Solved IE/ Foxfire question

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
H

Hilton Heflin

PCHF Member
Aug 26, 2016
134
17
82
Raleigh ,NC
Running Dell optiplexb755 desk top with Win7 pro 32 bit...
Several months ago I switched my default browser from IE to Firefox ...It seems I get a lot of web page not responding or program not responding..click on pop up and it recovers..this happens a lot and on any website...comes and goes...

Also it seems some programs open in IE and some in Firefox.. I can tell the difference from the header that opens...here again the is no set pattern..
It is no big deal ,but just can't get my old brain to figure it out...
Ant help would be appreciated;
Thanks;
hefs
 
Hello

From what i have heard and seen,neither one works particularity good these days.

Hopefully some more of our members will chime in soon. @gus @Rustys
 
@g3n-h@ckm@n


Quick Diag Scan.


Download Quick Diag to your desktop.
Very Important!! -- Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.
upload_2017-2-23_9-27-51-png.1654

Post the log that is generated in your next post.
 
Thanks guys...appreciate the come feed back.
Like I said..it is no big deal ..just inquiring old mind was wondering..
But what are the alterntives to those two other than Chrome ?
Does it hurt to have all three browser on the computer ?

Thanks,hefs
 
I'd advise you to run the tool and post the log, there may be something lurking that needs cleaned.
 
Malnutrition said:
I'd advise you to run the tool and post the log, there may be something lurking that needs cleaned.
Click to expand...
ok..here goes..hope it helps...thanks


--------------- QuickDiag | g3n-h@ckm@n | V3_27.03.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 30/03/2017 12:17:34

Updated 27/03/2017 | 07.45 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC-05:00) Eastern Time (US & Canada)
[hilton (Administrator)] - [HILTON-PC] (S-1-5-21-3292114827-816517840-1514174382-1000)

System: Microsoft Windows 7 Professional - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Professional |C:\Windows|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: OptiPlex 755 - Dell Inc. - IdNumber: 6Q1PVG1 - UUID: 4C4C4544-0051-3110-8050-B6C04F564731
Processor : X64 - 1862 Mhz - Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Phoenix ROM BIOS PLUS Version 1.10 A22 - en|US|iso8859-1 - Dell Inc. - S/N: 6Q1PVG1 - A22 - DELL - 15
CoreTemp : ? Celsius

----------| Quick


---------- | SoundDevice

SoundMAX Integrated Digital HD Audio Device - Status: OK - Manufacturer: Analog Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1984&SUBSYS_10280211&REV_1004\4&851744B&0&0001

---------- | Video

Intel(R) Q35 Express Chipset Family - Resolution: 1440x900 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_29B2&SUBSYS_02111028&REV_02\3&172E68DD&1&10 - AdapterCompatibility: Intel Corporation - RAM: 268435456
Intel(R) Q35 Express Chipset Family - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_29B3&SUBSYS_02111028&REV_02\3&172E68DD&1&11 - AdapterCompatibility: Intel Corporation - RAM:
Inegrated Video Chipset DeviceName: Intel(R) Q35 Express Chipset Family - DriverVersion: 8.14.10.1930 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31744 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 50176 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 64000 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Radius Inc. - Status: OK

---------- | CPU

CPU #1 value:0 %
CPU #2 value:0 %
Total Overall CPU Usage value:0 %

---------- | Network

Intel[R] 82566DM-2 Gigabit Network Connection : SENT:576 bytes/sec / RECVD:576 bytes/sec
isatap.{B78AF187-32FB-4F20-86D2-C40DA41B6832} : SENT:0 bytes/sec / RECVD:0 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:576 bytes/sec, / RECEIVE Maximum:576 bytes/sec

WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000
Intel(R) 82566DM-2 Gigabit Network Connection - Ethernet 802.3 - Intel - Status: - PnPID : PCI\VEN_8086&DEV_10BD&SUBSYS_02111028&REV_02\3&172E68DD&1&C8
WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000
RAS Async Adapter - Wide Area Network (WAN) - Microsoft - Status: - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
avast! SecureLine TAP Adapter v3 - - TAP-Windows Provider V9 - Status: - PnPID : ROOT\NET\0000
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0002
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000

---------- | Memory

RAM = Total (MB) : 3396 | Free (MB) : 2040
Pagefile = Total (MB) : 6791 | Free (MB) : 5098
Virtual = Total (MB) : 2097 | Free (MB) : 1929

Physical Memory 0 : Capacity: 1073741824 - DIMM_1 - Posit.: 1 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863RZS-CE6 - S/N: 5532D4BF
Physical Memory 1 : Capacity: 1073741824 - DIMM_3 - Posit.: 1 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863DZS-CE6 - S/N: 851CA99B
Physical Memory 2 : Capacity: 1073741824 - DIMM_2 - Posit.: 2 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863QZS-CE6 - S/N: 87036A38
Physical Memory 3 : Capacity: 1073741824 - DIMM_4 - Posit.: 2 - Manufacturer: CE00000000000000 - PartNumber: M3 78T2863DZS-CE6 - S/N: 870F0EE8

---------- | SID Users

Administrator : [S-1-5-21-3292114827-816517840-1514174382-500]
Guest : [S-1-5-21-3292114827-816517840-1514174382-501]
hilton : [S-1-5-21-3292114827-816517840-1514174382-1000]
HomeGroupUser$ : [S-1-5-21-3292114827-816517840-1514174382-1002]
Administrators : [S-1-5-32-544]
Backup Operators : [S-1-5-32-551]
Cryptographic Operators : [S-1-5-32-569]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Network Configuration Operators : [S-1-5-32-556]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Power Users : [S-1-5-32-547]
Remote Desktop Users : [S-1-5-32-555]
Replicator : [S-1-5-32-552]
Users : [S-1-5-32-545]
HomeUsers : [S-1-5-21-3292114827-816517840-1514174382-1001]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [Windows] | Total : 1859.99 Go | Free : 1818.16 Go -> NTFS [ATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec

Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : IDE\DISKHITACHI_HUA722020ALA331_________________JKAOA3NH\5&1590E63B&0&0.0.0

---------- | Windows updates

Last detection : 2017-03-29 22:14:32
Downloaded last ones : 2017-03-14 19:23:58
Installed last ones : 2017-03-15 07:07:26
Next search : 2017-03-30 18:46:01

Windows Is Activated

---------- | Browsers

IE : 11.0.9600.18616 (© Microsoft Corporation.)
FF : 52.0.2.6291 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 56.0.2924.87 (Copyright 2016 Google Inc.)

Default : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1"

---------- | FlashPlayer

FlashPlayer ActiveX : 25.0.0.127

---------- | Security

FW : Avast Antivirus Enabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

320 | [Owner : SYSTEM | Parent : 4(System) | 0.78 Mo] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.23677) = C:\Windows\System32\smss.exe [14/03/2017 15:23:32] CPU Usage:0 %
424 | [Owner : SYSTEM | Parent : 396() | 3.99 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 19:11:09] CPU Usage:0 %
468 | [Owner : SYSTEM | Parent : 396() | 3.14 Mo] - (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [13/07/2009 19:36:49] CPU Usage:0 %
488 | [Owner : SYSTEM | Parent : 476() | 10.95 Mo] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [13/07/2009 19:11:09] CPU Usage:0 %
524 | [Owner : SYSTEM | Parent : 468(wininit.exe) | 8.77 Mo] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [01/07/2016 13:14:35] CPU Usage:0 %
548 | [Owner : SYSTEM | Parent : 468(wininit.exe) | 12.81 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23677) = C:\Windows\System32\lsass.exe [14/03/2017 15:23:32] CPU Usage:0 %
556 | [Owner : SYSTEM | Parent : 468(wininit.exe) | 3.2 Mo] - (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [20/11/2010 17:29:11] CPU Usage:0 %
608 | [Owner : SYSTEM | Parent : 476() | 4.57 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [01/07/2016 13:12:55] CPU Usage:0 %
716 | [Owner : SYSTEM | Parent : 524(services.exe) | 7.02 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
808 | [Owner : NETWORK SERVICE | Parent : 524(services.exe) | 6.29 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
872 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 15.09 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
944 | [Owner : SYSTEM | Parent : 524(services.exe) | 88.6 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
988 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 23.55 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1024 | [Owner : SYSTEM | Parent : 524(services.exe) | 35.39 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1308 | [Owner : NETWORK SERVICE | Parent : 524(services.exe) | 13.18 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1360 | [Owner : SYSTEM | Parent : 524(services.exe) | 40.97 Mo] - (.AVAST Software - Avast Service.) - (17.2.3419.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [12/03/2017 08:26:55] CPU Usage:0 %
1468 | [Owner : SYSTEM | Parent : 524(services.exe) | 9.47 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe [02/07/2016 14:33:16] CPU Usage:0 %
1524 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 10.11 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1588 | [Owner : SYSTEM | Parent : 524(services.exe) | 11.7 Mo] - (.AVAST Software - Avast firewall service.) - (17.2.3419.0) = C:\Program Files\AVAST Software\Avast\afwServ.exe [12/03/2017 08:26:15] CPU Usage:0 %
1684 | [Owner : SYSTEM | Parent : 524(services.exe) | 2.67 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.21.1354) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [19/12/2016 23:38:14] CPU Usage:0 %
1724 | [Owner : SYSTEM | Parent : 524(services.exe) | 3.27 Mo] - (.Intel Corporation - Displays state of Intel® Active Management Technology..) - (3.0.0.6) = C:\Program Files\Intel\AMT\atchksrv.exe [23/07/2012 19:53:32] CPU Usage:0 %
1748 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 3.53 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1768 | [Owner : SYSTEM | Parent : 524(services.exe) | 4.33 Mo] - (.Broadcom Corporation. - Bluetooth Support Server.) - (6.5.1.2700) = C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [01/04/2012 13:22:20] CPU Usage:0 %
1812 | [Owner : SYSTEM | Parent : 524(services.exe) | 9.72 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1860 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 10.25 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1888 | [Owner : SYSTEM | Parent : 524(services.exe) | 3.18 Mo] - (.Intel Corporation - Intel(R) Wireless Bluetooth(R) iBtSiva Service.) - (19.0.1629.3590) = C:\Program Files\Intel\Bluetooth\ibtsiva.exe [03/02/2016 14:28:54] CPU Usage:0 %
1932 | [Owner : SYSTEM | Parent : 524(services.exe) | 4.04 Mo] - (.Intel Corporation - Intel® PROSet Monitoring Service.) - (19.5.302.0) = C:\Windows\System32\IPROSetMonitor.exe [16/10/2014 14:38:56] CPU Usage:0 %
1960 | [Owner : SYSTEM | Parent : 524(services.exe) | 3.94 Mo] - (.Intel - Local Manageability Service.) - (3.0.10.1053) = C:\Program Files\Intel\AMT\LMS.exe [23/07/2012 19:53:32] CPU Usage:0 %
372 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 4.64 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
400 | [Owner : SYSTEM | Parent : 524(services.exe) | 6.17 Mo] - (.Intel - User Notification Service.) - (3.2.0.1053) = C:\Program Files\Intel\AMT\UNS.exe [23/07/2012 19:53:32] CPU Usage:0 %
2760 | [Owner : NETWORK SERVICE | Parent : 524(services.exe) | 4.48 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
3164 | [Owner : SYSTEM | Parent : 524(services.exe) | 25.51 Mo] - (.AVAST Software s.r.o. - Avast Behavior Shield.) - (17.2.2.60911) = C:\Program Files\AVAST Software\Avast\aswidsagent.exe [12/03/2017 08:26:19] CPU Usage:0 %
3492 | [Owner : hilton | Parent : 1024(svchost.exe) | 4.29 Mo] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [20/11/2010 17:29:06] CPU Usage:0 %
3524 | [Owner : hilton | Parent : 524(services.exe) | 37.14 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [29/06/2016 16:50:18] CPU Usage:0 %
3596 | [Owner : hilton | Parent : 944(svchost.exe) | 6.51 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [13/07/2009 19:24:23] CPU Usage:0 %
3604 | [Owner : hilton | Parent : 1024(svchost.exe) | 4.8 Mo] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [20/11/2010 17:29:06] CPU Usage:0 %
3660 | [Owner : hilton | Parent : 3604(taskeng.exe) | 4.44 Mo] - (.SlimWare Utilities, Inc. - DriverUpdate.) - (4.0.0.0) = C:\Program Files\DriverUpdate\DriverUpdate.exe [01/08/2016 10:37:58] CPU Usage:0 %
3676 | [Owner : hilton | Parent : 3560() | 55.33 Mo] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.23537) = C:\Windows\explorer.exe [16/10/2016 12:49:31] CPU Usage:0 %
3792 | [Owner : SYSTEM | Parent : 3668() | 0.53 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.32.7) = C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe [25/12/2016 17:13:27] CPU Usage:0 %
3924 | [Owner : hilton | Parent : 3676(explorer.exe) | 4.86 Mo] - (.Intel Corporation - Displays state of Intel® Active Management Technology..) - (3.0.0.9) = C:\Program Files\Intel\AMT\atchk.exe [23/07/2012 19:53:32] CPU Usage:0 %
3948 | [Owner : hilton | Parent : 3676(explorer.exe) | 5.58 Mo] - (.Analog Devices, Inc. - SMax4PNP.) - (6.1.7200.179) = C:\Program Files\Analog Devices\Core\smax4pnp.exe [26/09/2016 12:42:46] CPU Usage:0 %
3980 | [Owner : hilton | Parent : 3676(explorer.exe) | 20.72 Mo] - (.CANON INC. - Canon Quick Menu.) - (2.7.1.0) = C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [28/01/2017 15:19:07] CPU Usage:0 %
4016 | [Owner : hilton | Parent : 3960() | 16.41 Mo] - (.AVAST Software - Avast Antivirus.) - (17.2.3419.64) = C:\Program Files\AVAST Software\Avast\avastui.exe [15/03/2017 08:27:35] CPU Usage:0 %
4028 | [Owner : hilton | Parent : 3676(explorer.exe) | 5.17 Mo] - (.Microsoft Corporation - Windows Mobile Device Center.) - (6.1.6965.0) = C:\Windows\WindowsMobile\wmdc.exe [31/05/2007 10:21:28] CPU Usage:0 %
4040 | [Owner : hilton | Parent : 3676(explorer.exe) | 9.04 Mo] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe [13/07/2009 19:41:43] CPU Usage:0 %
4060 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 5.27 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
1284 | [Owner : hilton | Parent : 3492(taskeng.exe) | 1.96 Mo] - (.Piriform Ltd - CCleaner.) - (5.28.0.6005) = C:\Program Files\CCleaner\CCleaner.exe [03/03/2017 14:10:26] CPU Usage:0 %
2584 | [Owner : NETWORK SERVICE | Parent : 716(svchost.exe) | 12.57 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 17:29:20] CPU Usage:0 %
3052 | [Owner : SYSTEM | Parent : 524(services.exe) | 15.81 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe [01/07/2016 13:15:49] CPU Usage:0 %
3108 | [Owner : NETWORK SERVICE | Parent : 524(services.exe) | 8.52 Mo] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe [20/11/2010 17:29:49] CPU Usage:0 %
3408 | [Owner : SYSTEM | Parent : 524(services.exe) | 5.29 Mo] - (.SlimWare Utilities Holdings, Inc. - SlimWare.Services Service.) - (1.0.0.0) = C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe [01/08/2016 10:37:58] CPU Usage:0 %
3772 | [Owner : SYSTEM | Parent : 716(svchost.exe) | 7.87 Mo] - (.SlimWare Utilities Holdings, Inc. - SlimWare.Session Server.) - (1.0.0.0) = C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe [01/08/2016 10:37:58] CPU Usage:0 %
3428 | [Owner : SYSTEM | Parent : 524(services.exe) | 5.5 Mo] - (.Motorola Solutions, Inc. - Bluetooth Device Monitor.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\devmonsrv.exe [18/07/2016 15:43:38] CPU Usage:0 %
1220 | [Owner : SYSTEM | Parent : 524(services.exe) | 5.79 Mo] - (.Motorola Solutions, Inc. - Bluetooth OBEX Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\obexsrv.exe [18/07/2016 15:43:52] CPU Usage:0 %
3228 | [Owner : LOCAL SERVICE | Parent : 524(services.exe) | 12.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [13/07/2009 19:19:28] CPU Usage:0 %
4172 | [Owner : SYSTEM | Parent : 524(services.exe) | 7.01 Mo] - (.Motorola Solutions, Inc. - Bluetooth Media Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\mediasrv.exe [18/07/2016 15:43:44] CPU Usage:0 %
4268 | [Owner : hilton | Parent : 716(svchost.exe) | 5.41 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe [13/07/2009 19:30:28] CPU Usage:0 %
4728 | [Owner : hilton | Parent : 3676(explorer.exe) | 23.47 Mo] - (.Dell - Dell System Detect.) - (7.11.0.6) = C:\Users\hilton\AppData\Local\Apps\2.0\3VGPG9W0.MPE\2E0VXQW4.WA5\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\DellSystemDetect.exe [07/02/2017 16:29:05] CPU Usage:0 %
4812 | [Owner : hilton | Parent : 3676(explorer.exe) | 35.5 Mo] - (.Siber Systems - RoboForm TaskBar Icon.) - (8.3.1.1) = C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe [12/08/2016 15:03:22] CPU Usage:0 %
4860 | [Owner : hilton | Parent : 3676(explorer.exe) | 10.78 Mo] - (.Broadcom Corporation. - Bluetooth Tray Application.) - (6.5.1.2700) = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [01/04/2012 13:22:18] CPU Usage:0 %
5320 | [Owner : hilton | Parent : 4580() | 0.95 Mo] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe [13/07/2009 19:41:43] CPU Usage:0 %
4408 | [Owner : hilton | Parent : 3980(CNQMMAIN.EXE) | 24.54 Mo] - (.CANON INC. - Canon Quick Menu Updater.) - (2.7.1.0) = C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE [28/01/2017 15:19:07] CPU Usage:0 %
3572 | [Owner : hilton | Parent : 2108() | 9.42 Mo] - (.Amazon Services LLC - Amazon Music Helper.) - (5.3.6.1743) = C:\Users\hilton\AppData\Local\Amazon Music\Amazon Music Helper.exe [05/07/2016 14:36:58] CPU Usage:0 %
5472 | [Owner : hilton | Parent : 4144() | 179.85 Mo] - (.eM Client s.r.o. - eM Client.) - (7.0.27943.0) = C:\Program Files\eM Client\MailClient.exe [21/10/2016 18:10:42] CPU Usage:0 %
5496 | [Owner : hilton | Parent : 5472(MailClient.exe) | 70.95 Mo] - (.eM Client s.r.o. - eM Client.) - (7.0.27943.0) = C:\Program Files\eM Client\MailClient.exe [21/10/2016 18:10:42] CPU Usage:0 %
5180 | [Owner : LOCAL SERVICE | Parent : 872(svchost.exe) | ?????] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (6.1.7601.23471) = C:\Windows\System32\audiodg.exe [12/10/2016 06:10:31] CPU Usage:0 %
4924 | [Owner : hilton | Parent : 4016(avastui.exe) | 3.51 Mo] - (.Microsoft Corporation - CTF Loader.) - (6.1.7600.16385) = C:\Windows\System32\ctfmon.exe [13/07/2009 19:26:10] CPU Usage:0 %
5592 | [Owner : hilton | Parent : 1776() | 28.6 Mo] - (.SosVirus - QuickDiag.) - (27.3.17.1) = C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S270N135\quickdiag_3_27.03.17.1.exe [30/03/2017 12:17:06] CPU Usage:0 %
5416 | [Owner : SYSTEM | Parent : 716(svchost.exe) | 4.93 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/11/2010 17:29:20] CPU Usage:0 %
1104 | [Owner : NETWORK SERVICE | Parent : 524(services.exe) | 11.36 Mo] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [20/11/2010 17:29:12] CPU Usage:0 %

