Solved got scamed

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
H

Hilton Heflin

PCHF Member
Aug 26, 2016
134
17
82
Raleigh ,NC
A few days ago while I was working on my computer a pop up from Microsoft came up and locked up my computer..said I have a Trogen virus and to call an 800 number to get it fixed... they ran a scan and showed me all kinds of problems..wanted $300.00 to fix it..I was sceptical and told them I couldn't do it then ..told me that MS had suspended my licence..told them (I would get a new computer..told me that it wouldn't make any difference as the new one wouldn't work either..Had my computer locked..so went ahead and paid..they played around on it for about 30 min...There are two programs on here that I did not have before and I can not remove them like I can all other programs...DELL SONIC FIREWALL and ATF CLEANER...they work fine but can't remove them ..also removed Malwarebytes...I reinstalled that...
I still thought it a scam so called my bank the next day and fraud dept was aware of it..put a hold on my money and are investigating the problem..the money is back in my account asof now,,so will have to wait..
Hope my stupidity will help someone else..I am very carefull about opening stuff and phone scams ..but I just couldn't believe somebody could lust lock up my computer like that so my old 75 yr old brain let it go..is there a way to get those programs off my computer and are they harming anything?
One other thing,,I have both TotalAV and Malwarebytes in here..is this a problem??
Thanks;
hefs
 
hello, If you paid malwarebytes , uninstall TotalAV

I'm amazed that Malwarebytes didn't see that !

Download Quick Diag to your desktop.
Very Important!! — Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.
quickdiag.png

Post the log that is generated in your next post, It'll be on your desktop named QuickDiag_Date_Hour.txt
 
Last edited:
ok..thanks..here goes..

--------------- QuickDiag | g3n-h@ckm@n | V3_22.06.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 23/06/2017 14:28:11

Updated 22/06/2017 | 22.30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC-05:00) Eastern Time (US & Canada)
[hilton (Administrator)] - [HILTON-PC] (S-1-5-21-3292114827-816517840-1514174382-1000)

System: Microsoft Windows 7 Professional - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409) -> ()
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Professional |C:\Windows|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: OptiPlex 755 - Dell Inc. - IdNumber: 6Q1PVG1 - UUID: 4C4C4544-0051-3110-8050-B6C04F564731
Processor : X64 - 1862 Mhz - Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Phoenix ROM BIOS PLUS Version 1.10 A22 - en|US|iso8859-1 - Dell Inc. - S/N: 6Q1PVG1 - A22 - DELL - 15
CoreTemp : ? Celsius

----------| Quick


---------- | SoundDevice

SoundMAX Integrated Digital HD Audio Device - Status: OK - Manufacturer: Analog Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1984&SUBSYS_10280211&REV_1004\4&851744B&0&0001

---------- | Video

Intel(R) Q35 Express Chipset Family - Resolution: 1440x900 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_29B2&SUBSYS_02111028&REV_02\3&172E68DD&1&10 - AdapterCompatibility: Intel Corporation - RAM: 268435456
Intel(R) Q35 Express Chipset Family - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_29B3&SUBSYS_02111028&REV_02\3&172E68DD&1&11 - AdapterCompatibility: Intel Corporation - RAM:
Inegrated Video Chipset DeviceName: Intel(R) Q35 Express Chipset Family - DriverVersion: 8.14.10.1930 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 50176 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31744 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 64000 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Radius Inc. - Status: OK

---------- | CPU

CPU #1 value:0 %
CPU #2 value:0 %
Total Overall CPU Usage value:0 %

---------- | Network

Intel[R] 82566DM-2 Gigabit Network Connection : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{B78AF187-32FB-4F20-86D2-C40DA41B6832} : SENT:0 bytes/sec / RECVD:0 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:0 bytes/sec, / RECEIVE Maximum:0 bytes/sec

WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000
Intel(R) 82566DM-2 Gigabit Network Connection - Ethernet 802.3 - Intel - Status: - PnPID : PCI\VEN_8086&DEV_10BD&SUBSYS_02111028&REV_02\3&172E68DD&1&C8
WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000
RAS Async Adapter - Wide Area Network (WAN) - Microsoft - Status: - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0002
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000

---------- | Memory

RAM = Total (MB) : 3396 | Free (MB) : 2163
Pagefile = Total (MB) : 6791 | Free (MB) : 5522
Virtual = Total (MB) : 2097 | Free (MB) : 1942

Physical Memory 0 : Capacity: 1073741824 - DIMM_1 - Posit.: 1 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863RZS-CE6 - S/N: 5532D4BF
Physical Memory 1 : Capacity: 1073741824 - DIMM_3 - Posit.: 1 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863DZS-CE6 - S/N: 851CA99B
Physical Memory 2 : Capacity: 1073741824 - DIMM_2 - Posit.: 2 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863QZS-CE6 - S/N: 87036A38
Physical Memory 3 : Capacity: 1073741824 - DIMM_4 - Posit.: 2 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863DZS-CE6 - S/N: 870F0EE8

---------- | SID Users

Administrator : [S-1-5-21-3292114827-816517840-1514174382-500]
Guest : [S-1-5-21-3292114827-816517840-1514174382-501]
hilton : [S-1-5-21-3292114827-816517840-1514174382-1000]
HomeGroupUser$ : [S-1-5-21-3292114827-816517840-1514174382-1002]
Administrators : [S-1-5-32-544]
Backup Operators : [S-1-5-32-551]
Cryptographic Operators : [S-1-5-32-569]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Network Configuration Operators : [S-1-5-32-556]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Power Users : [S-1-5-32-547]
Remote Desktop Users : [S-1-5-32-555]
Replicator : [S-1-5-32-552]
Users : [S-1-5-32-545]
HomeUsers : [S-1-5-21-3292114827-816517840-1514174382-1001]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [Windows] | Total : 1859.99 Go | Free : 1821.54 Go -> NTFS [ATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec

Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : IDE\DISKHITACHI_HUA722020ALA331_________________JKAOA3NH\5&1590E63B&0&0.0.0

---------- | Windows updates

Last detection : 2017-06-23 11:05:55
Downloaded last ones : 2017-06-20 06:47:18
Installed last ones : 2017-06-20 06:48:18
Next search : 2017-06-24 07:07:35

Test 1 : Windows Is Activated

---------- | Browsers

IE : 11.0.9600.18698 (© Microsoft Corporation.)
FF : 52.0.0.6270 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 58.0.3029.110 (Copyright 2016 Google Inc.)

Default : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url ""

---------- | FlashPlayer

FlashPlayer ActiveX : 26.0.0.126

---------- | Security

AV : Malwarebytes Disabled
AS : Windows Defender Enabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

264 | [Owner : SYSTEM | Parent : 4(System) | 0.83 Mo] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.23807) = C:\Windows\System32\smss.exe [14/06/2017 07:49:42] CPU Usage:0 %
368 | [Owner : SYSTEM | Parent : 340() | 3.49 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 19:11:09] CPU Usage:0 %
420 | [Owner : SYSTEM | Parent : 340() | 3.36 Mo] - (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [13/07/2009 19:36:49] CPU Usage:0 %
428 | [Owner : SYSTEM | Parent : 412() | 11.69 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 19:11:09] CPU Usage:0 %
468 | [Owner : SYSTEM | Parent : 420(wininit.exe) | 7.24 Mo] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [01/07/2016 13:14:35] CPU Usage:0 %
492 | [Owner : SYSTEM | Parent : 420(wininit.exe) | 10.99 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23816) = C:\Windows\System32\lsass.exe [14/06/2017 07:49:41] CPU Usage:0 %
500 | [Owner : SYSTEM | Parent : 420(wininit.exe) | 3.13 Mo] - (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [20/11/2010 17:29:11] CPU Usage:0 %
548 | [Owner : SYSTEM | Parent : 412() | 5.47 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [01/07/2016 13:12:55] CPU Usage:0 %
648 | [Owner : SYSTEM | Parent : 468(services.exe) | 7.05 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
724 | [Owner : NETWORK SERVICE | Parent : 468(services.exe) | 6.04 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
796 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 16.51 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
828 | [Owner : SYSTEM | Parent : 468(services.exe) | 63.87 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
852 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 13.17 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
924 | [Owner : SYSTEM | Parent : 468(services.exe) | 29.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1040 | [Owner : LOCAL SERVICE | Parent : 796(svchost.exe) | ?????] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (6.1.7601.23471) = C:\Windows\System32\audiodg.exe [12/10/2016 06:10:31] CPU Usage:0 %
1204 | [Owner : NETWORK SERVICE | Parent : 468(services.exe) | 12.85 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1372 | [Owner : SYSTEM | Parent : 468(services.exe) | 10.2 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe [02/07/2016 14:33:16] CPU Usage:0 %
1412 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 12.95 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1488 | [Owner : SYSTEM | Parent : 468(services.exe) | 3.18 Mo] - (.Intel Corporation - Displays state of Intel® Active Management Technology..) - (3.0.0.6) = C:\Program Files\Intel\AMT\atchksrv.exe [23/07/2012 19:53:32] CPU Usage:0 %
1524 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 3.8 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1544 | [Owner : SYSTEM | Parent : 468(services.exe) | 5.09 Mo] - (.Broadcom Corporation. - Bluetooth Support Server.) - (6.5.1.2700) = C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [01/04/2012 13:22:20] CPU Usage:0 %
1588 | [Owner : SYSTEM | Parent : 468(services.exe) | 8.26 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1636 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 11.02 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1664 | [Owner : SYSTEM | Parent : 468(services.exe) | 3.28 Mo] - (.Intel Corporation - Intel(R) Wireless Bluetooth(R) iBtSiva Service.) - (19.0.1629.3590) = C:\Program Files\Intel\Bluetooth\ibtsiva.exe [03/02/2016 14:28:54] CPU Usage:0 %
1696 | [Owner : SYSTEM | Parent : 468(services.exe) | 4.58 Mo] - (.Intel Corporation - Intel® PROSet Monitoring Service.) - (19.5.302.0) = C:\Windows\System32\IPROSetMonitor.exe [16/10/2014 14:38:56] CPU Usage:0 %
1804 | [Owner : SYSTEM | Parent : 468(services.exe) | 3.78 Mo] - (.Intel - Local Manageability Service.) - (3.0.10.1053) = C:\Program Files\Intel\AMT\LMS.exe [23/07/2012 19:53:32] CPU Usage:0 %
1916 | [Owner : SYSTEM | Parent : 468(services.exe) | 6.37 Mo] - (.Intel - User Notification Service.) - (3.2.0.1053) = C:\Program Files\Intel\AMT\UNS.exe [23/07/2012 19:53:32] CPU Usage:0 %
108 | [Owner : SYSTEM | Parent : 468(services.exe) | 163.12 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.479) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [21/06/2017 15:04:29] CPU Usage:0 %
3080 | [Owner : SYSTEM | Parent : 468(services.exe) | 6.38 Mo] - (.Motorola Solutions, Inc. - Bluetooth Device Monitor.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\devmonsrv.exe [18/07/2016 15:43:38] CPU Usage:0 %
3156 | [Owner : SYSTEM | Parent : 468(services.exe) | 6.47 Mo] - (.Motorola Solutions, Inc. - Bluetooth Media Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\mediasrv.exe [18/07/2016 15:43:44] CPU Usage:0 %
3204 | [Owner : SYSTEM | Parent : 468(services.exe) | 5.28 Mo] - (.Motorola Solutions, Inc. - Bluetooth OBEX Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\obexsrv.exe [18/07/2016 15:43:52] CPU Usage:0 %
3272 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 5.98 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
3340 | [Owner : SYSTEM | Parent : 468(services.exe) | 28.88 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
3388 | [Owner : NETWORK SERVICE | Parent : 468(services.exe) | 7.9 Mo] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe [20/11/2010 17:29:49] CPU Usage:0 %
3500 | [Owner : SYSTEM | Parent : 468(services.exe) | 15.31 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.23834) = C:\Windows\System32\SearchIndexer.exe [14/06/2017 07:49:43] CPU Usage:0 %
1220 | [Owner : hilton | Parent : 924(svchost.exe) | 4.36 Mo] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [20/11/2010 17:29:06] CPU Usage:0 %
1016 | [Owner : hilton | Parent : 468(services.exe) | 13.11 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [29/06/2016 16:50:18] CPU Usage:0 %
1516 | [Owner : hilton | Parent : 828(svchost.exe) | 5.42 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [13/07/2009 19:24:23] CPU Usage:0 %
2020 | [Owner : hilton | Parent : 788() | 73.21 Mo] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.23537) = C:\Windows\explorer.exe [16/10/2016 12:49:31] CPU Usage:0 %
732 | [Owner : SYSTEM | Parent : 2128() | 0.53 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.5) = C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe [27/04/2017 14:41:41] CPU Usage:0 %
3092 | [Owner : hilton | Parent : 2020(explorer.exe) | 16.78 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1068) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [21/06/2017 15:04:26] CPU Usage:0 %
3400 | [Owner : hilton | Parent : 2020(explorer.exe) | 29.14 Mo] - (.Siber Systems - RoboForm TaskBar Icon.) - (8.3.7.7) = C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe [12/08/2016 15:03:22] CPU Usage:0 %
3592 | [Owner : hilton | Parent : 2020(explorer.exe) | 1.21 Mo] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7601.23755) = C:\Windows\System32\rundll32.exe [14/06/2017 07:49:44] CPU Usage:0 %
3576 | [Owner : hilton | Parent : 1220(taskeng.exe) | 0.97 Mo] - (.Piriform Ltd - CCleaner.) - (5.30.0.6065) = C:\Program Files\CCleaner\CCleaner.exe [19/05/2017 15:17:50] CPU Usage:0 %
3028 | [Owner : LOCAL SERVICE | Parent : 468(services.exe) | 10.8 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
944 | [Owner : hilton | Parent : 2020(explorer.exe) | 30.69 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.18698) = C:\Program Files\Internet Explorer\iexplore.exe [14/06/2017 07:49:44] CPU Usage:0 %
3604 | [Owner : hilton | Parent : 944(iexplore.exe) | 128.66 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.18698) = C:\Program Files\Internet Explorer\iexplore.exe [14/06/2017 07:49:44] CPU Usage:0 %
2032 | [Owner : hilton | Parent : 944(iexplore.exe) | 24.02 Mo] - (.SosVirus - QuickDiag.) - (22.6.17.1) = C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0U6W0Q04\QuickDiag.exe [23/06/2017 14:07:36] CPU Usage:0 %
2340 | [Owner : hilton | Parent : 2020(explorer.exe) | 28.36 Mo] - (.SosVirus - QuickDiag.) - (22.6.17.1) = C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0U6W0Q04\QuickDiag.exe [23/06/2017 14:07:36] CPU Usage:0 %
2656 | [Owner : hilton | Parent : 2020(explorer.exe) | 70.82 Mo] - (.Malwarebytes - Malwarebytes.) - (3.0.0.1068) = C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe [21/06/2017 15:04:26] CPU Usage:0 %
3996 | [Owner : NETWORK SERVICE | Parent : 648(svchost.exe) | 9.32 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 17:29:20] CPU Usage:0 %
2704 | [Owner : SYSTEM | Parent : 648(svchost.exe) | 4.77 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 17:29:20] CPU Usage:0 %
2492 | [Owner : NETWORK SERVICE | Parent : 468(services.exe) | 10.78 Mo] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [20/11/2010 17:29:12] CPU Usage:0 %

