65D45DB] - |A| - [13/07/2009 17:30:26] - (.-.) - [18.39 Ko] - (0.0.0.0) - C:\Windows\System32\v7vga.rom
[MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [13/07/2009 22:04:56] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\System32\vfpodbc.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [43664 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:48] - [60.46 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [21949.67 Ko] - C:\Windows\System32\wdi
[MD5.BDDF10F9D8E179323BC1B49603809EB0] - |A| - [13/07/2009 17:38:33] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [144 Ko] - C:\Windows\System32\wfp
[MD5.C980C971AD4FF3CA5CEFDEF40932D3A1] - |A| - [13/07/2009 16:29:46] - (.-.) - [13 Ko] - (0.0.0.0) - C:\Windows\System32\win87em.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [71 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [8620.44 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [82644 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [99.06 Ko] - C:\Windows\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [02/07/2016 03:24:36] - [0 Ko] - C:\Windows\System32\x64
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [336.5 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [258.5 Ko] - C:\Windows\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [337 Ko] - C:\Windows\System32\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders]
“!Do not use this registry key”=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
“AppData”=C:\Users\hilton\AppData\Roaming [29/06/2016 16:31:01]
“Local AppData”=C:\Users\hilton\AppData\Local [29/06/2016 16:31:01]
“My Video”=C:\Users\hilton\Videos [29/06/2016 16:31:01]
“{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}”=C:\Users\hilton\AppData\Roaming\Mic rosoft\Windows\Libraries [29/06/2016 16:31:01]
“My Pictures”=C:\Users\hilton\Pictures [29/06/2016 16:31:01]
“Desktop”=C:\Users\hilton\Desktop [29/06/2016 16:31:01]
“History”=C:\Users\hilton\AppData\Local\Microsoft\ Windows\History [29/06/2016 16:31:01]
“NetHood”=C:\Users\hilton\AppData\Roaming\Microsof t\Windows\Network Shortcuts [29/06/2016 16:31:01]
“{56784854-C6CB-462B-8169-88E350ACB882}”=C:\Users\hilton\Contacts [29/06/2016 16:31:01]
“Cookies”=C:\Users\hilton\AppData\Roaming\Microsof t\Windows\Cookies [29/06/2016 16:31:01]
“Favorites”=C:\Users\hilton\Favorites [29/06/2016 16:31:01]
“SendTo”=C:\Users\hilton\AppData\Roaming\Microsoft \Windows\SendTo [29/06/2016 16:31:01]
“Start Menu”=C:\Users\hilton\AppData\Roaming\Microsoft\Wi ndows\Start Menu [29/06/2016 16:31:01]
“My Music”=C:\Users\hilton\Music [29/06/2016 16:31:01]
“Programs”=C:\Users\hilton\AppData\Roaming\Microso ft\Windows\Start Menu\Programs [29/06/2016 16:31:01]
“Recent”=C:\Users\hilton\AppData\Roaming\Microsoft \Windows\Recent [29/06/2016 16:31:01]
“CD Burning”=C:\Users\hilton\AppData\Local\Microsoft\W indows\Burn\Burn [29/06/2016 16:31:01]
“PrintHood”=C:\Users\hilton\AppData\Roaming\Micros oft\Windows\Printer Shortcuts [29/06/2016 16:31:01]
“{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}”=C:\Users\hilton\Searches [29/06/2016 16:31:01]
“{374DE290-123F-4565-9164-39C4925E467B}”=C:\Users\hilton\Downloads [29/06/2016 16:31:01]
“{A520A1A4-1780-4FF6-BD18-167343C5AF16}”=C:\Users\hilton\AppData\LocalLow [29/06/2016 16:31:01]
“Startup”=C:\Users\hilton\AppData\Roaming\Microsof t\Windows\Start Menu\Programs\Startup [29/06/2016 16:31:01]
“Administrative Tools”=C:\Users\hilton\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Administrative Tools [29/06/2016 16:31:01]
“Personal”=C:\Users\hilton\Documents [29/06/2016 16:31:01]
“{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}”=C:\Users\hilton\Links [29/06/2016 16:31:01]
“Cache”=C:\Users\hilton\AppData\Local\Microsoft\Wi ndows\Temporary Internet Files [29/06/2016 16:31:01]
“Templates”=C:\Users\hilton\AppData\Roaming\Micros oft\Windows\Templates [29/06/2016 16:31:01]
“{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}”=C:\Users\hilton\Saved Games [29/06/2016 16:31:01]
“Fonts”=C:\Windows\Fonts [13/07/2009 22:37:06]

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders]
“AppData”=%USERPROFILE%\AppData\Roaming
“Cache”=%USERPROFILE%\AppData\Local\Microsoft\Wind ows\Temporary Internet Files
“Cookies”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Cookies
“Desktop”=%USERPROFILE%\Desktop
“Favorites”=%USERPROFILE%\Favorites
“History”=%USERPROFILE%\AppData\Local\Microsoft\Wi ndows\History
“Local AppData”=%USERPROFILE%\AppData\Local
“My Music”=%USERPROFILE%\Music
“My Pictures”=%USERPROFILE%\Pictures
“My Video”=%USERPROFILE%\Videos
“NetHood”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Network Shortcuts
“Personal”=%USERPROFILE%\Documents
“Programs”=%USERPROFILE%\AppData\Roaming\Microsoft \Windows\Start Menu\Programs
“Recent”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\Recent
“SendTo”=%USERPROFILE%\AppData\Roaming\Microsoft\W indows\SendTo
“Startup”=%USERPROFILE%\AppData\Roaming\Microsoft\ Windows\Start Menu\Programs\Startup
“Start Menu”=%USERPROFILE%\AppData\Roaming\Microsoft\Wind ows\Start Menu
“Templates”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Templates
“{374DE290-123F-4565-9164-39C4925E467B}”=%USERPROFILE%\Downloads
“PrintHood”=%USERPROFILE%\AppData\Roaming\Microsof t\Windows\Printer Shortcuts

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders]
“Common Desktop”=C:\Users\Public\Desktop [13/07/2009 22:37:05]
“Common Start Menu”=C:\ProgramData\Microsoft\Windows\Start Menu [13/07/2009 22:37:05]
“CommonVideo”=C:\Users\Public\Videos [13/07/2009 22:37:05]
“CommonPictures”=C:\Users\Public\Pictures [13/07/2009 22:37:05]
“Common Programs”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [13/07/2009 22:37:05]
“CommonMusic”=C:\Users\Public\Music [13/07/2009 22:37:05]
“Common Administrative Tools”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 00:52:30]
“Common Startup”=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [13/07/2009 22:37:05]
“Common Documents”=C:\Users\Public\Documents [13/07/2009 22:37:05]
“OEM Links”=C:\ProgramData\OEM Links
“Common Templates”=C:\ProgramData\Microsoft\Windows\Templa tes [13/07/2009 22:37:05]
“Common AppData”=C:\ProgramData [13/07/2009 22:37:05]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders]
“Common Desktop”=%PUBLIC%\Desktop
“Common Documents”=%PUBLIC%\Documents
“CommonPictures”=%PUBLIC%\Pictures
“CommonMusic”=%PUBLIC%\Music
“CommonVideo”=%PUBLIC%\Videos
“{3D644C9B-1FB8-4f30-9B45-F670235F79C0}”=%PUBLIC%\Downloads
“Common Start Menu”=%ProgramData%\Microsoft\Windows\Start Menu
“Common Programs”=%ProgramData%\Microsoft\Windows\Start Menu\Programs
“Common Startup”=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
“Common AppData”=%ProgramData%
“Common Templates”=%ProgramData%\Microsoft\Windows\Templat es

---------- | [hilton]

[29/06/2016 16:31:01] - |D| - [2253692664] - C:\Users\hilton\AppData\Local
[29/06/2016 16:31:01] - |D| - [43272156] - C:\Users\hilton\AppData\LocalLow
[29/06/2016 16:31:01] - |D| - [325725693] - C:\Users\hilton\AppData\Roaming
[06/12/2016 18:45:00] - |D| - [504541101] - C:\Users\hilton\AppData\Local\76f7c66
[06/12/2016 18:16:33] - |D| - [0] - C:\Users\hilton\AppData\Local\88efa
[04/07/2016 15:23:24] - |D| - [31397805] - C:\Users\hilton\AppData\Local\Adobe
[05/07/2016 14:36:57] - |D| - [558734931] - C:\Users\hilton\AppData\Local\Amazon Music
[29/06/2016 16:31:07] - |SHD| - [22658289571] - C:\Users\hilton\AppData\Local\Application Data
[25/12/2016 17:06:55] - |D| - [7796256] - C:\Users\hilton\AppData\Local\Apps
[21/12/2016 15:03:54] - |D| - [24576] - C:\Users\hilton\AppData\Local\AVAST Software
[27/02/2017 15:10:05] - |D| - [0] - C:\Users\hilton\AppData\Local\Broadcom
[13/07/2016 12:30:23] - |D| - [443696] - C:\Users\hilton\AppData\Local\CEF
[15/07/2016 13:40:31] - |D| - [1920] - C:\Users\hilton\AppData\Local\Chromium
[16/08/2016 11:51:20] - |D| - [0] - C:\Users\hilton\AppData\Local\CrashDumps
[26/09/2016 12:01:51] - |D| - [7147] - C:\Users\hilton\AppData\Local\CrashRpt
[25/12/2016 17:06:55] - |D| - [0] - C:\Users\hilton\AppData\Local\Deployment
[27/07/2016 14:28:02] - |D| - [0] - C:\Users\hilton\AppData\Local\Diagnostics
[03/07/2016 13:23:38] - |D| - [0] - C:\Users\hilton\AppData\Local\ElevatedDiagnostics
[07/11/2016 13:52:35] - |D| - [11290] - C:\Users\hilton\AppData\Local\f1aad
[13/03/2017 15:39:37] - |D| - [266864] - C:\Users\hilton\AppData\Local\FromDocToPDFTooltab
[29/06/2016 16:40:17] - |A| - [65776] - C:\Users\hilton\AppData\Local\GDIPFONTCACHEV1.DAT
[25/12/2016 17:07:13] - |D| - [125618665] - C:\Users\hilton\AppData\Local\Google
[03/07/2016 12:23:08] - |D| - [71] - C:\Users\hilton\AppData\Local\GWX
[29/06/2016 16:31:07] - |SHD| - [290] - C:\Users\hilton\AppData\Local\History
[20/03/2017 16:22:50] - |AH| - [2143486] - C:\Users\hilton\AppData\Local\IconCache.db
[05/09/2016 13:57:00] - |D| - [0] - C:\Users\hilton\AppData\Local\LogMeIn Rescue Applet
[05/09/2016 14:21:27] - |D| - [50] - C:\Users\hilton\AppData\Local\McAfee File Lock
[29/06/2016 16:31:01] - |D| - [524648187] - C:\Users\hilton\AppData\Local\Microsoft
[21/08/2016 14:27:13] - |D| - [163171] - C:\Users\hilton\AppData\Local\Microsoft Games
[30/12/2016 13:38:42] - |D| - [23711855] - C:\Users\hilton\AppData\Local\Mozilla
[12/08/2016 12:28:34] - |D| - [0] - C:\Users\hilton\AppData\Local\Packages
[02/07/2016 15:54:33] - |D| - [3587] - C:\Users\hilton\AppData\Local\PC_Drivers_Headquart ers
[02/07/2016 15:09:05] - |D| - [0] - C:\Users\hilton\AppData\Local\Programs
[01/08/2016 13:59:16] - |D| - [460695434] - C:\Users\hilton\AppData\Local\SlimWare Utilities Inc
[30/06/2016 18:39:31] - |D| - [154550] - C:\Users\hilton\AppData\Local\Stardock
[29/06/2016 16:31:01] - |D| - [13197603] - C:\Users\hilton\AppData\Local\Temp
[29/06/2016 16:31:07] - |SHD| - [287848251] - C:\Users\hilton\AppData\Local\Temporary Internet Files
[29/06/2016 16:31:12] - |D| - [64643] - C:\Users\hilton\AppData\Local\VirtualStore
[02/07/2016 15:23:29] - |D| - [12097747] - C:\Users\hilton\AppData\LocalLow\Adblock Plus for IE
[13/07/2016 12:30:11] - |D| - [1838355] - C:\Users\hilton\AppData\LocalLow\Adobe
[29/06/2016 16:31:01] - |SD| - [28807670] - C:\Users\hilton\AppData\LocalLow\Microsoft
[30/12/2016 13:39:34] - |D| - [0] - C:\Users\hilton\AppData\LocalLow\Mozilla
[09/07/2016 17:25:01] - |D| - [528384] - C:\Users\hilton\AppData\LocalLow\PlayReady
[12/08/2016 12:34:18] - |A| - [0] - C:\Users\hilton\AppData\LocalLow\rightsCheck_1.txt
[29/06/2016 18:33:19] - |D| - [0] - C:\Users\hilton\AppData\LocalLow\Siber Systems
[29/06/2016 17:49:33] - |D| - [4352003] - C:\Users\hilton\AppData\Roaming\Adobe
[18/12/2016 22:21:28] - |D| - [30120923] - C:\Users\hilton\AppData\Roaming\AVAST Software
[28/01/2017 15:24:36] - |D| - [675] - C:\Users\hilton\AppData\Roaming\Canon
[12/08/2016 12:28:34] - |D| - [690709] - C:\Users\hilton\AppData\Roaming\Dashlane
[03/02/2017 13:54:40] - |D| - [18812571] - C:\Users\hilton\AppData\Roaming\eM Client
[29/06/2016 16:31:01] - |D| - [0] - C:\Users\hilton\AppData\Roaming\Identities
[29/06/2016 16:31:01] - |D| - [0] - C:\Users\hilton\AppData\Roaming\InstallShield
[15/07/2016 13:40:12] - |D| - [207] - C:\Users\hilton\AppData\Roaming\InstantSupport
[12/03/2017 14:18:29] - |D| - [119370195] - C:\Users\hilton\AppData\Roaming\Kodi
[04/07/2016 15:27:35] - |D| - [2723] - C:\Users\hilton\AppData\Roaming\Macromedia
[05/09/2016 14:04:06] - |D| - [9383] - C:\Users\hilton\AppData\Roaming\McAfee
[29/06/2016 16:31:01] - |SD| - [1339704] - C:\Users\hilton\AppData\Roaming\Microsoft
[30/12/2016 13:38:42] - |D| - [63268970] - C:\Users\hilton\AppData\Roaming\Mozilla
[04/07/2016 15:13:28] - |D| - [52325758] - C:\Users\hilton\AppData\Roaming\OpenOffice
[01/07/2016 13:11:33] - |D| - [24253979] - C:\Users\hilton\AppData\Roaming\RoboForm
[31/08/2016 14:54:34] - |D| - [153955] - C:\Users\hilton\AppData\Roaming\Samsung
[30/06/2016 18:39:30] - |D| - [11023938] - C:\Users\hilton\AppData\Roaming\Stardock
[29/06/2016 16:31:01] - |ASH| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\desktop.ini
[29/06/2016 16:31:01] - |RD| - [24841] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs
[29/06/2016 16:31:01] - |RD| - [14622] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Accessories
[29/06/2016 16:31:01] - |RD| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Administrative Tools
[05/07/2016 14:37:02] - |D| - [3422] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Amazon Music
[07/02/2017 16:29:05] - |D| - [372] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Dell
[29/06/2016 16:31:01] - |ASH| - [338] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\desktop.ini
[29/06/2016 16:33:48] - |A| - [1420] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Internet Explorer.lnk
[13/03/2017 15:54:19] - |D| - [3739] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Kodi
[29/06/2016 16:31:01] - |RD| - [580] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Maintenance
[29/06/2016 16:31:01] - |RD| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup
[29/06/2016 16:31:01] - |ASH| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\desktop.ini