---------- | MD5

[MD5.6DDCA324434FFA506CF7DC4E51DB7935] - [16/10/2016 12:49:31] - (.© Microsoft Corporation. - Windows Explorer.) - [2903 Ko] - (6.1.7601.23537) : C:\Windows\Explorer.exe
[MD5.AD7B9C14083B52BC532FBA5948342B98] - [20/11/2010 17:29:12] - (.© Microsoft Corporation. - Windows Command Processor.) - [295.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe
[MD5.342271F6142E7C70805B8A81E1BA5F5C] - [13/07/2009 19:11:09] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [6 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - [13/07/2009 19:43:52] - (.© Microsoft Corporation. - COM Surrogate.) - [7 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe
[MD5.4D1BC518FF64EB70F6B9218A6FBFDEF6] - [01/07/2016 13:19:26] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [852 Ko] - (6.1.7601.23392) : C:\Windows\System32\Kernel32.dll
[MD5.083D9DCFFF8C71BF0797535C85C24492] - [14/03/2017 15:23:32] - (.© Microsoft Corporation. - Local Security Authority Process.) - [21.5 Ko] - (6.1.7601.23677) : C:\Windows\System32\lsass.exe
[MD5.1F54F58D7FA2B3442084E32CDE5E309E] - [01/07/2016 13:20:24] - (.© Microsoft Corporation. - Distributed COM Services.) - [367.5 Ko] - (6.1.7601.19143) : C:\Windows\System32\rpcss.dll
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - [13/07/2009 19:41:43] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [43.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe
[MD5.0780A42DBD7D9969F9BF4A19AA4285B5] - [01/07/2016 13:14:35] - (.© Microsoft Corporation. - Services and Controller app.) - [253 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe
[MD5.54A47F6B5E09A77E61649109C6A08866] - [13/07/2009 19:19:28] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [20.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe
[MD5.91D4629DA1EBD286D8A7C24FBC5DC641] - [14/12/2016 00:57:02] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [792.5 Ko] - (6.1.7601.23594) : C:\Windows\System32\user32.dll
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [20/11/2010 17:29:06] - (.© Microsoft Corporation. - Userinit Logon Application.) - [26 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [13/07/2009 19:36:49] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [94 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe
[MD5.52449FD429D6053B78AE564DEF303870] - [01/07/2016 13:12:55] - (.© Microsoft Corporation. - Windows Logon Application.) - [297 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe
[MD5.93B49FA857F7036A4EFF32371F6E7391] - [01/07/2016 13:17:38] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [331 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\afd.sys
[MD5.338C86357871C167A96AB976519BF59E] - [13/07/2009 19:11:15] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.08 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys
[MD5.DDCE686D76C2B4DB435A3AF5BD0E691D] - [01/07/2016 13:13:16] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [129.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys
[MD5.77EA11B065E0A8AB902D78145CA51E10] - [13/07/2009 19:11:15] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [69 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - [20/11/2010 17:29:03] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.EA9DBD76CE9254C77BAAB4339DD4C4FB] - [12/10/2016 06:10:32] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [79.5 Ko] - (6.1.7601.23542) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - [20/11/2010 17:29:03] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - [13/07/2009 19:11:24] - (.© Microsoft Corporation. - i8042 Port Driver.) - [79 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - [13/07/2009 19:54:29] - (.© Microsoft Corporation. - IP Network Address Translator.) - [99.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.E3DFD23D6205F839BFB946392A0CC347] - [14/03/2017 15:23:33] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [121.5 Ko] - (6.1.7601.23677) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.9804FB2E46077F2977552347DFCA7E05] - [01/07/2016 13:17:10] - (.© Microsoft Corporation. - NDIS 6.20 driver.) - [695.94 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys
[MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - [01/07/2016 13:11:58] - (.© Microsoft Corporation. - MBT Transport driver.) - [184.5 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys
[MD5.978E7A2E4BF4E8E70D0776EF0D9E97FB] - [01/07/2016 13:10:21] - (.© Microsoft Corporation. - NT File System Driver.) - [1183.94 Ko] - (6.1.7601.19116) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - [13/07/2009 19:45:35] - (.© Microsoft Corporation. - Parallel Port Driver.) - [77.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - [13/07/2009 19:54:34] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [77 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.B973FCFC50DC1434E1970A146F7E3885] - [20/11/2010 17:29:49] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [130.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rdpdr.sys
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - [13/07/2009 19:53:41] - (.© Microsoft Corporation. - SMB Transport driver.) - [69.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys
[MD5.C7E41209132B9CF084CCEA8593F61328] - [18/09/2016 13:52:16] - (.© Microsoft Corporation. - TCP/IP Driver.) - [1279.23 Ko] - (6.1.7601.23496) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.BB8817D0508DD5EA69C770C8DEF5AB67] - [01/07/2016 13:17:38] - (.© Microsoft Corporation. - TDI Translation Driver.) - [73 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\tdx.sys
[MD5.F497F67932C6FA693D7DE2780631CFE7] - [20/11/2010 17:29:03] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [239.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.AVAST Software s.r.o..-.Hook Library.) - (17.2.2.60911) -- C:\Program Files\AVAST Software\Avast\aswhookx.dll
(.AVAST Software.-.Avast Shell Extension.) - (17.2.3419.0) -- C:\Program Files\AVAST Software\Avast\ashShell.dll
(.AVAST Software.-.Avast AAVM Remote Procedure Call Library.) - (17.2.3419.0) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll
(.AVAST Software.-.Avast Logging Library.) - (17.2.3419.0) -- C:\Program Files\AVAST Software\Avast\log.dll
(.Stardock.-.Stardock Fences Shell Extension.) - (3.0.3.0) -- C:\Program Files\Stardock\Fences\FencesMenu.dll
(..-..) - (0.0.0.0) -- :\program files\stardock\fences\DesktopDock.dll
(..-..) - (0.0.0.0) -- :\program files\stardock\fences\SdAppServices.dll
(.Broadcom Corporation..-.Multimedia Keys Hook DLL.) - (6.5.1.2700) -- C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll
(.Broadcom Corporation..-.KeyBoard Hook DLL.) - (6.5.1.2700) -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.AVAST Software s.r.o..-.Hook Library.) - (17.2.2.60911) -- C:\Program Files\AVAST Software\Avast\aswhookx.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\...\Run]) - User: hilton-PC\hilton
Amazon Music - ("C:\Users\hilton\AppData\Local\Amazon Music\Amazon Music Helper.exe" [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\...\Run]) - User: hilton-PC\hilton
Fences - ("C:\Program Files\Stardock\Fences\Fences.exe" /startup [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\...\Run]) - User: hilton-PC\hilton
eM Client - ("C:\Program Files\eM Client\MailClient.exe" /startup [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\...\Run]) - User: hilton-PC\hilton
RoboForm - ("C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\...\Run]) - User: hilton-PC\hilton
DellSystemDetect - (C:\Users\hilton\AppData\Local\Apps\2.0\3VGPG9W0.MPE\2E0VXQW4.WA5\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\DellSystemDetect.exe 4zZn5oeQk9WMM5ZBt7fsYA== [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\...\Run]) - User: hilton-PC\hilton
Bluetooth - (C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [Common Startup]) - User: Public
atchk - ("C:\Program Files\Intel\AMT\atchk.exe" [HKLM\SOFTWARE\...\Run]) - User: Public
SoundMAXPnP - (C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKLM\SOFTWARE\...\Run]) - User: Public
AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public
Fences - ("C:\Program Files\Stardock\Fences\Fences.exe" /startup [HKLM\SOFTWARE\...\Run]) - User: Public
CanonQuickMenu - (C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon [HKLM\SOFTWARE\...\Run]) - User: Public
Windows Mobile Device Center - (%windir%\WindowsMobile\wmdc.exe [HKLM\SOFTWARE\...\Run]) - User: Public
BTMTrayAgent - (rundll32.exe "C:\Program Files\Intel\Bluetooth\btmshellex.dll",TrayApp [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Command Processor]
"CompletionChar"=9
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=9

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
"Amazon Music"="C:\Users\hilton\AppData\Local\Amazon Music\Amazon Music Helper.exe"
"Fences"="C:\Program Files\Stardock\Fences\Fences.exe" /startup
"eM Client"="C:\Program Files\eM Client\MailClient.exe" /startup
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"DellSystemDetect"=C:\Users\hilton\AppData\Local\Apps\2.0\3VGPG9W0.MPE\2E0VXQW4.WA5\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\DellSystemDetect.exe 4zZn5oeQk9WMM5ZBt7fsYA==

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DebugOptions"=2048
"Documents"=
"DosPrint"=no
"Load"=
"NetMessage"=no
"NullPort"=None
"Programs"=com exe bat pif cmd
"Device"=Canon MG3200 series Printer,winspool,Ne00:
"UserSelectedDefault"=1

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=64

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe"
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [26/09/2016 12:42:46]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
"Fences"="C:\Program Files\Stardock\Fences\Fences.exe" /startup
"CanonQuickMenu"=C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"BTMTrayAgent"=rundll32.exe "C:\Program Files\Intel\Bluetooth\btmshellex.dll",TrayApp

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"=FencesShellExt

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"GDIProcessHandleQuota"=10000
"ShutdownWarningDialogTimeout"=4294967295
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000
""=mnmsrvc
"DeviceNotSelectedTimeout"=15
"Spooler"=yes
"TransmissionRetryTimeout"=90
"AppInit_DLLs"=
"LoadAppInit_DLLs"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}


---------- | Win.ini :



---------- | System.ini :



---------- | Config.sys :

FILES=40


---------- | Planified Tasks

Adobe Acrobat Update Task
Adobe Flash Player Updater
Avast Emergency Update
CCleanerSkipUAC
Driver Support
Driver Support-RTMRules
Driver Support-RTMScan
Driver Support-RTMUpdater
DriverUpdate Scan
DriverUpdate Startup.job
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
Open URL by RoboForm
Run RoboForm TaskBar Icon
SafeZone scheduled Autoupdate 1482114147

---------- | Startings up registry ¦ Folder


---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"RCDependentServices"=CertPropSvc
SessionEnv
"NotificationTimeOut"=0
"SnapshotMonitors"=1
"ProductVersion"=5.1
"AllowRemoteRPC"=0
"DelayConMgrTimeout"=0
"fDenyTSConnections"=1
"StartRCM"=0
"TSAdvertise"=0
"DeleteTempDirsOnExit"=1
"fSingleSessionPerUser"=1
"PerSessionTempDir"=0
"TSUserEnabled"=0
"InstanceID"=48d3a40b-43bb-4a8a-928a-3e9ce49
"fCredentialLessLogonSupported"=1
"fCredentialLessLogonSupportedTSS"=1
"fCredentialLessLogonSupportedKMRDP"=1

[HKLM\System\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"=2592000
"GlobalFlag"=0
"HeapDeCommitFreeBlockThreshold"=0
"HeapDeCommitTotalFreeThreshold"=0
"HeapSegmentCommit"=0
"HeapSegmentReserve"=0
"ProcessorControl"=2
"ResourceTimeoutCount"=648000
"BootExecute"=autocheck autochk *
"ExcludeFromKnownDlls"=
"ObjectDirectories"=\Windows
\RPC Control
"ProtectionMode"=1
"NumberOfInitialSessions"=2
"SetupExecute"=

[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=wuauserv
gpsvc
trustedinstaller
"WaitToKillServiceTimeout"=200
"CurrentUser"=USERNAME
"BootDriverFlags"=0
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll
"SystemStartOptions"= NOEXECUTE=OPTIN
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbaseobjects"=0
"auditbasedirectories"=0
"crashonauditfail"=0
"fullprivilegeauditing"=0x00
"Bounds"=0x0030000000200000
"LimitBlankPasswordUse"=1
"NoLmHash"=1
"Notification Packages"=scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
"Authentication Packages"=msv1_0
"LsaPid"=548
"SecureBoot"=1
"ProductType"=6
"disabledomaincreds"=0
"everyoneincludesanonymous"=0
"forceguest"=0
"restrictanonymous"=0
"restrictanonymoussam"=1


---------- | .LNK with Arguments


---------- | AppCertDlls


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Control Panel\Desktop]
"ScreenSaveActive"=1
"ActiveWndTrackTimeout"=0
"BlockSendInputResets"=0
"CaretWidth"=1
"ClickLockTime"=1200
"CoolSwitchColumns"=7
"CoolSwitchRows"=3
"CursorBlinkRate"=530
"DockMoving"=1
"DragFromMaximize"=1
"DragFullWindows"=1
"DragHeight"=4
"DragWidth"=4
"FocusBorderHeight"=1
"FocusBorderWidth"=1
"FontSmoothing"=2
"FontSmoothingGamma"=0
"FontSmoothingOrientation"=1
"FontSmoothingType"=2
"ForegroundFlashCount"=7
"ForegroundLockTimeout"=200000
"LeftOverlapChars"=3
"MenuShowDelay"=250
"PaintDesktopVersion"=0
"Pattern"=0
"RightOverlapChars"=3
"SnapSizing"=1
"TileWallpaper"=0
"WallpaperOriginX"=0
"WallpaperOriginY"=0
"WallpaperStyle"=10
"WheelScrollChars"=3
"WheelScrollLines"=3
"WindowArrangementActive"=1
"UserPreferencesMask"=0x9E3E078012000000
"Wallpaper"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg [29/06/2016 16:31:01]
"WaitToKillAppTimeout"=200