---------- | MD5

[MD5.6DDCA324434FFA506CF7DC4E51DB7935] - [16/10/2016 12:49:31] - (.© Microsoft Corporation. - Windows Explorer.) - [2903 Ko] - (6.1.7601.23537) : C:\Windows\Explorer.exe
[MD5.AD7B9C14083B52BC532FBA5948342B98] - [20/11/2010 17:29:12] - (.© Microsoft Corporation. - Windows Command Processor.) - [295.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe
[MD5.342271F6142E7C70805B8A81E1BA5F5C] - [13/07/2009 19:11:09] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [6 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - [13/07/2009 19:43:52] - (.© Microsoft Corporation. - COM Surrogate.) - [7 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe
[MD5.470F085F2C23C4303532FF4A30D6686E] - [09/05/2017 16:19:37] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [852 Ko] - (6.1.7601.23775) : C:\Windows\System32\Kernel32.dll
[MD5.1F83BB829C2A02CD615B7A1378EC5E6B] - [14/06/2017 07:49:41] - (.© Microsoft Corporation. - Local Security Authority Process.) - [21.5 Ko] - (6.1.7601.23816) : C:\Windows\System32\lsass.exe
[MD5.18E8C40C3C2AB0D315331677823555C0] - [09/05/2017 16:19:39] - (.© Microsoft Corporation. - Distributed COM Services.) - [368.5 Ko] - (6.1.7601.23775) : C:\Windows\System32\rpcss.dll
[MD5.C648901695E275C8F2AD04B687A68CE2] - [14/06/2017 07:49:44] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [44 Ko] - (6.1.7601.23755) : C:\Windows\System32\rundll32.exe
[MD5.0780A42DBD7D9969F9BF4A19AA4285B5] - [01/07/2016 13:14:35] - (.© Microsoft Corporation. - Services and Controller app.) - [253 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe
[MD5.54A47F6B5E09A77E61649109C6A08866] - [13/07/2009 19:19:28] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [20.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe
[MD5.91D4629DA1EBD286D8A7C24FBC5DC641] - [14/12/2016 00:57:02] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [792.5 Ko] - (6.1.7601.23594) : C:\Windows\System32\user32.dll
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [20/11/2010 17:29:06] - (.© Microsoft Corporation. - Userinit Logon Application.) - [26 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [13/07/2009 19:36:49] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [94 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe
[MD5.52449FD429D6053B78AE564DEF303870] - [01/07/2016 13:12:55] - (.© Microsoft Corporation. - Windows Logon Application.) - [297 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe
[MD5.F582FC7976F1248AC5FBD6875C626B41] - [09/05/2017 16:19:39] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [331 Ko] - (6.1.7601.23761) : C:\Windows\System32\Drivers\afd.sys
[MD5.338C86357871C167A96AB976519BF59E] - [13/07/2009 19:11:15] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.08 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys
[MD5.DDCE686D76C2B4DB435A3AF5BD0E691D] - [01/07/2016 13:13:16] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [129.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys
[MD5.77EA11B065E0A8AB902D78145CA51E10] - [13/07/2009 19:11:15] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [69 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - [20/11/2010 17:29:03] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.EA9DBD76CE9254C77BAAB4339DD4C4FB] - [12/10/2016 06:10:32] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [79.5 Ko] - (6.1.7601.23542) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - [20/11/2010 17:29:03] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - [13/07/2009 19:11:24] - (.© Microsoft Corporation. - i8042 Port Driver.) - [79 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - [13/07/2009 19:54:29] - (.© Microsoft Corporation. - IP Network Address Translator.) - [99.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.D071B9246BFD1575D72BD88B66F6FB87] - [14/06/2017 07:49:42] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [121.5 Ko] - (6.1.7601.23816) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.9804FB2E46077F2977552347DFCA7E05] - [01/07/2016 13:17:10] - (.© Microsoft Corporation. - NDIS 6.20 driver.) - [695.94 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys
[MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - [01/07/2016 13:11:58] - (.© Microsoft Corporation. - MBT Transport driver.) - [184.5 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys
[MD5.978E7A2E4BF4E8E70D0776EF0D9E97FB] - [01/07/2016 13:10:21] - (.© Microsoft Corporation. - NT File System Driver.) - [1183.94 Ko] - (6.1.7601.19116) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - [13/07/2009 19:45:35] - (.© Microsoft Corporation. - Parallel Port Driver.) - [77.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - [13/07/2009 19:54:34] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [77 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.B973FCFC50DC1434E1970A146F7E3885] - [20/11/2010 17:29:49] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [130.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rdpdr.sys
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - [13/07/2009 19:53:41] - (.© Microsoft Corporation. - SMB Transport driver.) - [69.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys
[MD5.C7CF3C1D1EC800230E5FE658C77FC9CA] - [09/05/2017 16:19:40] - (.© Microsoft Corporation. - TCP/IP Driver.) - [1279.23 Ko] - (6.1.7601.23761) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.01743A8A62F2C0488F9C4F6D25C21B2C] - [14/06/2017 07:49:44] - (.© Microsoft Corporation. - TDI Translation Driver.) - [73 Ko] - (6.1.7601.23806) : C:\Windows\System32\Drivers\tdx.sys
[MD5.F497F67932C6FA693D7DE2780631CFE7] - [20/11/2010 17:29:03] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [239.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.Stardock.-.Stardock Fences Shell Extension.) - (3.0.5.12) -- C:\Program Files\Stardock\Fences\FencesMenu.dll
(..-..) - (0.0.0.0) -- :\program files\stardock\fences\DesktopDock.dll
(..-..) - (0.0.0.0) -- :\program files\stardock\fences\SdCrashReporter.dll
(..-..) - (0.0.0.0) -- :\program files\stardock\fences\BugSplat.dll
(..-..) - (0.0.0.0) -- :\program files\stardock\fences\BugSplatRc.dll
(..-..) - (0.0.0.0) -- :\program files\stardock\fences\SdAppServices.dll
(.Broadcom Corporation..-.BTNCopy Module.) - (6.5.1.2700) -- C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.26) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(.Intel Corporation.-.igfxres Module.) - (8.14.10.1930) -- C:\Windows\system32\igfxrENU.lrc

---------- | Svchost.exe component call (Microsoft Files Whitelisted)


---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
Fences - (c:\program files\stardock\fences\Fences.exe /startup [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\...\Run]) - User: hilton-PC\hilton
CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\...\Run]) - User: hilton-PC\hilton
RoboForm - ("C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\...\Run]) - User: hilton-PC\hilton
Fences - ("C:\Program Files\Stardock\Fences\Fences.exe" /startup [HKLM\SOFTWARE\...\Run]) - User: Public
Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Command Processor]
"CompletionChar"=9
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=9

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Fences"=c:\program files\stardock\fences\Fences.exe /startup
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DebugOptions"=2048
"Documents"=
"DosPrint"=no
"Load"=
"NetMessage"=no
"NullPort"=None
"Programs"=com exe bat pif cmd
"Device"=Canon MG3200 series Printer,winspool,Ne00:
"UserSelectedDefault"=1

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=64

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"Fences"="C:\Program Files\Stardock\Fences\Fences.exe" /startup
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [21/06/2017 15:04:26]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"=FencesShellExt

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll [13/07/2009 19:25:10]
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"GDIProcessHandleQuota"=10000
"ShutdownWarningDialogTimeout"=4294967295
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000
""=mnmsrvc
"DeviceNotSelectedTimeout"=15
"Spooler"=yes
"TransmissionRetryTimeout"=90
"AppInit_DLLs"=
"LoadAppInit_DLLs"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}


---------- | Win.ini :



---------- | System.ini :



---------- | Config.sys :

FILES=40


---------- | Tasks List

Adobe Acrobat Update Task
Adobe Flash Player Updater
CCleanerSkipUAC
Driver Support
Driver Support-RTMRules
Driver Support-RTMScan
Driver Support-RTMUpdater
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
Open URL by RoboForm
Run RoboForm TaskBar Icon
{AAE1FE94-9FE5-456A-85C2-E40455319DB4}

---------- | Startings up registry ¦ Folder

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] : "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eM Client] : "C:\Program Files\eM Client\MailClient.exe" /startup
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Fences] : "C:\Program Files\Stardock\Fences\Fences.exe" /startup
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes TrayApp] : C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [21/06/2017 15:04:26]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoboForm] : "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile Device Center] : %windir%\WindowsMobile\wmdc.exe

---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll [14/06/2017 07:49:41]

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"RCDependentServices"=CertPropSvc
SessionEnv
"NotificationTimeOut"=0
"SnapshotMonitors"=1
"ProductVersion"=5.1
"AllowRemoteRPC"=0
"DelayConMgrTimeout"=0
"fDenyTSConnections"=1
"StartRCM"=0
"TSAdvertise"=0
"DeleteTempDirsOnExit"=1
"fSingleSessionPerUser"=1
"PerSessionTempDir"=0
"TSUserEnabled"=0
"InstanceID"=2dc7b6bd-758c-48ec-b889-6f58db6
"fCredentialLessLogonSupported"=1
"fCredentialLessLogonSupportedTSS"=1
"fCredentialLessLogonSupportedKMRDP"=1

[HKLM\System\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"=2592000
"GlobalFlag"=0
"HeapDeCommitFreeBlockThreshold"=0
"HeapDeCommitTotalFreeThreshold"=0
"HeapSegmentCommit"=0
"HeapSegmentReserve"=0
"ProcessorControl"=2
"ResourceTimeoutCount"=648000
"BootExecute"=autocheck autochk *
"ExcludeFromKnownDlls"=
"ObjectDirectories"=\Windows
\RPC Control
"ProtectionMode"=1
"NumberOfInitialSessions"=2
"SetupExecute"=

[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=wuauserv
gpsvc
trustedinstaller
"WaitToKillServiceTimeout"=200
"CurrentUser"=USERNAME
"BootDriverFlags"=0
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll
"SystemStartOptions"= NOEXECUTE=OPTIN
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbaseobjects"=0
"auditbasedirectories"=0
"crashonauditfail"=0
"fullprivilegeauditing"=0x00
"Bounds"=0x0030000000200000
"LimitBlankPasswordUse"=1
"NoLmHash"=1
"Notification Packages"=scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
"Authentication Packages"=msv1_0
"LsaPid"=492
"SecureBoot"=1
"ProductType"=6
"disabledomaincreds"=0
"everyoneincludesanonymous"=0
"forceguest"=0
"restrictanonymous"=0
"restrictanonymoussam"=1
"SCENoApplyLegacyAuditPolicy"=1


---------- | .LNK with Arguments


---------- | AppCertDlls


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Control Panel\Desktop]
"ScreenSaveActive"=1
"ActiveWndTrackTimeout"=0
"BlockSendInputResets"=0
"CaretWidth"=1
"ClickLockTime"=1200
"CoolSwitchColumns"=7
"CoolSwitchRows"=3
"CursorBlinkRate"=530
"DockMoving"=1
"DragFromMaximize"=1
"DragFullWindows"=1
"DragHeight"=4
"DragWidth"=4
"FocusBorderHeight"=1
"FocusBorderWidth"=1
"FontSmoothing"=2
"FontSmoothingGamma"=0
"FontSmoothingOrientation"=1
"FontSmoothingType"=2
"ForegroundFlashCount"=7
"ForegroundLockTimeout"=200000
"LeftOverlapChars"=3
"MenuShowDelay"=250
"PaintDesktopVersion"=0
"Pattern"=0
"RightOverlapChars"=3
"SnapSizing"=1
"TileWallpaper"=0
"WallpaperOriginX"=0
"WallpaperOriginY"=0
"WallpaperStyle"=10
"WheelScrollChars"=3
"WheelScrollLines"=3
"WindowArrangementActive"=1
"UserPreferencesMask"=0x9E3E078012000000
"Wallpaper"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg [29/06/2016 16:31:01]
"WaitToKillAppTimeout"=200

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ShellState"=0x240000003828000000000000000000000000000001000000120000000000000022000000
"CleanShutdown"=0
"ExplorerStartupTraceRecorded"=1
"Browse For Folder Width"=318
"Browse For Folder Height"=288
"link"=0x18000000

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2
"ServerAdminUI"=0
"Hidden"=2
"ShowCompColor"=1
"HideFileExt"=1
"DontPrettyPath"=0
"ShowInfoTip"=1
"HideIcons"=0
"MapNetDrvBtn"=0
"WebView"=1
"Filter"=0
"SuperHidden"=0
"SeparateProcess"=0
"AutoCheckSelect"=0
"IconsOnly"=0
"ShowTypeOverlay"=1
"ListviewAlphaSelect"=1
"ListviewShadow"=1
"TaskbarAnimations"=1
"Start_ShowMyGames"=0
"StartMenuInit"=4
""=0
"ThumbnailLivePreviewHoverTime"=250
"ExtendedUIHoverTime"=250

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"=@shell32.dll,-30500
"Type"=radio
"CheckedValue"=1
"ValueName"=Hidden
"DefaultValue"=2
"HKeyRoot"=2147483649
"HelpID"=shell.hlp#51105

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"IconUnderline"=2
"GlobalAssocChangedCounter"=72
""=

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s


---------- | Winlogon

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin
"BuildNumber"=7601
"FirstLogon"=0
"ParseAutoexec"=1

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1
"Shell"=explorer.exe
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit"=C:\Windows\system32\userinit.exe,
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
"AutoRestartShell"=1
"Background"=0 0 0
"CachedLogonsCount"=10
"DebugServerCommand"=no
"ForceUnlockLogon"=0
"LegalNoticeCaption"=
"LegalNoticeText"=
"PasswordExpiryWarning"=5
"PowerdownAfterShutdown"=0
"ShutdownWithoutLogon"=0
"WinStationsDisabled"=0
"DisableCAD"=1
"scremoveoption"=0
"ShutdownFlags"=2147483687
"AutoAdminLogon"=0
"DefaultUserName"=hilton


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\Classes\.com]
""=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.reg]
""=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\Classes\.scr]
""=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\Classes\.bat]
""=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.cmd]
""=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.pif]
""=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.inf]
""=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes\.url]
""=InternetShortcut

[HKLM\Software\Classes\.lnk]
""=lnkfile

[HKLM\Software\Classes\.hta]
"PerceivedType"=text
""=htafile
"Content Type"=application/hta

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\System32\mshta.exe "%1" %*

[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"EditFlags"=2
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"FriendlyTypeName"=@C:\Windows\system32\ieframe.dll,-10046
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
""=Internet Shortcut

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest
"EditFlags"=65536
"BrowserFlags"=4096
"FriendlyTypeName"=@dfshim.dll,-200

[HKLM\Software\Classes\Application.Reference]
"NeverShowExt"=
""=Application Reference
"IsShortcut"=
"EditFlags"=131072
"FriendlyTypeName"=@dfshim.dll,-201

[HKLM\Software\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeLayoutPatternForSearch"=alpha
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
""=Folder
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.ItemTypeText

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files\Google\Chrome\Application\chrome.exe"
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=iexplore.exe
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"c:\SWSetup\SP73091\Setup.exe"=1
"c:\SWSetup\SP73091\Win32\setup.exe"=1
"C:\DRIVERS\WIN\TPBTooth\Setup.exe"=1
"C:\DRIVERS\WIN\TPBTooth\Win32\setup.exe"=1
"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"=1
"C:\Users\hilton\Downloads\Stardock\ObjectDock_setup.exe"=1
"C:\Users\hilton\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe"=1
"C:\Users\hilton\Downloads\xp68-win-mg3200-5_60a-ejs.exe"=1
"C:\Users\hilton\Downloads\qm__-win-2_7_1-ea31_2.exe"=1
"C:\Users\hilton\Downloads\ccsetup526(2).exe"=1
"C:\Users\hilton\Downloads\ccsetup528(1).exe"=1


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"SwapMouseButtons"=#USR:Control Panel\Mouse
"Beep"=#USR:Control Panel\Sound
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"CoolSwitch"=USR:Control Panel\Desktop
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=128920209537502489
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=0
"ProductStatus"=0
"InstallTime"=0x49D898D4C7D0D101

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)


---------- | Hosts


---------- | Ping

Pinging google.com [2607:f8b0:4002:80f::200e] with 32 bytes of data:
Reply from 2607:f8b0:4002:80f::200e: time=32ms
Reply from 2607:f8b0:4002:80f::200e: time=50ms
Reply from 2607:f8b0:4002:80f::200e: time=33ms
Reply from 2607:f8b0:4002:80f::200e: time=30ms

Ping statistics for 2607:f8b0:4002:80f::200e:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 50ms, Average = 36ms

---------- | @

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"=yes
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page Redirect Cache AcceptLangs"=en-US
"NotifyDownloadComplete"=yes
"DisableScriptDebuggerIE"=yes
"ImageStoreRandomFolder"=13euj9h
"DoNotTrack"=0
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x93C7F956736BD201
"IE10TourShown"=1
"IE10TourShownTime"=0xC73E542CDB69D201
"DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7C02000010010000FC040000F0020000
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=
"DefSpellLang"=en-AU
en-US
"SuppressScriptDebuggerDialog"=0
"FormSuggest Passwords"=yes
"FormSuggest PW Ask"=no
"ScriptDebugger_EnableHiddenTabs"=0
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"StatusBarWeb"=1
"ForceGDIPlus"=0
"AlwaysShowMenus"=0
"ShutdownWaitForOnUnload"=0
"DNSPreresolution"=8
"SpellChecking"=1
"LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8}
"DisablePasswordReveal"=0
"Check_Associations"=yes
"DisableRequiresActiveXPrompt"=
"GotoIntranetSiteForSingleWordEntry"=0
"AutoSearch"=1
"PredictedViewExpansion"=100
"PredictedViewChangeThreshold"=10
"PredictedViewChangeThresholdPaint"=10
"ContentLayerCacheExpansion"=300
"RenderingLoopMaxTime"=250
"NscSingleExpand"=0
"Error Dlg Displayed On Every Error"=no
"Friendly http errors"=yes
"CSS_Compat"=doctype
"Expand Alt Text"=no
"Display Inline Videos"=1
"Print_Background"=no
"Use Stylesheets"=1
"SmoothScroll"=1
"Show image placeholders"=0
"Disable Diagnostics Mode"=no
"Move System Caret"=no
"Enable AutoImageResize"=yes
"UseThemes"=1
"UseHR"=0
"Q300829"=0
"Cleanup HTCs"=0
"XDomainRequest"=1
"DOMStorage"=1
"EnableAlternativeCodec"=yes
"JScriptProfileCacheEventDelay"=5000
"CrossfadeMinTimeoutInMS"=30000
"CrossfadeMaxTimeoutInMS"=30000
"CrossfadeCurrentTimeoutInMS"=30000
"ScrollTimeoutInMS"=6000
"IE10RunOnceLastShown"=1
"IE10TourNoShow"=0
"IE10RecommendedSettingsNo"=0
"FrameTabWindow"=1
"AdminTabProcs"=1
"SessionMerging"=1
"FrameMerging"=1
"HangRecovery"=1
"DesktopTransparentCoverWindowTime"=8
"TSEnable"=1
"Isolation"=PMIL
"Isolation64Bit"=0
"IsolationImmersive"=PMEM
"TabShutdownDelay"=60000
"FrameShutdownDelay"=0
"Search Bar"=Preserve
"MinIEEnabled"=1
"RefcountTracker"=0
"TabDragOnSingleProc"=0
"ForceBFCacheCandidacyPass"=0
"Fasterback"=1
"BackForwardInstrumentation"=0
"Start Page"=http://www.google.com/
"Start Page_TIMESTAMP"=0x47B9817661E4D201
"OperationalData"=5
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000A005000034030000
"IE10RunOnceLastShown_TIMESTAMP"=0x9114367EA56AD201
"Start Page Redirect Cache_TIMESTAMP"=0x5FFF7580CCE2D201
"Use FormSuggest"=yes

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"IE5_UA_Backup_Flag"=5.0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=IEUser@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"SecureProtocols"=2688
"PrivacyAdvanced"=0
"ZonesSecurityUpgrade"=0x31CCA11F50D2D101
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"EnableAutodial"=0
"NoNetAutodial"=0
"ProxyHttp1.1"=1
"EnableSPDY3_0"=0
"BackgroundConnections"=1
"EnableSSL3Fallback"=1
"EnablePunycode"=1
"ShowPunycode"=0
"CreateUriCacheSize"=80
"CoInternetCombineIUriCacheSize"=80
"SecurityIdIUriCacheSize"=30
"SpecialFoldersCacheSize"=8
"SyncMode5"=4
"DisableIDNPrompt"=0
"WarnonBadCertRecving"=1
"WarnOnPostRedirect"=1
"ProxyEnable"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=www.google.com
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Check_Associations"=yes
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files


---------- | Proxy


[HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies]

---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll

---------- | Execution FileExts








---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=


---------- | Toolbar

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}"=0xA0434D72850DD411990800400523E39A
"ITBar7Layout"=0x13000000000000000000000020000000100001001A00000001000000000700005E010000060000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000A0434D72850DD411990800400523E39A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"ITBar7Height"=21