---------- | [PCPitstopSVC]

[02/07/2016 15:44:57] - |D| - [48389255] - C:\Users\PCPitstopSVC\AppData\Local
[02/07/2016 15:44:57] - |D| - [152130] - C:\Users\PCPitstopSVC\AppData\LocalLow
[02/07/2016 15:44:57] - |D| - [986725] - C:\Users\PCPitstopSVC\AppData\Roaming
[02/07/2016 15:44:59] - |SHD| - [528793054] - C:\Users\PCPitstopSVC\AppData\Local\Application Data
[02/07/2016 15:44:59] - |SHD| - [16674] - C:\Users\PCPitstopSVC\AppData\Local\History
[02/07/2016 15:44:58] - |AH| - [913134] - C:\Users\PCPitstopSVC\AppData\Local\IconCache.db
[02/07/2016 15:44:57] - |D| - [41389513] - C:\Users\PCPitstopSVC\AppData\Local\Microsoft
[02/07/2016 15:44:57] - |D| - [6086608] - C:\Users\PCPitstopSVC\AppData\Local\Temp
[02/07/2016 15:44:59] - |SHD| - [67] - C:\Users\PCPitstopSVC\AppData\Local\Temporary Internet Files
[02/07/2016 15:44:57] - |SD| - [152130] - C:\Users\PCPitstopSVC\AppData\LocalLow\Microsoft
[02/07/2016 15:44:57] - |D| - [0] - C:\Users\PCPitstopSVC\AppData\Roaming\Identities
[02/07/2016 15:44:57] - |D| - [0] - C:\Users\PCPitstopSVC\AppData\Roaming\InstallShiel d
[02/07/2016 15:44:57] - |SD| - [986725] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft
[02/07/2016 15:44:58] - |ASH| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Wi ndows\Start Menu\desktop.ini
[02/07/2016 15:44:57] - |RD| - [17306] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs
[02/07/2016 15:44:57] - |RD| - [14621] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Accessories
[02/07/2016 15:44:57] - |RD| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Administrative Tools
[02/07/2016 15:44:57] - |ASH| - [338] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\desktop.ini
[02/07/2016 15:44:57] - |A| - [1419] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Internet Explorer.lnk
[02/07/2016 15:44:57] - |RD| - [580] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Maintenance
[02/07/2016 15:44:57] - |RD| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Startup
[02/07/2016 15:44:57] - |ASH| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]

---------- | C:\ProgramData

[13/07/2016 12:28:24] - |D| - [275321641] - C:\ProgramData\Adobe
[14/07/2009 00:53:55] - |SHD| - [61227519478] - C:\ProgramData\Application Data
[18/12/2016 22:19:18] - |D| - [3174173866] - C:\ProgramData\AVAST Software
[05/07/2016 14:18:24] - |HD| - [38903983] - C:\ProgramData\CanonBJ
[28/01/2017 15:19:08] - |D| - [86797] - C:\ProgramData\CanonIJWSpt
[01/08/2016 14:10:46] - |D| - [1007684] - C:\ProgramData\Dell
[14/07/2009 00:53:55] - |SHD| - [13945] - C:\ProgramData\Desktop
[14/07/2009 00:53:55] - |SHD| - [97419542] - C:\ProgramData\Documents
[02/07/2016 15:54:32] - |D| - [1159758] - C:\ProgramData\Driver Support
[14/07/2009 00:53:55] - |SHD| - [0] - C:\ProgramData\Favorites
[13/07/2009 22:37:05] - |SD| - [2152270493] - C:\ProgramData\Microsoft
[15/07/2016 13:39:48] - |RASH| - [344] - C:\ProgramData\ntuser.pol
[01/08/2016 21:31:34] - |D| - [10110095] - C:\ProgramData\Package Cache
[03/07/2016 12:22:59] - |D| - [1922] - C:\ProgramData\PC Drivers HeadQuarters
[02/07/2016 15:09:31] - |D| - [8639857] - C:\ProgramData\PCPitstop
[29/06/2016 18:33:19] - |D| - [232] - C:\ProgramData\RoboForm
[31/08/2016 14:12:17] - |D| - [0] - C:\ProgramData\Samsung
[26/09/2016 12:12:13] - |D| - [132598686] - C:\ProgramData\SlimWare Utilities Inc
[01/08/2016 14:09:49] - |D| - [191128555] - C:\ProgramData\SlimWare Utilities, Inc
[30/06/2016 18:39:31] - |D| - [9640026] - C:\ProgramData\Stardock
[14/07/2009 00:53:55] - |SHD| - [138188] - C:\ProgramData\Start Menu
[28/03/2017 15:14:21] - |D| - [0] - C:\ProgramData\SWCUTemp
[14/07/2009 00:53:55] - |SHD| - [31386] - C:\ProgramData\Templates

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[14/07/2009 00:46:35] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[14/07/2009 00:37:43] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[13/07/2009 22:37:05] - |RD| - [135198] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009 00:37:43] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[13/07/2009 22:37:05] - |RD| - [39894] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[13/07/2016 12:29:09] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[14/07/2009 00:52:30] - |RD| - [21157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[18/12/2016 22:22:29] - |A| - [1131] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[18/12/2016 22:41:38] - |D| - [2028] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[28/01/2017 15:13:43] - |D| - [2500] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series
[28/01/2017 15:19:12] - |D| - [1998] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[02/07/2016 15:47:29] - |D| - [1072] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[14/07/2009 00:41:57] - |ASH| - [1278] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[26/09/2016 12:01:44] - |D| - [4978] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[03/02/2017 13:54:02] - |A| - [931] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
[14/07/2009 00:52:30] - |RD| - [6112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[25/12/2016 17:07:56] - |A| - [2148] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[13/07/2009 22:37:05] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[23/07/2012 19:48:29] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[09/07/2016 17:12:10] - |D| - [2230] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[30/12/2016 13:38:30] - |A| - [1124] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[20/01/2017 14:40:40] - |SD| - [6980] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
[12/08/2016 15:03:24] - |D| - [16069] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[14/07/2009 00:42:29] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[25/12/2016 13:38:04] - |D| - [4006] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[13/07/2009 22:37:05] - |RD| - [1008] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[14/07/2009 00:42:30] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[23/07/2012 19:48:25] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[14/07/2009 00:42:24] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[14/07/2009 00:46:36] - |A| - [1515] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[12/02/2017 15:09:57] - |A| - [2419] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[14/07/2009 00:42:30] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[27/02/2017 15:03:34] - |A| - [834] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[14/07/2009 00:41:57] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files