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ShellState"=0x240000003828000000000000000000000000000001000000120000000000000022000000
"CleanShutdown"=0
"ExplorerStartupTraceRecorded"=1
"Browse For Folder Width"=318
"Browse For Folder Height"=288
"link"=0x15000000

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2
"ServerAdminUI"=0
"Hidden"=2
"ShowCompColor"=1
"HideFileExt"=1
"DontPrettyPath"=0
"ShowInfoTip"=1
"HideIcons"=0
"MapNetDrvBtn"=0
"WebView"=1
"Filter"=0
"SuperHidden"=0
"SeparateProcess"=0
"AutoCheckSelect"=0
"IconsOnly"=0
"ShowTypeOverlay"=1
"ListviewAlphaSelect"=1
"ListviewShadow"=1
"TaskbarAnimations"=1
"Start_ShowMyGames"=0
"StartMenuInit"=4
""=0
"ThumbnailLivePreviewHoverTime"=250
"ExtendedUIHoverTime"=250

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"=@shell32.dll,-30500
"Type"=radio
"CheckedValue"=1
"ValueName"=Hidden
"DefaultValue"=2
"HKeyRoot"=2147483649
"HelpID"=shell.hlp#51105

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"IconUnderline"=2
"GlobalAssocChangedCounter"=54
""=

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s


---------- | Winlogon

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin
"BuildNumber"=7601
"FirstLogon"=0
"ParseAutoexec"=1

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1
"Shell"=explorer.exe
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit"=C:\Windows\system32\userinit.exe,
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
"AutoRestartShell"=1
"Background"=0 0 0
"CachedLogonsCount"=10
"DebugServerCommand"=no
"ForceUnlockLogon"=0
"LegalNoticeCaption"=
"LegalNoticeText"=
"PasswordExpiryWarning"=5
"PowerdownAfterShutdown"=0
"ShutdownWithoutLogon"=0
"WinStationsDisabled"=0
"DisableCAD"=1
"scremoveoption"=0
"ShutdownFlags"=43
"AutoAdminLogon"=0
"DefaultUserName"=hilton


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\Classes\.com]
""=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.reg]
""=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\Classes\.scr]
""=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\Classes\.bat]
""=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.cmd]
""=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.pif]
""=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.inf]
""=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes\.url]
""=InternetShortcut

[HKLM\Software\Classes\.lnk]
""=lnkfile

[HKLM\Software\Classes\.hta]
"PerceivedType"=text
""=htafile
"Content Type"=application/hta

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\System32\mshta.exe "%1" %*

[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"EditFlags"=2
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"FriendlyTypeName"=@C:\Windows\system32\ieframe.dll,-10046
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
""=Internet Shortcut

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest
"EditFlags"=65536
"BrowserFlags"=4096
"FriendlyTypeName"=@dfshim.dll,-200

[HKLM\Software\Classes\Application.Reference]
"NeverShowExt"=
""=Application Reference
"IsShortcut"=
"EditFlags"=131072
"FriendlyTypeName"=@dfshim.dll,-201

[HKLM\Software\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeLayoutPatternForSearch"=alpha
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
""=Folder
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.ItemTypeText

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files\Google\Chrome\Application\chrome.exe"
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=iexplore.exe
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command]
""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe"
[HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\InstallInfo]
"ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser


---------- | AppcompatFlags

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"c:\SWSetup\SP73091\Setup.exe"=1
"c:\SWSetup\SP73091\Win32\setup.exe"=1
"C:\DRIVERS\WIN\TPBTooth\Setup.exe"=1
"C:\DRIVERS\WIN\TPBTooth\Win32\setup.exe"=1
"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"=1
"C:\Program Files\DriverUpdate\DriverUpdate.UpdateLauncher.exe"=1
"C:\Users\hilton\Downloads\Stardock\ObjectDock_setup.exe"=1
"C:\Users\hilton\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe"=1
"C:\Users\hilton\Downloads\xp68-win-mg3200-5_60a-ejs.exe"=1
"C:\Users\hilton\Downloads\qm__-win-2_7_1-ea31_2.exe"=1
"C:\Users\hilton\Downloads\ccsetup526(2).exe"=1
"C:\Users\hilton\Downloads\ccsetup528(1).exe"=1
"C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2JQRX6H\Firefox Setup Stub 52.0.2.exe"=1

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Program Files\AVAST Software\SZBrowser\Launcher.exe"=32


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"SwapMouseButtons"=#USR:Control Panel\Mouse
"Beep"=#USR:Control Panel\Sound
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"CoolSwitch"=USR:Control Panel\Desktop
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=128920209537502489
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=0
"ProductStatus"=0
"InstallTime"=0x49D898D4C7D0D101

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)


---------- | Hosts


---------- | Ping

Pinging google.com [2607:f8b0:4004:803::200e] with 32 bytes of data:
Reply from 2607:f8b0:4004:803::200e: time=21ms
Reply from 2607:f8b0:4004:803::200e: time=24ms
Reply from 2607:f8b0:4004:803::200e: time=26ms
Reply from 2607:f8b0:4004:803::200e: time=24ms

Ping statistics for 2607:f8b0:4004:803::200e:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 26ms, Average = 23ms

---------- | @

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"=yes
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page Redirect Cache AcceptLangs"=en-US
"NotifyDownloadComplete"=yes
"DisableScriptDebuggerIE"=yes
"ImageStoreRandomFolder"=13euj9h
"DoNotTrack"=0
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x93C7F956736BD201
"IE10TourShown"=1
"IE10TourShownTime"=0xC73E542CDB69D201
"DownloadWindowPlacement"=0x2C00000000000000000000000083FFFF0083FFFFFFFFFFFFFFFFFFFF6001000097000000E003000077020000
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=
"DefSpellLang"=en-AU
en-US
"SuppressScriptDebuggerDialog"=0
"FormSuggest Passwords"=yes
"FormSuggest PW Ask"=no
"ScriptDebugger_EnableHiddenTabs"=0
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"StatusBarWeb"=1
"ForceGDIPlus"=0
"AlwaysShowMenus"=0
"ShutdownWaitForOnUnload"=0
"DNSPreresolution"=8
"SpellChecking"=1
"LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8}
"DisablePasswordReveal"=0
"Check_Associations"=no
"DisableRequiresActiveXPrompt"=
"GotoIntranetSiteForSingleWordEntry"=0
"AutoSearch"=1
"PredictedViewExpansion"=100
"PredictedViewChangeThreshold"=10
"PredictedViewChangeThresholdPaint"=10
"ContentLayerCacheExpansion"=300
"RenderingLoopMaxTime"=250
"NscSingleExpand"=0
"Error Dlg Displayed On Every Error"=no
"Friendly http errors"=yes
"CSS_Compat"=doctype
"Expand Alt Text"=no
"Display Inline Videos"=1
"Print_Background"=no
"Use Stylesheets"=1
"SmoothScroll"=1
"Show image placeholders"=0
"Disable Diagnostics Mode"=no
"Move System Caret"=no
"Enable AutoImageResize"=yes
"UseThemes"=1
"UseHR"=0
"Q300829"=0
"Cleanup HTCs"=0
"XDomainRequest"=1
"DOMStorage"=1
"EnableAlternativeCodec"=yes
"JScriptProfileCacheEventDelay"=5000
"CrossfadeMinTimeoutInMS"=30000
"CrossfadeMaxTimeoutInMS"=30000
"CrossfadeCurrentTimeoutInMS"=30000
"ScrollTimeoutInMS"=6000
"IE10RunOnceLastShown"=1
"IE10TourNoShow"=0
"IE10RecommendedSettingsNo"=0
"FrameTabWindow"=1
"AdminTabProcs"=1
"SessionMerging"=1
"FrameMerging"=1
"HangRecovery"=1
"DesktopTransparentCoverWindowTime"=8
"TSEnable"=1
"Isolation"=PMIL
"Isolation64Bit"=0
"IsolationImmersive"=PMEM
"TabShutdownDelay"=60000
"FrameShutdownDelay"=0
"Search Bar"=Preserve
"MinIEEnabled"=1
"RefcountTracker"=0
"TabDragOnSingleProc"=0
"ForceBFCacheCandidacyPass"=0
"Fasterback"=1
"BackForwardInstrumentation"=0
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
"Start Page_TIMESTAMP"=0x17896B66BFA0D201
"OperationalData"=5
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAF000000AF000000CF030000DB020000
"IE10RunOnceLastShown_TIMESTAMP"=0x9114367EA56AD201
"Start Page Redirect Cache_TIMESTAMP"=0x52A46C8BB6A1D201
"Use FormSuggest"=yes
"Start Page Redirect Cache"=http://www.msn.com/?pc=UE09&ocid=UE09DHP

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"IE5_UA_Backup_Flag"=5.0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=IEUser@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"SecureProtocols"=2688
"PrivacyAdvanced"=1
"ZonesSecurityUpgrade"=0x31CCA11F50D2D101
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"EnableAutodial"=0
"NoNetAutodial"=0
"ProxyHttp1.1"=1
"EnableSPDY3_0"=0
"BackgroundConnections"=1
"EnableSSL3Fallback"=1
"EnablePunycode"=1
"ShowPunycode"=0
"CreateUriCacheSize"=80
"CoInternetCombineIUriCacheSize"=80
"SecurityIdIUriCacheSize"=30
"SpecialFoldersCacheSize"=8
"SyncMode5"=4
"DisableIDNPrompt"=0
"WarnonBadCertRecving"=1
"WarnOnPostRedirect"=1
"ProxyEnable"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=https://us.search.yahoo.com/yhs/web...ie_16_28&os_ver=6.1&os=Windows+7+Professional
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Check_Associations"=yes
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll

---------- | Execution FileExts








---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShell.dll [12/03/2017 08:26:56]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll


---------- | Toolbar

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}"=0xA0434D72850DD411990800400523E39A
"ITBar7Layout"=0x13000000000000000000000020000000100000001500000001000000000700005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"ITBar7Height"=21

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
"UpgradeTime"=0x79396929DB69D201
"DefaultPackCorrection"=1
"DefaultPackNTCorrection"=1
"TopResult"=1
"ShowSearchSuggestionsGlobal"=1
"ShowSearchSuggestionsInAddressGlobal"=1
"KnownProvidersUpgradeTime"=0xA8D48D28DB69D201
"Version"=4

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{724d43a0-0d85-11d4-9908-00400523e39a}"=0x00

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}


---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}] : () - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}] : (@C:\Windows\WindowsMobile\INetRepl.dll,-223) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}] : (Fill Forms) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] : (Save Forms) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}] : (Show RoboForm Toolbar) - []

---------- | SearchScopes

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE10 :
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Yahoo! Powered) - https://us.search.yahoo.com/yhs/sea...16_28&os_ver=6.1&os=Windows+7+Professional&p={searchTerms} :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}] -> (RoboForm Toolbar Helper) : C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [12/08/2016 15:03:22]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] -> (avast! Online Security) : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [12/03/2017 08:26:54]

---------- | Chrome

C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\bmnlcjabgnpnenekpadlanbbkooimhnj = : Automatically find and apply coupon codes when you shop online! - Honey - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : Avast SafePrice - safe shopping extension. - Avast SafePrice - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\hdokiejnpimakedhajhdlcegeplioahd = : Google & co - version_name: 4.1.42 - http://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pnlccmojcmeohlpggmfnbbiapkmbliob = : RoboForm the #1 ranked Password Manager makes your life easier by remembering passwords and logging you into websites automatically - short_name: RoboForm - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
[HKLM\Software\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
[HKLM\Software\Google\Chrome\Extensions\okmhneofinpilciglijihehjpaegledb]
[HKLM\Software\Google\Chrome\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob]

---------- | Opera


---------- | Firefox


[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"=C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi
[HKLM\Software\mozilla\Firefox\Extensions]
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF48
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF48
"{22119944-ED35-4ab1-910B-E619EA06A115}"=C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi
[HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll
[HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKLM\Software\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\Prefs.js

user_pref("browser.startup.homepage_override.buildID", "20170323105023");
user_pref("browser.startup.homepage_override.mstone", "52.0.2");
user_pref("extensions.adblockplus.currentVersion", "2.8.2");
user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1490728374792,\"softExpiration\":1490804253080,\"hardExpiration\":1490900996549,\"data\":{\"notifications\":[],\"version\":\"201703281910\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":17}");
user_pref("extensions.blocklist.pingCountTotal", 15);
user_pref("extensions.blocklist.pingCountVersion", -1);
user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.8.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"deployment-checker@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{e5b8abb3-2955-4a02-8bbe-dcbb897fcf3f}\\\\deployment-checker@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"e10srollout@mozilla.org\":{\"version\":\"1.12\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{e5b8abb3-2955-4a02-8bbe-dcbb897fcf3f}\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"{22119944-ED35-4ab1-910B-E619EA06A115}\":{\"version\":\"8.2.9.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Siber Systems\\\\AI RoboForm\\\\Firefox\\\\roboform.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false}}");
user_pref("extensions.databaseSchema", 19);
user_pref("extensions.e10s.rollout.blocklist", "{dc572301-7619-498c-a57d-39143191b318};firefox@mega.co.nzsupport@lastpass.com;");
user_pref("extensions.e10s.rollout.hasAddon", true);
user_pref("extensions.e10s.rollout.policy", "50allmpc");
user_pref("extensions.e10sBlockedByAddons", false);
user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0.2");
user_pref("extensions.getAddons.cache.lastUpdate", 1490722983);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20170302.01");
user_pref("extensions.lastAppVersion", "52.0.2");
user_pref("extensions.lastPlatformVersion", "52.0.2");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{e5b8abb3-2955-4a02-8bbe-dcbb897fcf3f}\",\"addons\":{\"deployment-checker@mozilla.org\":{\"version\":\"1.0\"},\"e10srollout@mozilla.org\":{\"version\":\"1.12\"}}}");
user_pref("extensions.xpiState", "{\"app-profile\":{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.8.2\",\"st\":1486153401130}},\"app-system-addons\":{\"deployment-checker@mozilla.org\":{\"d\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{e5b8abb3-2955-4a02-8bbe-dcbb897fcf3f}\\\\deployment-checker@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1490449778263},\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Users\\\\hilton\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\pc153f57.default-1485114558992\\\\features\\\\{e5b8abb3-2955-4a02-8bbe-dcbb897fcf3f}\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.12\",\"st\":1490449778352}},\"winreg-app-user\":{\"{22119944-ED35-4ab1-910B-E619EA06A115}\":{\"d\":\"C:\\\\Program Files\\\\Siber Systems\\\\AI RoboForm\\\\Firefox\\\\roboform.xpi\",\"e\":true,\"v\":\"8.2.9.5\",\"st\":1490449717851}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"52.0.2\",\"st\":1490296975000}},\"winreg-app-global\":{\"sp@avast.com\":{\"d\":\"C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\SafePrice\\\\FF48\",\"e\":false,\"v\":\"12.0.163\",\"st\":1483460168395,\"mt\":1489321603344},\"wrc@avast.com\":{\"d\":\"C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\WebRep\\\\FF48\",\"e\":false,\"v\":\"12.0.163\",\"st\":1483460168535,\"mt\":1489321610098},\"{22119944-ED35-4ab1-910B-E619EA06A115}\":{\"d\":\"C:\\\\Program Files\\\\Siber Systems\\\\AI RoboForm\\\\Firefox\\\\roboform.xpi\",\"e\":false,\"v\":\"8.2.9.5\",\"st\":1490449717851}}}");


[Profile0] - Name=default-1485114558992 -> Profiles/pc153f57.default-1485114558992