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={91566AD5-071B-451D-9504-A58141841FA2}
"UpgradeTime"=0x79396929DB69D201
"DefaultPackCorrection"=1
"DefaultPackNTCorrection"=1
"TopResult"=1
"ShowSearchSuggestionsGlobal"=1
"ShowSearchSuggestionsInAddressGlobal"=1
"KnownProvidersUpgradeTime"=0xA8D48D28DB69D201
"Version"=4

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{724d43a0-0d85-11d4-9908-00400523e39a}"=0x00
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=0x00

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}


---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}] : () - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}] : (@C:\Windows\WindowsMobile\INetRepl.dll,-223) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}] : (Fill Forms) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] : (Save Forms) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}] : (Show RoboForm Toolbar) - []

---------- | SearchScopes

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - () - :
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91566AD5-071B-451D-9504-A58141841FA2}] - (Google) - https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}] -> (RoboForm Toolbar Helper) : C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [12/08/2016 15:03:22]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] -> (Google Toolbar Helper) : C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [26/04/2017 13:09:45]

---------- | Chrome

C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\okmhneofinpilciglijihehjpaegledb]
[HKLM\Software\Google\Chrome\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob]

---------- | Opera


---------- | Firefox


[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\mozilla\Firefox\Extensions]
"rf-firefox@siber.com"=C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi
[HKLM\Software\mozilla\Firefox\Extensions]
"rf-firefox@siber.com"=C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin] - () : C:\Users\hilton\AppData\Local\Citrix\Plugins\104\npappdetector.dll
[HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\Prefs.js

user_pref("browser.search.defaultenginename", "Yahoo! Powered");
user_pref("browser.search.selectedEngine", "Yahoo! Powered");
user_pref("browser.startup.homepage", "www.google.com");
user_pref("browser.startup.homepage_override.buildID", "20170302120751");
user_pref("browser.startup.homepage_override.mstone", "52.0");
user_pref("extensions.adblockplus.currentVersion", "2.9.1");
user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1497367614431,\"softExpiration\":1497457196612,\"hardExpiration\":1497539906328,\"data\":{\"notifications\":[],\"version\":\"201706131518\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":16}");
user_pref("extensions.blocklist.pingCountTotal", 14);
user_pref("extensions.blocklist.pingCountVersion", 4);
user_pref("extensions.bootstrappedAddons", "{\"{22119944-ED35-4ab1-910B-E619EA06A115}\":{\"version\":\"8.2.9.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Siber Systems\\\\AI RoboForm\\\\Firefox\\\\roboform.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.9.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":true},\"disable-cert-transparency@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{4586968c-b104-4f8e-ba26-6d251e589a74}\\\\disable-cert-transparency@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"disable-prefetch@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{4586968c-b104-4f8e-ba26-6d251e589a74}\\\\disable-prefetch@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"e10srollout@mozilla.org\":{\"version\":\"1.12\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{4586968c-b104-4f8e-ba26-6d251e589a74}\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false}}");
user_pref("extensions.databaseSchema", 19);
user_pref("extensions.diagnostics.v1.hasRun", true);
user_pref("extensions.e10s.rollout.blocklist", "{dc572301-7619-498c-a57d-39143191b318};firefox@mega.co.nzsupport@lastpass.com;");
user_pref("extensions.e10s.rollout.hasAddon", true);
user_pref("extensions.e10s.rollout.policy", "50allmpc");
user_pref("extensions.e10sBlockedByAddons", false);
user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0.2");
user_pref("extensions.getAddons.cache.lastUpdate", 1497367552);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20170302.01");
user_pref("extensions.lastAppVersion", "52.0");
user_pref("extensions.lastPlatformVersion", "52.0");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{4586968c-b104-4f8e-ba26-6d251e589a74}\",\"addons\":{\"disable-cert-transparency@mozilla.org\":{\"version\":\"1.0\"},\"disable-prefetch@mozilla.org\":{\"version\":\"1.0\"},\"e10srollout@mozilla.org\":{\"version\":\"1.12\"}}}");
user_pref("extensions.webextensions.uuids", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"294a980d-6c81-4a15-a1f6-76b6cc1c6d13\"}");
user_pref("extensions.xpiState", "{\"app-profile\":{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.9.1\",\"st\":1497367553915}},\"winreg-app-user\":{\"{22119944-ED35-4ab1-910B-E619EA06A115}\":{\"d\":\"C:\\\\Program Files\\\\Siber Systems\\\\AI RoboForm\\\\Firefox\\\\roboform.xpi\",\"e\":true,\"v\":\"8.2.9.5\",\"st\":1496420940227}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"52.0.2\",\"st\":1490296975000}},\"winreg-app-global\":{\"{22119944-ED35-4ab1-910B-E619EA06A115}\":{\"d\":\"C:\\\\Program Files\\\\Siber Systems\\\\AI RoboForm\\\\Firefox\\\\roboform.xpi\",\"e\":false,\"v\":\"8.2.9.5\",\"st\":1496420940227}},\"app-system-addons\":{\"disable-cert-transparency@mozilla.org\":{\"d\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{4586968c-b104-4f8e-ba26-6d251e589a74}\\\\disable-cert-transparency@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1497367560955},\"disable-prefetch@mozilla.org\":{\"d\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{4586968c-b104-4f8e-ba26-6d251e589a74}\\\\disable-prefetch@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1497367561026},\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{4586968c-b104-4f8e-ba26-6d251e589a74}\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.12\",\"st\":1497367561077}}}");


[Profile0] - Name=default-1485114558992 -> Profiles/pc153f57.default-1485114558992

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=209.18.47.61 209.18.47.62
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{B78AF187-32FB-4F20-86D2-C40DA41B6832}]
"DhcpNameServer"=209.18.47.61 209.18.47.62
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B78AF187-32FB-4F20-86D2-C40DA41B6832}]
"DhcpNameServer"=209.18.47.61 209.18.47.62
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B78AF187-32FB-4F20-86D2-C40DA41B6832}]
"DhcpNameServer"=209.18.47.61 209.18.47.62

---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"regsvc"=RemoteRegistry
"DcomLaunch"=Power
PlugPlay
DcomLaunch
"secsvcs"=WinDefend
"bthsvcs"=bthserv
"PeerDist"=PeerDistSvc
"WindowsMobile"=wcescomm
rapimgr
"LocalServiceRestricted"=WcesComm
RapiMgr


---------- | SvcHost - Netsvcs (Whitelist)

Term - :

---------- | Software

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Adobe]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Amazon]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Amazon Services LLC]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Analog Devices]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\AppDataLow]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\AVAST Software]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Canon]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Chromium]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Clients]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Dashlane_profiles]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\DriverSupport]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\eM Client]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Google]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Intel]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\jtosjykc]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Kodi]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Macromedia]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Malwarebytes]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Mozilla]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\MozillaPlugins]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Netscape]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\OpenOffice]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\ovbrx]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\PCPitstop]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Piriform]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Policies]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\QtProject]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Samsung]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Siber Systems]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\SnigelWeb]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Stardock]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Sysinternals]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Widcomm]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\ShellNoRoam]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Adobe]
[HKLM\Software\Analog Devices]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVAST Software]
[HKLM\Software\Canon]
[HKLM\Software\CBSTEST]
[HKLM\Software\Citrix]
[HKLM\Software\Clients]
[HKLM\Software\DriverSupport]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\GEAR Software]
[HKLM\Software\Google]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice]
[HKLM\Software\PCPitstop]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Reason]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SAMSUNG]
[HKLM\Software\Siber Systems]
[HKLM\Software\SlimWare.Utilities]
[HKLM\Software\Sonic]
[HKLM\Software\Stardock]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\Volatile]
[HKLM\Software\Widcomm]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WindowsMobile]

---------- | Drives


---------- | C:

[13/07/2009 22:36:15] - |SHD| - [1763] - C:\$RECYCLE.BIN
[10/08/2016 13:52:39] - |D| - [0] - C:\95fcae343f4f0cedab9b17240bf8
[02/04/2017 12:17:48] - |D| - [350103713] - C:\AdsFix
[MD5.44CB61866FB926A7A1988D23785F6093] - [02/04/2017 12:24:34] - |A| - (.-.) - [25188] - (0.0.0.0) - C:\AdsFix_02_04_2017_16_17_19.txt
[21/04/2017 14:15:28] - |D| - [709025478] - C:\AdwCleaner
[MD5.D9EBEC6668A6092FCBD1713C347AA5E0] - [13/07/2009 22:04:04] - |A| - (.-.) - [24] - (0.0.0.0) - C:\autoexec.bat
[12/04/2017 03:02:00] - |SHD| - [0] - C:\Config.Msi
[MD5.ED4FC5980BD8B1AD869FF725C7776338] - [13/07/2009 22:04:04] - |A| - (.-.) - [10] - (0.0.0.0) - C:\config.sys
[20/08/2016 14:06:16] - |D| - [49262943] - C:\Dell
[MD5.B819A5003CEFCA15B52A9EE823EC7620] - [23/07/2012 20:44:40] - |A| - (.-.) - [37] - (0.0.0.0) - C:\DevMgr.bat
[14/07/2009 00:53:55] - |SHD| - [0] - C:\Documents and Settings
[01/08/2016 14:18:40] - |D| - [189142349] - C:\DRIVERS
[11/04/2017 16:03:45] - |D| - [67617005] - C:\FRST
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/04/2017 16:17:20] - |ASH| - (.-.) - [2608287744] - (0.0.0.0) - C:\hiberfil.sys
[01/08/2016 14:35:27] - |D| - [1515578] - C:\Intel
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/06/2016 18:58:58] - |ASH| - (.-.) - [3477721088] - (0.0.0.0) - C:\pagefile.sys
[13/07/2009 22:37:05] - |D| - [0] - C:\PerfLogs
[13/07/2009 22:37:05] - |RD| - [2699254195] - C:\Program Files
[13/07/2009 22:37:05] - |HD| - [28822872288] - C:\ProgramData
[30/03/2017 12:06:11] - |D| - [508020] - C:\QuickDiag
[MD5.DE6292FB4A0AEFB8013C29F267B6C11E] - [23/06/2017 14:28:11] - |A| - (.-.) - [93723] - (0.0.0.0) - C:\QuickDiag.txt
[MD5.D1408E8436EC28BB9C779154839114FF] - [30/03/2017 12:29:51] - |RA| - (.-.) - [230674] - (0.0.0.0) - C:\QuickDiag_30_03_2017_12_29_51.txt
[29/06/2016 16:30:46] - |SHD| - [148457388] - C:\Recovery
[23/07/2012 20:44:40] - |AHD| - [1874344] - C:\RPKTools
[05/07/2016 14:05:37] - |D| - [329162094] - C:\SWSetup
[27/06/2016 18:58:58] - |SHD| - [0] - C:\System Volume Information
[23/07/2012 20:44:40] - |HD| - [281] - C:\Tools
[13/07/2009 22:37:05] - |RD| - [65275293612] - C:\Users
[13/07/2009 22:37:05] - |D| - [16690742614] - C:\Windows

---------- | C:\Windows

[14/07/2009 00:52:30] - |D| - [802] - C:\Windows\addins
[13/07/2009 22:37:05] - |D| - [11631477] - C:\Windows\AppCompat
[13/07/2009 22:37:05] - |D| - [9867762] - C:\Windows\AppPatch
[13/07/2009 22:37:05] - |RSD| - [1096041283] - C:\Windows\assembly
[MD5.12EBDA58437CD1EA7066FCB6455241D2] - [18/12/2016 22:20:33] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\Windows\avastSS.scr
[MD5.DBD14D0DB0382DFE96D7B5007DDD5ABE] - [20/11/2010 17:29:04] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [65024] - (6.1.7601.17514) - C:\Windows\bfsvc.exe
[13/07/2009 22:37:06] - |D| - [18320168] - C:\Windows\Boot
[MD5.F8429A995002944DCE8F69D6FCDC15B6] - [14/07/2009 00:57:37] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[13/07/2009 22:37:06] - |D| - [2418176] - C:\Windows\Branding
[23/07/2012 20:44:34] - |D| - [144984548] - C:\Windows\ConfigSetRoot
[27/06/2016 18:59:20] - |D| - [0] - C:\Windows\CSC
[13/07/2009 22:37:06] - |D| - [2113488] - C:\Windows\Cursors
[14/07/2009 00:34:21] - |D| - [18090] - C:\Windows\debug
[14/07/2009 00:52:30] - |D| - [3001676] - C:\Windows\diagnostics
[20/11/2010 20:38:49] - |D| - [0] - C:\Windows\DigitalLocker
[14/07/2009 00:52:30] - |D| - [4340996] - C:\Windows\Downloaded Program Files
[20/11/2010 20:47:17] - |D| - [106176151] - C:\Windows\ehome
[20/11/2010 20:38:49] - |D| - [110080] - C:\Windows\en-US
[MD5.2A66E81AE941E54A237490FC35D387C8] - [29/06/2016 18:07:44] - |A| - (.-.) - [1945] - (0.0.0.0) - C:\Windows\epplauncher.mif
[MD5.6DDCA324434FFA506CF7DC4E51DB7935] - [16/10/2016 12:49:31] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [2972672] - (6.1.7601.23537) - C:\Windows\explorer.exe
[13/07/2009 22:37:06] - |RSD| - [370634595] - C:\Windows\Fonts
[MD5.F9202335BBA03A02F084FE588564BBF5] - [13/07/2009 19:12:58] - |A| - (.© Microsoft Corporation. - BitLocker Drive Encryption Servicing Utility.) - [13824] - (6.1.7600.16385) - C:\Windows\fveupdate.exe
[13/07/2009 22:37:06] - |D| - [32090797] - C:\Windows\Globalization
[13/07/2009 22:37:06] - |D| - [30365914] - C:\Windows\Help
[MD5.3B55B2000DEBDC210693530B669B9966] - [14/06/2017 07:49:45] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [497152] - (6.1.7601.23834) - C:\Windows\HelpPane.exe
[MD5.9B90B0C78671A4881D06C91941F6F379] - [13/07/2009 20:12:22] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [15360] - (6.1.7600.16385) - C:\Windows\hh.exe
[13/07/2009 22:37:06] - |D| - [143546732] - C:\Windows\IME
[13/07/2009 22:37:06] - |D| - [134278643] - C:\Windows\inf
[23/07/2012 19:49:39] - |SHD| - [1191466371] - C:\Windows\Installer
[13/07/2009 22:37:06] - |D| - [48371] - C:\Windows\L2Schemas
[13/07/2009 22:37:06] - |D| - [0] - C:\Windows\LiveKernelReports
[13/07/2009 22:37:06] - |D| - [102300069] - C:\Windows\Logs
[13/07/2009 22:37:06] - |RSD| - [13327133] - C:\Windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [13/07/2009 19:55:01] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[13/07/2009 22:37:07] - |D| - [562463103] - C:\Windows\Microsoft.NET
[02/07/2016 03:18:15] - |D| - [3634] - C:\Windows\Migration
[02/07/2016 13:55:15] - |D| - [109366] - C:\Windows\Minidump
[13/07/2009 22:37:07] - |D| - [0] - C:\Windows\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [13/07/2009 22:04:57] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini
[MD5.A4F6DF0E33E644E802C8798ED94D80EA] - [01/07/2016 13:19:59] - |A| - (.© Microsoft Corporation. - Notepad.) - [179712] - (6.1.7601.18917) - C:\Windows\notepad.exe
[23/07/2012 20:44:40] - |D| - [18052] - C:\Windows\OEM
[14/07/2009 00:52:30] - |D| - [65] - C:\Windows\Offline Web Pages
[23/07/2012 20:45:04] - |D| - [1243676] - C:\Windows\Panther
[14/07/2009 00:52:30] - |D| - [62693450] - C:\Windows\Performance
[13/07/2009 22:37:07] - |D| - [1109514] - C:\Windows\PLA
[13/07/2009 22:37:07] - |D| - [4880747] - C:\Windows\PolicyDefinitions
[23/07/2012 19:46:20] - |D| - [31633464] - C:\Windows\Prefetch
[MD5.FFB8B91BD19E5BC10A3344AAF34880F3] - [20/11/2010 20:47:53] - |A| - (.-.) - [53551] - (0.0.0.0) - C:\Windows\Professional.xml
[27/04/2017 14:51:59] - |D| - [834] - C:\Windows\pss
[MD5.8A4883F5E7AC37444F23279239553878] - [13/07/2009 19:17:08] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [398336] - (6.1.7600.16385) - C:\Windows\regedit.exe
[13/07/2009 22:37:07] - |D| - [21544] - C:\Windows\registration
[13/07/2009 22:37:07] - |D| - [8146639] - C:\Windows\rescache
[13/07/2009 22:37:07] - |D| - [1674534] - C:\Windows\Resources
[13/07/2009 22:37:07] - |D| - [0] - C:\Windows\SchCache
[13/07/2009 22:37:07] - |D| - [58021] - C:\Windows\schemas
[13/07/2009 22:37:07] - |D| - [5281068] - C:\Windows\security
[14/07/2009 00:34:13] - |D| - [72593615] - C:\Windows\ServiceProfiles
[13/07/2009 22:37:07] - |D| - [68513788] - C:\Windows\servicing
[14/07/2009 00:34:16] - |D| - [42] - C:\Windows\Setup
[MD5.9982DE5B241F4776F71698EB4D4FC7E9] - [21/06/2017 11:12:16] - |A| - (.-.) - [168] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [21/06/2017 11:12:16] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[27/06/2016 19:00:19] - |D| - [672424439] - C:\Windows\SoftwareDistribution
[13/07/2009 22:37:07] - |D| - [181021214] - C:\Windows\Speech
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 00:48:09] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml
[13/07/2009 22:37:07] - |D| - [700380] - C:\Windows\system
[MD5.286A9EDB379DC3423A528B0864A0F111] - [13/07/2009 22:04:23] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[13/07/2009 22:37:07] - |D| - [3288742898] - C:\Windows\System32
[13/07/2009 22:37:09] - |D| - [15] - C:\Windows\TAPI
[13/07/2009 22:37:09] - |D| - [46706] - C:\Windows\Tasks
[13/07/2009 22:37:09] - |D| - [26102] - C:\Windows\Temp
[13/07/2009 22:37:09] - |D| - [0] - C:\Windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 17:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll
[14/07/2009 00:52:30] - |D| - [6144] - C:\Windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [20/11/2010 17:29:41] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 18:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [13/07/2009 20:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe
[MD5.015B30309491A911E75748AD69C9E680] - [18/12/2016 22:20:37] - |A| - (.© Microsoft Corporation. - Microsoft® C Runtime Library.) - [921280] - (10.0.10586.212) - C:\Windows\ucrtbase.dll
[13/07/2009 22:37:09] - |D| - [12420] - C:\Windows\Vss
[13/07/2009 22:37:09] - |D| - [40681427] - C:\Windows\Web
[MD5.162904DAA5412143F5403233E77F787E] - [13/07/2009 22:04:23] - |A| - (.-.) - [403] - (0.0.0.0) - C:\Windows\win.ini
[12/02/2017 15:08:20] - |D| - [85838997] - C:\Windows\WindowsMobile
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 00:41:57] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.98703E202517E3C7F7F529425474C8ED] - [27/06/2016 19:00:19] - |A| - (.-.) - [1496283] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.8E6F7D51A5CB299C25621C6C1AB57E84] - [13/07/2009 16:29:46] - |A| - (.Copyright © Microsoft Corp. 1991-1992 - Windows Help Engine application file.) - [256192] - (3.10.0.425) - C:\Windows\winhelp.exe
[MD5.1D420D66250BCAAAED05724FB34008CF] - [13/07/2009 20:12:29] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe
[13/07/2009 22:37:09] - |D| - [8176063808] - C:\Windows\winsxs
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 17:34:23] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.6E8EACC0B339365D79A2C06896865D3D] - [13/07/2009 19:41:00] - |A| - (.© Microsoft Corporation. - Windows Write.) - [9216] - (6.1.7600.16385) - C:\Windows\write.exe
[MD5.B317B33694BAC49D492DD3F23E374899] - [13/07/2009 17:30:30] - |A| - (.-.) - [707] - (0.0.0.0) - C:\Windows\_default.pif