[13/07/2016 12:28:51] - |D| - [215519621] - C:\Program Files\Adobe
[23/07/2012 19:53:54] - |D| - [2110127] - C:\Program Files\Analog Devices
[18/12/2016 22:19:56] - |D| - [1325378670] - C:\Program Files\AVAST Software
[28/01/2017 15:19:05] - |D| - [20206791] - C:\Program Files\Canon
[28/01/2017 15:13:35] - |HD| - [7533306] - C:\Program Files\CanonBJ
[02/07/2016 15:47:27] - |D| - [11091816] - C:\Program Files\CCleaner
[13/07/2009 22:37:05] - |D| - [102044030] - C:\Program Files\Common Files
[12/08/2016 12:28:34] - |D| - [0] - C:\Program Files\Dashlane
[14/07/2009 00:41:57] - |ASH| - [174] - C:\Program Files\desktop.ini
[02/07/2016 15:53:39] - |D| - [14156416] - C:\Program Files\Driver Support
[26/09/2016 12:01:44] - |D| - [36769650] - C:\Program Files\DriverUpdate
[14/07/2009 00:52:30] - |D| - [83215892] - C:\Program Files\DVD Maker
[03/02/2017 13:52:54] - |D| - [162849256] - C:\Program Files\eM Client
[25/12/2016 17:07:20] - |D| - [359138592] - C:\Program Files\Google
[23/07/2012 19:53:54] - |HD| - [5204191] - C:\Program Files\InstallShield Installation Information
[23/07/2012 19:52:49] - |D| - [48783890] - C:\Program Files\Intel
[13/07/2009 22:37:05] - |D| - [26525200] - C:\Program Files\Internet Explorer
[13/03/2017 15:53:54] - |D| - [162290054] - C:\Program Files\Kodi
[05/09/2016 14:03:52] - |D| - [3247555] - C:\Program Files\McAfee
[21/08/2016 14:25:24] - |D| - [147758130] - C:\Program Files\Microsoft Games
[09/07/2016 17:12:08] - |D| - [42891854] - C:\Program Files\Microsoft Silverlight
[02/07/2016 03:18:15] - |D| - [23935] - C:\Program Files\Microsoft.NET
[30/12/2016 13:38:18] - |D| - [95307155] - C:\Program Files\Mozilla Firefox
[30/12/2016 13:38:27] - |D| - [291732] - C:\Program Files\Mozilla Maintenance Service
[14/07/2009 00:52:30] - |D| - [25757] - C:\Program Files\MSBuild
[04/07/2016 15:01:22] - |D| - [330965881] - C:\Program Files\OpenOffice 4
[15/07/2016 13:39:42] - |D| - [0] - C:\Program Files\PCAPDownloader
[02/07/2016 15:09:30] - |D| - [190335] - C:\Program Files\PCPitstop
[14/07/2009 00:52:30] - |D| - [36941569] - C:\Program Files\Reference Assemblies
[31/08/2016 14:14:22] - |D| - [44561908] - C:\Program Files\SAMSUNG
[29/06/2016 18:32:48] - |D| - [57368111] - C:\Program Files\Siber Systems
[26/09/2016 12:01:44] - |D| - [3903822] - C:\Program Files\SlimWare Utilities
[30/06/2016 18:39:24] - |D| - [50337412] - C:\Program Files\Stardock
[26/09/2016 12:37:12] - |D| - [6086] - C:\Program Files\Synaptics
[14/07/2009 00:53:23] - |HD| - [0] - C:\Program Files\Uninstall Information
[27/02/2017 15:03:25] - |D| - [211341881] - C:\Program Files\WIDCOMM
[14/07/2009 00:52:30] - |D| - [3027456] - C:\Program Files\Windows Defender
[13/07/2009 22:37:05] - |D| - [6115840] - C:\Program Files\Windows Mail
[14/07/2009 00:52:30] - |D| - [6582018] - C:\Program Files\Windows Media Player
[13/07/2009 22:37:05] - |D| - [12062388] - C:\Program Files\Windows NT
[14/07/2009 00:52:30] - |D| - [4394248] - C:\Program Files\Windows Photo Viewer
[14/07/2009 00:52:30] - |D| - [189952] - C:\Program Files\Windows Portable Devices
[14/07/2009 00:52:30] - |D| - [6679420] - C:\Program Files\Windows Sidebar

---------- | C:\Program Files\Common Files

[13/07/2016 12:28:51] - |D| - [8925225] - C:\Program Files\Common Files\Adobe
[18/12/2016 22:21:00] - |D| - [1174181] - C:\Program Files\Common Files\AV
[05/09/2016 14:16:24] - |D| - [0] - C:\Program Files\Common Files\McAfee
[13/07/2009 22:37:05] - |D| - [40559121] - C:\Program Files\Common Files\microsoft shared
[23/07/2012 19:53:33] - |D| - [83063] - C:\Program Files\Common Files\postureAgent
[13/07/2009 22:37:05] - |D| - [2702] - C:\Program Files\Common Files\Services
[13/07/2009 22:37:05] - |D| - [41103783] - C:\Program Files\Common Files\SpeechEngines
[13/07/2009 22:37:05] - |D| - [10195955] - C:\Program Files\Common Files\System

---------- | Tasks

[MD5.F7E5D8EF86AD04E20A301870733899B7] - [06/11/2016 15:03:40] - |A| - [450] - C:\Windows\Tasks\DriverUpdate Scan.job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 00:53:47] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.B8A7DC0AB7B56BD5295DDAFA7FF7041E] - [14/07/2009 00:53:46] - |A| - [14124] - C:\Windows\Tasks\SCHEDLGU(29).TXT
[MD5.45BA6359D179CA921DA8A9B23E85658E] - [14/07/2009 00:53:46] - |A| - [28678] - C:\Windows\Tasks\SCHEDLGU.TXT
[MD5.6C9C9120E434911EB65674DDC6735260] - [13/07/2016 12:29:37] - |A| - [4464] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.277C2B9AFE026B4D87142FDE67ABD683] - [04/07/2016 15:23:55] - |A| - [4312] - C:\Windows\System32\Tasks\Adobe Flash Player Updater : C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
[MD5.7EAEB6042F3D0F2DAD3B8BAED50D47E7] - [12/03/2017 08:27:33] - |A| - [3914] - C:\Windows\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
[MD5.00000000000000000000000000000000] - [18/12/2016 22:21:01] - |D| - [3860] - C:\Windows\System32\Tasks\AVAST Software
[MD5.DA39E94DFDA4EC471084FF2166930D35] - [02/07/2016 15:47:30] - |A| - [2794] - C:\Windows\System32\Tasks\CCleanerSkipUAC : “C:\Program Files\CCleaner\CCleaner.exe”
[MD5.35D0AA971E47D54E0673B0559AD9B5AF] - [02/07/2016 15:54:42] - |A| - [3298] - C:\Windows\System32\Tasks\Driver Support : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.D4C3D0F45A4A08A7E7E1E8D1437F959E] - [02/07/2016 15:54:41] - |A| - [3732] - C:\Windows\System32\Tasks\Driver Support-RTMRules : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.846A373169DB8E1D85FE26CBC8DF1517] - [02/07/2016 15:54:41] - |A| - [3618] - C:\Windows\System32\Tasks\Driver Support-RTMScan : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.3C5CA2588ECAF36FB11D58CB78DB9E4A] - [02/07/2016 15:54:41] - |A| - [3738] - C:\Windows\System32\Tasks\Driver Support-RTMUpdater : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.8C0637AF4EE4F3A1D45A0E5A221AFDDE] - [06/11/2016 15:03:40] - |A| - [3318] - C:\Windows\System32\Tasks\DriverUpdate Scan : C:\Program Files\DriverUpdate\DriverUpdate.exe
[MD5.E291F9E53A9F15DBDAD1440BB2AD238B] - [26/09/2016 12:01:56] - |A| - [3618] - C:\Windows\System32\Tasks\DriverUpdate Startup.job : “C:\Program Files\DriverUpdate\DriverUpdate.exe”
[MD5.00000000000000000000000000000000] - [21/08/2016 14:17:11] - |D| - [4734] - C:\Windows\System32\Tasks\Games
[MD5.C980DB36CB0684A182704AC164C68A60] - [25/12/2016 17:07:22] - |A| - [3190] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore : C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.5A5FA84088EC895AEA5946DA0E70961D] - [25/12/2016 17:07:23] - |A| - [3318] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A : C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [13/07/2009 22:37:09] - |D| - [267920] - C:\Windows\System32\Tasks\Microsoft
[MD5.02CE45C40BA992CF50420FA6BD8813F8] - [29/06/2016 18:48:35] - |A| - [4118] - C:\Windows\System32\Tasks\Open URL by RoboForm : C:\Windows\system32\rundll32.exe
[MD5.1B412F5760E706C24D7BCC4305A48F62] - [29/06/2016 18:48:34] - |A| - [3572] - C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon : C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
[MD5.E67DA80957A54C857227FB23925D61D2] - [18/12/2016 22:22:30] - |A| - [3894] - C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1482114147 : C:\Program Files\AVAST Software\SZBrowser\launcher.exe
[MD5.00000000000000000000000000000000] - [14/07/2009 00:54:35] - |D| - [4480] - C:\Windows\System32\Tasks\WPD

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedacces s\Parameters\FirewallPolicy\FirewallRules]
“Netlogon-NamedPipe-In”=v2.10|Action=Allow|Active=FALSE|Dir=In|Protoco l=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
“{0DC8D093-6A4A-46DF-81F7-51A31BA38190}”=v2.10|Action=Allow|Active=FALSE|Dir =In|Protocol=6|LPort=808|App=C:\Windows\Microsoft. NET\Framework\v4.0.30319\SMSvcHost.exe|Svc=NetTcpA ctivator|Name=@C:\Windows\Microsoft.NET\Framework\ v4.0.30319\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework\v4.0 .30319\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework \v4.0.30319\ServiceModelEvents.dll,-2002|
“TCP Query User{AC689693-B971-449C-8EA9-AC51E5D70F9C}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe”=v2.10|Action=Allow|Active=TRUE|Dir=In| Protocol=6|Profile=Private|App=C:\users\hilton\app data\local\amazon music\amazon music helper.exe|Name=amazon music helper.exe|Desc=amazon music helper.exe|Defer=User|
“UDP Query User{25F20FE1-CB5D-4B09-9160-3C9094A6B8A8}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe”=v2.10|Action=Allow|Active=TRUE|Dir=In| Protocol=17|Profile=Private|App=C:\users\hilton\ap pdata\local\amazon music\amazon music helper.exe|Name=amazon music helper.exe|Desc=amazon music helper.exe|Defer=User|
“{EAD2EC74-0D35-4D3D-900E-D48B9AB5AE26}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=6|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)|
“{E8207517-F4F1-4084-AD6C-988A4CDC999F}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)|
“{813BC28B-BE7E-4FEE-BDA3-21784F0FA00A}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|LPort=5353|App=C:\Program Files\Google\Chrome\Application\chrome.exe|Name=Go ogle Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|
“{4DD19BC0-8D56-41F2-BBA6-E1F63020D218}”=v2.10|Action=Allow|Active=TRUE|Dir= Out|Protocol=6|App=%SystemRoot%\system32\svchost.e xe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wm dcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe ,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBa se.exe,-4014|
“{0D547D58-43B9-4B3F-90C2-C69E6800A5E3}”=v2.10|Action=Allow|Active=TRUE|Dir= Out|Protocol=17|App=%SystemRoot%\system32\svchost. exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\w mdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe ,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBa se.exe,-4014|
“{3A500436-332F-43FF-B443-030332BD69A8}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=6|LA4=127.0.0.1|App=%SystemRoot%\syste m32\svchost.exe|Svc=WcesComm|Name=@%systemroot%\Wi ndowsMobile\wmdcBase.exe,-4002|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe ,-14002|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBa se.exe,-4014|
“{EFC4B274-0D29-420D-BDBC-8C5FF0388D4A}”=v2.10|Action=Allow|Active=TRUE|Dir= Out|Protocol=6|App=%SystemRoot%\system32\svchost.e xe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\w mdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe ,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBa se.exe,-4014|
“{6C178907-0A86-4A63-8767-E451EAB8901B}”=v2.10|Action=Allow|Active=TRUE|Dir= Out|Protocol=17|App=%SystemRoot%\system32\svchost. exe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\ wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe ,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBa se.exe,-4014|
“{8F434A18-CE8D-45DC-AD17-44370BA521AC}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe|Nam e=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser|
“{9C26FF04-F2AA-47C9-80F3-0EA7420B9114}”=v2.10|Action=Allow|Active=TRUE|Dir= In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590_0\SZBrowser.exe|N ame=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser|