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=209.18.47.61 209.18.47.62
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{7F3D0977-3F81-48D1-8A0D-5B6CF1496778}]
"NameServer"=77.234.40.79
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{B78AF187-32FB-4F20-86D2-C40DA41B6832}]
"DhcpNameServer"=209.18.47.61 209.18.47.62
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{7F3D0977-3F81-48D1-8A0D-5B6CF1496778}]
"NameServer"=77.234.40.79
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B78AF187-32FB-4F20-86D2-C40DA41B6832}]
"DhcpNameServer"=209.18.47.61 209.18.47.62
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7F3D0977-3F81-48D1-8A0D-5B6CF1496778}]
"NameServer"=77.234.40.79
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B78AF187-32FB-4F20-86D2-C40DA41B6832}]
"DhcpNameServer"=209.18.47.61 209.18.47.62

---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"regsvc"=RemoteRegistry
"DcomLaunch"=Power
PlugPlay
DcomLaunch
"secsvcs"=WinDefend
"bthsvcs"=bthserv
"PeerDist"=PeerDistSvc
"WindowsMobile"=wcescomm
rapimgr
"LocalServiceRestricted"=WcesComm
RapiMgr


---------- | SvcHost - Netsvcs (Whitelist)

Term - :

---------- | Software

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\ACPTab]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Adobe]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Amazon]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Amazon Services LLC]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Analog Devices]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\AppDataLow]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\AVAST Software]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Canon]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Clients]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\csastats]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Dashlane_profiles]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\DriverSupport]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\eM Client]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\eSupport.com]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\FromDocToPDF]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Google]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\InSTab]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Intel]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\jtosjykc]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Kodi]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Macromedia]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Mozilla]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\MozillaPlugins]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Netscape]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\OpenOffice]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\ovbrx]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\PCPitstop]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Piriform]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Policies]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\ProductSetup]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\QtProject]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Safer Technologies]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Samsung]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Siber Systems]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\SlimWare Utilities Inc]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Stardock]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Sysinternals]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\undefined]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Widcomm]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Adobe]
[HKLM\Software\Analog Devices]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVAST Software]
[HKLM\Software\Canon]
[HKLM\Software\CBSTEST]
[HKLM\Software\Clients]
[HKLM\Software\DriverSupport]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice]
[HKLM\Software\PCPitstop]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SAMSUNG]
[HKLM\Software\Siber Systems]
[HKLM\Software\SlimWare Utilities Inc]
[HKLM\Software\SlimWare Utilities, Inc.]
[HKLM\Software\SlimWare.Utilities]
[HKLM\Software\Sonic]
[HKLM\Software\Stardock]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\Volatile]
[HKLM\Software\Widcomm]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WindowsMobile]

---------- | Drives


---------- | C:

[13/07/2009 22:36:15] - |SHD| - [9655] - C:\$Recycle.Bin
[10/08/2016 13:52:39] - |D| - [0] - C:\95fcae343f4f0cedab9b17240bf8
[MD5.D9EBEC6668A6092FCBD1713C347AA5E0] - [13/07/2009 22:04:04] - |A| - (.-.) - [24] - (0.0.0.0) - C:\autoexec.bat
[MD5.ED4FC5980BD8B1AD869FF725C7776338] - [13/07/2009 22:04:04] - |A| - (.-.) - [10] - (0.0.0.0) - C:\config.sys
[20/08/2016 14:06:16] - |D| - [49262943] - C:\Dell
[MD5.B819A5003CEFCA15B52A9EE823EC7620] - [23/07/2012 20:44:40] - |A| - (.-.) - [37] - (0.0.0.0) - C:\DevMgr.bat
[14/07/2009 00:53:55] - |SHD| - [0] - C:\Documents and Settings
[01/08/2016 14:18:40] - |D| - [189142349] - C:\DRIVERS
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/06/2016 18:58:58] - |ASH| - (.-.) - [2608287744] - (0.0.0.0) - C:\hiberfil.sys
[01/08/2016 14:35:27] - |D| - [1515578] - C:\Intel
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/06/2016 18:58:58] - |ASH| - (.-.) - [3477721088] - (0.0.0.0) - C:\pagefile.sys
[13/07/2009 22:37:05] - |D| - [0] - C:\PerfLogs
[13/07/2009 22:37:05] - |RD| - [3647032121] - C:\Program Files
[13/07/2009 22:37:05] - |HD| - [5991858299] - C:\ProgramData
[30/03/2017 12:06:11] - |D| - [262068] - C:\QuickDiag
[MD5.1FF8F6F7A588DE345393B64FBFBBCB0D] - [30/03/2017 12:17:34] - |A| - (.-.) - [102838] - (0.0.0.0) - C:\QuickDiag.txt
[29/06/2016 16:30:46] - |SHD| - [148457388] - C:\Recovery
[23/07/2012 20:44:40] - |AHD| - [1874344] - C:\RPKTools
[05/07/2016 14:05:37] - |D| - [329162094] - C:\SWSetup
[27/06/2016 18:58:58] - |SHD| - [0] - C:\System Volume Information
[23/07/2012 20:44:40] - |HD| - [281] - C:\Tools
[13/07/2009 22:37:05] - |RD| - [11041350425] - C:\Users
[13/07/2009 22:37:05] - |D| - [15479368276] - C:\Windows

---------- | C:\Windows

[14/07/2009 00:52:30] - |D| - [802] - C:\Windows\addins
[13/07/2009 22:37:05] - |D| - [10312754] - C:\Windows\AppCompat
[13/07/2009 22:37:05] - |D| - [9867762] - C:\Windows\AppPatch
[13/07/2009 22:37:05] - |RSD| - [825091803] - C:\Windows\assembly
[MD5.12EBDA58437CD1EA7066FCB6455241D2] - [18/12/2016 22:20:33] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\Windows\avastSS.scr
[MD5.DBD14D0DB0382DFE96D7B5007DDD5ABE] - [20/11/2010 17:29:04] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [65024] - (6.1.7601.17514) - C:\Windows\bfsvc.exe
[13/07/2009 22:37:06] - |D| - [18320168] - C:\Windows\Boot
[MD5.65F45F6B0892C97FC111EF97E234E056] - [14/07/2009 00:57:37] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[13/07/2009 22:37:06] - |D| - [2418176] - C:\Windows\Branding
[23/07/2012 20:44:34] - |D| - [144984548] - C:\Windows\ConfigSetRoot
[27/06/2016 18:59:20] - |D| - [0] - C:\Windows\CSC
[13/07/2009 22:37:06] - |D| - [2113488] - C:\Windows\Cursors
[14/07/2009 00:34:21] - |D| - [17090] - C:\Windows\debug
[14/07/2009 00:52:30] - |D| - [3001676] - C:\Windows\diagnostics
[20/11/2010 20:38:49] - |D| - [0] - C:\Windows\DigitalLocker
[14/07/2009 00:52:30] - |D| - [4340996] - C:\Windows\Downloaded Program Files
[20/11/2010 20:47:17] - |D| - [106176151] - C:\Windows\ehome
[20/11/2010 20:38:49] - |D| - [110080] - C:\Windows\en-US
[MD5.2A66E81AE941E54A237490FC35D387C8] - [29/06/2016 18:07:44] - |A| - (.-.) - [1945] - (0.0.0.0) - C:\Windows\epplauncher.mif
[MD5.6DDCA324434FFA506CF7DC4E51DB7935] - [16/10/2016 12:49:31] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [2972672] - (6.1.7601.23537) - C:\Windows\explorer.exe
[13/07/2009 22:37:06] - |RSD| - [370634595] - C:\Windows\Fonts
[MD5.F9202335BBA03A02F084FE588564BBF5] - [13/07/2009 19:12:58] - |A| - (.© Microsoft Corporation. - BitLocker Drive Encryption Servicing Utility.) - [13824] - (6.1.7600.16385) - C:\Windows\fveupdate.exe
[13/07/2009 22:37:06] - |D| - [32090797] - C:\Windows\Globalization
[13/07/2009 22:37:06] - |D| - [30365914] - C:\Windows\Help
[MD5.155DA2D5BCA16FB7B017D0F3A7C93C03] - [14/03/2017 15:23:33] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [497152] - (6.1.7601.23674) - C:\Windows\HelpPane.exe
[MD5.9B90B0C78671A4881D06C91941F6F379] - [13/07/2009 20:12:22] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [15360] - (6.1.7600.16385) - C:\Windows\hh.exe
[13/07/2009 22:37:06] - |D| - [143546732] - C:\Windows\IME
[13/07/2009 22:37:06] - |D| - [134360351] - C:\Windows\inf
[23/07/2012 19:49:39] - |SHD| - [999172483] - C:\Windows\Installer
[13/07/2009 22:37:06] - |D| - [48371] - C:\Windows\L2Schemas
[13/07/2009 22:37:06] - |D| - [0] - C:\Windows\LiveKernelReports
[13/07/2009 22:37:06] - |D| - [65664698] - C:\Windows\Logs
[13/07/2009 22:37:06] - |RSD| - [13327133] - C:\Windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [13/07/2009 19:55:01] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[13/07/2009 22:37:07] - |D| - [562262215] - C:\Windows\Microsoft.NET
[02/07/2016 03:18:15] - |D| - [3634] - C:\Windows\Migration
[02/07/2016 13:55:15] - |D| - [109366] - C:\Windows\Minidump
[13/07/2009 22:37:07] - |D| - [0] - C:\Windows\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [13/07/2009 22:04:57] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini
[MD5.A4F6DF0E33E644E802C8798ED94D80EA] - [01/07/2016 13:19:59] - |A| - (.© Microsoft Corporation. - Notepad.) - [179712] - (6.1.7601.18917) - C:\Windows\notepad.exe
[23/07/2012 20:44:40] - |D| - [18052] - C:\Windows\OEM
[14/07/2009 00:52:30] - |D| - [65] - C:\Windows\Offline Web Pages
[23/07/2012 20:45:04] - |D| - [1243676] - C:\Windows\Panther
[14/07/2009 00:52:30] - |D| - [62693450] - C:\Windows\Performance
[MD5.349E9263BD6436D560A96763AD081213] - [28/03/2017 15:03:14] - |A| - (.-.) - [3804] - (0.0.0.0) - C:\Windows\PFRO.log
[13/07/2009 22:37:07] - |D| - [1117380] - C:\Windows\PLA
[13/07/2009 22:37:07] - |D| - [4880510] - C:\Windows\PolicyDefinitions
[23/07/2012 19:46:20] - |D| - [40516661] - C:\Windows\Prefetch
[MD5.FFB8B91BD19E5BC10A3344AAF34880F3] - [20/11/2010 20:47:53] - |A| - (.-.) - [53551] - (0.0.0.0) - C:\Windows\Professional.xml
[MD5.8A4883F5E7AC37444F23279239553878] - [13/07/2009 19:17:08] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [398336] - (6.1.7600.16385) - C:\Windows\regedit.exe
[13/07/2009 22:37:07] - |D| - [21544] - C:\Windows\registration
[13/07/2009 22:37:07] - |D| - [9103503] - C:\Windows\rescache
[13/07/2009 22:37:07] - |D| - [1674534] - C:\Windows\Resources
[13/07/2009 22:37:07] - |D| - [0] - C:\Windows\SchCache
[13/07/2009 22:37:07] - |D| - [58021] - C:\Windows\schemas
[13/07/2009 22:37:07] - |D| - [5281068] - C:\Windows\security
[14/07/2009 00:34:13] - |D| - [69420548] - C:\Windows\ServiceProfiles
[13/07/2009 22:37:07] - |D| - [61201423] - C:\Windows\servicing
[14/07/2009 00:34:16] - |D| - [42] - C:\Windows\Setup
[MD5.D74E3C688AA4F552EB9F55CB8EA67170] - [28/03/2017 15:03:20] - |A| - (.-.) - [56] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [28/03/2017 15:03:20] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[27/06/2016 19:00:19] - |D| - [643096841] - C:\Windows\SoftwareDistribution
[13/07/2009 22:37:07] - |D| - [181021214] - C:\Windows\Speech
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 00:48:09] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml
[13/07/2009 22:37:07] - |D| - [700380] - C:\Windows\system
[MD5.286A9EDB379DC3423A528B0864A0F111] - [13/07/2009 22:04:23] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[13/07/2009 22:37:07] - |D| - [3267679335] - C:\Windows\System32
[13/07/2009 22:37:09] - |D| - [15] - C:\Windows\TAPI
[13/07/2009 22:37:09] - |D| - [43258] - C:\Windows\Tasks
[13/07/2009 22:37:09] - |D| - [394650] - C:\Windows\Temp
[13/07/2009 22:37:09] - |D| - [0] - C:\Windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 17:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll
[14/07/2009 00:52:30] - |D| - [6144] - C:\Windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [20/11/2010 17:29:41] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 18:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [13/07/2009 20:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe
[MD5.015B30309491A911E75748AD69C9E680] - [18/12/2016 22:20:37] - |A| - (.© Microsoft Corporation. - Microsoft® C Runtime Library.) - [921280] - (10.0.10586.212) - C:\Windows\ucrtbase.dll
[13/07/2009 22:37:09] - |D| - [12420] - C:\Windows\Vss
[13/07/2009 22:37:09] - |D| - [40681427] - C:\Windows\Web
[MD5.162904DAA5412143F5403233E77F787E] - [13/07/2009 22:04:23] - |A| - (.-.) - [403] - (0.0.0.0) - C:\Windows\win.ini
[12/02/2017 15:08:20] - |D| - [85838997] - C:\Windows\WindowsMobile
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 00:41:57] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.F0719465DE663FC69F18C6A93189F955] - [27/06/2016 19:00:19] - |A| - (.-.) - [2037711] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.8E6F7D51A5CB299C25621C6C1AB57E84] - [13/07/2009 16:29:46] - |A| - (.Copyright © Microsoft Corp. 1991-1992 - Windows Help Engine application file.) - [256192] - (3.10.0.425) - C:\Windows\winhelp.exe
[MD5.1D420D66250BCAAAED05724FB34008CF] - [13/07/2009 20:12:29] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe
[13/07/2009 22:37:09] - |D| - [7516126629] - C:\Windows\winsxs
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 17:34:23] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.6E8EACC0B339365D79A2C06896865D3D] - [13/07/2009 19:41:00] - |A| - (.© Microsoft Corporation. - Windows Write.) - [9216] - (6.1.7600.16385) - C:\Windows\write.exe
[MD5.B317B33694BAC49D492DD3F23E374899] - [13/07/2009 17:30:30] - |A| - (.-.) - [707] - (0.0.0.0) - C:\Windows\_default.pif

---------- | C:\Windows\System32\GroupPolicy

[MD5.6D3BF95C2CCAD94EF493A7B393A4134D] - [30/06/2016 15:55:47] - |A| - (.-.) - [127] - (0.0.0.0) - C:\Windows\System32\GroupPolicy\gpt.ini
[30/06/2016 15:55:47] - |D| - [94] - C:\Windows\System32\GroupPolicy\Machine
[30/06/2016 15:55:47] - |D| - [0] - C:\Windows\System32\GroupPolicy\User

---------- | Systemroot\System

[13/07/2009 19:00:47] - |A| - [69584] - C:\Windows\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL)
[13/07/2009 19:00:47] - |A| - [109456] - C:\Windows\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library)
[13/07/2009 17:41:42] - |A| - [32816] - C:\Windows\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Common Dialogs libraries)
[13/07/2009 17:41:23] - |A| - [2000] - C:\Windows\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Keyboard Driver Module)
[13/07/2009 16:29:46] - |A| - [9936] - C:\Windows\System\lzexpand.dll (Copyright © Microsoft Corp. 1989-1992) - (Windows file expansion library)
[13/07/2009 19:00:47] - |A| - [73376] - C:\Windows\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI)
[13/07/2009 19:00:47] - |A| - [25264] - C:\Windows\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer)
[13/07/2009 19:00:47] - |A| - [28160] - C:\Windows\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio)
[13/07/2009 17:41:32] - |A| - [68992] - C:\Windows\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (System APIs for Multimedia)
[13/07/2009 17:41:32] - |A| - [1152] - C:\Windows\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Multimedia background task support module)
[13/07/2009 17:41:27] - |A| - [2032] - C:\Windows\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW MOUSE Driver Module)
[10/06/2009 17:21:50] - |A| - [126912] - C:\Windows\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL)
[13/07/2009 16:29:46] - |A| - [82944] - C:\Windows\System\olecli.dll (Copyright © Microsoft Corp. 1991-1993) - (Object Linking and Embedding Client Library)
[13/07/2009 17:41:50] - |A| - [24064] - C:\Windows\System\OLESVR.DLL (Copyright © Microsoft Corp. 1991-1996) - (Object Linking and Embedding Server Library)
[13/07/2009 17:41:22] - |A| - [5120] - C:\Windows\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Shell library)
[13/07/2009 17:41:23] - |A| - [1744] - C:\Windows\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW SOUND Driver Module)
[13/07/2009 18:00:27] - |A| - [5532] - C:\Windows\System\stdole.tlb (Copyright © Microsoft Corp. 1993-1995) - (OLE 2.1 16/32 Interoperability Type Library)
[13/07/2009 17:41:21] - |A| - [3360] - C:\Windows\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows System Driver core component)
[13/07/2009 17:41:39] - |A| - [4048] - C:\Windows\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Timer driver for PC compatibles)
[13/07/2009 16:29:46] - |A| - [9008] - C:\Windows\System\ver.dll (Copyright © Microsoft Corp. 1991) - (Version Checking and File Installation Libraries)
[13/07/2009 17:41:26] - |A| - [2176] - C:\Windows\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Display Driver Module)
[13/07/2009 17:41:45] - |A| - [12704] - C:\Windows\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows for Workgroups network driver)