---------- | C:\Windows\System32\GroupPolicy

[30/06/2016 15:55:47] - |D| - [0] - C:\Windows\System32\GroupPolicy\User

---------- | Systemroot\System

[13/07/2009 19:00:47] - |A| - [69584] - C:\Windows\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL)
[13/07/2009 19:00:47] - |A| - [109456] - C:\Windows\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library)
[13/07/2009 17:41:42] - |A| - [32816] - C:\Windows\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Common Dialogs libraries)
[13/07/2009 17:41:23] - |A| - [2000] - C:\Windows\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Keyboard Driver Module)
[13/07/2009 16:29:46] - |A| - [9936] - C:\Windows\System\lzexpand.dll (Copyright © Microsoft Corp. 1989-1992) - (Windows file expansion library)
[13/07/2009 19:00:47] - |A| - [73376] - C:\Windows\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI)
[13/07/2009 19:00:47] - |A| - [25264] - C:\Windows\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer)
[13/07/2009 19:00:47] - |A| - [28160] - C:\Windows\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio)
[13/07/2009 17:41:32] - |A| - [68992] - C:\Windows\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (System APIs for Multimedia)
[13/07/2009 17:41:32] - |A| - [1152] - C:\Windows\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Multimedia background task support module)
[13/07/2009 17:41:27] - |A| - [2032] - C:\Windows\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW MOUSE Driver Module)
[10/06/2009 17:21:50] - |A| - [126912] - C:\Windows\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL)
[13/07/2009 16:29:46] - |A| - [82944] - C:\Windows\System\olecli.dll (Copyright © Microsoft Corp. 1991-1993) - (Object Linking and Embedding Client Library)
[13/07/2009 17:41:50] - |A| - [24064] - C:\Windows\System\OLESVR.DLL (Copyright © Microsoft Corp. 1991-1996) - (Object Linking and Embedding Server Library)
[13/07/2009 17:41:22] - |A| - [5120] - C:\Windows\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Shell library)
[13/07/2009 17:41:23] - |A| - [1744] - C:\Windows\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW SOUND Driver Module)
[13/07/2009 18:00:27] - |A| - [5532] - C:\Windows\System\stdole.tlb (Copyright © Microsoft Corp. 1993-1995) - (OLE 2.1 16/32 Interoperability Type Library)
[13/07/2009 17:41:21] - |A| - [3360] - C:\Windows\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows System Driver core component)
[13/07/2009 17:41:39] - |A| - [4048] - C:\Windows\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Timer driver for PC compatibles)
[13/07/2009 16:29:46] - |A| - [9008] - C:\Windows\System\ver.dll (Copyright © Microsoft Corp. 1991) - (Version Checking and File Installation Libraries)
[13/07/2009 17:41:26] - |A| - [2176] - C:\Windows\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Display Driver Module)
[13/07/2009 17:41:45] - |A| - [12704] - C:\Windows\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows for Workgroups network driver)