---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class{03F529 37-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{0475BB 51-5A02-4EE0-B36C-29040FAD2650}] : (igfx) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{04A83F C2-2AE2-4C88-B45F-E9707B377636}] : (aswHwid) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{126476 0F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{24A0C8 40-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{25DBCE 51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) → @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class{34446E 8E-37B4-4B16-9DA6-BEA2DB33465A}] : (BluetoothAuxiliary) → @oem91.inf,%BluetoothAuxiliary.NAME%;Bluetooth Auxiliary
[HKLM\SYSTEM\CurrentControlSet\Control\Class{36FC9E 60-C465-11CF-8056-444553540000}] : (USB) → @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4116F6 0B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{43675D 81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) → @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4658EE 7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) → @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class{48721B 56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) → @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class{49CE6A C8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) → @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 65-E325-11CE-BFC1-08002BE10318}] : (CDROM) → @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 66-E325-11CE-BFC1-08002BE10318}] : (Computer) → @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 67-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) → @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 68-E325-11CE-BFC1-08002BE10318}] : (Display) → @DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 69-E325-11CE-BFC1-08002BE10318}] : (fdc) → @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 6A-E325-11CE-BFC1-08002BE10318}] : (hdc) → @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 6B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) → @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 6C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) → @mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 6D-E325-11CE-BFC1-08002BE10318}] : (Modem) → @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 6E-E325-11CE-BFC1-08002BE10318}] : (Monitor) → @Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 6F-E325-11CE-BFC1-08002BE10318}] : (Mouse) → @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 70-E325-11CE-BFC1-08002BE10318}] : (MTD) → @SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 71-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) → @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 72-E325-11CE-BFC1-08002BE10318}] : (Net) → @NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 73-E325-11CE-BFC1-08002BE10318}] : (NetClient) → @NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 74-E325-11CE-BFC1-08002BE10318}] : (NetService) → @NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 75-E325-11CE-BFC1-08002BE10318}] : (NetTrans) → @NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 77-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) → @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 78-E325-11CE-BFC1-08002BE10318}] : (Ports) → @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 79-E325-11CE-BFC1-08002BE10318}] : (Printer) → @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 7B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) → @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 7D-E325-11CE-BFC1-08002BE10318}] : (System) → @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 7E-E325-11CE-BFC1-08002BE10318}] : (Unknown) → @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class{4D36E9 80-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) → @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50127D C3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) → @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{502EB6 8B-57B4-4FEE-9890-18F2D8AD1E3E}] : (mfencbdc) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50906C B8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) → @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class{509994 4A-F6B9-4057-A056-8C550228544C}] : (Memory) → @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class{50DD52 30-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) → @StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class{5175D3 34-C371-4806-B3BA-71FD53C9258D}] : (Sensor) → @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{522119 B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{533C5B 84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) → @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class{53D29E F7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) → @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class{688033 7A-1EB4-4EF2-9659-0FD2EC60CB1B}] : (aswSP) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6BDD1F C1-810F-11D0-BEC7-08002BE2092F}] : (1394) → @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6BDD1F C5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) → @NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6BDD1F C6-810F-11D0-BEC7-08002BE2092F}] : (Image) → @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6D8078 84-7D21-11CF-801C-08002BE10318}] : (TapeDrive) → @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class{6FAE73 B7-B735-4B50-A0DA-0DC2484B1F1A}] : (igfx) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{71A27C DD-812A-11D0-BEC7-08002BE2092F}] : (Volume) → @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class{72631E 54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) → @%SystemRoot%\system32\batt.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class{745A17 A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) → @hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{78A1C3 41-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{7EBEFB C0-3200-11D2-B4C2-00A0C9697D07}] : (61883) → @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class{87C077 B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8AE855 50-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{8ECC05 5D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) → @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{990A2B D7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) → @sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class{997B5D 8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) → @%systemroot%\system32\AuxiliaryDisplayClassInstal ler.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{A0A588 A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) → @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class{A3E32D BA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{BC1037 02-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) → @%SystemRoot%\System32\migwiz\migres.dll,-20
[HKLM\SYSTEM\CurrentControlSet\Control\Class{C06FF2 65-AE09-48F0-812C-16753D7CBA83}] : (AVC) → @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class{C30ECE A0-11EF-4EF9-B02E-6AF81E6E65C0}] : (WSDPrintDevice) → @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class{C4A06E 97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{C777C1 65-D422-426D-8EBF-6EAF3FB83ADF}] : (aswNetSec) →
[HKLM\SYSTEM\CurrentControlSet\Control\Class{C7C038 AD-1F2D-44D4-B2FE-D912BE20E6D5}] : (BluetoothVirtual) → @oem7.inf,%BluetoothVirtualName%;Bluetooth Virtual Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class{CE5939 AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) → @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class{D48179 BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) → @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class{D61CA3 65-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) → @%SystemRoot%\system32\XInput9_1_0.dll,-1000
[HKLM\SYSTEM\CurrentControlSet\Control\Class{D94EE5 D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) → @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class{DB4F6D DD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) → @sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class{E0CBF0 6C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) → @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class{EEC5AD 98-8080-425F-922A-DABF3DE3F69A}] : (WPD) → @wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class{FB58BE 68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) →
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] → ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] → elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services {CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] → ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[26/09/2016 12:36:34] - (19.0.9.4) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
[26/09/2016 12:42:46] - (6.10.1.7280) - (Analog Devices, Inc. - High Definition Audio Function Driver) - C:\Windows\system32\drivers\ADIHdAud.sys
[08/11/2016 17:51:53] - (5.1.2.250) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\Windows\System32\ATMFD.DLL

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

R0 - [Kernel Driver] - ACPI (Microsoft ACPI Driver) → system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdxata () → system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - atapi (IDE Channel) → system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) → System32\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () → System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (Disk Driver) → system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) → system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) → system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) → System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) → System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () → System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () → System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) → System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () → system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) → System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) → system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) → System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (PCI Bus Driver) → system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pciide () → system32\drivers\pciide.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) → System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) → System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) → (?) - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) → system32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) → System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (Microsoft Virtual Drive Enumerator Driver) → system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (Volume Manager Driver) → system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) → System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (Storage volumes) → system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) → system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) → \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) → \SystemRoot\system32\drivers\aswbidsdriverx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswKbd (aswKbd) → \SystemRoot\system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswNetSec (aswNetSec) → \SystemRoot\system32\drivers\aswNetSec.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswRdr (aswRdr) → \SystemRoot\system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSnx (aswSnx) → \SystemRoot\system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSP (aswSP) → \SystemRoot\system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - blbdrive () → system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (CD-ROM Driver) → system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) → system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) → System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) → System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (Microsoft System Management BIOS Driver) → system32\DRIVERS\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (NetBIOS Interface) → system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) → System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) → system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () → (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) → system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) → system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) → System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) → system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) → system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Serial (Serial port driver) → system32\DRIVERS\serial.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) → system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - TermDD (Terminal Device Driver) → system32\DRIVERS\termdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VgaSave () → \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) → system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) → system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - aswMonFlt (aswMonFlt) → \SystemRoot\system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - aswStm (aswStm) → \SystemRoot\system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) → system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) → \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Parvdm () → system32\DRIVERS\parvdm.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) → system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) → system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) → System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft Files whitelisted)