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[05/05/2015 14:23:16] - C:\Windows\Installer\178720f.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/09/2016 12:21:44] - C:\Windows\Installer\19ae0f09.msi : (OpenOffice 4.1.3 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/07/2016 22:19:14] - C:\Windows\Installer\1c9d2e.msi : (Intel(R) Wireless Bluetooth(R) - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/09/2016 12:01:33] - C:\Windows\Installer\1e561dab.msi : (Looks for updates for your computer's software and drivers to improve performance. - Slimware Utilities Holdings, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2014 15:04:56] - C:\Windows\Installer\1ebc2c9f.msi : (Intel(R) Network Connections - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 04:42:22] - C:\Windows\Installer\1f3b9bd.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/04/2012 01:06:44] - C:\Windows\Installer\223b8e.msi : (WIDCOMM Bluetooth Profile Pack - Broadcom Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[03/02/2017 13:51:45] - C:\Windows\Installer\23fd2d27.msi : (eM Client - eM Client Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/01/2017 11:05:43] - C:\Windows\Installer\450e743.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/12/2016 17:13:23] - C:\Windows\Installer\99d9d8.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/11/2016 16:09:45] - C:\Windows\Installer\f249c6.msi : (Blank Project Template - Samsung Electronics Co., Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[14/07/2009 00:42:29] - [73] - C:\Windows\System32\desktop.ini
[29/06/2016 16:51:31] - [16303] - C:\Windows\System32\ieuinit.inf
[14/07/2009 00:42:26] - [535] - C:\Windows\System32\mapisvc.inf
[20/11/2010 17:01:02] - [781298] - C:\Windows\System32\PerfStringBackup.INI
[10/06/2009 17:39:59] - [60124] - C:\Windows\System32\tcpmon.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.D41D8CD98F00B204E9800998ECF8427E] - |N| - [11/12/2016 11:34:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\atchk.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |N| - [23/07/2012 19:53:34] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\atchksrv.log
[MD5.00000000000000000000000000000000] - |D| - [19/03/2017 15:54:00] - [313.99 Ko] - C:\Windows\Temp\avast_ash2
[MD5.EA1798F1AFDE24A6BC55CCDE109A8B00] - |A| - [26/03/2017 01:00:01] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\Temp\coinlog.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/03/2017 03:26:30] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.590_0SZBrowser_autoupdate.download.lock
[MD5.31A5527E08DFDB6DAEC90D1C04742E83] - |A| - [28/03/2017 15:14:00] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\fwtsqmfile00.sqm
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 03:57:12] - [5.39 Ko] - C:\Windows\Temp\HP
[MD5.00000000000000000000000000000000] - |D| - [18/12/2016 22:22:19] - [65.39 Ko] - C:\Windows\Temp\SafeZone Installer
[MD5.00000000000000000000000000000000] - |D| - [18/12/2016 22:21:19] - [0 Ko] - C:\Windows\Temp\_avast_
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [0 Ko] - C:\Windows\System32\0409
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 00:34:15] - (.-.) - [21.19 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 00:34:15] - (.-.) - [21.19 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.8AAD333C876590293F72B315E162BCC7] - |A| - [13/07/2009 17:40:41] - (.-.) - [8.82 Ko] - (0.0.0.0) - C:\Windows\System32\ANSI.SYS
[MD5.D753EEE17725526A67ACDDAA5D63EF68] - |A| - [13/07/2009 17:40:49] - (.-.) - [12.21 Ko] - (0.0.0.0) - C:\Windows\System32\append.exe
[MD5.00000000000000000000000000000000] - |D| - [27/02/2017 14:24:53] - [0 Ko] - C:\Windows\System32\appmgmt
[MD5.00000000000000000000000000000000] - |D| - [03/07/2016 03:49:28] - [9293.73 Ko] - C:\Windows\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [201.5 Ko] - C:\Windows\System32\ar-SA
[MD5.15FC01D1317A95D50EA23CA132C4F73F] - |A| - [12/03/2017 08:27:10] - (.Copyright (c) 2014 AVAST Software - Avast start-up scanner.) - [320.52 Ko] - (17.2.3419.0) - C:\Windows\System32\aswBoot.exe
[MD5.30475F091008E24550523515A023270D] - |A| - [13/07/2009 22:04:04] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\Windows\System32\autoexec.nt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [173 Ko] - C:\Windows\System32\bg-BG
[MD5.84BDB1E378591D930482B896A1648C53] - |A| - [10/06/2009 17:42:54] - (.-.) - [27.75 Ko] - (0.0.0.0) - C:\Windows\System32\bios1.rom
[MD5.B44C4C9CA9D4BCC8430F3276576F562B] - |A| - [13/07/2009 17:30:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\bios4.rom
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [1043.2 Ko] - C:\Windows\System32\Boot
[MD5.278EE111CB021686C7BDB45C12EAC6E2] - |A| - [13/07/2009 20:59:14] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [17 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll
[MD5.D1E5E5826ECB8F87BDB0CF9E28B48465] - |A| - [13/07/2009 19:51:43] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [72 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |HD| - [28/01/2017 15:13:43] - [824.17 Ko] - C:\Windows\System32\CanonIJ Uninstaller Information
[MD5.40DF43CA1A8752CAA135E27DCC6645B3] - |A| - [13/07/2009 19:41:26] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\Windows\System32\CardGames.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [44208.56 Ko] - C:\Windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [20184.07 Ko] - C:\Windows\System32\catroot2
[MD5.6F6C16E5D711E35FABE3FCD8C49E7A69] - |A| - [05/07/2016 14:17:02] - (.-.) - [75.75 Ko] - (0.0.0.0) - C:\Windows\System32\CNC1762D.TBL
[MD5.E564016FA6663C04A97D754F522632EE] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2012 All Rights Reserved - WIA Scanner Driver.) - [260.5 Ko] - (20.0.0.4) - C:\Windows\System32\CNC_B8C.dll
[MD5.90CF774CA09A5BF87854B63110D543FD] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2012 All Rights Reserved - WIA Scanner Driver Image Enhancement dll.) - [94.5 Ko] - (20.0.0.4) - C:\Windows\System32\CNC_B8I.dll
[MD5.86802456CB4AD11942447D1112242CA0] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2012 All Rights Reserved - LLD.) - [312.5 Ko] - (1.0.0.0) - C:\Windows\System32\CNC_B8L.dll
[MD5.D16CF34B17899F90A8FCF2A3F77B4A27] - |A| - [05/07/2016 14:17:02] - (.Copyright CANON INC. 2007-2008 All Rights Reserved - Canon Device Dependent Informations for Scanner Library.) - [15.5 Ko] - (1.4.1.1) - C:\Windows\System32\CNHMCA.dll
[MD5.35096FFA4D72432B6795E310A991D757] - |A| - [05/07/2016 14:17:54] - (.Copyright CANON INC. 2000-2012 All Rights Reserved - IJ Language Monitor.) - [307.5 Ko] - (0.3.0.1) - C:\Windows\System32\CNMLMB8.DLL
[MD5.C37A74199944B29D736DFE59974A3A34] - |A| - [28/01/2017 15:13:38] - (.Copyright CANON INC. 2007-2012 All Rights Reserved - IJ Language Monitor.) - [309 Ko] - (0.3.0.1) - C:\Windows\System32\CNMXLMB8.DLL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [4568.56 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [302.5 Ko] - C:\Windows\System32\com
[MD5.BA597F9A4BB90F038266CE1A3C3BE3FB] - |A| - [13/07/2009 17:40:48] - (.-.) - [49.46 Ko] - (0.0.0.0) - C:\Windows\System32\COMMAND.COM
[MD5.00000000000000000000000000000000] - |SD| - [03/07/2016 03:49:29] - [3421.69 Ko] - C:\Windows\System32\CompatTel
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [263794.93 Ko] - C:\Windows\System32\config
[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - |A| - [13/07/2009 22:04:04] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\Windows\System32\config.nt
[MD5.0FE9F16075C9ACB941C957B7C649176E] - |A| - [13/07/2009 17:40:44] - (.-.) - [26.46 Ko] - (0.0.0.0) - C:\Windows\System32\country.sys
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [432 Ko] - C:\Windows\System32\cs-CZ
[MD5.4B2E28731AC72530E58ED1F1EB0A93A1] - |A| - [01/08/2016 14:11:40] - (.Copyright 2011 - CSVer.) - [52 Ko] - (9.4.0.1027) - C:\Windows\System32\CSVer.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [427.5 Ko] - C:\Windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [457.5 Ko] - C:\Windows\System32\de-DE
[MD5.C17AFA0AAD78C621F818DD6729572C48] - |A| - [13/07/2009 17:40:52] - (.-.) - [20.15 Ko] - (0.0.0.0) - C:\Windows\System32\debug.exe
[MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 00:42:29] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:07] - [4135 Ko] - C:\Windows\System32\Dism
[MD5.03783D0840B2C54D7665248425C74417] - |A| - [20/11/2010 17:29:20] - (.-.) - [52.34 Ko] - (0.0.0.0) - C:\Windows\System32\dosx.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [52488.54 Ko] - C:\Windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [1054105.33 Ko] - C:\Windows\System32\DriverStore
[MD5.F61E145D8A9AF7CDAB47CD810DE7DC56] - |A| - [01/08/2016 14:12:31] - (.-.) - [2.65 Ko] - (0.0.0.0) - C:\Windows\System32\e1e6232.din
[MD5.F6E368E10B600836DD349FF937B183A2] - |A| - [10/06/2009 17:42:32] - (.-.) - [68.25 Ko] - (0.0.0.0) - C:\Windows\System32\edit.com
[MD5.8AA8DCC96FA0492E3B5D415537FAB8FE] - |A| - [10/06/2009 17:42:32] - (.-.) - [10.54 Ko] - (0.0.0.0) - C:\Windows\System32\EDIT.HLP
[MD5.B7A0AA49CBB604B2C3A42A49C36D8A4F] - |A| - [13/07/2009 17:40:50] - (.-.) - [12.35 Ko] - (0.0.0.0) - C:\Windows\System32\edlin.exe
[MD5.52E91EAC2F3175B1A5B0150382B6D771] - |A| - [13/07/2009 16:31:17] - (.-.) - [124.23 Ko] - (0.0.0.0) - C:\Windows\System32\ega.cpi
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [457 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [1804 Ko] - C:\Windows\System32\en
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [36261.52 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [448 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [160.5 Ko] - C:\Windows\System32\et-EE
[MD5.683626544E81387771ED55E1A0F2047B] - |A| - [13/07/2009 17:40:51] - (.-.) - [8.23 Ko] - (0.0.0.0) - C:\Windows\System32\exe2bin.exe
[MD5.68062C0ECE86AB7801B5B47FDC855A06] - |A| - [13/07/2009 17:41:02] - (.-.) - [0.86 Ko] - (0.0.0.0) - C:\Windows\System32\fastopen.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [430 Ko] - C:\Windows\System32\fi-FI
[MD5.1773BC78010F9C4B354F83E3CE2054C6] - |A| - [14/07/2009 00:33:53] - (.-.) - [283.45 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [454 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 17:19:05] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.F58BC2273B8D60E457A73FAD18C38F9C] - |A| - [03/07/2016 12:22:54] - (.-.) - [57.42 Ko] - (0.0.0.0) - C:\Windows\System32\GDIPFONTCACHEV1.DAT
[MD5.6E4E7884E6489AC4F5E6DAB176A73E52] - |A| - [13/07/2009 17:41:01] - (.-.) - [19.23 Ko] - (0.0.0.0) - C:\Windows\System32\GRAPHICS.COM
[MD5.BC33AA625D6B807F718627386DF78426] - |A| - [10/06/2009 17:42:32] - (.-.) - [20.73 Ko] - (0.0.0.0) - C:\Windows\System32\graphics.pro
[MD5.00000000000000000000000000000000] - |HD| - [13/07/2009 22:37:08] - [0.22 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - |A| - [13/07/2009 17:40:40] - (.-.) - [4.66 Ko] - (0.0.0.0) - C:\Windows\System32\HIMEM.SYS
[MD5.52DF780DF7CA0697B4BCF777C98D35B1] - |A| - [21/07/2016 15:26:48] - (.© 2015 HPDC LP - DeviceCoInstaller.) - [258.67 Ko] - (40.2.1065.64451) - C:\Windows\System32\hpinkcoiDC11.dll
[MD5.8F7C9ABD28273C7B5BA577EC1C824E13] - |A| - [21/07/2016 15:26:52] - (.© 2015 HPDC LP - hpinkins.exe.) - [2098.17 Ko] - (40.2.1065.64451) - C:\Windows\System32\hpinkinsDC11.exe
[MD5.5E29CE485622B317F13DC8E3634B400E] - |A| - [21/07/2016 15:26:56] - (.© 2015 HPDC LP - Print Status Language Monitor.) - [308.67 Ko] - (40.2.1065.64451) - C:\Windows\System32\hpinkstsDC11LM.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [168 Ko] - C:\Windows\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [434.5 Ko] - C:\Windows\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [5.36 Ko] - C:\Windows\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.4B2BDDFB7C44498E9FF47C8F65918867] - |A| - [23/09/2009 19:27:44] - (.Copyright (C) 2009 - Intel® Graphics Media Accelerator Driver Coinstaller.) - [152 Ko] - (1.1.17.0) - C:\Windows\System32\igfxCoIn_v1930.dll
[MD5.99AF886F548DFA1AEC9868A8BF0F74FC] - |A| - [23/09/2009 18:45:12] - (.-.) - [1876.24 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa32.cpa
[MD5.7FEF5563D091D8A44B96DD4EBE0350AA] - |A| - [23/09/2009 18:45:12] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa32.vp
[MD5.A16E966DEBE65033E703CA9514753E11] - |A| - [23/09/2009 18:45:12] - (.-.) - [58.81 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc32.vp
[MD5.251D22DE1DF611739E4D0C7BAB2E80D6] - |A| - [23/09/2009 18:45:12] - (.-.) - [58.84 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg32.vp
[MD5.CB4DCAF11675F52D39035BCEE14ABA77] - |A| - [23/09/2009 18:45:12] - (.-.) - [58.61 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo32.vp
[MD5.68B4E32B9D5AAC08DF18C288676E9B82] - |A| - [23/09/2009 19:45:20] - (.-.) - [38.52 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxs32.vp
[MD5.1B24EC543ADEA0AFB520B4F104134CBB] - |A| - [02/07/2016 03:24:36] - (.Copyright © 2009 - Intel® Graphics Media Accelerator Driver installer.) - [978.52 Ko] - (1.1.33.0) - C:\Windows\System32\igxpun.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [34097.44 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [0 Ko] - C:\Windows\System32\inetsrv
[MD5.C24A7C74FE4219F9940FC77AB548FB34] - |A| - [20/11/2010 17:18:30] - (.-.) - [29.09 Ko] - (0.0.0.0) - C:\Windows\System32\InstallPackage_ETW.Log
[MD5.4D7E256377A5E934EA1820B2CEA79131] - |A| - [13/07/2009 17:40:59] - (.-.) - [14.37 Ko] - (0.0.0.0) - C:\Windows\System32\KB16.COM
[MD5.492090267B9608C62B956CD29BE3AFB7] - |A| - [13/07/2009 17:40:43] - (.-.) - [41.81 Ko] - (0.0.0.0) - C:\Windows\System32\KEY01.SYS
[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - |A| - [13/07/2009 17:40:43] - (.-.) - [41.54 Ko] - (0.0.0.0) - C:\Windows\System32\KEYBOARD.SYS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [360 Ko] - C:\Windows\System32\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [13/07/2009 22:05:05] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [23/07/2012 19:52:49] - [108 Ko] - C:\Windows\System32\Lang
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/01/2017 12:16:53] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\System32\last.dump
[MD5.536460507B20AE0F03D7BEE8111028CF] - |A| - [13/07/2009 17:40:57] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\LOADFIX.COM
[MD5.E89C001FB4D9E08CC7072CE774CDB999] - |A| - [20/11/2010 16:58:07] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\Windows\System32\LocalGroupAdminAdd.log
[MD5.9EB325EC6E6DC9418A391C852F96B623] - |A| - [20/11/2010 16:58:08] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\System32\Local_LLU.log
[MD5.CB630C50170F16E21D12A572E6F39ED0] - |A| - [23/07/2012 19:53:34] - (.-.) - [0.42 Ko] - (0.0.0.0) - C:\Windows\System32\log(27).txt
[MD5.C9D2FC4C5D6D59730557F5E97FDE4874] - |A| - [23/07/2012 19:53:34] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\Windows\System32\log.txt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [2576.59 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [165 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [166 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [04/07/2016 15:23:51] - [22178.3 Ko] - C:\Windows\System32\Macromed
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 16:22:04] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [2029.01 Ko] - C:\Windows\System32\manifeststore
[MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 00:42:26] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\System32\mapisvc.inf
[MD5.4C7271F0C6F45C80453B7374F232B651] - |A| - [27/04/2016 18:41:38] - (.Copyright 2016 Motorola Solutions, Inc. - Bluetooth Low Energy SDK Implementation Dll.) - [317.98 Ko] - (19.0.1603.630) - C:\Windows\System32\mbtleapi.dll
[MD5.390762963E6B4C861E5E0CA5A3E56E40] - |A| - [13/07/2009 17:40:56] - (.-.) - [38.35 Ko] - (0.0.0.0) - C:\Windows\System32\mem.exe
[MD5.331854AA634AF7755185B97BF3494C43] - |A| - [23/07/2012 19:53:32] - (.Copyright © 2009 - Intel® Active Management Technology Device Software installer.) - [986.52 Ko] - (1.1.19.9) - C:\Windows\System32\mesoludlg.exe
[MD5.DB0D176B243020E189AE852C36A7D888] - |A| - [05/09/2016 14:16:30] - (.Copyright© 1995-2016 McAfee, Inc. - McAfee Process Validation Service.) - [310.52 Ko] - (15.5.0.4350) - C:\Windows\System32\mfevtps(26).exe
[MD5.00000000000000000000000000000000] - |SD| - [14/07/2009 00:34:06] - [7.86 Ko] - C:\Windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [3563.43 Ko] - C:\Windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [32669.71 Ko] - C:\Windows\System32\migwiz
[MD5.A311363F3C887D8C3A524A51B7F20D69] - |A| - [14/07/2009 00:42:29] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [03/07/2016 03:09:41] - [0 Ko] - C:\Windows\System32\MRT
[MD5.52C7505D68C3CE8496EC8DC17D8FF75A] - |A| - [13/07/2009 17:41:05] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\System32\mscdexnt.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [4148.28 Ko] - C:\Windows\System32\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [11.33 Ko] - C:\Windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [422.5 Ko] - C:\Windows\System32\nb-NO
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [13/07/2009 18:10:48] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [68 Ko] - C:\Windows\System32\NetworkList
[MD5.8E24A7BCAEF2045DA1FF29217622843E] - |A| - [20/11/2010 16:58:08] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\Network_LLU.log
[MD5.5E835121A3899CFA37E285E0CA2B4E7D] - |A| - [13/07/2009 17:40:57] - (.-.) - [6.89 Ko] - (0.0.0.0) - C:\Windows\System32\nlsfunc.exe
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [13/07/2009 22:05:05] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\noise.kor
[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - |A| - [13/07/2009 17:40:23] - (.-.) - [27.21 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS.SYS
[MD5.CF9ED169FF86D935E47999E82359E898] - |A| - [13/07/2009 17:40:31] - (.-.) - [28.46 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS404.SYS
[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - |A| - [13/07/2009 17:40:35] - (.-.) - [28.68 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS411.SYS
[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - |A| - [13/07/2009 17:40:39] - (.-.) - [28.59 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS412.SYS
[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - |A| - [13/07/2009 17:40:27] - (.-.) - [28.46 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS804.SYS
[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - |A| - [13/07/2009 17:40:11] - (.-.) - [33.16 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO.SYS
[MD5.A98EBD4C2DF983665BF2D1AF49949974] - |A| - [13/07/2009 17:40:15] - (.-.) - [33.86 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO404.SYS
[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - |A| - [13/07/2009 17:40:17] - (.-.) - [34.94 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO411.SYS
[MD5.3E64D681B776CC57BDC38A46D881F85B] - |A| - [13/07/2009 17:40:19] - (.-.) - [34.7 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO412.SYS
[MD5.D86B6435729231C171432B4E77801BDB] - |A| - [13/07/2009 17:40:13] - (.-.) - [33.86 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO804.SYS
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 16:30:24] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [12211.77 Ko] - C:\Windows\System32\oobe
[MD5.8415390CA856E6E40E325F0FA548FDF8] - |A| - [13/07/2009 22:05:48] - (.-.) - [118.68 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 17:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [13/07/2009 22:05:48] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.9BD5F35F69CF70BDDF61EEF33E72C7D0] - |A| - [13/07/2009 22:05:48] - (.-.) - [646.15 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.3539B4942C90B6223728B7D12D0677C6] - |A| - [20/11/2010 17:01:02] - (.-.) - [762.99 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [439 Ko] - C:\Windows\System32\pl-PL
[MD5.EB6C16CE0163AD282E95FCE5EE9BA518] - |A| - [20/11/2010 17:29:26] - (.Copyright (C) 2001 - PrintBrm Application.) - [64.5 Ko] - (1.0.0.0) - C:\Windows\System32\PrintBrmUi.exe
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:48] - [413.88 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.BBB40CA86B88918864D16CFAC9D4ABA4] - |A| - [13/07/2009 17:41:04] - (.-.) - [2.78 Ko] - (0.0.0.0) - C:\Windows\System32\redir.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [0.07 Ko] - C:\Windows\System32\restore
[MD5.1682110FF204D2185C5B8024C6A891E2] - |A| - [02/07/2016 15:56:45] - (.-.) - [32.06 Ko] - (0.0.0.0) - C:\Windows\System32\rnd_chunk.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [169 Ko] - C:\Windows\System32\ro-RO
[MD5.BB01B19CA1FB76C65F900B0CB47007F1] - |A| - [23/07/2012 19:50:11] - (.-.) - [19.7 Ko] - (0.0.0.0) - C:\Windows\System32\rpkdriverinst.log
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [434 Ko] - C:\Windows\System32\ru-RU
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [20/11/2010 17:29:06] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.7753FC56F9CAC4B5AFDA3196DB654F21] - |A| - [31/08/2016 14:54:34] - (.Copyright © 2004-2010 MAPILab Ltd. & Add-in Express Ltd. - Security Manager Component for Microsoft Outlook allows to turn off and on Outlook Object Model Security Guard.) - [141.27 Ko] - (3.0.0.0) - C:\Windows\System32\secman.dll
[MD5.8C3D0C73A0850A0EE62DF9EC36DBDE80] - |N| - [01/08/2016 14:15:28] - (.-.) - [1.86 Ko] - (0.0.0.0) - C:\Windows\System32\SetupBD.din
[MD5.AD7B906FC883959E56E210B2B077CA00] - |A| - [13/07/2009 17:40:54] - (.-.) - [11.48 Ko] - (0.0.0.0) - C:\Windows\System32\setver.exe
[MD5.68062C0ECE86AB7801B5B47FDC855A06] - |A| - [13/07/2009 17:41:02] - (.-.) - [0.86 Ko] - (0.0.0.0) - C:\Windows\System32\share.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:08] - [169.5 Ko] - C:\Windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [166 Ko] - C:\Windows\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [37.8 Ko] - C:\Windows\System32\slmgr
[MD5.7AF22B12467D4E3B3831E65E1D12179D] - |A| - [26/09/2016 12:42:46] - (.Copyright (C) Analog Devices, Inc. 2008 - SoundMAX coinstaller (32 bit).) - [33.5 Ko] - (7.0.1.1020) - C:\Windows\System32\SmaxCo.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [13634.02 Ko] - C:\Windows\System32\SMI
[MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 17:46:53] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [25835 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [134472.48 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [2168.98 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [30.19 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [170 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [426.5 Ko] - C:\Windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [274.53 Ko] - C:\Windows\System32\sysprep
[MD5.B8CBB46B42570D373C9933FBDF25EBCE] - |A| - [20/11/2010 17:29:24] - (.-.) - [143.41 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [328.02 Ko] - C:\Windows\System32\Tasks
[MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 17:39:59] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [157 Ko] - C:\Windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [424 Ko] - C:\Windows\System32\tr-TR
[MD5.579E54636405735FEB2BC37C1AE757FD] - |A| - [23/09/2009 19:30:50] - (.Copyright © 2006 - Intel(R) TVWizard.) - [8006.52 Ko] - (1.0.1.0) - C:\Windows\System32\TVWSetup.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [166.5 Ko] - C:\Windows\System32\uk-UA
[MD5.52BAA773D4A2CC3A7767598C21F532C8] - |A| - [14/07/2009 00:34:00] - (.-.) - [18 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl
[MD5.FDC9FB711442ADC6EDD34BE7F27F16CD] - |A| - [14/07/2009 00:34:00] - (.-.) - [45 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl
[MD5.86491AD7BC0964089CD4E703E65D45DB] - |A| - [13/07/2009 17:30:26] - (.-.) - [18.39 Ko] - (0.0.0.0) - C:\Windows\System32\v7vga.rom
[MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [13/07/2009 22:04:56] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\System32\vfpodbc.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [43664 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:48] - [60.46 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [21949.67 Ko] - C:\Windows\System32\wdi
[MD5.BDDF10F9D8E179323BC1B49603809EB0] - |A| - [13/07/2009 17:38:33] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [144 Ko] - C:\Windows\System32\wfp
[MD5.C980C971AD4FF3CA5CEFDEF40932D3A1] - |A| - [13/07/2009 16:29:46] - (.-.) - [13 Ko] - (0.0.0.0) - C:\Windows\System32\win87em.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [71 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 00:52:30] - [8620.44 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [82644 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [20/11/2010 20:38:49] - [99.06 Ko] - C:\Windows\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [02/07/2016 03:24:36] - [0 Ko] - C:\Windows\System32\x64
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [336.5 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [258.5 Ko] - C:\Windows\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 22:37:09] - [337 Ko] - C:\Windows\System32\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
"AppData"=C:\Users\hilton\AppData\Roaming [29/06/2016 16:31:01]
"Local AppData"=C:\Users\hilton\AppData\Local [29/06/2016 16:31:01]
"My Video"=C:\Users\hilton\Videos [29/06/2016 16:31:01]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Libraries [29/06/2016 16:31:01]
"My Pictures"=C:\Users\hilton\Pictures [29/06/2016 16:31:01]
"Desktop"=C:\Users\hilton\Desktop [29/06/2016 16:31:01]
"History"=C:\Users\hilton\AppData\Local\Microsoft\Windows\History [29/06/2016 16:31:01]
"NetHood"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Network Shortcuts [29/06/2016 16:31:01]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\hilton\Contacts [29/06/2016 16:31:01]
"Cookies"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Cookies [29/06/2016 16:31:01]
"Favorites"=C:\Users\hilton\Favorites [29/06/2016 16:31:01]
"SendTo"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\SendTo [29/06/2016 16:31:01]
"Start Menu"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu [29/06/2016 16:31:01]
"My Music"=C:\Users\hilton\Music [29/06/2016 16:31:01]
"Programs"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [29/06/2016 16:31:01]
"Recent"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Recent [29/06/2016 16:31:01]
"CD Burning"=C:\Users\hilton\AppData\Local\Microsoft\Windows\Burn\Burn [29/06/2016 16:31:01]
"PrintHood"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [29/06/2016 16:31:01]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\hilton\Searches [29/06/2016 16:31:01]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\hilton\Downloads [29/06/2016 16:31:01]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\hilton\AppData\LocalLow [29/06/2016 16:31:01]
"Startup"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [29/06/2016 16:31:01]
"Administrative Tools"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/06/2016 16:31:01]
"Personal"=C:\Users\hilton\Documents [29/06/2016 16:31:01]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\hilton\Links [29/06/2016 16:31:01]
"Cache"=C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files [29/06/2016 16:31:01]
"Templates"=C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Templates [29/06/2016 16:31:01]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\hilton\Saved Games [29/06/2016 16:31:01]
"Fonts"=C:\Windows\Fonts [13/07/2009 22:37:06]