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[13/05/2017 13:36:05] - C:\Windows\Installer\11a3f37b.msi : (eM Client - eM Client Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/05/2015 14:23:16] - C:\Windows\Installer\178720f.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/09/2016 12:21:44] - C:\Windows\Installer\19ae0f09.msi : (OpenOffice 4.1.3 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/07/2016 22:19:14] - C:\Windows\Installer\1c9d2e.msi : (Intel(R) Wireless Bluetooth(R) - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/09/2016 12:01:33] - C:\Windows\Installer\1e561dab.msi : (Looks for updates for your computer's software and drivers to improve performance. - Slimware Utilities Holdings, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2014 15:04:56] - C:\Windows\Installer\1ebc2c9f.msi : (Intel(R) Network Connections - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 04:42:22] - C:\Windows\Installer\1f3b9bd.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/04/2012 01:06:44] - C:\Windows\Installer\223b8e.msi : (WIDCOMM Bluetooth Profile Pack - Broadcom Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/05/2017 18:26:15] - C:\Windows\Installer\29f5d9f0.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/04/2017 13:09:46] - C:\Windows\Installer\2f1ac96.msi : (Google Toolbar for Internet Explorer - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/04/2017 14:41:40] - C:\Windows\Installer\c3688c.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/11/2016 16:09:45] - C:\Windows\Installer\f249c6.msi : (Blank Project Template - Samsung Electronics Co., Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[14/07/2009 00:42:29] - [73] - C:\Windows\System32\desktop.ini
[29/06/2016 16:51:31] - [16303] - C:\Windows\System32\ieuinit.inf
[14/07/2009 00:42:26] - [535] - C:\Windows\System32\mapisvc.inf
[20/11/2010 17:01:02] - [781298] - C:\Windows\System32\PerfStringBackup.INI
[10/06/2009 17:39:59] - [60124] - C:\Windows\System32\tcpmon.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.7B5EC1DD6A8EC1FBD8DFEA1C696BF5A6] - |N| - [27/04/2017 14:51:59] - (.-.) - [0.81 Ko] - (0.0.0.0) - C:\Windows\PSS\Bluetooth.lnk.CommonStartup
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |N| - [15/06/2017 03:24:30] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\atchksrv.log
[MD5.EA1798F1AFDE24A6BC55CCDE109A8B00] - |A| - [18/06/2017 01:00:03] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\Temp\coinlog.log
[MD5.AFDE21CF9C259B26905286EC0B265278] - |A| - [18/06/2017 16:42:21] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\fwtsqmfile00.sqm
[MD5.00000000000000000000000000000000] - |D| - [21/06/2017 11:12:19] - [1.75 Ko] - C:\Windows\Temp\HP
[MD5.00B890E52C56F40CB4BC58D2B403FA72] - |A| - [19/06/2017 03:24:01] - (.-.) - [12.58 Ko] - (0.0.0.0) - C:\Windows\Temp\MpCmdRun.log
[MD5.3DB0BF3AAB7CAE6CB0C670388E280447] - |A| - [20/06/2017 02:47:37] - (.-.) - [10.52 Ko] - (0.0.0.0) - C:\Windows\Temp\MpSigStub.log
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [0 Ko] - C:\Windows\System32\0409
[MD5.1F6967C2EAC39FA5A2335A4635E95904] - |AH| - [14/07/2009 00:34:15] - (.-.) - [21.19 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.1F6967C2EAC39FA5A2335A4635E95904] - |AH| - [14/07/2009 00:34:15] - (.-.) - [21.19 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.8AAD333C876590293F72B315E162BCC7] - |A| - [13/07/2009 17:40:41] - (.-.) - [8.82 Ko] - (0.0.0.0) - C:\Windows\System32\ANSI.SYS
[MD5.D753EEE17725526A67ACDDAA5D63EF68] - |A| - [13/07/2009 17:40:49] - (.-.) - [12.21 Ko] - (0.0.0.0) - C:\Windows\System32\append.exe
[MD5.00000000000000000000000000000000] - |D| - [27/02/2017 14:24:53] - [0 Ko] - C:\Windows\System32\appmgmt
[MD5.00000000000000000000000000000000] - |D| - [03/07/2016 03:49:28] - [9293.73 Ko] - C:\Windows\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [201.5 Ko] - C:\Windows\System32\ar-SA
[MD5.30475F091008E24550523515A023270D] - |A| - [13/07/2009 22:04:04] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\Windows\System32\autoexec.nt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [173 Ko] - C:\Windows\System32\bg-BG
[MD5.84BDB1E378591D930482B896A1648C53] - |A| - [10/06/2009 17:42:54] - (.-.) - [27.75 Ko] - (0.0.0.0) - C:\Windows\System32\bios1.rom
[MD5.B44C4C9CA9D4BCC8430F3276576F562B] - |A| - [13/07/2009 17:30:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\bios4.rom
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [1043.2 Ko] - C:\Windows\System32\Boot
[MD5.278EE111CB021686C7BDB45C12EAC6E2] - |A| - [13/07/2009 20:59:14] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [17 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll
[MD5.D1E5E5826ECB8F87BDB0CF9E28B48465] - |A| - [13/07/2009 19:51:43] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [72 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |HD| - [28/01/2017 15:13:43] - [824.17 Ko] - C:\Windows\System32\CanonIJ Uninstaller Information
[MD5.40DF43CA1A8752CAA135E27DCC6645B3] - |A| - [13/07/2009 19:41:26] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\Windows\System32\CardGames.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [48336.13 Ko] - C:\Windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [20696.59 Ko] - C:\Windows\System32\catroot2
[MD5.6F6C16E5D711E35FABE3FCD8C49E7A69] - |A| - [05/07/2016 14:17:02] - (.-.) - [75.75 Ko] - (0.0.0.0) - C:\Windows\System32\CNC1762D.TBL
[MD5.E564016FA6663C04A97D754F522632EE] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2012 All Rights Reserved - WIA Scanner Driver.) - [260.5 Ko] - (20.0.0.4) - C:\Windows\System32\CNC_B8C.dll
[MD5.90CF774CA09A5BF87854B63110D543FD] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2012 All Rights Reserved - WIA Scanner Driver Image Enhancement dll.) - [94.5 Ko] - (20.0.0.4) - C:\Windows\System32\CNC_B8I.dll
[MD5.86802456CB4AD11942447D1112242CA0] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2012 All Rights Reserved - LLD.) - [312.5 Ko] - (1.0.0.0) - C:\Windows\System32\CNC_B8L.dll
[MD5.D16CF34B17899F90A8FCF2A3F77B4A27] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2007-2008 All Rights Reserved - Canon Device Dependent Informations for Scanner Library.) - [15.5 Ko] - (1.4.1.1) - C:\Windows\System32\CNHMCA.dll
[MD5.35096FFA4D72432B6795E310A991D757] - |A| - [05/07/2016 14:17:54] - (.Copyright CANON INC. 2000-2012 All Rights Reserved - IJ Language Monitor.) - [307.5 Ko] - (0.3.0.1) - C:\Windows\System32\CNMLMB8.DLL
[MD5.C37A74199944B29D736DFE59974A3A34] - |A| - [28/01/2017 15:13:38] - (.Copyright CANON INC. 2007-2012 All Rights Reserved - IJ Language Monitor.) - [309 Ko] - (0.3.0.1) - C:\Windows\System32\CNMXLMB8.DLL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [5222.8 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [302.5 Ko] - C:\Windows\System32\com
[MD5.BA597F9A4BB90F038266CE1A3C3BE3FB] - |A| - [13/07/2009 17:40:48] - (.-.) - [49.46 Ko] - (0.0.0.0) - C:\Windows\System32\COMMAND.COM
[MD5.00000000000000000000000000000000] - |SD| - [03/07/2016 03:49:29] - [3421.69 Ko] - C:\Windows\System32\CompatTel
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [301373.17 Ko] - C:\Windows\System32\config
[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - |A| - [13/07/2009 22:04:04] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\Windows\System32\config.nt
[MD5.0FE9F16075C9ACB941C957B7C649176E] - |A| - [13/07/2009 17:40:44] - (.-.) - [26.46 Ko] - (0.0.0.0) - C:\Windows\System32\country.sys
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [432 Ko] - C:\Windows\System32\cs-CZ
[MD5.4B2E28731AC72530E58ED1F1EB0A93A1] - |A| - [01/08/2016 14:11:40] - (.Copyright 2011 - CSVer.) - [52 Ko] - (9.4.0.1027) - C:\Windows\System32\CSVer.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [427.5 Ko] - C:\Windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [457.5 Ko] - C:\Windows\System32\de-DE
[MD5.C17AFA0AAD78C621F818DD6729572C48] - |A| - [13/07/2009 17:40:52] - (.-.) - [20.15 Ko] - (0.0.0.0) - C:\Windows\System32\debug.exe
[MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 00:42:29] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [4135 Ko] - C:\Windows\System32\Dism
[MD5.03783D0840B2C54D7665248425C74417] - |A| - [20/11/2010 17:29:20] - (.-.) - [52.34 Ko] - (0.0.0.0) - C:\Windows\System32\dosx.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [53103.08 Ko] - C:\Windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [1029066.4 Ko] - C:\Windows\System32\DriverStore
[MD5.F61E145D8A9AF7CDAB47CD810DE7DC56] - |A| - [01/08/2016 14:12:31] - (.-.) - [2.65 Ko] - (0.0.0.0) - C:\Windows\System32\e1e6232.din
[MD5.F6E368E10B600836DD349FF937B183A2] - |A| - [10/06/2009 17:42:32] - (.-.) - [68.25 Ko] - (0.0.0.0) - C:\Windows\System32\edit.com
[MD5.8AA8DCC96FA0492E3B5D415537FAB8FE] - |A| - [10/06/2009 17:42:32] - (.-.) - [10.54 Ko] - (0.0.0.0) - C:\Windows\System32\EDIT.HLP
[MD5.B7A0AA49CBB604B2C3A42A49C36D8A4F] - |A| - [13/07/2009 17:40:50] - (.-.) - [12.35 Ko] - (0.0.0.0) - C:\Windows\System32\edlin.exe
[MD5.52E91EAC2F3175B1A5B0150382B6D771] - |A| - [13/07/2009 16:31:17] - (.-.) - [124.23 Ko] - (0.0.0.0) - C:\Windows\System32\ega.cpi
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [457 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [1804 Ko] - C:\Windows\System32\en
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [36267.52 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [448 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [160.5 Ko] - C:\Windows\System32\et-EE
[MD5.683626544E81387771ED55E1A0F2047B] - |A| - [13/07/2009 17:40:51] - (.-.) - [8.23 Ko] - (0.0.0.0) - C:\Windows\System32\exe2bin.exe
[MD5.68062C0ECE86AB7801B5B47FDC855A06] - |A| - [13/07/2009 17:41:02] - (.-.) - [0.86 Ko] - (0.0.0.0) - C:\Windows\System32\fastopen.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [430 Ko] - C:\Windows\System32\fi-FI
[MD5.EDEE92852DD95FC89C067FB117D83730] - |A| - [14/07/2009 00:33:53] - (.-.) - [283.45 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [454 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 17:19:05] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.D22208AEEE3F2DA495592D0E434A0145] - |A| - [03/07/2016 12:22:54] - (.-.) - [64.23 Ko] - (0.0.0.0) - C:\Windows\System32\GDIPFONTCACHEV1.DAT
[MD5.6E4E7884E6489AC4F5E6DAB176A73E52] - |A| - [13/07/2009 17:41:01] - (.-.) - [19.23 Ko] - (0.0.0.0) - C:\Windows\System32\GRAPHICS.COM
[MD5.BC33AA625D6B807F718627386DF78426] - |A| - [10/06/2009 17:42:32] - (.-.) - [20.73 Ko] - (0.0.0.0) - C:\Windows\System32\graphics.pro
[MD5.00000000000000000000000000000000] - |HD| - [13/07/2009 22:37:08] - [0 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - |A| - [13/07/2009 17:40:40] - (.-.) - [4.66 Ko] - (0.0.0.0) - C:\Windows\System32\HIMEM.SYS
[MD5.4B2BDDFB7C44498E9FF47C8F65918867] - |A| - [23/09/2009 19:27:44] - (.Copyright (C) 2009 - Intel® Graphics Media Accelerator Driver Coinstaller.) - [152 Ko] - (1.1.17.0) - C:\Windows\System32\igfxCoIn_v1930.dll
[MD5.99AF886F548DFA1AEC9868A8BF0F74FC] - |A| - [23/09/2009 18:45:12] - (.-.) - [1876.24 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa32.cpa
[MD5.7FEF5563D091D8A44B96DD4EBE0350AA] - |A| - [23/09/2009 18:45:12] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa32.vp
[MD5.A16E966DEBE65033E703CA9514753E11] - |A| - [23/09/2009 18:45:12] - (.-.) - [58.81 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc32.vp
[MD5.251D22DE1DF611739E4D0C7BAB2E80D6] - |A| - [23/09/2009 18:45:12] - (.-.) - [58.84 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg32.vp
[MD5.CB4DCAF11675F52D39035BCEE14ABA77] - |A| - [23/09/2009 18:45:12] - (.-.) - [58.61 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo32.vp
[MD5.68B4E32B9D5AAC08DF18C288676E9B82] - |A| - [23/09/2009 19:45:20] - (.-.) - [38.52 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxs32.vp
[MD5.1B24EC543ADEA0AFB520B4F104134CBB] - |A| - [02/07/2016 03:24:36] - (.Copyright © 2009 - Intel® Graphics Media Accelerator Driver installer.) - [978.52 Ko] - (1.1.33.0) - C:\Windows\System32\igxpun.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [34097.44 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [0 Ko] - C:\Windows\System32\inetsrv
[MD5.C24A7C74FE4219F9940FC77AB548FB34] - |A| - [20/11/2010 17:18:30] - (.-.) - [29.09 Ko] - (0.0.0.0) - C:\Windows\System32\InstallPackage_ETW.Log
[MD5.4D7E256377A5E934EA1820B2CEA79131] - |A| - [13/07/2009 17:40:59] - (.-.) - [14.37 Ko] - (0.0.0.0) - C:\Windows\System32\KB16.COM
[MD5.492090267B9608C62B956CD29BE3AFB7] - |A| - [13/07/2009 17:40:43] - (.-.) - [41.81 Ko] - (0.0.0.0) - C:\Windows\System32\KEY01.SYS
[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - |A| - [13/07/2009 17:40:43] - (.-.) - [41.54 Ko] - (0.0.0.0) - C:\Windows\System32\KEYBOARD.SYS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [360 Ko] - C:\Windows\System32\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [13/07/2009 22:05:05] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [23/07/2012 19:52:49] - [108 Ko] - C:\Windows\System32\Lang
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/01/2017 12:16:53] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\System32\last.dump
[MD5.536460507B20AE0F03D7BEE8111028CF] - |A| - [13/07/2009 17:40:57] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\LOADFIX.COM
[MD5.E89C001FB4D9E08CC7072CE774CDB999] - |A| - [20/11/2010 16:58:07] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\Windows\System32\LocalGroupAdminAdd.log
[MD5.9EB325EC6E6DC9418A391C852F96B623] - |A| - [20/11/2010 16:58:08] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\System32\Local_LLU.log
[MD5.CB630C50170F16E21D12A572E6F39ED0] - |A| - [23/07/2012 19:53:34] - (.-.) - [0.42 Ko] - (0.0.0.0) - C:\Windows\System32\log(27).txt
[MD5.C2F920849BA625DF37E9738393F76C8A] - |A| - [23/07/2012 19:53:34] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\log.txt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [2636.96 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [165 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [166 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [04/07/2016 15:23:51] - [22205.11 Ko] - C:\Windows\System32\Macromed
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 16:22:04] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [2029.01 Ko] - C:\Windows\System32\manifeststore
[MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 00:42:26] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\System32\mapisvc.inf
[MD5.4C7271F0C6F45C80453B7374F232B651] - |A| - [27/04/2016 18:41:38] - (.Copyright 2016 Motorola Solutions, Inc. - Bluetooth Low Energy SDK Implementation Dll.) - [317.98 Ko] - (19.0.1603.630) - C:\Windows\System32\mbtleapi.dll
[MD5.390762963E6B4C861E5E0CA5A3E56E40] - |A| - [13/07/2009 17:40:56] - (.-.) - [38.35 Ko] - (0.0.0.0) - C:\Windows\System32\mem.exe
[MD5.331854AA634AF7755185B97BF3494C43] - |A| - [23/07/2012 19:53:32] - (.Copyright © 2009 - Intel® Active Management Technology Device Software installer.) - [986.52 Ko] - (1.1.19.9) - C:\Windows\System32\mesoludlg.exe
[MD5.DB0D176B243020E189AE852C36A7D888] - |A| - [05/09/2016 14:16:30] - (.Copyright© 1995-2016 McAfee, Inc. - McAfee Process Validation Service.) - [310.52 Ko] - (15.5.0.4350) - C:\Windows\System32\mfevtps(26).exe
[MD5.00000000000000000000000000000000] - |SD| - [14/07/2009 00:34:06] - [1109.78 Ko] - C:\Windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [3563.43 Ko] - C:\Windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [32737.45 Ko] - C:\Windows\System32\migwiz
[MD5.A311363F3C887D8C3A524A51B7F20D69] - |A| - [14/07/2009 00:42:29] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [03/07/2016 03:09:41] - [0 Ko] - C:\Windows\System32\MRT
[MD5.52C7505D68C3CE8496EC8DC17D8FF75A] - |A| - [13/07/2009 17:41:05] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\System32\mscdexnt.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [4148.28 Ko] - C:\Windows\System32\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [11.33 Ko] - C:\Windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [422.5 Ko] - C:\Windows\System32\nb-NO
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [13/07/2009 18:10:48] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [68 Ko] - C:\Windows\System32\NetworkList
[MD5.8E24A7BCAEF2045DA1FF29217622843E] - |A| - [20/11/2010 16:58:08] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\Network_LLU.log
[MD5.5E835121A3899CFA37E285E0CA2B4E7D] - |A| - [13/07/2009 17:40:57] - (.-.) - [6.89 Ko] - (0.0.0.0) - C:\Windows\System32\nlsfunc.exe
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [13/07/2009 22:05:05] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\noise.kor
[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - |A| - [13/07/2009 17:40:23] - (.-.) - [27.21 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS.SYS
[MD5.CF9ED169FF86D935E47999E82359E898] - |A| - [13/07/2009 17:40:31] - (.-.) - [28.46 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS404.SYS
[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - |A| - [13/07/2009 17:40:35] - (.-.) - [28.68 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS411.SYS
[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - |A| - [13/07/2009 17:40:39] - (.-.) - [28.59 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS412.SYS
[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - |A| - [13/07/2009 17:40:27] - (.-.) - [28.46 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS804.SYS
[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - |A| - [13/07/2009 17:40:11] - (.-.) - [33.16 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO.SYS
[MD5.A98EBD4C2DF983665BF2D1AF49949974] - |A| - [13/07/2009 17:40:15] - (.-.) - [33.86 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO404.SYS
[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - |A| - [13/07/2009 17:40:17] - (.-.) - [34.94 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO411.SYS
[MD5.3E64D681B776CC57BDC38A46D881F85B] - |A| - [13/07/2009 17:40:19] - (.-.) - [34.7 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO412.SYS
[MD5.D86B6435729231C171432B4E77801BDB] - |A| - [13/07/2009 17:40:13] - (.-.) - [33.86 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO804.SYS
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 16:30:24] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [12211.77 Ko] - C:\Windows\System32\oobe
[MD5.B32FAB18A3E32F0F03B251798593FC0E] - |A| - [13/07/2009 22:05:48] - (.-.) - [118.68 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 17:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [13/07/2009 22:05:48] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.0F5D7A06EB1EB97640D4941908580CC2] - |A| - [13/07/2009 22:05:48] - (.-.) - [646.15 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.6C4420226BA6F3206E19024D237B3DCF] - |A| - [20/11/2010 17:01:02] - (.-.) - [762.99 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [439 Ko] - C:\Windows\System32\pl-PL
[MD5.64669AB349067A8A521F96ACF5B527CA] - |A| - [14/06/2017 07:49:43] - (.Copyright (C) 2001 - PrintBrm Application.) - [64.5 Ko] - (1.0.0.0) - C:\Windows\System32\PrintBrmUi.exe
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:48] - [413.88 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.BBB40CA86B88918864D16CFAC9D4ABA4] - |A| - [13/07/2009 17:41:04] - (.-.) - [2.78 Ko] - (0.0.0.0) - C:\Windows\System32\redir.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [0.07 Ko] - C:\Windows\System32\restore
[MD5.1682110FF204D2185C5B8024C6A891E2] - |A| - [02/07/2016 15:56:45] - (.-.) - [32.06 Ko] - (0.0.0.0) - C:\Windows\System32\rnd_chunk.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [169 Ko] - C:\Windows\System32\ro-RO
[MD5.BB01B19CA1FB76C65F900B0CB47007F1] - |A| - [23/07/2012 19:50:11] - (.-.) - [19.7 Ko] - (0.0.0.0) - C:\Windows\System32\rpkdriverinst.log
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [434 Ko] - C:\Windows\System32\ru-RU
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [20/11/2010 17:29:06] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.7753FC56F9CAC4B5AFDA3196DB654F21] - |A| - [31/08/2016 14:54:34] - (.Copyright © 2004-2010 MAPILab Ltd. & Add-in Express Ltd. - Security Manager Component for Microsoft Outlook allows to turn off and on Outlook Object Model Security Guard.) - [141.27 Ko] - (3.0.0.0) - C:\Windows\System32\secman.dll
[MD5.8C3D0C73A0850A0EE62DF9EC36DBDE80] - |A| - [01/08/2016 14:15:28] - (.-.) - [1.86 Ko] - (0.0.0.0) - C:\Windows\System32\SetupBD.din
[MD5.AD7B906FC883959E56E210B2B077CA00] - |A| - [13/07/2009 17:40:54] - (.-.) - [11.48 Ko] - (0.0.0.0) - C:\Windows\System32\setver.exe
[MD5.68062C0ECE86AB7801B5B47FDC855A06] - |A| - [13/07/2009 17:41:02] - (.-.) - [0.86 Ko] - (0.0.0.0) - C:\Windows\System32\share.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [169.5 Ko] - C:\Windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [166 Ko] - C:\Windows\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [37.8 Ko] - C:\Windows\System32\slmgr
[MD5.7AF22B12467D4E3B3831E65E1D12179D] - |A| - [26/09/2016 12:42:46] - (.Copyright (C) Analog Devices, Inc. 2008 - SoundMAX coinstaller (32 bit).) - [33.5 Ko] - (7.0.1.1020) - C:\Windows\System32\SmaxCo.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [14978.02 Ko] - C:\Windows\System32\SMI
[MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 17:46:53] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [25835 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [123932.37 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [2168.98 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [30.19 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [170 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [426.5 Ko] - C:\Windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [274.53 Ko] - C:\Windows\System32\sysprep
[MD5.B8CBB46B42570D373C9933FBDF25EBCE] - |A| - [20/11/2010 17:29:24] - (.-.) - [143.41 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [316.63 Ko] - C:\Windows\System32\Tasks
[MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 17:39:59] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [157 Ko] - C:\Windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [424 Ko] - C:\Windows\System32\tr-TR
[MD5.579E54636405735FEB2BC37C1AE757FD] - |A| - [23/09/2009 19:30:50] - (.Copyright © 2006 - Intel(R) TVWizard.) - [8006.52 Ko] - (1.0.1.0) - C:\Windows\System32\TVWSetup.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [166.5 Ko] - C:\Windows\System32\uk-UA
[MD5.52BAA773D4A2CC3A7767598C21F532C8] - |A| - [14/07/2009 00:34:00] - (.-.) - [18 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl
[MD5.FDC9FB711442ADC6EDD34BE7F27F16CD] - |A| - [14/07/2009 00:34:00] - (.-.) - [45 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl
[MD5.86491AD7BC0964089CD4E703E65D45DB] - |A| - [13/07/2009 17:30:26] - (.-.) - [18.39 Ko] - (0.0.0.0) - C:\Windows\System32\v7vga.rom
[MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [13/07/2009 22:04:56] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\System32\vfpodbc.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [43664 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:48] - [60.46 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [13672.26 Ko] - C:\Windows\System32\wdi
[MD5.BDDF10F9D8E179323BC1B49603809EB0] - |A| - [13/07/2009 17:38:33] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [144 Ko] - C:\Windows\System32\wfp
[MD5.C980C971AD4FF3CA5CEFDEF40932D3A1] - |A| - [13/07/2009 16:29:46] - (.-.) - [13 Ko] - (0.0.0.0) - C:\Windows\System32\win87em.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [71 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [8620.44 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [95272 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [99.06 Ko] - C:\Windows\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [02/07/2016 03:24:36] - [0 Ko] - C:\Windows\System32\x64
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [336.5 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [258.5 Ko] - C:\Windows\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [337 Ko] - C:\Windows\System32\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
"AppData"=C:\Users\hilton\AppData\Roaming [29/06/2016 16:31:01]
"Local AppData"=C:\Users\hilton\AppData\Local [29/06/2016 16:31:01]
"My Video"=C:\Users\hilton\Videos [29/06/2016 16:31:01]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Libraries [29/06/2016 16:31:01]
"My Pictures"=C:\Users\hilton\Pictures [29/06/2016 16:31:01]
"Desktop"=C:\Users\hilton\Desktop [29/06/2016 16:31:01]
"History"=C:\Users\hilton\AppData\Local\Microsoft\Windows\History [29/06/2016 16:31:01]
"NetHood"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Network Shortcuts [29/06/2016 16:31:01]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\hilton\Contacts [29/06/2016 16:31:01]
"Cookies"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Cookies [29/06/2016 16:31:01]
"Favorites"=C:\Users\hilton\Favorites [29/06/2016 16:31:01]
"SendTo"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\SendTo [29/06/2016 16:31:01]
"Start Menu"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu [29/06/2016 16:31:01]
"My Music"=C:\Users\hilton\Music [29/06/2016 16:31:01]
"Programs"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [29/06/2016 16:31:01]
"Recent"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Recent [29/06/2016 16:31:01]
"CD Burning"=C:\Users\hilton\AppData\Local\Microsoft\Windows\Burn\Burn [29/06/2016 16:31:01]
"PrintHood"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [29/06/2016 16:31:01]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\hilton\Searches [29/06/2016 16:31:01]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\hilton\Downloads [29/06/2016 16:31:01]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\hilton\AppData\LocalLow [29/06/2016 16:31:01]
"Startup"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [29/06/2016 16:31:01]
"Administrative Tools"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/06/2016 16:31:01]
"Personal"=C:\Users\hilton\Documents [29/06/2016 16:31:01]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\hilton\Links [29/06/2016 16:31:01]
"Cache"=C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files [29/06/2016 16:31:01]
"Templates"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Templates [29/06/2016 16:31:01]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\hilton\Saved Games [29/06/2016 16:31:01]
"Fonts"=C:\Windows\Fonts [13/07/2009 22:37:06]

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files
"Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies
"Desktop"=%USERPROFILE%\Desktop
"Favorites"=%USERPROFILE%\Favorites
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History
"Local AppData"=%USERPROFILE%\AppData\Local
"My Music"=%USERPROFILE%\Music
"My Pictures"=%USERPROFILE%\Pictures
"My Video"=%USERPROFILE%\Videos
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
"Personal"=%USERPROFILE%\Documents
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop [13/07/2009 22:37:05]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [13/07/2009 22:37:05]
"CommonVideo"=C:\Users\Public\Videos [13/07/2009 22:37:05]
"CommonPictures"=C:\Users\Public\Pictures [13/07/2009 22:37:05]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [13/07/2009 22:37:05]
"CommonMusic"=C:\Users\Public\Music [13/07/2009 22:37:05]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 00:52:30]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [13/07/2009 22:37:05]
"Common Documents"=C:\Users\Public\Documents [13/07/2009 22:37:05]
"OEM Links"=C:\ProgramData\OEM Links
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [13/07/2009 22:37:05]
"Common AppData"=C:\ProgramData [13/07/2009 22:37:05]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop
"Common Documents"=%PUBLIC%\Documents
"CommonPictures"=%PUBLIC%\Pictures
"CommonMusic"=%PUBLIC%\Music
"CommonVideo"=%PUBLIC%\Videos
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
"Common AppData"=%ProgramData%
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates


---------- | [hilton]