[MD5.5EE42C392D81DF4544E4286EBB231A7A] - [26/09/2016 12:42:46] - (.Copyright (C) Analog Devices, Inc. 2004-2008 - High Definition Audio Function Driver.) - [374 Ko] - (6.10.1.7280) - C:\Windows\System32\Drivers\ADIHdAud.sys
[MD5.21E785EBD7DC90A06391141AAC7892FB] - [10/06/2009 17:19:05] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) - [413.06 Ko] - (1.6.6.4) - C:\Windows\System32\Drivers\adp94xx.sys
[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - [13/07/2009 18:09:16] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) - [290.58 Ko] - (1.6.6.1) - C:\Windows\System32\Drivers\adpahci.sys
[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - [13/07/2009 18:09:16] - (.Copyright © 2003 Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) - [143.08 Ko] - (7.2.0.0) - C:\Windows\System32\Drivers\adpu320.sys
[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - [13/07/2009 19:11:17] - (.Copyright (C) Acer Laboratories Inc. 2000 - ALi mini IDE Driver.) - [14.06 Ko] - (1.2.0.0) - C:\Windows\System32\Drivers\aliide.sys
[MD5.CD5914170297126B6266860198D1D4F0] - [13/07/2009 19:11:19] - (.Copyright (C) AMD 2003 - AMD IDE Driver.) - [14.56 Ko] - (6.1.7600.16385) - C:\Windows\System32\Drivers\amdide.sys
[MD5.D320BF87125326F996D4904FE24300FC] - [03/07/2016 12:25:37] - (.Copyright © 2008-2010 AMD, Inc. - AHCI 1.2 Device Driver.) - [78.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdsata.sys
[MD5.EA43AF0C423FF267355F74E7A53BDABA] - [10/06/2009 17:20:03] - (.2008 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows family.) - [155.58 Ko] - (3.6.1540.127) - C:\Windows\System32\Drivers\amdsbs.sys
[MD5.46387FB17B086D16DEA267D5BE23A2F2] - [03/07/2016 12:25:37] - (.Copyright © 2008-2010 AMD, Inc. - Storage Filter Driver.) - [21.88 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdxata.sys
[MD5.2932004F49677BD84DBC72EDB754FFB3] - [13/07/2009 18:09:17] - (.Copyright 2007 Adaptec, Inc. - Adaptec RAID Storport Driver.) - [74.58 Ko] - (5.2.0.10384) - C:\Windows\System32\Drivers\arc.sys
[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - [13/07/2009 18:09:17] - (.Copyright 2008 Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) - [84.58 Ko] - (5.2.0.16119) - C:\Windows\System32\Drivers\arcsas.sys
[MD5.57546069C3E3290D3668B1C5C25AD689] - [12/03/2017 08:27:29] - (.Copyright (C) 2014 AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) - [251.26 Ko] - (17.2.2.60911) - C:\Windows\System32\Drivers\aswbidsdriverx.sys
[MD5.2E68815CA7709483E19D23245A6562EF] - [12/03/2017 08:27:29] - (.Copyright (C) 2014 AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) - [145.23 Ko] - (17.2.2.60911) - C:\Windows\System32\Drivers\aswbidshx.sys
[MD5.A584BAAFAD9073CDF48CD10FAB9DC63B] - [12/03/2017 08:27:29] - (.Copyright (C) 2014 AVAST Software s.r.o. - Logging Driver.) - [260.76 Ko] - (17.2.2.60911) - C:\Windows\System32\Drivers\aswblogx.sys
[MD5.489C55F7619A18F7D0BB6CE60D65EFB0] - [12/03/2017 08:27:29] - (.Copyright (C) 2014 AVAST Software s.r.o. - Universal Driver.) - [40.21 Ko] - (17.2.2.60911) - C:\Windows\System32\Drivers\aswbunivx.sys
[MD5.98F2B740A9A7A643F6CA06C13C5733D5] - [18/12/2016 22:20:50] - (.Copyright (c) 2014 AVAST Software - Avast HWID.) - [33.34 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswHwid.sys
[MD5.FBB2DF0CCD92C5921D848E38A882CA19] - [18/12/2016 22:22:04] - (.Copyright (c) 2014 AVAST Software - Avast Keyboard Filter Driver.) - [30.34 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswKbd.sys
[MD5.663088F14D3938A9730594FACADD2FB9] - [18/12/2016 22:20:50] - (.Copyright (c) 2014 AVAST Software - Avast File System Minifilter for Windows 2003/Vista.) - [103.9 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswMonFlt.sys
[MD5.110AA1FEF89E2299039A1B1D2201C02D] - [12/03/2017 08:26:17] - (.Copyright (c) 2012 AVAST Software - Firewall NDIS6 Helper.) - [27.24 Ko] - (8.0.4624.2183) - C:\Windows\System32\Drivers\aswNetNd6.sys
[MD5.945BFD2421473AEC23477394F893323C] - [18/12/2016 22:38:47] - (.Copyright (c) 2014 AVAST Software - Avast Firewall Driver.) - [347.41 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswNetSec.sys
[MD5.286F1E2AD70FEAF9AF60EDED210AE460] - [18/12/2016 22:20:50] - (.Copyright (c) 2014 AVAST Software - Avast WFP Redirect Driver.) - [88.22 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswRdr2.sys
[MD5.1248EA9A7C360F7600D50706E7E1A40F] - [18/12/2016 22:20:50] - (.Copyright (c) 2014 AVAST Software - Avast Revert.) - [60.7 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswRvrt.sys
[MD5.040B7A86404472D4EEA4342B5DD8395C] - [18/12/2016 22:20:49] - (.Copyright (c) 2014 AVAST Software - Avast Virtualization Driver.) - [738.48 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswSnx.sys
[MD5.38F0CF1E858887E3B0B31A1DDF4154B0] - [18/12/2016 22:20:51] - (.Copyright (c) 2014 AVAST Software - Avast self protection module.) - [454.13 Ko] - (17.2.3419.64) - C:\Windows\System32\Drivers\aswsp.sys
[MD5.6DFABA1E2FD21601D5D8FC3ED306F6CA] - [18/12/2016 22:20:51] - (.Copyright (c) 2014 AVAST Software - Stream Filter.) - [115.52 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswStm.sys
[MD5.7309064469C60764538741474F324D7C] - [18/12/2016 22:20:31] - (.OpenVPN Technologies, Inc. - TAP-Windows Virtual Network Driver.) - [38.07 Ko] - (9.0.0.10) - C:\Windows\System32\Drivers\aswTap.sys
[MD5.FA04DA90FAAB7618F44D6E1FE0B2FFB0] - [18/12/2016 22:20:51] - (.Copyright (c) 2014 AVAST Software - Avast VM Monitor.) - [272.24 Ko] - (17.2.3419.60) - C:\Windows\System32\Drivers\aswvmm.sys
[MD5.BD8869EB9CDE6BBE4508D869929869EE] - [13/07/2009 18:02:49] - (.Copyright 2000-2008, Broadcom Corporation. - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) - [224.5 Ko] - (10.100.4.0) - C:\Windows\System32\Drivers\b57nd60x.sys
[MD5.A74B3F041F293946CFB8D5D1F15D031E] - [05/07/2016 14:06:48] - (.Copyright 2000-2010, Broadcom Corporation. - Broadcom Bluetooth Firmware Download Filter.) - [164.29 Ko] - (6.5.1.2700) - C:\Windows\System32\Drivers\bcbtums.sys
[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - [13/07/2009 20:59:16] - (.Copyright (C) Brother Industries, Ltd. 2001-2003 - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) - [13.25 Ko] - (1.10.0.2) - C:\Windows\System32\Drivers\BrFiltLo.sys
[MD5.56801AD62213A41F6497F96DEE83755A] - [13/07/2009 20:58:59] - (.Copyright (C) Brother Industries, Ltd. 2001 - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) - [5.13 Ko] - (1.4.0.1) - C:\Windows\System32\Drivers\BrFiltUp.sys
[MD5.845B8CE732E67F3B4133164868C666EA] - [13/07/2009 20:57:25] - (.Copyright (C) Brother Industries Ltd.1997-2006 - Brotehr Serial I/F Driver (WDM).) - [265.75 Ko] - (1.0.1.6) - C:\Windows\System32\Drivers\BrSerId.sys
[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - [13/07/2009 20:59:02] - (.Copyright (C) Brother Industries Ltd.1997-2003 - Brother Serial driver (WDM version).) - [60.88 Ko] - (1.0.0.20) - C:\Windows\System32\Drivers\BrSerWdm.sys
[MD5.BD456606156BA17E60A04E18016AE54B] - [13/07/2009 20:58:27] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB MDM Driver.) - [11.88 Ko] - (1.0.0.12) - C:\Windows\System32\Drivers\BrUsbMdm.sys
[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - [13/07/2009 20:58:35] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB Serial Driver.) - [11.63 Ko] - (1.0.1.3) - C:\Windows\System32\Drivers\BrUsbSer.sys
[MD5.3D925732553CCC0F3727C37FE476AB83] - [13/10/2015 17:59:08] - (.Copyright 2015 Motorola Solutions, Inc. - Bluetooth Audio Driver.) - [70.48 Ko] - (18.1.1511.552) - C:\Windows\System32\Drivers\btmaud.sys
[MD5.1E80DE4D209C85744170DEA67D99D558] - [13/10/2015 17:59:10] - (.Copyright 2015 Motorola Solutions, Inc. - Bluetooth Auxiliary Driver.) - [113.48 Ko] - (18.1.1511.552) - C:\Windows\System32\Drivers\btmaux.sys
[MD5.546DBC93A563F456A6233E1A1228998D] - [01/08/2016 14:20:55] - (.Copyright 2000-2010, Broadcom Corporation. - Broadcom Bluetooth USB AMP Filter for Windows Vista.) - [492.54 Ko] - (6.5.1.2700) - C:\Windows\System32\Drivers\btwampfl.sys
[MD5.D382D0DE5A39B16A08D59B93A4CB2AFD] - [27/02/2017 15:03:55] - (.Copyright 2000-2010, Broadcom Corporation. - Bluetooth Audio Device.) - [149.54 Ko] - (6.5.1.2700) - C:\Windows\System32\Drivers\btwaudio.sys
[MD5.C8D1ADEFD6D5FEAF95C6C7A2CC6B4B97] - [27/02/2017 15:03:55] - (.Copyright 2000-2010, Broadcom Corporation. - Broadcom Bluetooth AVDT Service.) - [171.04 Ko] - (6.5.1.2500) - C:\Windows\System32\Drivers\btwavdt.sys
[MD5.E26610D44609574E13BAAD367AB34967] - [27/02/2017 15:03:55] - (.Copyright 2000-2010, Broadcom Corporation. - Broadcom Bluetooth L2CAP Service.) - [33.04 Ko] - (6.5.1.100) - C:\Windows\System32\Drivers\btwl2cap.sys
[MD5.C49CC9B5E06FBDC87137BA24018B6EDE] - [27/02/2017 15:03:55] - (.Copyright 2000-2010, Broadcom Corporation. - Bluetooth Remote Control HID Minidriver.) - [18.29 Ko] - (6.5.1.2500) - C:\Windows\System32\Drivers\btwrchid.sys
[MD5.1A231ABEC60FD316EC54C66715543CEC] - [10/06/2009 17:17:52] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [420 Ko] - (4.8.2.0) - C:\Windows\System32\Drivers\bxvbdx.sys
[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - [13/07/2009 19:11:18] - (.Copyright (C) CMD Technology, Inc. 1999-2000 - CMD PCI IDE Bus Driver.) - [15.58 Ko] - (2.0.7.0) - C:\Windows\System32\Drivers\cmdide.sys
[MD5.8B30250D573A8F6B4BD23195160D8707] - [10/06/2009 17:20:26] - (.Copyright © Adaptec, Inc. 2000 - Adaptec Ultra SCSI miniport.) - [69.06 Ko] - (6.0.0.0) - C:\Windows\System32\Drivers\djsvs.sys
[MD5.CF0A6015F437161698C5B2A0A12CF052] - [13/07/2009 18:02:50] - (.Copyright (C) 2007 Intel Corporation. - Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver.) - [206.5 Ko] - (9.13.4.10) - C:\Windows\System32\Drivers\e1e6032.sys
[MD5.377AD53E4154477339290B4212E69D53] - [01/08/2016 14:12:31] - (.Copyright (C) 2012 Intel Corporation. - Intel(R) Network Adapter NDIS 6 deserialized driver.) - [226.87 Ko] - (9.16.10.0) - C:\Windows\System32\Drivers\e1e6232.sys
[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - [10/06/2009 17:19:19] - (.Copyright © 2003-2009 Emulex - Storport Miniport Driver for LightPulse HBAs.) - [443.08 Ko] - (5.2.10.211) - C:\Windows\System32\Drivers\elxstor.sys
[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - [10/06/2009 17:17:55] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) - [3027.5 Ko] - (4.8.13.0) - C:\Windows\System32\Drivers\evbdx.sys
[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - [13/07/2009 18:54:14] - (.Copyright ©2007-2009 Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) - [26 Ko] - (1.31.27127.0) - C:\Windows\System32\Drivers\hcw85cir.sys
[MD5.0BF1D760B05CAAAF231123D53C4789E2] - [23/07/2012 19:52:45] - (.Copyright (c) 2003-2009 Intel Corporation. - Intel(R) Management Engine Interface.) - [44.13 Ko] - (3.2.20.1046) - C:\Windows\System32\Drivers\HECI.sys
[MD5.295FDC419039090EB8B49FFDBB374549] - [13/07/2009 18:09:17] - (.Copyright (c) 2004-2008 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [65.58 Ko] - (6.12.4.32) - C:\Windows\System32\Drivers\HpSAMD.sys
[MD5.9B8A611B87ED33F77FCBD8C8F3C4D57F] - [27/02/2014 08:55:54] - (.Copyright (C) 1998 - 2011 Intel Corporation. - NDIS 6.1 Advanced Networking Services..) - [137.31 Ko] - (9.8.52.0) - C:\Windows\System32\Drivers\iANSW60.sys
[MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - [03/07/2016 12:25:37] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - ia32.) - [324.38 Ko] - (8.6.2.1014) - C:\Windows\System32\Drivers\iaStorV.sys
[MD5.9467514EA189475A6E7FDC5D7BDE9D3F] - [23/09/2009 19:18:14] - (.Copyright (c) 1998-2006 Intel Corporation. - Intel Graphics Kernel Mode Driver.) - [4695.5 Ko] - (8.14.10.1930) - C:\Windows\System32\Drivers\igdkmd32.sys
[MD5.4173FF5708F3236CF25195FECD742915] - [13/07/2009 18:09:17] - (.Copyright © 2002-05 Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) - [40.08 Ko] - (5.4.22.0) - C:\Windows\System32\Drivers\iirsp.sys
[MD5.5E0566889D7E8D5A5F7309616405C799] - [15/09/2014 05:13:40] - (.Copyright (C) 2002-2013 Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) - [30.75 Ko] - (1.3.0.7) - C:\Windows\System32\Drivers\iqvw32.sys
[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - [13/07/2009 18:09:19] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT FC Driver (StorPort).) - [93.58 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_fc.sys
[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - [13/07/2009 18:09:18] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SAS Driver (StorPort).) - [87.08 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_sas.sys
[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - [13/07/2009 18:09:18] - (.Copyright © LSI Corporation 2009 - LSI SAS Gen2 Driver (StorPort).) - [53.58 Ko] - (2.0.2.71) - C:\Windows\System32\Drivers\lsi_sas2.sys
[MD5.0A036C7D7CAB643A7F07135AC47E0524] - [13/07/2009 18:09:18] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SCSI Driver (StorPort).) - [94.58 Ko] - (1.28.3.67) - C:\Windows\System32\Drivers\lsi_scsi.sys
[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - [10/06/2009 17:19:35] - (.Copyright © LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) - [30.08 Ko] - (4.5.1.32) - C:\Windows\System32\Drivers\megasas.sys
[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - [13/07/2009 18:09:17] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [230.06 Ko] - (13.5.409.2009) - C:\Windows\System32\Drivers\MegaSR.sys
[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - [13/07/2009 18:09:17] - (.(C) Copyright IBM Corp. 1994, 2002. - IBM ServeRAID Controller Driver.) - [43.58 Ko] - (7.10.0.0) - C:\Windows\System32\Drivers\nfrd960.sys
[MD5.B3E25EE28883877076E0E1FF877D02E0] - [03/07/2016 12:25:37] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) - [114.38 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvraid.sys
[MD5.4380E59A170D88C4F1022EFF6719A8A4] - [03/07/2016 12:25:37] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) - [140.38 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvstor.sys
[MD5.AB95ECF1F6659A60DDC166D8315B0751] - [10/06/2009 17:20:06] - (.Copyright © QLogic Corporation 1996-2009 - QLogic Fibre Channel Stor Miniport Driver.) - [1351.06 Ko] - (9.1.8.6) - C:\Windows\System32\Drivers\ql2300.sys
[MD5.B4DD51DD25182244B86737DC51AF2270] - [13/07/2009 18:09:18] - (.© QLogic Corporation. - QLogic iSCSI Storport Miniport Driver.) - [103.58 Ko] - (2.1.3.20) - C:\Windows\System32\Drivers\ql40xx.sys
[MD5.90A3935D05B494A5A39D37E71F09A677] - [13/07/2009 22:05:20] - (.© 2006 Macrovision Corporation - Macrovision SECURITY Driver.) - [20 Ko] - (4.3.86.0) - C:\Windows\System32\Drivers\secdrv.sys
[MD5.A9F0486851BECB6DDA1D89D381E71055] - [10/06/2009 17:20:08] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [39.08 Ko] - (5.1.1039.2600) - C:\Windows\System32\Drivers\sisraid2.sys
[MD5.3727097B55738E2F554972C3BE5BC1AA] - [13/07/2009 18:09:18] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [76.06 Ko] - (5.1.1039.3600) - C:\Windows\System32\Drivers\sisraid4.sys
[MD5.DBC7034E2F2804A1D9ABC05C5AFD00BC] - [26/09/2016 12:36:34] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics SMBus Driver.) - [26.16 Ko] - (19.0.9.4) - C:\Windows\System32\Drivers\Smb_driver_Intel.sys
[MD5.B8AF290680D6995D98801F70E1BAB56D] - [31/08/2016 14:55:44] - (.Copyright ⓒ SAMSUNG - SAMSUNG USB Composite Device Driver.) - [105.13 Ko] - (2.12.3.0) - C:\Windows\System32\Drivers\ssudbus.sys
[MD5.AF6E785B1B28BFED5EF6D95F76977C03] - [31/08/2016 14:55:44] - (.Copyright ⓒ SAMSUNG - SAMSUNG Android Modem Device Driver.) - [142.63 Ko] - (2.12.3.0) - C:\Windows\System32\Drivers\ssudmdm.sys
[MD5.DB32D325C192B801DF274BFD12A7E72B] - [13/07/2009 18:09:18] - (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) - [20.58 Ko] - (5.0.1.1) - C:\Windows\System32\Drivers\stexstor.sys
[MD5.1FD8760CFCB68178F147EA97F0A8AC45] - [01/08/2016 13:59:19] - (.-.) - [10.97 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\SWDUMon.sys
[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - [13/07/2009 19:11:20] - (.Copyright (C) VIA Technologies, Inc. 2000-2007 - VIA Generic PCI IDE Bus Driver.) - [16.58 Ko] - (6.0.6000.170) - C:\Windows\System32\Drivers\viaide.sys
[MD5.9DFA0CC2F8855A04816729651175B631] - [10/06/2009 17:20:24] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [138.58 Ko] - (6.0.6000.6210) - C:\Windows\System32\Drivers\vsmraid.sys