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files
"Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies
"Desktop"=%USERPROFILE%\Desktop
"Favorites"=%USERPROFILE%\Favorites
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History
"Local AppData"=%USERPROFILE%\AppData\Local
"My Music"=%USERPROFILE%\Music
"My Pictures"=%USERPROFILE%\Pictures
"My Video"=%USERPROFILE%\Videos
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
"Personal"=%USERPROFILE%\Documents
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop [13/07/2009 22:37:05]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [13/07/2009 22:37:05]
"CommonVideo"=C:\Users\Public\Videos [13/07/2009 22:37:05]
"CommonPictures"=C:\Users\Public\Pictures [13/07/2009 22:37:05]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [13/07/2009 22:37:05]
"CommonMusic"=C:\Users\Public\Music [13/07/2009 22:37:05]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 00:52:30]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [13/07/2009 22:37:05]
"Common Documents"=C:\Users\Public\Documents [13/07/2009 22:37:05]
"OEM Links"=C:\ProgramData\OEM Links
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [13/07/2009 22:37:05]
"Common AppData"=C:\ProgramData [13/07/2009 22:37:05]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop
"Common Documents"=%PUBLIC%\Documents
"CommonPictures"=%PUBLIC%\Pictures
"CommonMusic"=%PUBLIC%\Music
"CommonVideo"=%PUBLIC%\Videos
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
"Common AppData"=%ProgramData%
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates


---------- | [hilton]