[29/06/2016 16:31:01] - |D| - [15398058094] - C:\Users\hilton\AppData\Local
[29/06/2016 16:31:01] - |D| - [31307038] - C:\Users\hilton\AppData\LocalLow
[29/06/2016 16:31:01] - |D| - [509038698] - C:\Users\hilton\AppData\Roaming
[06/12/2016 18:45:00] - |D| - [393978732] - C:\Users\hilton\AppData\Local\76f7c66
[04/07/2016 15:23:24] - |D| - [32867125] - C:\Users\hilton\AppData\Local\Adobe
[05/07/2016 14:36:57] - |D| - [504441122] - C:\Users\hilton\AppData\Local\Amazon Music
[29/06/2016 16:31:07] - |SHD| - [14104107186] - C:\Users\hilton\AppData\Local\Application Data
[25/12/2016 17:06:55] - |D| - [7796256] - C:\Users\hilton\AppData\Local\Apps
[21/12/2016 15:03:54] - |D| - [24576] - C:\Users\hilton\AppData\Local\AVAST Software
[27/02/2017 15:10:05] - |D| - [0] - C:\Users\hilton\AppData\Local\Broadcom
[13/07/2016 12:30:23] - |D| - [443696] - C:\Users\hilton\AppData\Local\CEF
[13/06/2017 10:22:59] - |D| - [97152] - C:\Users\hilton\AppData\Local\Citrix
[16/08/2016 11:51:20] - |D| - [0] - C:\Users\hilton\AppData\Local\CrashDumps
[26/09/2016 12:01:51] - |D| - [23] - C:\Users\hilton\AppData\Local\CrashRpt
[25/12/2016 17:06:55] - |D| - [0] - C:\Users\hilton\AppData\Local\Deployment
[27/07/2016 14:28:02] - |D| - [63650] - C:\Users\hilton\AppData\Local\Diagnostics
[03/07/2016 13:23:38] - |D| - [0] - C:\Users\hilton\AppData\Local\ElevatedDiagnostics
[29/06/2016 16:40:17] - |A| - [65776] - C:\Users\hilton\AppData\Local\GDIPFONTCACHEV1.DAT
[25/12/2016 17:07:13] - |D| - [90290087] - C:\Users\hilton\AppData\Local\Google
[13/06/2017 10:23:01] - |D| - [3215880] - C:\Users\hilton\AppData\Local\GoToAssist Remote Support Customer
[03/07/2016 12:23:08] - |D| - [71] - C:\Users\hilton\AppData\Local\GWX
[29/06/2016 16:31:07] - |SHD| - [290] - C:\Users\hilton\AppData\Local\History
[20/03/2017 16:22:50] - |AH| - [1981961] - C:\Users\hilton\AppData\Local\IconCache.db
[05/09/2016 13:57:00] - |D| - [0] - C:\Users\hilton\AppData\Local\LogMeIn Rescue Applet
[05/09/2016 14:21:27] - |D| - [50] - C:\Users\hilton\AppData\Local\McAfee File Lock
[29/06/2016 16:31:01] - |D| - [161535166] - C:\Users\hilton\AppData\Local\Microsoft
[21/08/2016 14:27:13] - |D| - [163171] - C:\Users\hilton\AppData\Local\Microsoft Games
[30/12/2016 13:38:42] - |D| - [63536174] - C:\Users\hilton\AppData\Local\Mozilla
[12/08/2016 12:28:34] - |D| - [0] - C:\Users\hilton\AppData\Local\Packages
[02/07/2016 15:54:33] - |D| - [3587] - C:\Users\hilton\AppData\Local\PC_Drivers_Headquarters
[02/07/2016 15:09:05] - |D| - [0] - C:\Users\hilton\AppData\Local\Programs
[30/06/2016 18:39:31] - |D| - [170075] - C:\Users\hilton\AppData\Local\Stardock
[29/06/2016 16:31:01] - |D| - [474742] - C:\Users\hilton\AppData\Local\Temp
[29/06/2016 16:31:07] - |SHD| - [32736903] - C:\Users\hilton\AppData\Local\Temporary Internet Files
[29/06/2016 16:31:12] - |D| - [64643] - C:\Users\hilton\AppData\Local\VirtualStore
[02/07/2016 15:23:29] - |D| - [12097747] - C:\Users\hilton\AppData\LocalLow\Adblock Plus for IE
[13/07/2016 12:30:11] - |D| - [1878729] - C:\Users\hilton\AppData\LocalLow\Adobe
[29/06/2016 16:31:01] - |SD| - [16802178] - C:\Users\hilton\AppData\LocalLow\Microsoft
[30/12/2016 13:39:34] - |D| - [0] - C:\Users\hilton\AppData\LocalLow\Mozilla
[21/05/2017 14:31:56] - |D| - [528384] - C:\Users\hilton\AppData\LocalLow\PlayReady
[12/08/2016 12:34:18] - |A| - [0] - C:\Users\hilton\AppData\LocalLow\rightsCheck_1.txt
[29/06/2016 18:33:19] - |D| - [0] - C:\Users\hilton\AppData\LocalLow\Siber Systems
[29/06/2016 17:49:33] - |D| - [3106044] - C:\Users\hilton\AppData\Roaming\Adobe
[28/01/2017 15:24:36] - |D| - [675] - C:\Users\hilton\AppData\Roaming\Canon
[12/08/2016 12:28:34] - |D| - [690709] - C:\Users\hilton\AppData\Roaming\Dashlane
[03/02/2017 13:54:40] - |D| - [9032354] - C:\Users\hilton\AppData\Roaming\eM Client
[29/06/2016 16:31:01] - |D| - [0] - C:\Users\hilton\AppData\Roaming\Identities
[29/06/2016 16:31:01] - |D| - [0] - C:\Users\hilton\AppData\Roaming\InstallShield
[12/03/2017 14:18:29] - |D| - [122534078] - C:\Users\hilton\AppData\Roaming\Kodi
[04/07/2016 15:27:35] - |D| - [506] - C:\Users\hilton\AppData\Roaming\Macromedia
[05/09/2016 14:04:06] - |D| - [9383] - C:\Users\hilton\AppData\Roaming\McAfee
[29/06/2016 16:31:01] - |SD| - [1316639] - C:\Users\hilton\AppData\Roaming\Microsoft
[30/12/2016 13:38:42] - |D| - [60874351] - C:\Users\hilton\AppData\Roaming\Mozilla
[04/07/2016 15:13:28] - |D| - [52328952] - C:\Users\hilton\AppData\Roaming\OpenOffice
[10/04/2017 14:22:06] - |D| - [19908] - C:\Users\hilton\AppData\Roaming\Remo
[10/04/2017 14:21:57] - |D| - [0] - C:\Users\hilton\AppData\Roaming\Remo Speed Optimizer2.0
[01/07/2016 13:11:33] - |D| - [23054386] - C:\Users\hilton\AppData\Roaming\RoboForm
[31/08/2016 14:54:34] - |D| - [153955] - C:\Users\hilton\AppData\Roaming\Samsung
[30/06/2016 18:39:30] - |D| - [11529847] - C:\Users\hilton\AppData\Roaming\Stardock
[14/06/2017 13:23:25] - |D| - [224386911] - C:\Users\hilton\AppData\Roaming\TotalAV
[29/06/2016 16:31:01] - |ASH| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[29/06/2016 16:31:01] - |RD| - [24167] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[29/06/2016 16:31:01] - |RD| - [14360] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[29/06/2016 16:31:01] - |RD| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[05/07/2016 14:37:02] - |D| - [3422] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
[07/02/2017 16:29:05] - |D| - [0] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[29/06/2016 16:31:01] - |ASH| - [338] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[29/06/2016 16:33:48] - |A| - [1420] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[13/03/2017 15:54:19] - |D| - [3699] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
[29/06/2016 16:31:01] - |RD| - [580] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[29/06/2016 16:31:01] - |RD| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[29/06/2016 16:31:01] - |ASH| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [hilton75]

[12/04/2017 10:14:10] - |D| - [0] - C:\Users\hilton75\AppData\Local
[12/04/2017 10:14:10] - |D| - [0] - C:\Users\hilton75\AppData\Roaming
[12/04/2017 10:14:10] - |D| - [0] - C:\Users\hilton75\AppData\Roaming\Microsoft

---------- | [PCPitstopSVC]

[02/07/2016 15:44:57] - |D| - [530795442] - C:\Users\PCPitstopSVC\AppData\Local
[02/07/2016 15:44:57] - |D| - [152130] - C:\Users\PCPitstopSVC\AppData\LocalLow
[02/07/2016 15:44:57] - |D| - [986725] - C:\Users\PCPitstopSVC\AppData\Roaming
[02/07/2016 15:44:59] - |SHD| - [486624710] - C:\Users\PCPitstopSVC\AppData\Local\Application Data
[02/07/2016 15:44:59] - |SHD| - [16674] - C:\Users\PCPitstopSVC\AppData\Local\History
[02/07/2016 15:44:58] - |AH| - [913134] - C:\Users\PCPitstopSVC\AppData\Local\IconCache.db
[02/07/2016 15:44:57] - |D| - [37154249] - C:\Users\PCPitstopSVC\AppData\Local\Microsoft
[02/07/2016 15:44:57] - |D| - [6086608] - C:\Users\PCPitstopSVC\AppData\Local\Temp
[02/07/2016 15:44:59] - |SHD| - [67] - C:\Users\PCPitstopSVC\AppData\Local\Temporary Internet Files
[02/07/2016 15:44:57] - |SD| - [152130] - C:\Users\PCPitstopSVC\AppData\LocalLow\Microsoft
[02/07/2016 15:44:57] - |D| - [0] - C:\Users\PCPitstopSVC\AppData\Roaming\Identities
[02/07/2016 15:44:57] - |D| - [0] - C:\Users\PCPitstopSVC\AppData\Roaming\InstallShield
[02/07/2016 15:44:57] - |SD| - [986725] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft
[02/07/2016 15:44:58] - |ASH| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[02/07/2016 15:44:57] - |RD| - [17306] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[02/07/2016 15:44:57] - |RD| - [14621] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[02/07/2016 15:44:57] - |RD| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[02/07/2016 15:44:57] - |ASH| - [338] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[02/07/2016 15:44:57] - |A| - [1419] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[02/07/2016 15:44:57] - |RD| - [580] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[02/07/2016 15:44:57] - |RD| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[02/07/2016 15:44:57] - |ASH| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]


---------- | [TEMP]

[12/04/2017 15:17:52] - |D| - [2047468] - C:\Users\TEMP\AppData\Roaming
[12/04/2017 15:18:43] - |D| - [2047468] - C:\Users\TEMP\AppData\Roaming\AVAST Software

---------- | [TEMP.hilton-PC]

[16/04/2017 11:47:35] - |D| - [0] - C:\Users\TEMP.hilton-PC\AppData\LocalLow
[16/04/2017 11:47:35] - |D| - [0] - C:\Users\TEMP.hilton-PC\AppData\LocalLow\Microsoft

---------- | C:\ProgramData

[13/07/2016 12:28:24] - |D| - [275321641] - C:\ProgramData\Adobe
[14/07/2009 00:53:55] - |SHD| - [25811609025] - C:\ProgramData\Application Data
[18/12/2016 22:19:18] - |D| - [7917582] - C:\ProgramData\AVAST Software
[05/07/2016 14:18:24] - |HD| - [38904009] - C:\ProgramData\CanonBJ
[28/01/2017 15:19:08] - |D| - [86797] - C:\ProgramData\CanonIJWSpt
[01/08/2016 14:10:46] - |D| - [1007684] - C:\ProgramData\Dell
[14/07/2009 00:53:55] - |SHD| - [11489] - C:\ProgramData\Desktop
[14/07/2009 00:53:55] - |SHD| - [49526545] - C:\ProgramData\Documents
[02/07/2016 15:54:32] - |D| - [1159758] - C:\ProgramData\Driver Support
[14/07/2009 00:53:55] - |SHD| - [0] - C:\ProgramData\Favorites
[26/04/2017 13:09:43] - |D| - [12722] - C:\ProgramData\Google
[21/06/2017 15:04:26] - |D| - [90775128] - C:\ProgramData\Malwarebytes
[13/07/2009 22:37:05] - |SD| - [2275975843] - C:\ProgramData\Microsoft
[16/05/2017 17:01:29] - |D| - [26756] - C:\ProgramData\Norton
[16/05/2017 17:01:26] - |D| - [212754418] - C:\ProgramData\NortonInstaller
[15/07/2016 13:39:48] - |RASH| - [8] - C:\ProgramData\ntuser.pol
[01/08/2016 21:31:34] - |D| - [16788843] - C:\ProgramData\Package Cache
[12/04/2017 15:18:10] - |D| - [1882] - C:\ProgramData\PC Drivers HeadQuarters
[02/07/2016 15:09:31] - |D| - [8639857] - C:\ProgramData\PCPitstop
[29/06/2016 18:33:19] - |D| - [232] - C:\ProgramData\RoboForm
[31/08/2016 14:12:17] - |D| - [0] - C:\ProgramData\Samsung
[16/04/2017 14:46:08] - |D| - [267130] - C:\ProgramData\SecuritySuite
[30/06/2016 18:39:31] - |D| - [34129554] - C:\ProgramData\Stardock
[14/07/2009 00:53:55] - |SHD| - [133331] - C:\ProgramData\Start Menu
[14/07/2009 00:53:55] - |SHD| - [31386] - C:\ProgramData\Templates

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[14/07/2009 00:46:35] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[14/07/2009 00:37:43] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[13/07/2009 22:37:05] - |RD| - [130341] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009 00:37:43] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[13/07/2009 22:37:05] - |RD| - [39894] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[13/07/2016 12:29:09] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[14/07/2009 00:52:30] - |RD| - [21157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[28/01/2017 15:13:43] - |D| - [2500] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series
[28/01/2017 15:19:12] - |D| - [1998] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[02/07/2016 15:47:29] - |D| - [1072] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[14/07/2009 00:41:57] - |ASH| - [1278] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[03/02/2017 13:54:02] - |A| - [931] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
[14/07/2009 00:52:30] - |RD| - [6112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[25/12/2016 17:07:56] - |A| - [2148] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[13/07/2009 22:37:05] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[21/06/2017 15:04:36] - |D| - [4114] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[23/07/2012 19:48:29] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[09/07/2016 17:12:10] - |D| - [2230] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[30/12/2016 13:38:30] - |A| - [1124] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[20/01/2017 14:40:40] - |SD| - [6980] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
[12/08/2016 15:03:24] - |D| - [16069] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[14/07/2009 00:42:29] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[25/12/2016 13:38:04] - |D| - [4006] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[13/07/2009 22:37:05] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[14/07/2009 00:42:30] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[23/07/2012 19:48:25] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[14/07/2009 00:42:24] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[14/07/2009 00:46:36] - |A| - [1515] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[12/02/2017 15:09:57] - |A| - [2419] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[14/07/2009 00:42:30] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[14/07/2009 00:41:57] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files

[13/07/2016 12:28:51] - |D| - [258643317] - C:\Program Files\Adobe
[23/07/2012 19:53:54] - |D| - [2116142] - C:\Program Files\Analog Devices
[28/01/2017 15:19:05] - |D| - [20206791] - C:\Program Files\Canon
[28/01/2017 15:13:35] - |HD| - [7533306] - C:\Program Files\CanonBJ
[02/07/2016 15:47:27] - |D| - [11482648] - C:\Program Files\CCleaner
[13/06/2017 10:23:10] - |D| - [0] - C:\Program Files\Citrix
[13/07/2009 22:37:05] - |D| - [100874169] - C:\Program Files\Common Files
[12/08/2016 12:28:34] - |D| - [0] - C:\Program Files\Dashlane
[14/07/2009 00:41:57] - |ASH| - [174] - C:\Program Files\desktop.ini
[02/07/2016 15:53:39] - |D| - [14156416] - C:\Program Files\Driver Support
[14/07/2009 00:52:30] - |D| - [83215892] - C:\Program Files\DVD Maker
[03/02/2017 13:52:54] - |D| - [162885944] - C:\Program Files\eM Client
[25/12/2016 17:07:20] - |D| - [374386233] - C:\Program Files\Google
[23/07/2012 19:53:54] - |HD| - [5204191] - C:\Program Files\InstallShield Installation Information
[23/07/2012 19:52:49] - |D| - [48783890] - C:\Program Files\Intel
[13/07/2009 22:37:05] - |D| - [26525216] - C:\Program Files\Internet Explorer
[13/03/2017 15:53:54] - |D| - [162290054] - C:\Program Files\Kodi
[21/06/2017 15:04:26] - |D| - [117050436] - C:\Program Files\Malwarebytes
[05/09/2016 14:03:52] - |D| - [3247555] - C:\Program Files\McAfee
[21/08/2016 14:25:24] - |D| - [147758130] - C:\Program Files\Microsoft Games
[09/07/2016 17:12:08] - |D| - [42892246] - C:\Program Files\Microsoft Silverlight
[02/07/2016 03:18:15] - |D| - [23935] - C:\Program Files\Microsoft.NET
[30/12/2016 13:38:18] - |D| - [292871598] - C:\Program Files\Mozilla Firefox
[30/12/2016 13:38:27] - |D| - [295258] - C:\Program Files\Mozilla Maintenance Service
[14/07/2009 00:52:30] - |D| - [25757] - C:\Program Files\MSBuild
[16/05/2017 17:01:30] - |D| - [2953936] - C:\Program Files\Norton Security
[16/05/2017 17:01:26] - |D| - [31640314] - C:\Program Files\NortonInstaller
[04/07/2016 15:01:22] - |D| - [330965881] - C:\Program Files\OpenOffice 4
[02/07/2016 15:09:30] - |D| - [190335] - C:\Program Files\PCPitstop
[14/07/2009 00:52:30] - |D| - [36945665] - C:\Program Files\Reference Assemblies
[31/08/2016 14:14:22] - |D| - [44561908] - C:\Program Files\SAMSUNG
[29/06/2016 18:32:48] - |D| - [59324750] - C:\Program Files\Siber Systems
[26/09/2016 12:01:44] - |D| - [3903822] - C:\Program Files\SlimWare Utilities
[30/06/2016 18:39:24] - |D| - [55899509] - C:\Program Files\Stardock
[26/09/2016 12:37:12] - |D| - [6086] - C:\Program Files\Synaptics
[14/07/2009 00:53:23] - |HD| - [0] - C:\Program Files\Uninstall Information
[27/02/2017 15:03:25] - |D| - [211341881] - C:\Program Files\WIDCOMM
[14/07/2009 00:52:30] - |D| - [3027456] - C:\Program Files\Windows Defender
[13/07/2009 22:37:05] - |D| - [6115840] - C:\Program Files\Windows Mail
[14/07/2009 00:52:30] - |D| - [6582018] - C:\Program Files\Windows Media Player
[13/07/2009 22:37:05] - |D| - [12061876] - C:\Program Files\Windows NT
[14/07/2009 00:52:30] - |D| - [4394248] - C:\Program Files\Windows Photo Viewer
[14/07/2009 00:52:30] - |D| - [189952] - C:\Program Files\Windows Portable Devices
[14/07/2009 00:52:30] - |D| - [6679420] - C:\Program Files\Windows Sidebar

---------- | C:\Program Files\Common Files

[13/07/2016 12:28:51] - |D| - [8929545] - C:\Program Files\Common Files\Adobe
[18/12/2016 22:21:00] - |D| - [0] - C:\Program Files\Common Files\AV
[05/09/2016 14:16:24] - |D| - [0] - C:\Program Files\Common Files\McAfee
[13/07/2009 22:37:05] - |D| - [40559121] - C:\Program Files\Common Files\microsoft shared
[23/07/2012 19:53:33] - |D| - [83063] - C:\Program Files\Common Files\postureAgent
[13/07/2009 22:37:05] - |D| - [2702] - C:\Program Files\Common Files\Services
[13/07/2009 22:37:05] - |D| - [41103783] - C:\Program Files\Common Files\SpeechEngines
[13/07/2009 22:37:05] - |D| - [10195955] - C:\Program Files\Common Files\System