---------- | Uninstall

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\58d94f3ce2c27db0] : (Dell System Detect.-.Dell) → “C:\Users\hilton\AppData\Local\Apps\2.0\3VGPG9W0.M PE\2E0VXQW4.WA5\dell..tion_6d0a76327dca4869_0007.0 00b_df227eeaae3cac0d\Uninstaller.exe” uninstall
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Amazon Amazon Music] : (Amazon Music.-.Amazon Services LLC) → C:\Users\hilton\AppData\Local\Amazon Music\Uninstall.exe
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\FromDocToPDFTooltab Uninstall Internet Explorer] : (FromDocToPDF Internet Explorer Homepage and New Tab.-.Mindspark Interactive Network, Inc.) → Rundll32.exe “C:\Users\hilton\AppData\Local\FromDocToPDFTooltab \TooltabExtension.dll” U uninstall:FromDocToPDF
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Kodi] : (Kodi.-.XBMC-Foundation) → C:\Program Files\Kodi\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\AddressBook] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Adobe Flash Player ActiveX] : (Adobe Flash Player 25 ActiveX.-.Adobe Systems Incorporated) → C:\Windows\system32\Macromed\Flash\FlashUtil32_25_ 0_0_127_ActiveX.exe -maintain activex
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\AI RoboForm] : (RoboForm 8-3-1-1 (All Users).-.Siber Systems) → “C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Avast Antivirus] : (Avast Internet Security.-.AVAST Software) → C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\CanonQuickMenu] : (Canon Quick Menu.-.Canon Inc.) → “C:\Program Files\Canon\Quick Menu\uninst.exe” /UninstallRemove C:\Program Files\Canon\Quick Menu\uninst.ini
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\CCleaner] : (CCleaner.-.Piriform) → “C:\Program Files\CCleaner\uninst.exe”
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Connection Manager] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DirectDrawEx] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DriverUpdate] : (DriverUpdate.-.Slimware Utilities Holdings, Inc.) → “C:\Program Files\DriverUpdate\UninstallStub.exe” --log {b72bc52b-65a8-44bb-a94d-e5c9b1d644b6}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\DXM_Runtime] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Fontcore] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Google Chrome] : (Google Chrome.-.Google Inc.) → “C:\Program Files\Google\Chrome\Application\56.0.2924.87\Insta ller\setup.exe” --uninstall --system-level
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\HDMI] : (Intel(R) Graphics Media Accelerator Driver.-.Intel Corporation) → C:\Windows\system32\igxpun.exe -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\HECI] : (Intel(R) Management Engine Interface.-.Intel Corporation) → C:\Windows\system32\heciudlg.exe -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE40] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE4Data] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IE5BAKEX] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\IEData] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\InstallShield Uninstall Information] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MESOL] : (Intel® Active Management Technology.-.Intel Corporation) → C:\Windows\system32\mesoludlg.exe -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MobileOptionPack] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Mozilla Firefox 52.0.2 (x86 en-US)] : (Mozilla Firefox 52.0.2 (x86 en-US).-.Mozilla) → “C:\Program Files\Mozilla Firefox\uninstall\helper.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) → “C:\Program Files\Mozilla Maintenance Service\uninstall.exe”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\MPlayer2] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\PROSetDX] : (Intel(R) Network Connections 19.5.303.0.-.Intel) → MsiExec.exe /i{D8A3D01E-BCBB-491B-856F-61E3B8563E32} ARPREMOVE=1
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\SafeZone 3.55.2393.590] : (SafeZone Stable 3.55.2393.590.-.Avast Software) → “C:\Program Files\AVAST Software\SZBrowser\Launcher.exe” /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\SchedulingAgent] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Stardock Fences 3] : (Stardock Fences 3.-.Stardock Software, Inc.) → “C:\Program Files\Stardock\Fences\uninstall.exe” “/U:C:\Program Files\Stardock\Fences\Uninstall\uninstall.xml”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\Stardock ObjectDock] : (Stardock ObjectDock.-.Stardock Software, Inc.) → “C:\Program Files\Stardock\ObjectDock\uninstall.exe” “/U:C:\Program Files\Stardock\ObjectDock\Uninstall\uninstall.xml”
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall\WIC] : (.-.) →
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series] : (Canon MG3200 series MP Drivers.-.Canon Inc.) → “C:\Windows\system32\CanonIJ Uninstaller Information{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series\DELDRV.exe” /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series /L0x0009
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{2A4CAF55-4B18-4B61-BE9E-94A54209F547}] : (eM Client.-.eM Client Inc.) → MsiExec.exe /X{2A4CAF55-4B18-4B61-BE9E-94A54209F547}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{302600C1-6BDF-4FD1-1603-148929CC1385}] : (Intel(R) Wireless Bluetooth(R)(patch version 19.0.1629.3590).-.Intel Corporation) →
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{34BF287B-24D9-4CFC-94A6-B1F4A92EC55D}] : (Intel(R) Chipset Device Software.-.Intel Corporation) → MsiExec.exe /I{34BF287B-24D9-4CFC-94A6-B1F4A92EC55D}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) → MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{98f335cd-0a32-4b3f-b74c-ef9480e834f0}] : (Intel(R) Chipset Device Software.-.Intel(R) Corporation) → “C:\ProgramData\Package Cache{98f335cd-0a32-4b3f-b74c-ef9480e834f0}\SetupChipset.exe” /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}] : (WIDCOMM Bluetooth Software.-.Broadcom Corporation) → MsiExec.exe /X{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{AC76BA86-0804-1033-1959-001824211354}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) → MsiExec.exe /I{AC76BA86-0804-1033-1959-001824211354}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{AC76BA86-7AD7-1033-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC.-.Adobe Systems Incorporated) → MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{B72BC52B-65A8-44BB-A94D-E5C9B1D644B6}] : (DriverUpdate.-.Slimware Utilities Holdings, Inc.) → MsiExec.exe /X{B72BC52B-65A8-44BB-A94D-E5C9B1D644B6}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}] : (Samsung USB Driver for Mobile Phones.-.Samsung Electronics Co., Ltd.) → C:\Program Files\Samsung\USB Drivers\Uninstall.exe
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{D8A3D01E-BCBB-491B-856F-61E3B8563E32}] : (Intel(R) Network Connections 19.5.303.0.-.Intel) → MsiExec.exe /i{D8A3D01E-BCBB-491B-856F-61E3B8563E32} ARPREMOVE=1
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{EEA30AEB-8BA7-465B-85D4-098BB99733E7}] : (OpenOffice 4.1.3.-.Apache Software Foundation) → MsiExec.exe /I{EEA30AEB-8BA7-465B-85D4-098BB99733E7}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uni nstall{F0A37341-D692-11D4-A984-009027EC0A9C}] : (SoundMAX.-.Analog Devices) → C:\Program Files\InstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly

---------- | Installer

[HKCR\Installer\Products\1C006203FDB61DF46130419892 CC3158] : Intel(R) Wireless Bluetooth(R)(patch version 19.0.1629.3590) → C:\Windows\Installer{302600C1-6BDF-4FD1-1603-148929CC1385}\IntelBluetoothICO
[HKCR\Installer\Products\245938095D5836842ABBE6F4FC 9A27B6] :
[HKCR\Installer\Products\26FCC409D8185764CB673DE73B 999F71] : Windows Mobile Device Center → C:\Windows\Installer{904CCF62-818D-4675-BC76-D37EB399F917}\wmdc.exe
[HKCR\Installer\Products\52E4407E830367A4094643A40C 8340E3] : Windows Mobile Device Center Driver Update → C:\Windows\Installer{E7044E25-3038-4A76-9064-344AC038043E}\WindowsMobileDeviceCenter.ico
[HKCR\Installer\Products\55FAC4A281B416B4EBE9495A24 905F74] : eM Client → C:\Windows\Installer{2A4CAF55-4B18-4B61-BE9E-94A54209F547}\MailClientIcon.exe
[HKCR\Installer\Products\68AB67CA408033019195008142 123145] : Adobe Refresh Manager → C:\Windows\Installer{AC76BA86-0804-1033-1959-001824211354}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA73301B744CAF070 E41400] : Adobe Acrobat Reader DC → C:\Windows\Installer{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745 894BAC] : Google Update Helper
[HKCR\Installer\Products\AE08842601676B744B6A04DD38 BDA14B] :
[HKCR\Installer\Products\B25CB27B8A56BB449AD45E9C1B 6D446B] : DriverUpdate → C:\Windows\Installer{B72BC52B-65A8-44BB-A94D-E5C9B1D644B6}\Icon.exe
[HKCR\Installer\Products\B782FB439D42CFC4496A1B4F9A E25CD5] : Intel(R) Chipset Device Software
[HKCR\Installer\Products\BEA03AEE7AB8B564584D90B89B 79337E] : OpenOffice 4.1.3 → C:\Windows\Installer{EEA30AEB-8BA7-465B-85D4-098BB99733E7}\soffice.ico
[HKCR\Installer\Products\E10D3A8DBBCBB19458F6163E8B 65E323] : → C:\Windows\Installer{D8A3D01E-BCBB-491B-856F-61E3B8563E32}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F4D9341A64DF2F741A3DEF0E79 2CA990] : WIDCOMM Bluetooth Software → C:\Windows\Installer{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F85AF62A6DA0C9F41A43EFC2BF E2EA79] :

---------- | ADS

---------- | Drives

Disk: 0 Size=19.1T
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors

0 0 27-UNKNWN 3.1G Yes No 2,048 6,348,800
1 1 07-NTFS 19.0T No No 6,350,848 900,676,096

---------- | MBR

Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: OptiPlex 755
Logical Drives Mask: 0x0000000c