[29/06/2016 16:31:01] - |D| - [2253692664] - C:\Users\hilton\AppData\Local
[29/06/2016 16:31:01] - |D| - [43272156] - C:\Users\hilton\AppData\LocalLow
[29/06/2016 16:31:01] - |D| - [325725693] - C:\Users\hilton\AppData\Roaming
[06/12/2016 18:45:00] - |D| - [504541101] - C:\Users\hilton\AppData\Local\76f7c66
[06/12/2016 18:16:33] - |D| - [0] - C:\Users\hilton\AppData\Local\88efa
[04/07/2016 15:23:24] - |D| - [31397805] - C:\Users\hilton\AppData\Local\Adobe
[05/07/2016 14:36:57] - |D| - [558734931] - C:\Users\hilton\AppData\Local\Amazon Music
[29/06/2016 16:31:07] - |SHD| - [22658289571] - C:\Users\hilton\AppData\Local\Application Data
[25/12/2016 17:06:55] - |D| - [7796256] - C:\Users\hilton\AppData\Local\Apps
[21/12/2016 15:03:54] - |D| - [24576] - C:\Users\hilton\AppData\Local\AVAST Software
[27/02/2017 15:10:05] - |D| - [0] - C:\Users\hilton\AppData\Local\Broadcom
[13/07/2016 12:30:23] - |D| - [443696] - C:\Users\hilton\AppData\Local\CEF
[15/07/2016 13:40:31] - |D| - [1920] - C:\Users\hilton\AppData\Local\Chromium
[16/08/2016 11:51:20] - |D| - [0] - C:\Users\hilton\AppData\Local\CrashDumps
[26/09/2016 12:01:51] - |D| - [7147] - C:\Users\hilton\AppData\Local\CrashRpt
[25/12/2016 17:06:55] - |D| - [0] - C:\Users\hilton\AppData\Local\Deployment
[27/07/2016 14:28:02] - |D| - [0] - C:\Users\hilton\AppData\Local\Diagnostics
[03/07/2016 13:23:38] - |D| - [0] - C:\Users\hilton\AppData\Local\ElevatedDiagnostics
[07/11/2016 13:52:35] - |D| - [11290] - C:\Users\hilton\AppData\Local\f1aad
[13/03/2017 15:39:37] - |D| - [266864] - C:\Users\hilton\AppData\Local\FromDocToPDFTooltab
[29/06/2016 16:40:17] - |A| - [65776] - C:\Users\hilton\AppData\Local\GDIPFONTCACHEV1.DAT
[25/12/2016 17:07:13] - |D| - [125618665] - C:\Users\hilton\AppData\Local\Google
[03/07/2016 12:23:08] - |D| - [71] - C:\Users\hilton\AppData\Local\GWX
[29/06/2016 16:31:07] - |SHD| - [290] - C:\Users\hilton\AppData\Local\History
[20/03/2017 16:22:50] - |AH| - [2143486] - C:\Users\hilton\AppData\Local\IconCache.db
[05/09/2016 13:57:00] - |D| - [0] - C:\Users\hilton\AppData\Local\LogMeIn Rescue Applet
[05/09/2016 14:21:27] - |D| - [50] - C:\Users\hilton\AppData\Local\McAfee File Lock
[29/06/2016 16:31:01] - |D| - [524648187] - C:\Users\hilton\AppData\Local\Microsoft
[21/08/2016 14:27:13] - |D| - [163171] - C:\Users\hilton\AppData\Local\Microsoft Games
[30/12/2016 13:38:42] - |D| - [23711855] - C:\Users\hilton\AppData\Local\Mozilla
[12/08/2016 12:28:34] - |D| - [0] - C:\Users\hilton\AppData\Local\Packages
[02/07/2016 15:54:33] - |D| - [3587] - C:\Users\hilton\AppData\Local\PC_Drivers_Headquarters
[02/07/2016 15:09:05] - |D| - [0] - C:\Users\hilton\AppData\Local\Programs
[01/08/2016 13:59:16] - |D| - [460695434] - C:\Users\hilton\AppData\Local\SlimWare Utilities Inc
[30/06/2016 18:39:31] - |D| - [154550] - C:\Users\hilton\AppData\Local\Stardock
[29/06/2016 16:31:01] - |D| - [13197603] - C:\Users\hilton\AppData\Local\Temp
[29/06/2016 16:31:07] - |SHD| - [287848251] - C:\Users\hilton\AppData\Local\Temporary Internet Files
[29/06/2016 16:31:12] - |D| - [64643] - C:\Users\hilton\AppData\Local\VirtualStore
[02/07/2016 15:23:29] - |D| - [12097747] - C:\Users\hilton\AppData\LocalLow\Adblock Plus for IE
[13/07/2016 12:30:11] - |D| - [1838355] - C:\Users\hilton\AppData\LocalLow\Adobe
[29/06/2016 16:31:01] - |SD| - [28807670] - C:\Users\hilton\AppData\LocalLow\Microsoft
[30/12/2016 13:39:34] - |D| - [0] - C:\Users\hilton\AppData\LocalLow\Mozilla
[09/07/2016 17:25:01] - |D| - [528384] - C:\Users\hilton\AppData\LocalLow\PlayReady
[12/08/2016 12:34:18] - |A| - [0] - C:\Users\hilton\AppData\LocalLow\rightsCheck_1.txt
[29/06/2016 18:33:19] - |D| - [0] - C:\Users\hilton\AppData\LocalLow\Siber Systems
[29/06/2016 17:49:33] - |D| - [4352003] - C:\Users\hilton\AppData\Roaming\Adobe
[18/12/2016 22:21:28] - |D| - [30120923] - C:\Users\hilton\AppData\Roaming\AVAST Software
[28/01/2017 15:24:36] - |D| - [675] - C:\Users\hilton\AppData\Roaming\Canon
[12/08/2016 12:28:34] - |D| - [690709] - C:\Users\hilton\AppData\Roaming\Dashlane
[03/02/2017 13:54:40] - |D| - [18812571] - C:\Users\hilton\AppData\Roaming\eM Client
[29/06/2016 16:31:01] - |D| - [0] - C:\Users\hilton\AppData\Roaming\Identities
[29/06/2016 16:31:01] - |D| - [0] - C:\Users\hilton\AppData\Roaming\InstallShield
[15/07/2016 13:40:12] - |D| - [207] - C:\Users\hilton\AppData\Roaming\InstantSupport
[12/03/2017 14:18:29] - |D| - [119370195] - C:\Users\hilton\AppData\Roaming\Kodi
[04/07/2016 15:27:35] - |D| - [2723] - C:\Users\hilton\AppData\Roaming\Macromedia
[05/09/2016 14:04:06] - |D| - [9383] - C:\Users\hilton\AppData\Roaming\McAfee
[29/06/2016 16:31:01] - |SD| - [1339704] - C:\Users\hilton\AppData\Roaming\Microsoft
[30/12/2016 13:38:42] - |D| - [63268970] - C:\Users\hilton\AppData\Roaming\Mozilla
[04/07/2016 15:13:28] - |D| - [52325758] - C:\Users\hilton\AppData\Roaming\OpenOffice
[01/07/2016 13:11:33] - |D| - [24253979] - C:\Users\hilton\AppData\Roaming\RoboForm
[31/08/2016 14:54:34] - |D| - [153955] - C:\Users\hilton\AppData\Roaming\Samsung
[30/06/2016 18:39:30] - |D| - [11023938] - C:\Users\hilton\AppData\Roaming\Stardock
[29/06/2016 16:31:01] - |ASH| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[29/06/2016 16:31:01] - |RD| - [24841] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[29/06/2016 16:31:01] - |RD| - [14622] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[29/06/2016 16:31:01] - |RD| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[05/07/2016 14:37:02] - |D| - [3422] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
[07/02/2017 16:29:05] - |D| - [372] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[29/06/2016 16:31:01] - |ASH| - [338] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[29/06/2016 16:33:48] - |A| - [1420] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[13/03/2017 15:54:19] - |D| - [3739] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
[29/06/2016 16:31:01] - |RD| - [580] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[29/06/2016 16:31:01] - |RD| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[29/06/2016 16:31:01] - |ASH| - [174] - C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [PCPitstopSVC]

[02/07/2016 15:44:57] - |D| - [48389255] - C:\Users\PCPitstopSVC\AppData\Local
[02/07/2016 15:44:57] - |D| - [152130] - C:\Users\PCPitstopSVC\AppData\LocalLow
[02/07/2016 15:44:57] - |D| - [986725] - C:\Users\PCPitstopSVC\AppData\Roaming
[02/07/2016 15:44:59] - |SHD| - [528793054] - C:\Users\PCPitstopSVC\AppData\Local\Application Data
[02/07/2016 15:44:59] - |SHD| - [16674] - C:\Users\PCPitstopSVC\AppData\Local\History
[02/07/2016 15:44:58] - |AH| - [913134] - C:\Users\PCPitstopSVC\AppData\Local\IconCache.db
[02/07/2016 15:44:57] - |D| - [41389513] - C:\Users\PCPitstopSVC\AppData\Local\Microsoft
[02/07/2016 15:44:57] - |D| - [6086608] - C:\Users\PCPitstopSVC\AppData\Local\Temp
[02/07/2016 15:44:59] - |SHD| - [67] - C:\Users\PCPitstopSVC\AppData\Local\Temporary Internet Files
[02/07/2016 15:44:57] - |SD| - [152130] - C:\Users\PCPitstopSVC\AppData\LocalLow\Microsoft
[02/07/2016 15:44:57] - |D| - [0] - C:\Users\PCPitstopSVC\AppData\Roaming\Identities
[02/07/2016 15:44:57] - |D| - [0] - C:\Users\PCPitstopSVC\AppData\Roaming\InstallShield
[02/07/2016 15:44:57] - |SD| - [986725] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft
[02/07/2016 15:44:58] - |ASH| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[02/07/2016 15:44:57] - |RD| - [17306] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[02/07/2016 15:44:57] - |RD| - [14621] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[02/07/2016 15:44:57] - |RD| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[02/07/2016 15:44:57] - |ASH| - [338] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[02/07/2016 15:44:57] - |A| - [1419] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[02/07/2016 15:44:57] - |RD| - [580] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[02/07/2016 15:44:57] - |RD| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[02/07/2016 15:44:57] - |ASH| - [174] - C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]


---------- | C:\ProgramData

[13/07/2016 12:28:24] - |D| - [275321641] - C:\ProgramData\Adobe
[14/07/2009 00:53:55] - |SHD| - [61227519478] - C:\ProgramData\Application Data
[18/12/2016 22:19:18] - |D| - [3174173866] - C:\ProgramData\AVAST Software
[05/07/2016 14:18:24] - |HD| - [38903983] - C:\ProgramData\CanonBJ
[28/01/2017 15:19:08] - |D| - [86797] - C:\ProgramData\CanonIJWSpt
[01/08/2016 14:10:46] - |D| - [1007684] - C:\ProgramData\Dell
[14/07/2009 00:53:55] - |SHD| - [13945] - C:\ProgramData\Desktop
[14/07/2009 00:53:55] - |SHD| - [97419542] - C:\ProgramData\Documents
[02/07/2016 15:54:32] - |D| - [1159758] - C:\ProgramData\Driver Support
[14/07/2009 00:53:55] - |SHD| - [0] - C:\ProgramData\Favorites
[13/07/2009 22:37:05] - |SD| - [2152270493] - C:\ProgramData\Microsoft
[15/07/2016 13:39:48] - |RASH| - [344] - C:\ProgramData\ntuser.pol
[01/08/2016 21:31:34] - |D| - [10110095] - C:\ProgramData\Package Cache
[03/07/2016 12:22:59] - |D| - [1922] - C:\ProgramData\PC Drivers HeadQuarters
[02/07/2016 15:09:31] - |D| - [8639857] - C:\ProgramData\PCPitstop
[29/06/2016 18:33:19] - |D| - [232] - C:\ProgramData\RoboForm
[31/08/2016 14:12:17] - |D| - [0] - C:\ProgramData\Samsung
[26/09/2016 12:12:13] - |D| - [132598686] - C:\ProgramData\SlimWare Utilities Inc
[01/08/2016 14:09:49] - |D| - [191128555] - C:\ProgramData\SlimWare Utilities, Inc
[30/06/2016 18:39:31] - |D| - [9640026] - C:\ProgramData\Stardock
[14/07/2009 00:53:55] - |SHD| - [138188] - C:\ProgramData\Start Menu
[28/03/2017 15:14:21] - |D| - [0] - C:\ProgramData\SWCUTemp
[14/07/2009 00:53:55] - |SHD| - [31386] - C:\ProgramData\Templates

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[14/07/2009 00:46:35] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[14/07/2009 00:37:43] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[13/07/2009 22:37:05] - |RD| - [135198] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009 00:37:43] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[13/07/2009 22:37:05] - |RD| - [39894] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[13/07/2016 12:29:09] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[14/07/2009 00:52:30] - |RD| - [21157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[18/12/2016 22:22:29] - |A| - [1131] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[18/12/2016 22:41:38] - |D| - [2028] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[28/01/2017 15:13:43] - |D| - [2500] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series
[28/01/2017 15:19:12] - |D| - [1998] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[02/07/2016 15:47:29] - |D| - [1072] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[14/07/2009 00:41:57] - |ASH| - [1278] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[26/09/2016 12:01:44] - |D| - [4978] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[03/02/2017 13:54:02] - |A| - [931] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
[14/07/2009 00:52:30] - |RD| - [6112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[25/12/2016 17:07:56] - |A| - [2148] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[13/07/2009 22:37:05] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[23/07/2012 19:48:29] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[09/07/2016 17:12:10] - |D| - [2230] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[30/12/2016 13:38:30] - |A| - [1124] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[20/01/2017 14:40:40] - |SD| - [6980] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
[12/08/2016 15:03:24] - |D| - [16069] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[14/07/2009 00:42:29] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[25/12/2016 13:38:04] - |D| - [4006] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[13/07/2009 22:37:05] - |RD| - [1008] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[14/07/2009 00:42:30] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[23/07/2012 19:48:25] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[14/07/2009 00:42:24] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[14/07/2009 00:46:36] - |A| - [1515] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[12/02/2017 15:09:57] - |A| - [2419] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[14/07/2009 00:42:30] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[27/02/2017 15:03:34] - |A| - [834] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[14/07/2009 00:41:57] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files

[13/07/2016 12:28:51] - |D| - [215519621] - C:\Program Files\Adobe
[23/07/2012 19:53:54] - |D| - [2110127] - C:\Program Files\Analog Devices
[18/12/2016 22:19:56] - |D| - [1325378670] - C:\Program Files\AVAST Software
[28/01/2017 15:19:05] - |D| - [20206791] - C:\Program Files\Canon
[28/01/2017 15:13:35] - |HD| - [7533306] - C:\Program Files\CanonBJ
[02/07/2016 15:47:27] - |D| - [11091816] - C:\Program Files\CCleaner
[13/07/2009 22:37:05] - |D| - [102044030] - C:\Program Files\Common Files
[12/08/2016 12:28:34] - |D| - [0] - C:\Program Files\Dashlane
[14/07/2009 00:41:57] - |ASH| - [174] - C:\Program Files\desktop.ini
[02/07/2016 15:53:39] - |D| - [14156416] - C:\Program Files\Driver Support
[26/09/2016 12:01:44] - |D| - [36769650] - C:\Program Files\DriverUpdate
[14/07/2009 00:52:30] - |D| - [83215892] - C:\Program Files\DVD Maker
[03/02/2017 13:52:54] - |D| - [162849256] - C:\Program Files\eM Client
[25/12/2016 17:07:20] - |D| - [359138592] - C:\Program Files\Google
[23/07/2012 19:53:54] - |HD| - [5204191] - C:\Program Files\InstallShield Installation Information
[23/07/2012 19:52:49] - |D| - [48783890] - C:\Program Files\Intel
[13/07/2009 22:37:05] - |D| - [26525200] - C:\Program Files\Internet Explorer
[13/03/2017 15:53:54] - |D| - [162290054] - C:\Program Files\Kodi
[05/09/2016 14:03:52] - |D| - [3247555] - C:\Program Files\McAfee
[21/08/2016 14:25:24] - |D| - [147758130] - C:\Program Files\Microsoft Games
[09/07/2016 17:12:08] - |D| - [42891854] - C:\Program Files\Microsoft Silverlight
[02/07/2016 03:18:15] - |D| - [23935] - C:\Program Files\Microsoft.NET
[30/12/2016 13:38:18] - |D| - [95307155] - C:\Program Files\Mozilla Firefox
[30/12/2016 13:38:27] - |D| - [291732] - C:\Program Files\Mozilla Maintenance Service
[14/07/2009 00:52:30] - |D| - [25757] - C:\Program Files\MSBuild
[04/07/2016 15:01:22] - |D| - [330965881] - C:\Program Files\OpenOffice 4
[15/07/2016 13:39:42] - |D| - [0] - C:\Program Files\PCAPDownloader
[02/07/2016 15:09:30] - |D| - [190335] - C:\Program Files\PCPitstop
[14/07/2009 00:52:30] - |D| - [36941569] - C:\Program Files\Reference Assemblies
[31/08/2016 14:14:22] - |D| - [44561908] - C:\Program Files\SAMSUNG
[29/06/2016 18:32:48] - |D| - [57368111] - C:\Program Files\Siber Systems
[26/09/2016 12:01:44] - |D| - [3903822] - C:\Program Files\SlimWare Utilities
[30/06/2016 18:39:24] - |D| - [50337412] - C:\Program Files\Stardock
[26/09/2016 12:37:12] - |D| - [6086] - C:\Program Files\Synaptics
[14/07/2009 00:53:23] - |HD| - [0] - C:\Program Files\Uninstall Information
[27/02/2017 15:03:25] - |D| - [211341881] - C:\Program Files\WIDCOMM
[14/07/2009 00:52:30] - |D| - [3027456] - C:\Program Files\Windows Defender
[13/07/2009 22:37:05] - |D| - [6115840] - C:\Program Files\Windows Mail
[14/07/2009 00:52:30] - |D| - [6582018] - C:\Program Files\Windows Media Player
[13/07/2009 22:37:05] - |D| - [12062388] - C:\Program Files\Windows NT
[14/07/2009 00:52:30] - |D| - [4394248] - C:\Program Files\Windows Photo Viewer
[14/07/2009 00:52:30] - |D| - [189952] - C:\Program Files\Windows Portable Devices
[14/07/2009 00:52:30] - |D| - [6679420] - C:\Program Files\Windows Sidebar