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 00:53:47] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.B8A7DC0AB7B56BD5295DDAFA7FF7041E] - [14/07/2009 00:53:46] - |A| - [14124] - C:\Windows\Tasks\SCHEDLGU(29).TXT
[MD5.F492DED3415678124D007D3BE4F53AC4] - [14/07/2009 00:53:46] - |A| - [32576] - C:\Windows\Tasks\SCHEDLGU.TXT
[MD5.0796CECF341D585B2E5CE14A7FE561D6] - [13/07/2016 12:29:37] - |A| - [4464] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.277C2B9AFE026B4D87142FDE67ABD683] - [04/07/2016 15:23:55] - |A| - [4312] - C:\Windows\System32\Tasks\Adobe Flash Player Updater : C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.DA39E94DFDA4EC471084FF2166930D35] - [02/07/2016 15:47:30] - |A| - [2794] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.35D0AA971E47D54E0673B0559AD9B5AF] - [02/07/2016 15:54:42] - |A| - [3298] - C:\Windows\System32\Tasks\Driver Support : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.D4C3D0F45A4A08A7E7E1E8D1437F959E] - [02/07/2016 15:54:41] - |A| - [3732] - C:\Windows\System32\Tasks\Driver Support-RTMRules : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.846A373169DB8E1D85FE26CBC8DF1517] - [02/07/2016 15:54:41] - |A| - [3618] - C:\Windows\System32\Tasks\Driver Support-RTMScan : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.3C5CA2588ECAF36FB11D58CB78DB9E4A] - [02/07/2016 15:54:41] - |A| - [3738] - C:\Windows\System32\Tasks\Driver Support-RTMUpdater : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.00000000000000000000000000000000] - [21/08/2016 14:17:11] - |D| - [4734] - C:\Windows\System32\Tasks\Games
[MD5.AD933303DF4F09B0134684684DCEF69B] - [25/12/2016 17:07:22] - |A| - [3190] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.6B2793EF7BF0BA8FB9FF6B950134B904] - [25/12/2016 17:07:23] - |A| - [3318] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [13/07/2009 22:37:09] - |D| - [271888] - C:\Windows\System32\Tasks\Microsoft
[MD5.3AF2843643976BBCA15DB415A74C5F4B] - [29/06/2016 18:48:35] - |A| - [4118] - C:\Windows\System32\Tasks\Open URL by RoboForm : C:\Windows\system32\rundll32.exe
[MD5.4DA2089E0B5952BB09FA0723DE53DD5D] - [29/06/2016 18:48:34] - |A| - [3572] - C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon : C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
[MD5.00000000000000000000000000000000] - [14/07/2009 00:54:35] - |D| - [4480] - C:\Windows\System32\Tasks\WPD
[MD5.26EE183A3F9D5E2D4D88CF81864C4A7A] - [16/04/2017 12:03:38] - |A| - [2968] - C:\Windows\System32\Tasks\{AAE1FE94-9FE5-456A-85C2-E40455319DB4} : C:\Program Files\AVAST Software\Avast\avastui.exe

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"{0DC8D093-6A4A-46DF-81F7-51A31BA38190}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2002|
"TCP Query User{AC689693-B971-449C-8EA9-AC51E5D70F9C}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\hilton\appdata\local\amazon music\amazon music helper.exe|Name=amazon music helper.exe|Desc=amazon music helper.exe|Defer=User|
"UDP Query User{25F20FE1-CB5D-4B09-9160-3C9094A6B8A8}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\hilton\appdata\local\amazon music\amazon music helper.exe|Name=amazon music helper.exe|Desc=amazon music helper.exe|Defer=User|
"{EAD2EC74-0D35-4D3D-900E-D48B9AB5AE26}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)|
"{E8207517-F4F1-4084-AD6C-988A4CDC999F}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)|
"{4DD19BC0-8D56-41F2-BBA6-E1F63020D218}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{0D547D58-43B9-4B3F-90C2-C69E6800A5E3}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{3A500436-332F-43FF-B443-030332BD69A8}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LA4=127.0.0.1|App=%SystemRoot%\system32\svchost.exe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4002|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14002|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{EFC4B274-0D29-420D-BDBC-8C5FF0388D4A}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{6C178907-0A86-4A63-8767-E451EAB8901B}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{7B9C5F97-734A-489B-BE89-18424F78C403}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (igfx) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{04A83FC2-2AE2-4C88-B45F-E9707B377636}] : (aswHwid) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{34446E8E-37B4-4B16-9DA6-BEA2DB33465A}] : (BluetoothAuxiliary) [] -> @oem91.inf,%BluetoothAuxiliary.NAME%;Bluetooth Auxiliary
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{502EB68B-57B4-4FEE-9890-18F2D8AD1E3E}] : (mfencbdc) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{54505F9E-EE66-4F1D-A63B-B853A1759385}] : (SymNetS) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{56EBD688-B772-4181-9610-8633FCEE988D}] : (SymIRON) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6880337A-1EB4-4EF2-9659-0FD2EC60CB1B}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (igfx) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7E0006EA-81A8-4780-B0C8-474E2DBF4D63}] : (IDSVix86) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A58D9A86-E5DE-4643-A697-AD5B7AFB810E}] : (IDSVix86) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C30ECEA0-11EF-4EF9-B02E-6AF81E6E65C0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C777C165-D422-426D-8EBF-6EAF3FB83ADF}] : (aswNetSec) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C7C038AD-1F2D-44D4-B2FE-D912BE20E6D5}] : (BluetoothVirtual) [] -> @oem7.inf,%BluetoothVirtualName%;Bluetooth Virtual Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[13/07/2009 19:45:33] - (6.1.7600.16385) - (Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM)) - C:\Windows\system32\DRIVERS\serial.sys
[26/09/2016 12:36:34] - (19.0.9.4) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
[26/09/2016 12:42:46] - (6.10.1.7280) - (Analog Devices, Inc. - High Definition Audio Function Driver) - C:\Windows\system32\drivers\ADIHdAud.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

R0 - [Kernel Driver] - ACPI (Microsoft ACPI Driver) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - atapi (IDE Channel) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (Disk Driver) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (PCI Bus Driver) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pciide () -> system32\drivers\pciide.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> system32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (Microsoft Virtual Drive Enumerator Driver) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (Volume Manager Driver) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (Storage volumes) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (CD-ROM Driver) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (Microsoft System Management BIOS Driver) -> system32\DRIVERS\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Serial (Serial port driver) -> system32\DRIVERS\serial.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - TermDD (Terminal Device Driver) -> system32\DRIVERS\termdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\system32\drivers\MBAMChameleon.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Parvdm () -> system32\DRIVERS\parvdm.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)


---------- | Uninstall

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\58d94f3ce2c27db0] : (Dell System Detect.-.Dell) -> "C:\Users\hilton\AppData\Local\Apps\2.0\3VGPG9W0.MPE\2E0VXQW4.WA5\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\Uninstaller.exe" uninstall
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Amazon Amazon Music] : (Amazon Music.-.Amazon Services LLC) -> C:\Users\hilton\AppData\Local\Amazon Music\Uninstall.exe
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Kodi] : (Kodi.-.XBMC-Foundation) -> C:\Program Files\Kodi\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] : (Adobe Flash Player 26 ActiveX.-.Adobe Systems Incorporated) -> C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_126_ActiveX.exe -maintain activex
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AI RoboForm] : (RoboForm 8-3-7-7 (All Users).-.Siber Systems) -> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CanonQuickMenu] : (Canon Quick Menu.-.Canon Inc.) -> "C:\Program Files\Canon\Quick Menu\uninst.exe" /UninstallRemove C:\Program Files\Canon\Quick Menu\uninst.ini
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files\Google\Chrome\Application\58.0.3029.110\Installer\setup.exe" --uninstall --system-level --verbose-logging
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HDMI] : (Intel(R) Graphics Media Accelerator Driver.-.Intel Corporation) -> C:\Windows\system32\igxpun.exe -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HECI] : (Intel(R) Management Engine Interface.-.Intel Corporation) -> C:\Windows\system32\heciudlg.exe -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MESOL] : (Intel® Active Management Technology.-.Intel Corporation) -> C:\Windows\system32\mesoludlg.exe -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 52.0 (x86 en-US)] : (Mozilla Firefox 52.0 (x86 en-US).-.Mozilla) -> "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PROSetDX] : (Intel(R) Network Connections 19.5.303.0.-.Intel) -> MsiExec.exe /i{D8A3D01E-BCBB-491B-856F-61E3B8563E32} ARPREMOVE=1
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Stardock Fences 3] : (Stardock Fences 3.-.Stardock Software, Inc.) -> "C:\Program Files\Stardock\Fences\uninstall.exe" "/U:C:\Program Files\Stardock\Fences\Uninstall\uninstall.xml"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Stardock ObjectDock] : (Stardock ObjectDock.-.Stardock Software, Inc.) -> "C:\Program Files\Stardock\ObjectDock\uninstall.exe" "/U:C:\Program Files\Stardock\ObjectDock\Uninstall\uninstall.xml"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series] : (Canon MG3200 series MP Drivers.-.Canon Inc.) -> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series\DELDRV.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series /L0x0009
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] : (Google Toolbar for Internet Explorer.-.Google Inc.) -> MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{224024F1-88C6-4E06-9AF6-39FF47347338}] : (eM Client.-.eM Client Inc.) -> MsiExec.exe /X{224024F1-88C6-4E06-9AF6-39FF47347338}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] : (Google Toolbar for Internet Explorer.-.Google Inc.) -> "C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_8B0481A9A34D47CD.exe" /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{302600C1-6BDF-4FD1-1603-148929CC1385}] : (Intel(R) Wireless Bluetooth(R)(patch version 19.0.1629.3590).-.Intel Corporation) ->
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{34BF287B-24D9-4CFC-94A6-B1F4A92EC55D}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{34BF287B-24D9-4CFC-94A6-B1F4A92EC55D}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.1.2.1733.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}] : (Intel(R) Chipset Device Software.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}\SetupChipset.exe" /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}] : (WIDCOMM Bluetooth Software.-.Broadcom Corporation) -> MsiExec.exe /X{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824225037}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824225037}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}] : (Samsung USB Driver for Mobile Phones.-.Samsung Electronics Co., Ltd.) -> C:\Program Files\Samsung\USB Drivers\Uninstall.exe
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D8A3D01E-BCBB-491B-856F-61E3B8563E32}] : (Intel(R) Network Connections 19.5.303.0.-.Intel) -> MsiExec.exe /i{D8A3D01E-BCBB-491B-856F-61E3B8563E32} ARPREMOVE=1
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}] : (OpenOffice 4.1.3.-.Apache Software Foundation) -> MsiExec.exe /I{EEA30AEB-8BA7-465B-85D4-098BB99733E7}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C}] : (SoundMAX.-.Analog Devices) -> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly

---------- | Ports


---------- | Installer

[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0] : Google Toolbar for Internet Explorer
[HKCR\Installer\Products\1C006203FDB61DF46130419892CC3158] : Intel(R) Wireless Bluetooth(R)(patch version 19.0.1629.3590) -> C:\Windows\Installer\{302600C1-6BDF-4FD1-1603-148929CC1385}\IntelBluetoothICO
[HKCR\Installer\Products\1F4204226C8860E4A96F93FF74433783] : eM Client -> C:\Windows\Installer\{224024F1-88C6-4E06-9AF6-39FF47347338}\MailClientIcon.exe
[HKCR\Installer\Products\245938095D5836842ABBE6F4FC9A27B6] :
[HKCR\Installer\Products\26FCC409D8185764CB673DE73B999F71] : Windows Mobile Device Center -> C:\Windows\Installer\{904CCF62-818D-4675-BC76-D37EB399F917}\wmdc.exe
[HKCR\Installer\Products\52E4407E830367A4094643A40C8340E3] : Windows Mobile Device Center Driver Update -> C:\Windows\Installer\{E7044E25-3038-4A76-9064-344AC038043E}\WindowsMobileDeviceCenter.ico
[HKCR\Installer\Products\68AB67CA408033019195008142220573] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824225037}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA73301B744CAF070E41400] : Adobe Acrobat Reader DC -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\AE08842601676B744B6A04DD38BDA14B] :
[HKCR\Installer\Products\B25CB27B8A56BB449AD45E9C1B6D446B] : DriverUpdate -> C:\Windows\Installer\{B72BC52B-65A8-44BB-A94D-E5C9B1D644B6}\Icon.exe
[HKCR\Installer\Products\B782FB439D42CFC4496A1B4F9AE25CD5] : Intel(R) Chipset Device Software
[HKCR\Installer\Products\BEA03AEE7AB8B564584D90B89B79337E] : OpenOffice 4.1.3 -> C:\Windows\Installer\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}\soffice.ico
[HKCR\Installer\Products\E10D3A8DBBCBB19458F6163E8B65E323] : -> C:\Windows\Installer\{D8A3D01E-BCBB-491B-856F-61E3B8563E32}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F4D9341A64DF2F741A3DEF0E792CA990] : WIDCOMM Bluetooth Software -> C:\Windows\Installer\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F85AF62A6DA0C9F41A43EFC2BFE2EA79] :

---------- | ADS


---------- | Drives

Disk: 0 Size=19.1T
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 27-UNKNWN 3.1G Yes No 2,048 6,348,800
1 1 07-NTFS 19.0T No No 6,350,848 900,676,096

---------- | MBR

Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: OptiPlex 755
Logical Drives Mask: 0x0000000c

Analysis of file "C:\QuickDiag\MBR.bin":
Windows 7 MBR code detected

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_HUA722020ALA331 rev.JKAOA3NH -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[0x82C44105] -> \Device\Harddisk0\DR0[0x863675F8]
3 CLASSPNP[0x8BDA659E] -> ntkrnlpa!IofCallDriver[0x82C44105] -> \Device\Ide\IdeDeviceP2T0L0-2[0x85EB6030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK

---------- | 20 LastEventLog

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

The program iexplore.exe version 11.0.9600.18698 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1374
Start Time: 01d2ec430c56d251
Termination Time: 0
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:

------------

LMS Service lost connection to HECI driver
------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------

taskhost (2672) WebCacheLocal: Database recovery/restore failed with unexpected error -501.
------------

taskhost (2672) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\hilton\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 653 (0x0000028D). This logfile has been damaged and is unusable.
------------

taskhost (2672) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\hilton\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 653 (0x0000028D). This logfile has been damaged and is unusable.
------------

taskhost (2672) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\hilton\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 653 (0x0000028D). This logfile has been damaged and is unusable.
------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------


----------( EOF)---------- - 2649 | 14:38:29
 

Attachments

hello

  • Disable Windows Defender, Firewall & Antivirus prior to running this tool!!
  • Save AdsFix to your desktop.
  • Right Click & Run As Administrator.
  • With an infected machine, it could take several seconds to be charged.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
QW1nRGZ.png

  • Click Options then select Unlock the deletion.
  • Then click on clean.
  • Enter your country
  • Don’t use the machine while scanning and be patient
  • Once the scan has completed, please copy and paste the report in your next reply.
  • The report will be C:\AdsFix_date_hour.txt or on your dektop with the same name.
 
g3n-h@ckm@n said:
hello

  • Disable Windows Defender, Firewall & Antivirus prior to running this tool!!
  • Save AdsFix to your desktop.
  • Right Click & Run As Administrator.
  • With an infected machine, it could take several seconds to be charged.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
QW1nRGZ.png

  • Click Options then select Unlock the deletion.
  • Then click on clean.
  • Enter your country
  • Don’t use the machine while scanning and be patient
  • Once the scan has completed, please copy and paste the report in your next reply.
  • The report will be C:\AdsFix_date_hour.txt or on your dektop with the same name.
Click to expand...
sorry..did not know windows FW or Defender were even on...I do not need them since I am using Malwarebites..right ??
Thanks for the help and will do this again..
 
If they're not activated , that's ok you can run the program like this
it doesn't matter for malwarebytes , it won't do conflict with adsfix

be care to have munimum , the version 4_24.06.17.5

malwarebytes , it depends if you've got the Premium version or the free version , if you've got the free, you need windows defender
 
Last edited:
---------- | AdsFix | g3n-h@ckm@n | V4_24.06.17.5

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 14:45:11 - 24/06/2017

update on : 24/06/2017 | 19.15 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\hilton\Desktop\AdsFix.exe
Boot: Normal boot
[hilton (Administrator)] - [HILTON-PC] - (united states [0409])
SID = S-1-5-21-3292114827-816517840-1514174382-1000 || [68696c746f6e205e5e]
PC : Dell Inc. - 0GM819 -
Processor : X64 - 1862 - Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Bios : Dell Inc. - 06/11/2012 - V.A22
CoreTemp : ? C

CPU #1 value:8 %
CPU #2 value:2 %
Total Overall CPU Usage value:5 %

System : Windows 7 Professional (32 bits) Professional Service Pack 1
RAM memory = Total (MB) : 3396 | Free (MB) : 1811
Pagefile = Total (MB) : 6791 | Free (MB) : 5315
Virtual = Total (MB) : 2097 | Free (MB) : 1891

C:\ -> [Fixed] | [Windows] | Total : 1859.99 Go | Free : 1823.21 Go -> NTFS [ATA]

Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [24.06.2017 @ 14_45_08]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2017-06-24 07:08:32
Last downloaded : 2017-06-20 06:47:18
Last installation : 2017-06-20 06:48:18
Next search : 2017-06-25 04:01:43

Windows Is Activated

---------- | Browsers

IE : 11.0.9600.18698 (© Microsoft Corporation. All rights reserved.)
FF : 52.0.0.6270 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 58.0.3029.110 (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

AV : Malwarebytes Disabled
AS : Windows Defender Disabled
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 26.0.0.126
---------- | AdsFix | g3n-h@ckm@n | V4_24.06.17.5

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 14:46:16 - 24/06/2017

update on : 24/06/2017 | 19.15 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\hilton\Desktop\AdsFix.exe
Boot: Normal boot
[hilton (Administrator)] - [HILTON-PC] - (united states [0409])
SID = S-1-5-21-3292114827-816517840-1514174382-1000 || [68696c746f6e205e5e]
PC : Dell Inc. - 0GM819 -
Processor : X64 - 1862 - Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Bios : Dell Inc. - 06/11/2012 - V.A22
CoreTemp : ? C

CPU #1 value:0 %
CPU #2 value:0 %
Total Overall CPU Usage value:0 %

System : Windows 7 Professional (32 bits) Professional Service Pack 1
RAM memory = Total (MB) : 3396 | Free (MB) : 1876
Pagefile = Total (MB) : 6791 | Free (MB) : 5389
Virtual = Total (MB) : 2097 | Free (MB) : 1891

C:\ -> [Fixed] | [Windows] | Total : 1859.99 Go | Free : 1823.16 Go -> NTFS [ATA]

Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [24.06.2017 @ 14_46_15]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2017-06-24 07:08:32
Last downloaded : 2017-06-20 06:47:18
Last installation : 2017-06-20 06:48:18
Next search : 2017-06-25 04:01:43


---------- | Browsers

IE : 11.0.9600.18698 (© Microsoft Corporation. All rights reserved.)
FF : 52.0.0.6270 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 58.0.3029.110 (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

AV : Malwarebytes Disabled
AS : Windows Defender Disabled
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Order
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 26.0.0.126
---------- | AdsFix | g3n-h@ckm@n | V4_24.06.17.5