Analysis of file “C:\QuickDiag\MBR.bin”:
Windows 7 MBR code detected

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_HUA722020ALA331 rev.JKAOA3NH → Harddisk0\DR0 → \Device\Ide\IdeDeviceP2T0L0-2

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys aswSP.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
C:\Windows\system32\drivers\aswSP.sys AVAST Software Avast Antivirus
1 ntkrnlpa!IofCallDriver[0x82C800C5] → \Device\Harddisk0\DR0[0x86377190]
3 aswSP[0x91269EFB] → ntkrnlpa!IofCallDriver[0x82C800C5] → \Device\Ide\IdeDeviceP2T0L0-2[0x85EB5908]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK

---------- | 20 LastEventLog
[HEADING=1]LMS Service lost connection to HECI driver[/HEADING]
[HEADING=1]LMS Service lost connection to HECI driver[/HEADING]
[HEADING=1]LMS Service lost connection to HECI driver[/HEADING]
[HEADING=1]LMS Service lost connection to HECI driver[/HEADING]
[HEADING=1]LMS Service lost connection to HECI driver[/HEADING]
[HEADING=1]LMS Service lost connection to HECI driver[/HEADING]
[HEADING=1]Activation context generation failed for “C:\Program Files\DriverUpdate\MFC80U.DLL”. Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture=“x86”, publicKeyToken=“1fc8b3b9a1e18e3b”,type=“win32”,ver sion=“8.0.50608.0” could not be found. Please use sxstrace.exe for detailed diagnosis.[/HEADING]
[HEADING=1]Activation context generation failed for “C:\Program Files\DriverUpdate\MFC80U.DLL”. Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture=“x86”, publicKeyToken=“1fc8b3b9a1e18e3b”,type=“win32”,ver sion=“8.0.50608.0” could not be found. Please use sxstrace.exe for detailed diagnosis.[/HEADING]
[HEADING=1]Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.[/HEADING]
[HEADING=1]LMS Service lost connection to HECI driver[/HEADING]
The program iexplore.exe version 11.0.9600.18616 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1290
Start Time: 01d2a7e9763e43e5
Termination Time: 40
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:

The program iexplore.exe version 11.0.9600.18616 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 11fc
Start Time: 01d2a7e91114cad4
Termination Time: 32
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:

[HEADING=1]LMS Service lost connection to HECI driver[/HEADING]
[HEADING=1]LMS Service lost connection to HECI driver[/HEADING]
The program iexplore.exe version 11.0.9600.18616 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1610
Start Time: 01d2a70f2a82658c
Termination Time: 43
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:

[HEADING=1]LMS Service lost connection to HECI driver[/HEADING]
The program iexplore.exe version 11.0.9600.18616 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1e74
Start Time: 01d2a667e52b28e9
Termination Time: 23
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:

[HEADING=1]LMS Service lost connection to HECI driver[/HEADING]
[HEADING=1]LMS Service lost connection to HECI driver[/HEADING]
----------( EOF)---------- - 2794 | 12:29:50

**Malnutrition** · 03-30-2017, 10:05 PM

Alright, @g3n-h@ckm@n will be assisting you.

**Malnutrition** · 03-31-2017, 11:06 AM

@Hilton Heflin if @g3n-h@ckm@n does not reply in a day, then I will assist you further, he is in France so I am unsure of the hours he keeps… Thank you for being patient.

**Hilton_Heflin** · 03-31-2017, 05:50 PM

Originally posted by Malnutrition

@Hilton Heflin if @g3n-h@ckm@n does not reply in a day, then I will assist you further, he is in France so I am unsure of the hours he keeps… Thank you for being patient.

ok..thanks…no hurry..I am in and out…
hefs

**user1** · 04-02-2017, 09:58 AM

Hello
[ul]
[li]Disable Windows Defender, Firewall & Antivirus prior to running this tool!![/li][li]Save AdsFix to your desktop.[/li][li]Right Click & Run As Administrator.[/li][li]With an infected machine, it could take several seconds to be charged.[/li][li]You will then be prompted to install Certificates.[/li][li]Install then click OK.[/li][li]Right Click & Run As Administrator Again.[/li][/ul]

WordPress.com

https://genhackmantools.files.wordpress.com/2017/02/adsfix1-1.png?w=736

[ul]
[li]Click Options then select Unlock the deletion.[/li][li]Then click on clean.[/li][li]Enter your country[/li][li]Don’t use the machine while scanning and be patient[/li][li]Once the scan has completed, please copy and paste the report in your next reply.[/li][li]The report will be C:\AdsFix_date_hour.txt or on your dektop with the same name.[/li][/ul]

**Hilton_Heflin** · 04-02-2017, 08:25 PM

Originally posted by g3n-h@ckm@n

Hello
[ul]
[li]Disable Windows Defender, Firewall & Antivirus prior to running this tool!![/li][li]Save AdsFix to your desktop.[/li][li]Right Click & Run As Administrator.[/li][li]With an infected machine, it could take several seconds to be charged.[/li][li]You will then be prompted to install Certificates.[/li][li]Install then click OK.[/li][li]Right Click & Run As Administrator Again.[/li][/ul]

WordPress.com

https://genhackmantools.files.wordpress.com/2017/02/adsfix1-1.png?w=736

[ul]
[li]Click Options then select Unlock the deletion.[/li][li]Then click on clean.[/li][li]Enter your country[/li][li]Don’t use the machine while scanning and be patient[/li][li]Once the scan has completed, please copy and paste the report in your next reply.[/li][li]The report will be C:\AdsFix_date_hour.txt or on your dektop with the same name.[/li][/ul]

ok..hope this helps…

---------- | AdsFix | g3n-h@ckm@n | V4_02.04.17.3

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 12:24:34 - 02/04/2017

update on : 02/04/2017 | 16.50 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : Dépannage Informatique à Distance - Assistance Informatique | SOSVirus
Feedbacks : Télécharger KMSPico Activator Windows 11 et Office 2021
Facebook : AdsFix-Anti-Adware
C:\Users\hilton\Desktop\AdsFix.exe
Boot: Normal boot
[hilton (Administrator)] - [HILTON-PC] - (usa [0409])
SID = S-1-5-21-3292114827-816517840-1514174382-1000 || [68696c746f6e205e5e]
PC : Dell Inc. - 0GM819 -
Processor : X64 - 1862 - Intel(R) Core™2 CPU 6300 @ 1.86GHz
Bios : Dell Inc. - 06/11/2012 - V.A22
CoreTemp : ? C

CPU #1 value:37 %
CPU #2 value:37 %
Total Overall CPU Usage value:37 %

System : Windows 7 Professional (32 bits) Professional Service Pack 1
RAM memory = Total (MB) : 3396 | Free (MB) : 1873
Pagefile = Total (MB) : 6791 | Free (MB) : 4946
Virtual = Total (MB) : 2097 | Free (MB) : 1877

C:\ → [Fixed] | [Windows] | Total : 1859.99 Go | Free : 1820.36 Go → NTFS [ATA]

Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [02.04.2017 @ 12_24_32]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> “restore”

---------- | Windows Updates

Last detection : 2017-04-02 06:57:34
Last downloaded : 2017-03-14 19:23:58
Last installation : 2017-03-15 07:07:26
Next search : 2017-04-03 02:10:53

Windows Is Activated

---------- | Browsers

IE : 11.0.9600.18616 (© Microsoft Corporation. All rights reserved.)
FF : 52.0.2.6291 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 56.0.2924.87 (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

FW : Avast Antivirus Disabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Manual(3)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 25.0.0.127

---------- | Killed processes

1468 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1676 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.21.1354) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1712 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Intel Corporation - Displays state of Intel® Active Management Technology..) - (3.0.0.6) = C:\Program Files\Intel\AMT\atchksrv.exe
1756 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Broadcom Corporation. - Bluetooth Support Server.) - (6.5.1.2700) = C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1868 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Intel Corporation - Intel(R) Wireless Bluetooth(R) iBtSiva Service.) - (19.0.1629.3590) = C:\Program Files\Intel\Bluetooth\ibtsiva.exe
1904 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Intel Corporation - Intel® PROSet Monitoring Service.) - (19.5.302.0) = C:\Windows\System32\IPROSetMonitor.exe
1948 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Intel - Local Manageability Service.) - (3.0.10.1053) = C:\Program Files\Intel\AMT\LMS.exe
2040 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Intel - User Notification Service.) - (3.2.0.1053) = C:\Program Files\Intel\AMT\UNS.exe
3812 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Motorola Solutions, Inc. - Bluetooth Device Monitor.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\devmonsrv.exe
3916 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Motorola Solutions, Inc. - Bluetooth Media Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\mediasrv.exe
3980 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Motorola Solutions, Inc. - Bluetooth OBEX Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\obexsrv.exe
2540 | [Owner : SYSTEM |Parent : 2128()] - (.Google Inc. - Google Crash Handler.) - (1.3.32.7) = C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.ex e
3212 | [Owner : NETWORK SERVICE |Parent : 524(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
3500 | [Owner : hilton |Parent : 1004(svchost.exe)] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
1216 | [Owner : hilton |Parent : 1004(svchost.exe)] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
3716 | [Owner : hilton |Parent : 524(services.exe)] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
4032 | [Owner : hilton |Parent : 1216()] - (.SlimWare Utilities, Inc. - DriverUpdate.) - (4.0.0.0) = C:\Program Files\DriverUpdate\DriverUpdate.exe
3380 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Intel Corporation - Displays state of Intel® Active Management Technology..) - (3.0.0.9) = C:\Program Files\Intel\AMT\atchk.exe
2212 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Analog Devices, Inc. - SMax4PNP.) - (6.1.7200.179) = C:\Program Files\Analog Devices\Core\smax4pnp.exe
2856 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.CANON INC. - Canon Quick Menu.) - (2.7.1.0) = C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
2460 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Microsoft Corporation - Windows Mobile Device Center.) - (6.1.6965.0) = C:\Windows\WindowsMobile\wmdc.exe
3676 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe
3140 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Amazon Services LLC - Amazon Music Helper.) - (5.3.6.1743) = C:\Users\hilton\AppData\Local\Amazon Music\Amazon Music Helper.exe
1508 | [Owner : hilton |Parent : 3500()] - (.Piriform Ltd - CCleaner.) - (5.28.0.6005) = C:\Program Files\CCleaner\CCleaner.exe
968 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Siber Systems - RoboForm TaskBar Icon.) - (8.3.1.1) = C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
2696 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Dell - Dell System Detect.) - (7.11.0.6) = C:\Users\hilton\AppData\Local\Apps\2.0\3VGPG9W0.MP E\2E0VXQW4.WA5\dell..tion_6d0a76327dca4869_0007.00 0b_df227eeaae3cac0d\DellSystemDetect.exe
1236 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Broadcom Corporation. - Bluetooth Tray Application.) - (6.5.1.2700) = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
5216 | [Owner : hilton |Parent : 4004()] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe
5480 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.SlimWare Utilities Holdings, Inc. - SlimWare.Services Service.) - (1.0.0.0) = C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
5536 | [Owner : SYSTEM |Parent : 700(svchost.exe)] - (.SlimWare Utilities Holdings, Inc. - SlimWare.Session Server.) - (1.0.0.0) = C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe
5628 | [Owner : hilton |Parent : 2856()] - (.CANON INC. - Canon Quick Menu Updater.) - (2.7.1.0) = C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
2448 | [Owner : hilton |Parent : 700(svchost.exe)] - (.Intel Corporation - igfxsrvc Module.) - (8.14.10.1930) = C:\Windows\System32\igfxsrvc.exe
3412 | [Owner : hilton |Parent : 1392(avastui.exe)] - (.Microsoft Corporation - CTF Loader.) - (6.1.7600.16385) = C:\Windows\System32\ctfmon.exe
1620 | [Owner : hilton |Parent : 700(svchost.exe)] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller 25.0 r0.) - (25.0.0.127) = C:\Windows\System32\Macromed\Flash\FlashUtil32_25_ 0_0_127_ActiveX.exe
4640 | [Owner : NETWORK SERVICE |Parent : 524(services.exe)] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe

---------- | Tasks

Deleted successfully : Driver Support
Deleted successfully : DriverUpdate Scan
Deleted successfully : DriverUpdate Startup.job

---------- | Services

Deleted service : SWDUMon : system32\DRIVERS\SWDUMon.sys

---------- | AppCertDlls | AppInit_DLLs

---------- | DNSapi.dll

C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts

---------- | SafeBoot

---------- | Winsock

---------- | DNS

Repaired : [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param eters\Interfaces{7F3D0977-3F81-48D1-8A0D-5B6CF1496778}]~[NameServer] : 77.234.40.79 →

---------- | Register

Deleted successfully : HKLM\SOFTWARE\Classes\AppID{6D3BC646-CFCD-4098-8495-B7BD0DF13133} : SlimWare.Session #
Deleted successfully : HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\doubleclick.net
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib{58A8BF1A-3608-41EA-AAD1-581AB79105E6} : C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib{5B47B102-E05C-41E6-9239-E9276F3758B7}
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib{CE74B1E6-4EBC-42A1-A4EF-E03F45195608} : C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe
Deleted successfully : HKLM\SOFTWARE\Classes\Interface{3B8B86CB-0248-4F00-AC0E-EE5C6795D7F4} : {CE74B1E6-4EBC-42A1-A4EF-E03F45195608}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface{BDF76960-B341-4592-BDBA-DFC8C74165A9} : {CE74B1E6-4EBC-42A1-A4EF-E03F45195608}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface{E58DA376-0D39-45ED-A6EE-A7B6DD10BED2} : {58A8BF1A-3608-41EA-AAD1-581AB79105E6}
Deleted successfully : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULA TION]~[PCAcceleratePro.exe]
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULA TION]~[PCAcceleratePro.exe]
Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32
Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS
Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\DriverWhiz_RASAPI3 2
Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\DriverWhiz_RASMANC S
Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\McPartnerSAInstall Manager_RASAPI32
Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\McSvHost_RASAPI32
Deleted successfully : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]~[C:\Program Files\DriverUpdate\DriverUpdate.UpdateLauncher.exe]
Deleted successfully : HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\FromDocToPDF
Deleted successfully : HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\ProductSetup
Deleted successfully : HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\SlimWare Utilities Inc
Deleted successfully : HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\undefined
Deleted successfully : HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted successfully : HKLM\SOFTWARE\SlimWare.Utilities
Deleted successfully : HKLM\SOFTWARE\SlimWare Utilities, Inc.
Deleted successfully : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} : 1
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\3854CF3B2738F1B50811C113A6628B1C : C:\Program Files\DriverUpdate\CrashSender.exe.VC80
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\3B6C8A96077846C58872590D3F300790 : C:\Program Files\DriverUpdate\mfc80u.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\513C2FCB818471C569E0FDA5A3BDE0E0 : C:\Program Files\DriverUpdate\DriverUpdate.exe
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\518B733684C79CB558F88FE88A841A8E : C:\Program Files\DriverUpdate\msvcp80.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\5495805C52029135CA3898C4D31E1381 : C:\Program Files\DriverUpdate\dbghelp-app.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\66D733525E9A58F57966D7601ED64574 : C:\Program Files\DriverUpdate\UnifiedLogger.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\9182F476578643550AFFF32CC6EC70A7 : C:\Program Files\DriverUpdate\UninstallStub.exe
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\F93A237388CD0485B83A5A3FA718E936 : C:\Program Files\DriverUpdate\msvcr80.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\B25CB27B8A56BB449AD45E9C1B6D446B : [C:\Windows\Installer\1e561dab.msi]
Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders]~[C:\Program Files\DriverUpdate]
Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\Folders]~[C:\Program Files\SlimWare Utilities]
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Uni nstall\DriverUpdate : (DriverUpdate) “C:\Program Files\DriverUpdate\UninstallStub.exe” --log {b72bc52b-65a8-44bb-a94d-e5c9b1d644b6} → C:\Program Files\DriverUpdate
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Uni nstall{B72BC52B-65A8-44BB-A94D-E5C9B1D644B6} : (DriverUpdate) MsiExec.exe /X{B72BC52B-65A8-44BB-A94D-E5C9B1D644B6}
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMRules
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2E1F1D2 B-A7F0-47BE-9978-16429AE3489C} : \Driver Support-RTMScan
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{2E1F1D2 B-A7F0-47BE-9978-16429AE3489C} : \Driver Support-RTMScan
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E753F27 A-B7AA-4831-A49E-9186D40D7565} : \Driver Support-RTMRules
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{E753F27 A-B7AA-4831-A49E-9186D40D7565} : \Driver Support-RTMRules

---------- | Folders | Files

Deleted successfully : C:\Program Files\Driver Support\Agent.Common.dll (Copyright © PC Drivers Headquarters INC. 2015.-.Driver Detective) Agent.Common.dll
Deleted successfully : C:\Program Files\Driver Support\Agent.Communication.dll (Copyright © PC Drivers Headquarters INC. 2015.-.Driver Detective) Agent.Communication.dll
Deleted successfully : C:\Program Files\Driver Support\DriverSupport.exe (Copyright © PC Drivers Headquarters INC. 2015.-.Driver Support) DriverSupport.exe
Deleted successfully : C:\Program Files\Driver Support\ExceptionLogging.dll (Copyright © PC Drivers Headquarters INC. 2012.-.Driver Detective) ExceptionLogging.dll
Deleted successfully : C:\Program Files\Driver Support\RuleEngine.dll (Copyright © PC Drivers Headquarters INC. 2015.-.Driver Detective) RuleEngine.dll
Reboot : C:\Program Files\DriverUpdate
Deleted successfully : C:\Program Files\SlimWare Utilities
Deleted successfully : C:\Users\Public\Desktop\DriverUpdate.lnk (.-.) (Offsets)
Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate Help.lnk (.-.)
Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate.lnk (.-.)
Deleted successfully : C:\Users\Public\Documents\Downloaded Installers
Reboot : C:\Users\hilton\AppData\Local\76f7c66
Deleted successfully : C:\Users\hilton\AppData\Local\88efa
Deleted successfully : C:\Users\hilton\AppData\Local\Chromium
Deleted successfully : C:\Users\hilton\AppData\Local\CrashRpt
Deleted successfully : C:\Users\hilton\AppData\Local\f1aad
Reboot : C:\Users\hilton\AppData\Local\FromDocToPDFTooltab
Deleted successfully : C:\Users\hilton\AppData\Local\PC_Drivers_Headquart ers
Deleted successfully : C:\Users\hilton\AppData\Local\SlimWare Utilities Inc
Deleted successfully : C:\Users\hilton\AppData\Roaming\InstantSupport
Reboot : C:\Users\hilton\Local Settings\76f7c66
Reboot : C:\Users\hilton\Local Settings\FromDocToPDFTooltab
Deleted successfully : C:\ProgramData\PC Drivers HeadQuarters
Deleted successfully : C:\ProgramData\SlimWare Utilities Inc
Deleted successfully : C:\ProgramData\SlimWare Utilities, Inc
Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
Deleted successfully : C:\Users\hilton\AppData\LocalLow\Microsoft\Interne t Explorer\Services\winsearch.ico (.-.)
Deleted successfully : C:\Windows\Installer\1e561dab.msi (.-.) [Package Install]
Deleted successfully : C:\Windows\system32\DRIVERS\SWDUMon.sys (.-.)
Deleted successfully : C:\Windows\System32\Tasks\Driver Support-RTMRules (.-.)
Deleted successfully : C:\Windows\System32\Tasks\Driver Support-RTMUpdater (.-.)
Deleted successfully : C:\Windows\System32\Tasks\Driver Support-RTMScan (.-.)
Deleted successfully : C:\Windows\System32\Config\Systemprofile\AppData\L ocal\CrashRpt

---------- | .LNK

---------- | opening unknown extension

---------- | Proxy

---------- | Internet Explorer

Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Search Bar] : Preserve → https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Page] : Yahoo on osa Yahoo-konsernia. → https://www.google.com/
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : → 2
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : → 1
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet settings]~[WarNonBadCertReceving] : → 1
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet settings]~[WarNonHTTPSToHTTPRedirect] : → 1
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 → 0

---------- | Yandex : X

---------- | Google Chrome

Deleted successfully : HKLM\SOFTWARE\Policies\Google
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\bmnlcjabgnpnenekpadlanbbko oimhnj = description: Automatically find and apply coupon codes when you shop online!
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\hdokiejnpimakedhajhdlcegep lioahd = content_security_policy: default-src ‘self’ https://1min-ui-prod.service.lastpass.com https://lastpass.com/ https://youtube.com https://lastpass.eu; connect-src ‘self’ https://lastpass.com/ wss://.lastpass.com wss://.lastpass.eu ws://127.0.0.1:19536 https://pollserver.lastpass.com https://loglogin.lastpass.com https://lastpass.com https://www.lastpass.com https://lastpass.eu https://.google-analytics.com https://.doubleclick.net; img-src ‘self’ data: https://lastpass.com/ chrome://favicon https://.google-analytics.com https://.doubleclick.net; style-src ‘self’ https://lastpass.com/ ;
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ]
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pnlccmojcmeohlpggmfnbbiapk mbliob = permissions: [ tabs bookmarks webRequest webRequestBlocking webNavigation nativeMessaging downloads http:/// https:/// chrome://favicon/ ]

C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhon fmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfi lokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigk jlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [ http://docs.google.com/http://drive....ve.google.com/ ] - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihc jkigck = : Avast SafePrice - safe shopping extension. - Avast SafePrice - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpeb giejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi = : MSG_extDesc - MSG_extName - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegiea cbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccm gmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoe jaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx

---------- | SrWare Iron : X

---------- | Comodo Dragon : X

---------- | Firefox

[hilton | pc153f57.default-1485114558992] Deleted successfully : user_pref(“media.gmp-widevinecdm.abi”, “x86-msvc-x86”);
[hilton | pc153f57.default-1485114558992] Deleted successfully : user_pref(“media.gmp-widevinecdm.version”, “1.4.8.903”);

[Profile0] - Name=default-1485114558992 → Profiles/pc153f57.default-1485114558992

---------- | SeaMonkey : X

---------- | Pale moon : X

---------- | Opera : X

---------- | Spark (Baidu) : X

---------- | StartMenuInternet

Repaired : [HKLM\SOFTWARE\Clients\StartMenuInternet\IExplore.e xe\shell\open\command]~ : iexplore.exe → “C:\Program Files\Internet Explorer\iexplore.exe”

---------- | Javascript

---------- | Firewall

---------- | ADS

Other(s) report(s)

Analyzed : 346649 | Modified : 9 | Deleted : 88

---------- |EOF| ---------- | 16:17:01 | [25 Ko]

hefs

**user1** · 04-02-2017, 09:18 PM

Download MalwareBytes Anti-Malware : https://www.malwarebytes.com/mwb-download/ take the free version ( on the left )
Perform the installation
Uncheck “Enable Free Trial of Malwarebytes Anti-Malware Premium” if it’s asked
Malwarebytes will update, let this update,
Click on the “Settings” tab and then on the “Detection and Protection” tab, Check the box “Search for Rootkits”
Click on the “Analysis” tab and then on “Start analysis”
Once the review is complete, check that all detections are checked and then click [Delete Selection]
If Malwarebytes asks you to restart your PC, click “Yes”,
When restarting your PC, restarts Malwarebytes
Opens the “History” tab and then “Application logs”
Double click on the last Scan Log in date (the one above)
At the bottom click [Export] → select “Text file (* .txt)”
In the explorer selects the desktop, name it mbam.txt, click [Save]

copy/paste the content of the report in your next reply

**Malnutrition** · 04-06-2017, 01:22 AM

@Hilton Heflin how about an update for your helper.

**Hilton_Heflin** · 04-06-2017, 04:41 PM

Originally posted by Malnutrition

@Hilton Heflin how about an update for your helper.

Sorry for delay..back on track..thanks,