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 14:48:08 - 24/06/2017

update on : 24/06/2017 | 19.15 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\hilton\Desktop\AdsFix.exe
Boot: Normal boot
[hilton (Administrator)] - [HILTON-PC] - (united states [0409])
SID = S-1-5-21-3292114827-816517840-1514174382-1000 || [68696c746f6e205e5e]
PC : Dell Inc. - 0GM819 -
Processor : X64 - 1862 - Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Bios : Dell Inc. - 06/11/2012 - V.A22
CoreTemp : ? C

CPU #1 value:0 %
CPU #2 value:0 %
Total Overall CPU Usage value:0 %

System : Windows 7 Professional (32 bits) Professional Service Pack 1
RAM memory = Total (MB) : 3396 | Free (MB) : 1859
Pagefile = Total (MB) : 6791 | Free (MB) : 5343
Virtual = Total (MB) : 2097 | Free (MB) : 1887

C:\ -> [Fixed] | [Windows] | Total : 1859.99 Go | Free : 1823.09 Go -> NTFS [ATA]

Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [24.06.2017 @ 14_48_07]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2017-06-24 07:08:32
Last downloaded : 2017-06-20 06:47:18
Last installation : 2017-06-20 06:48:18
Next search : 2017-06-25 04:01:43


---------- | Browsers

IE : 11.0.9600.18698 (© Microsoft Corporation. All rights reserved.)
FF : 52.0.0.6270 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 58.0.3029.110 (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

AV : Malwarebytes Disabled
AS : Windows Defender Disabled
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Order
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 26.0.0.126
---------- | AdsFix | g3n-h@ckm@n | V4_24.06.17.5

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 14:51:10 - 24/06/2017

update on : 24/06/2017 | 19.15 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\hilton\Desktop\AdsFix.exe
Boot: Normal boot
[hilton (Administrator)] - [HILTON-PC] - (united states [0409])
SID = S-1-5-21-3292114827-816517840-1514174382-1000 || [68696c746f6e205e5e]
PC : Dell Inc. - 0GM819 -
Processor : X64 - 1862 - Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Bios : Dell Inc. - 06/11/2012 - V.A22
CoreTemp : ? C

CPU #1 value:0 %
CPU #2 value:0 %
Total Overall CPU Usage value:0 %

System : Windows 7 Professional (32 bits) Professional Service Pack 1
RAM memory = Total (MB) : 3396 | Free (MB) : 1900
Pagefile = Total (MB) : 6791 | Free (MB) : 5387
Virtual = Total (MB) : 2097 | Free (MB) : 1891

C:\ -> [Fixed] | [Windows] | Total : 1859.99 Go | Free : 1823.03 Go -> NTFS [ATA]

Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [24.06.2017 @ 14_51_08]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2017-06-24 07:08:32
Last downloaded : 2017-06-20 06:47:18
Last installation : 2017-06-20 06:48:18
Next search : 2017-06-25 04:01:43


---------- | Browsers

IE : 11.0.9600.18698 (© Microsoft Corporation. All rights reserved.)
FF : 52.0.0.6270 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 58.0.3029.110 (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

AV : Malwarebytes Disabled
AS : Windows Defender Disabled
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Order
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 26.0.0.126
---------- | AdsFix | g3n-h@ckm@n | V4_24.06.17.5

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 11:51:59 - 25/06/2017

update on : 24/06/2017 | 19.15 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\hilton\Desktop\AdsFix.exe
Boot: Normal boot
[hilton (Administrator)] - [HILTON-PC] - (united states [0409])
SID = S-1-5-21-3292114827-816517840-1514174382-1000 || [68696c746f6e205e5e]
PC : Dell Inc. - 0GM819 -
Processor : X64 - 1862 - Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Bios : Dell Inc. - 06/11/2012 - V.A22
CoreTemp : ? C

CPU #1 value:0 %
CPU #2 value:0 %
Total Overall CPU Usage value:0 %

System : Windows 7 Professional (32 bits) Professional Service Pack 1
RAM memory = Total (MB) : 3396 | Free (MB) : 2171
Pagefile = Total (MB) : 6791 | Free (MB) : 5595
Virtual = Total (MB) : 2097 | Free (MB) : 1879

C:\ -> [Fixed] | [Windows] | Total : 1859.99 Go | Free : 1822.92 Go -> NTFS [ATA]

Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [25.06.2017 @ 11_51_57]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2017-06-25 08:31:47
Last downloaded : 2017-06-20 06:47:18
Last installation : 2017-06-20 06:48:18
Next search : 2017-06-26 02:37:28

Windows Is Activated

---------- | Browsers

IE : 11.0.9600.18698 (© Microsoft Corporation. All rights reserved.)
FF : 52.0.0.6270 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 58.0.3029.110 (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

AV : Malwarebytes Disabled
AS : Windows Defender Disabled
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 26.0.0.126

---------- | Killed processes

1552 | [Owner : SYSTEM |Parent : 468(services.exe)] - (.Broadcom Corporation. - Bluetooth Support Server.) - (6.5.1.2700) = C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
3264 | [Owner : SYSTEM |Parent : 3072()] - (.Google Inc. - Google Crash Handler.) - (1.3.33.5) = C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
3316 | [Owner : hilton |Parent : 2960(explorer.exe)] - (.Siber Systems - RoboForm TaskBar Icon.) - (8.3.7.7) = C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
3380 | [Owner : hilton |Parent : 2852(taskeng.exe)] - (.Piriform Ltd - CCleaner.) - (5.30.0.6065) = C:\Program Files\CCleaner\CCleaner.exe
740 | [Owner : SYSTEM |Parent : 468(services.exe)] - (.Motorola Solutions, Inc. - Bluetooth Device Monitor.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\devmonsrv.exe
3588 | [Owner : SYSTEM |Parent : 468(services.exe)] - (.Motorola Solutions, Inc. - Bluetooth Media Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\mediasrv.exe
1988 | [Owner : SYSTEM |Parent : 468(services.exe)] - (.Motorola Solutions, Inc. - Bluetooth OBEX Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\obexsrv.exe
5460 | [Owner : hilton |Parent : 4808()] - (.eM Client s.r.o. - eM Client.) - (7.0.30068.0) = C:\Program Files\eM Client\MailClient.exe
3660 | [Owner : hilton |Parent : 5460()] - (.eM Client s.r.o. - eM Client.) - (7.0.30068.0) = C:\Program Files\eM Client\MailClient.exe
3216 | [Owner : hilton |Parent : 652(svchost.exe)] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller 26.0 r0.) - (26.0.0.126) = C:\Windows\System32\Macromed\Flash\FlashUtil32_26_0_0_126_ActiveX.exe

---------- | Tasks

Deleted successfully : Driver Support
Deleted successfully : Driver Support-RTMRules
Deleted successfully : Driver Support-RTMScan

Deleted successfully : C:\Windows\System32\Tasks\{AAE1FE94-9FE5-456A-85C2-E40455319DB4} (.-.) ( C:\Program Files\AVAST Software\Avast\avastui.exe ->)

---------- | Services

Service : SLSVC : Restored

---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot


---------- | Winsock


---------- | DNS


---------- | Register

Deleted successfully : HKLM\SOFTWARE\Classes\AppID\protector_dll.DLL : #
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\{6D3BC646-CFCD-4098-8495-B7BD0DF13133} : SlimWare.Session #
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D} : protector_dll #
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{15769049-FAE8-4EE5-9C5A-23FD08336E0A}
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{269422BE-4F3B-4E3B-9BB6-7FE8AEBEFB7E}
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{5B47B102-E05C-41E6-9239-E9276F3758B7}
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{7EAB02A1-B14B-442B-852A-13C88DBECD47}
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{92BAB64C-1FC7-405F-B033-BF4D88BC7A88}
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{AC0E9E34-E725-47AF-A1F1-C114FBD76AAA}
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{D68DDCCC-4880-4FD3-BE6F-DC13115E25E8}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{1B297BBB-6AD4-4907-9654-1B1D816F80E1} : {15769049-FAE8-4EE5-9C5A-23FD08336E0A}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{26D2199D-D5CC-4B60-9A87-2A7542493062} : {15769049-FAE8-4EE5-9C5A-23FD08336E0A}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{44B72FB6-0689-4CDE-9803-F026776A6954} : {15769049-FAE8-4EE5-9C5A-23FD08336E0A}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{9C31F7A3-89DD-4263-9FE8-672D5C90E406} : {15769049-FAE8-4EE5-9C5A-23FD08336E0A}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{C7965C1D-AB34-4DD1-8BFF-070D4096705F} : {15769049-FAE8-4EE5-9C5A-23FD08336E0A}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{E1454302-A65B-4D87-A815-6B9C0F6D0333} : {AC0E9E34-E725-47AF-A1F1-C114FBD76AAA}
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]~[InstantSupport.exe]
Deleted successfully : HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Chromium
Deleted successfully : HKLM\SOFTWARE\SlimWare.Utilities
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3854CF3B2738F1B50811C113A6628B1C : C:\Program Files\DriverUpdate\CrashSender.exe.VC80
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B6C8A96077846C58872590D3F300790 : C:\Program Files\DriverUpdate\mfc80u.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\513C2FCB818471C569E0FDA5A3BDE0E0 : C:\Program Files\DriverUpdate\DriverUpdate.exe
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\518B733684C79CB558F88FE88A841A8E : C:\Program Files\DriverUpdate\msvcp80.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5495805C52029135CA3898C4D31E1381 : C:\Program Files\DriverUpdate\dbghelp-app.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\66D733525E9A58F57966D7601ED64574 : C:\Program Files\DriverUpdate\UnifiedLogger.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9182F476578643550AFFF32CC6EC70A7 : C:\Program Files\DriverUpdate\UninstallStub.exe
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F93A237388CD0485B83A5A3FA718E936 : C:\Program Files\DriverUpdate\msvcr80.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B25CB27B8A56BB449AD45E9C1B6D446B : [C:\Windows\Installer\1e561dab.msi]
Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\Program Files\SlimWare Utilities\]
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Startup.job
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AAE1FE94-9FE5-456A-85C2-E40455319DB4}
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B183A8ED-A7E1-4E0F-B626-D61283A2ADED} : \{AAE1FE94-9FE5-456A-85C2-E40455319DB4}
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B183A8ED-A7E1-4E0F-B626-D61283A2ADED} : \{AAE1FE94-9FE5-456A-85C2-E40455319DB4}
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E572A5EE-C9B3-477C-B58F-EE074238EB6E} : \DriverUpdate Startup.job
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E572A5EE-C9B3-477C-B58F-EE074238EB6E} : \DriverUpdate Startup.job

---------- | Folders | Files

Deleted successfully : C:\Program Files\Driver Support\Agent.Common.dll (Copyright © PC Drivers Headquarters INC. 2015.-.Driver Detective) Agent.Common.dll
Deleted successfully : C:\Program Files\Driver Support\Agent.Communication.dll (Copyright © PC Drivers Headquarters INC. 2015.-.Driver Detective) Agent.Communication.dll
Deleted successfully : C:\Program Files\Driver Support\DriverSupport.exe (Copyright © PC Drivers Headquarters INC. 2015.-.Driver Support) DriverSupport.exe
Deleted successfully : C:\Program Files\Driver Support\ExceptionLogging.dll (Copyright © PC Drivers Headquarters INC. 2012.-.Driver Detective) ExceptionLogging.dll
Deleted successfully : C:\Program Files\Driver Support\RuleEngine.dll (Copyright © PC Drivers Headquarters INC. 2015.-.Driver Detective) RuleEngine.dll
Deleted successfully : C:\Program Files\SlimWare Utilities
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb
Reboot : C:\Users\hilton\AppData\Local\76f7c66
Deleted successfully : C:\Users\hilton\AppData\Local\CrashRpt
Deleted successfully : C:\Users\hilton\AppData\Local\PC_Drivers_Headquarters
Deleted successfully : C:\Users\hilton\AppData\Roaming\Remo\Speed Optimizer
Deleted successfully : C:\Users\hilton\AppData\Roaming\Remo Speed Optimizer2.0
Reboot : C:\Users\hilton\Local Settings\76f7c66
Deleted successfully : C:\ProgramData\PC Drivers HeadQuarters
Deleted successfully : C:\Users\hilton\AppData\LocalLow\Microsoft\Internet Explorer\Services\winsearch.ico (.-.)
Deleted successfully : C:\Windows\Installer\1e561dab.msi (.-.) [Package Install]
Deleted successfully : C:\Windows\System32\Tasks\Driver Support-RTMUpdater (.-.)
Deleted successfully : C:\Windows\System32\Drivers\bcbtums.sys (.-.)
Deleted successfully : C:\Windows\System32\Config\Systemprofile\AppData\Local\CrashRpt

---------- | .LNK


---------- | opening unknown extension


---------- | Proxy


---------- | Internet Explorer

Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Search Bar] : Preserve -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0
Deleted successfully : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x460000008010000009000000000000000000000000000000040000000000000000000000000000000000000000000000000000000400000017000000000000002606A0004B489500D13A4DDE1A9E7459000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000002606A0004B489500E4A7C964593E1B38000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A800020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D38953C20BE218294F2B7A30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Deleted successfully : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000141E000009000000000000000000000000000000040000000000000050740CA746D2D1010000000000000000000000000400000017000000000000002606A0004B489500E4A7C964593E1B38000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000002606A0004B489500A4697E79B67BE57E000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A800040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D38953C188D088094F2B7A30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Deleted successfully : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x460000009C08000009000000000000000000000000000000040000000000000000000000000000000000000000000000000000000400000017000000000000002606A0004B489500E4A7C964593E1B38000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000002606A0004B489500BDFB442B704253EA000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A800050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D38953C281723B294F2B7A30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Deleted successfully : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x460000006B1D000009000000000000000000000000000000040000000000000050740CA746D2D1010000000000000000000000000200000002000000C0A800040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D38953C188D088094F2B7A30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

---------- | Yandex : X

---------- | CLIQZ : X

---------- | Google Chrome

Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = (Changelog)
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ]

C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx

---------- | Comodo Dragon : X

---------- | Firefox

[hilton | pc153f57.default-1485114558992] Replaced : user_pref("browser.search.defaultenginename", "Yahoo! Powered"); -> user_pref("browser.search.defaultenginename", "google");
[hilton | pc153f57.default-1485114558992] Deleted successfully : user_pref("media.gmp-widevinecdm.abi", "x86-msvc-x86");
[hilton | pc153f57.default-1485114558992] Deleted successfully : user_pref("media.gmp-widevinecdm.version", "1.4.8.903");


---------- | SeaMonkey : X

---------- | Pale moon : X

---------- | Opera : X

---------- | Spark : X

---------- | StartMenuInternet

Repaired : [HKLM\SOFTWARE\Clients\StartMenuInternet\IExplore.exe\shell\open\command]~[] : iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"

---------- | Javascript


---------- | Firewall


---------- | ADS


Other(s) report(s)

C:\AdsFix_02_04_2017_16_17_19.txt[25 Ko]

Analyzed : 373484 | Modified : 8 | Deleted : 75

---------- |EOF| ---------- | 16:35:53 | [29 Ko]
Here goes pal...really appreciate the help..
 

Attachments

ok if you have not yet reinstalled Malwarebytes :

Download MalwareBytes Anti-Malware : https://www.malwarebytes.com/mwb-download/ take the free version ( on the left )
Perform the installation
Uncheck « Enable Free Trial of Malwarebytes Anti-Malware Premium » if it’s asked
Malwarebytes will update, let this update,
Click on the « Settings » tab and then on the « Detection and Protection » tab, Check the box « Search for Rootkits »
Click on the « Analysis » tab and then on « Start analysis »
Once the review is complete, check that all detections are checked and then click [Delete Selection]
If Malwarebytes asks you to restart your PC, click « Yes »,
When restarting your PC, restart Malwarebytes
Open the « History » tab and then « Application logs »
Double click on the last Scan Log in date (the one above)
At the bottom click [Export] -> select « Text file (* .txt) »
In the explorer selects the desktop, name it mbam.txt, click [Save]

copy/paste the content of the report in your next reply
 
ok..sorry it has taken so long...health problems...but doing ok now..
I have the paid malwarebytes installed.;..
See no reference to ANALYSIS tap..
do have check for rootkits checked.
Any ideas why I don't have an analysis tap...?
I can not figure out how to send you the results of the scan I just ran...I can't copy and paste...
More problems..I Am so frustrated ..now a bunch of icons disappeared off my computer...I tried rebooting but did not work..tried system restore ( turned of antivirus)..did not work gave me a 0x8007005 error...looked that up but don't understand..
Any help will be greatly appreciated..
Thanks,hefs
 
Last edited:
More problems..I Am so frustrated ..now a bunch of icons disappeared off my computer...I tried rebooting but did not work..tried system restore ( turned of antivirus)..did not work gave me a 0x8007005 error...looked that up but don't understand..
Any help will be greatly appreciated..
Thanks,hefs
 
It is a Dell 755 with win 7 32bit...the machine is 7..8 yrs old...put win 10 on it months ago when it was free but did not like it and took it off...
I found the icons...so that is no longer an issue..
Thanks
 
Ok..gave Quick Drag a try...ran for three hours and hung up at 45% complete...too make sure I let it run another hour..still 45% so stopped it..last time was only a couple of hours..amy idea..re run??
Thanks..
hefs
 
Sorry,tried twice more on the quickdrag and got to 45% and hung up..,am sure I am doing it right as I did it before..
You never told me about me not being able find ANAYLAS in my Malwaerebytes (paid) to be able to send report..
Thanks
 
Hello I said that :

Open the « History » tab and then « Application logs »
Double click on the last Scan Log in date (the one above)
At the bottom click [Export] -> select « Text file (* .txt) »
In the explorer selects the desktop, name it mbam.txt, click [Save]

copy/paste the content of the report in your next reply
 
I am so sorry to be such a PIA..but computers and I just dont jive...As I said....I have the paid version6 of Malwarebytes on my computer..but i do not see an analysis or history tap on program..ther is a dashboard ..it has home..scan..protection... .and settings...
I tried downloading the free version to see if it6 was different than paid but it just foldeduinto my paid version...
Is there away of removing the two programs i originally ask about( atf cleaner/dell firewall) or is that what we are trying to do...
Thanks
Hefs
 
Status
Not open for further replies.
Top Bottom