---------- | C:\Program Files\Common Files

[13/07/2016 12:28:51] - |D| - [8925225] - C:\Program Files\Common Files\Adobe
[18/12/2016 22:21:00] - |D| - [1174181] - C:\Program Files\Common Files\AV
[05/09/2016 14:16:24] - |D| - [0] - C:\Program Files\Common Files\McAfee
[13/07/2009 22:37:05] - |D| - [40559121] - C:\Program Files\Common Files\microsoft shared
[23/07/2012 19:53:33] - |D| - [83063] - C:\Program Files\Common Files\postureAgent
[13/07/2009 22:37:05] - |D| - [2702] - C:\Program Files\Common Files\Services
[13/07/2009 22:37:05] - |D| - [41103783] - C:\Program Files\Common Files\SpeechEngines
[13/07/2009 22:37:05] - |D| - [10195955] - C:\Program Files\Common Files\System

---------- | Tasks

[MD5.F7E5D8EF86AD04E20A301870733899B7] - [06/11/2016 15:03:40] - |A| - [450] - C:\Windows\Tasks\DriverUpdate Scan.job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 00:53:47] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.B8A7DC0AB7B56BD5295DDAFA7FF7041E] - [14/07/2009 00:53:46] - |A| - [14124] - C:\Windows\Tasks\SCHEDLGU(29).TXT
[MD5.45BA6359D179CA921DA8A9B23E85658E] - [14/07/2009 00:53:46] - |A| - [28678] - C:\Windows\Tasks\SCHEDLGU.TXT
[MD5.6C9C9120E434911EB65674DDC6735260] - [13/07/2016 12:29:37] - |A| - [4464] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.277C2B9AFE026B4D87142FDE67ABD683] - [04/07/2016 15:23:55] - |A| - [4312] - C:\Windows\System32\Tasks\Adobe Flash Player Updater : C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.7EAEB6042F3D0F2DAD3B8BAED50D47E7] - [12/03/2017 08:27:33] - |A| - [3914] - C:\Windows\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
[MD5.00000000000000000000000000000000] - [18/12/2016 22:21:01] - |D| - [3860] - C:\Windows\System32\Tasks\AVAST Software
[MD5.DA39E94DFDA4EC471084FF2166930D35] - [02/07/2016 15:47:30] - |A| - [2794] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.35D0AA971E47D54E0673B0559AD9B5AF] - [02/07/2016 15:54:42] - |A| - [3298] - C:\Windows\System32\Tasks\Driver Support : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.D4C3D0F45A4A08A7E7E1E8D1437F959E] - [02/07/2016 15:54:41] - |A| - [3732] - C:\Windows\System32\Tasks\Driver Support-RTMRules : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.846A373169DB8E1D85FE26CBC8DF1517] - [02/07/2016 15:54:41] - |A| - [3618] - C:\Windows\System32\Tasks\Driver Support-RTMScan : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.3C5CA2588ECAF36FB11D58CB78DB9E4A] - [02/07/2016 15:54:41] - |A| - [3738] - C:\Windows\System32\Tasks\Driver Support-RTMUpdater : C:\Program Files\Driver Support\DriverSupport.exe
[MD5.8C0637AF4EE4F3A1D45A0E5A221AFDDE] - [06/11/2016 15:03:40] - |A| - [3318] - C:\Windows\System32\Tasks\DriverUpdate Scan : C:\Program Files\DriverUpdate\DriverUpdate.exe
[MD5.E291F9E53A9F15DBDAD1440BB2AD238B] - [26/09/2016 12:01:56] - |A| - [3618] - C:\Windows\System32\Tasks\DriverUpdate Startup.job : "C:\Program Files\DriverUpdate\DriverUpdate.exe"
[MD5.00000000000000000000000000000000] - [21/08/2016 14:17:11] - |D| - [4734] - C:\Windows\System32\Tasks\Games
[MD5.C980DB36CB0684A182704AC164C68A60] - [25/12/2016 17:07:22] - |A| - [3190] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.5A5FA84088EC895AEA5946DA0E70961D] - [25/12/2016 17:07:23] - |A| - [3318] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [13/07/2009 22:37:09] - |D| - [267920] - C:\Windows\System32\Tasks\Microsoft
[MD5.02CE45C40BA992CF50420FA6BD8813F8] - [29/06/2016 18:48:35] - |A| - [4118] - C:\Windows\System32\Tasks\Open URL by RoboForm : C:\Windows\system32\rundll32.exe
[MD5.1B412F5760E706C24D7BCC4305A48F62] - [29/06/2016 18:48:34] - |A| - [3572] - C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon : C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
[MD5.E67DA80957A54C857227FB23925D61D2] - [18/12/2016 22:22:30] - |A| - [3894] - C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1482114147 : C:\Program Files\AVAST Software\SZBrowser\launcher.exe
[MD5.00000000000000000000000000000000] - [14/07/2009 00:54:35] - |D| - [4480] - C:\Windows\System32\Tasks\WPD

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"{0DC8D093-6A4A-46DF-81F7-51A31BA38190}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2002|
"TCP Query User{AC689693-B971-449C-8EA9-AC51E5D70F9C}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\hilton\appdata\local\amazon music\amazon music helper.exe|Name=amazon music helper.exe|Desc=amazon music helper.exe|Defer=User|
"UDP Query User{25F20FE1-CB5D-4B09-9160-3C9094A6B8A8}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\hilton\appdata\local\amazon music\amazon music helper.exe|Name=amazon music helper.exe|Desc=amazon music helper.exe|Defer=User|
"{EAD2EC74-0D35-4D3D-900E-D48B9AB5AE26}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)|
"{E8207517-F4F1-4084-AD6C-988A4CDC999F}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)|
"{813BC28B-BE7E-4FEE-BDA3-21784F0FA00A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|
"{4DD19BC0-8D56-41F2-BBA6-E1F63020D218}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{0D547D58-43B9-4B3F-90C2-C69E6800A5E3}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=RapiMgr|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{3A500436-332F-43FF-B443-030332BD69A8}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LA4=127.0.0.1|App=%SystemRoot%\system32\svchost.exe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4002|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14002|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{EFC4B274-0D29-420D-BDBC-8C5FF0388D4A}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{6C178907-0A86-4A63-8767-E451EAB8901B}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\system32\svchost.exe|Svc=WcesComm|Name=@%systemroot%\WindowsMobile\wmdcBase.exe,-4016|Desc=@%systemroot%\WindowsMobile\wmdcBase.exe,-14016|EmbedCtxt=@%systemroot%\WindowsMobile\wmdcBase.exe,-4014|
"{8F434A18-CE8D-45DC-AD17-44370BA521AC}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser|
"{9C26FF04-F2AA-47C9-80F3-0EA7420B9114}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590_0\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (igfx) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{04A83FC2-2AE2-4C88-B45F-E9707B377636}] : (aswHwid) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{34446E8E-37B4-4B16-9DA6-BEA2DB33465A}] : (BluetoothAuxiliary) [] -> @oem91.inf,%BluetoothAuxiliary.NAME%;Bluetooth Auxiliary
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{502EB68B-57B4-4FEE-9890-18F2D8AD1E3E}] : (mfencbdc) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6880337A-1EB4-4EF2-9659-0FD2EC60CB1B}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (igfx) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C30ECEA0-11EF-4EF9-B02E-6AF81E6E65C0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C777C165-D422-426D-8EBF-6EAF3FB83ADF}] : (aswNetSec) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C7C038AD-1F2D-44D4-B2FE-D912BE20E6D5}] : (BluetoothVirtual) [] -> @oem7.inf,%BluetoothVirtualName%;Bluetooth Virtual Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[26/09/2016 12:36:34] - (19.0.9.4) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
[26/09/2016 12:42:46] - (6.10.1.7280) - (Analog Devices, Inc. - High Definition Audio Function Driver) - C:\Windows\system32\drivers\ADIHdAud.sys
[08/11/2016 17:51:53] - (5.1.2.250) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\Windows\System32\ATMFD.DLL

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

R0 - [Kernel Driver] - ACPI (Microsoft ACPI Driver) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - atapi (IDE Channel) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (Disk Driver) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (PCI Bus Driver) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pciide () -> system32\drivers\pciide.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> system32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (Microsoft Virtual Drive Enumerator Driver) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (Volume Manager Driver) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (Storage volumes) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> \SystemRoot\system32\drivers\aswbidsdriverx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswKbd (aswKbd) -> \SystemRoot\system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswNetSec (aswNetSec) -> \SystemRoot\system32\drivers\aswNetSec.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswRdr (aswRdr) -> \SystemRoot\system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSnx (aswSnx) -> \SystemRoot\system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSP (aswSP) -> \SystemRoot\system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (CD-ROM Driver) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (Microsoft System Management BIOS Driver) -> system32\DRIVERS\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Serial (Serial port driver) -> system32\DRIVERS\serial.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - TermDD (Terminal Device Driver) -> system32\DRIVERS\termdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Parvdm () -> system32\DRIVERS\parvdm.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft Files whitelisted)

[MD5.5EE42C392D81DF4544E4286EBB231A7A] - [26/09/2016 12:42:46] - (.Copyright (C) Analog Devices, Inc. 2004-2008 - High Definition Audio Function Driver.) - [374 Ko] - (6.10.1.7280) - C:\Windows\System32\Drivers\ADIHdAud.sys
[MD5.21E785EBD7DC90A06391141AAC7892FB] - [10/06/2009 17:19:05] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) - [413.06 Ko] - (1.6.6.4) - C:\Windows\System32\Drivers\adp94xx.sys
[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - [13/07/2009 18:09:16] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) - [290.58 Ko] - (1.6.6.1) - C:\Windows\System32\Drivers\adpahci.sys
[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - [13/07/2009 18:09:16] - (.Copyright © 2003 Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) - [143.08 Ko] - (7.2.0.0) - C:\Windows\System32\Drivers\adpu320.sys
[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - [13/07/2009 19:11:17] - (.Copyright (C) Acer Laboratories Inc. 2000 - ALi mini IDE Driver.) - [14.06 Ko] - (1.2.0.0) - C:\Windows\System32\Drivers\aliide.sys
[MD5.CD5914170297126B6266860198D1D4F0] - [13/07/2009 19:11:19] - (.Copyright (C) AMD 2003 - AMD IDE Driver.) - [14.56 Ko] - (6.1.7600.16385) - C:\Windows\System32\Drivers\amdide.sys
[MD5.D320BF87125326F996D4904FE24300FC] - [03/07/2016 12:25:37] - (.Copyright © 2008-2010 AMD, Inc. - AHCI 1.2 Device Driver.) - [78.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdsata.sys
[MD5.EA43AF0C423FF267355F74E7A53BDABA] - [10/06/2009 17:20:03] - (.2008 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows family.) - [155.58 Ko] - (3.6.1540.127) - C:\Windows\System32\Drivers\amdsbs.sys
[MD5.46387FB17B086D16DEA267D5BE23A2F2] - [03/07/2016 12:25:37] - (.Copyright © 2008-2010 AMD, Inc. - Storage Filter Driver.) - [21.88 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdxata.sys
[MD5.2932004F49677BD84DBC72EDB754FFB3] - [13/07/2009 18:09:17] - (.Copyright 2007 Adaptec, Inc. - Adaptec RAID Storport Driver.) - [74.58 Ko] - (5.2.0.10384) - C:\Windows\System32\Drivers\arc.sys
[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - [13/07/2009 18:09:17] - (.Copyright 2008 Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) - [84.58 Ko] - (5.2.0.16119) - C:\Windows\System32\Drivers\arcsas.sys
[MD5.57546069C3E3290D3668B1C5C25AD689] - [12/03/2017 08:27:29] - (.Copyright (C) 2014 AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) - [251.26 Ko] - (17.2.2.60911) - C:\Windows\System32\Drivers\aswbidsdriverx.sys
[MD5.2E68815CA7709483E19D23245A6562EF] - [12/03/2017 08:27:29] - (.Copyright (C) 2014 AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) - [145.23 Ko] - (17.2.2.60911) - C:\Windows\System32\Drivers\aswbidshx.sys
[MD5.A584BAAFAD9073CDF48CD10FAB9DC63B] - [12/03/2017 08:27:29] - (.Copyright (C) 2014 AVAST Software s.r.o. - Logging Driver.) - [260.76 Ko] - (17.2.2.60911) - C:\Windows\System32\Drivers\aswblogx.sys
[MD5.489C55F7619A18F7D0BB6CE60D65EFB0] - [12/03/2017 08:27:29] - (.Copyright (C) 2014 AVAST Software s.r.o. - Universal Driver.) - [40.21 Ko] - (17.2.2.60911) - C:\Windows\System32\Drivers\aswbunivx.sys
[MD5.98F2B740A9A7A643F6CA06C13C5733D5] - [18/12/2016 22:20:50] - (.Copyright (c) 2014 AVAST Software - Avast HWID.) - [33.34 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswHwid.sys
[MD5.FBB2DF0CCD92C5921D848E38A882CA19] - [18/12/2016 22:22:04] - (.Copyright (c) 2014 AVAST Software - Avast Keyboard Filter Driver.) - [30.34 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswKbd.sys
[MD5.663088F14D3938A9730594FACADD2FB9] - [18/12/2016 22:20:50] - (.Copyright (c) 2014 AVAST Software - Avast File System Minifilter for Windows 2003/Vista.) - [103.9 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswMonFlt.sys
[MD5.110AA1FEF89E2299039A1B1D2201C02D] - [12/03/2017 08:26:17] - (.Copyright (c) 2012 AVAST Software - Firewall NDIS6 Helper.) - [27.24 Ko] - (8.0.4624.2183) - C:\Windows\System32\Drivers\aswNetNd6.sys
[MD5.945BFD2421473AEC23477394F893323C] - [18/12/2016 22:38:47] - (.Copyright (c) 2014 AVAST Software - Avast Firewall Driver.) - [347.41 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswNetSec.sys
[MD5.286F1E2AD70FEAF9AF60EDED210AE460] - [18/12/2016 22:20:50] - (.Copyright (c) 2014 AVAST Software - Avast WFP Redirect Driver.) - [88.22 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswRdr2.sys
[MD5.1248EA9A7C360F7600D50706E7E1A40F] - [18/12/2016 22:20:50] - (.Copyright (c) 2014 AVAST Software - Avast Revert.) - [60.7 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswRvrt.sys
[MD5.040B7A86404472D4EEA4342B5DD8395C] - [18/12/2016 22:20:49] - (.Copyright (c) 2014 AVAST Software - Avast Virtualization Driver.) - [738.48 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswSnx.sys
[MD5.38F0CF1E858887E3B0B31A1DDF4154B0] - [18/12/2016 22:20:51] - (.Copyright (c) 2014 AVAST Software - Avast self protection module.) - [454.13 Ko] - (17.2.3419.64) - C:\Windows\System32\Drivers\aswsp.sys
[MD5.6DFABA1E2FD21601D5D8FC3ED306F6CA] - [18/12/2016 22:20:51] - (.Copyright (c) 2014 AVAST Software - Stream Filter.) - [115.52 Ko] - (17.2.3419.0) - C:\Windows\System32\Drivers\aswStm.sys
[MD5.7309064469C60764538741474F324D7C] - [18/12/2016 22:20:31] - (.OpenVPN Technologies, Inc. - TAP-Windows Virtual Network Driver.) - [38.07 Ko] - (9.0.0.10) - C:\Windows\System32\Drivers\aswTap.sys
[MD5.FA04DA90FAAB7618F44D6E1FE0B2FFB0] - [18/12/2016 22:20:51] - (.Copyright (c) 2014 AVAST Software - Avast VM Monitor.) - [272.24 Ko] - (17.2.3419.60) - C:\Windows\System32\Drivers\aswvmm.sys
[MD5.BD8869EB9CDE6BBE4508D869929869EE] - [13/07/2009 18:02:49] - (.Copyright 2000-2008, Broadcom Corporation. - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) - [224.5 Ko] - (10.100.4.0) - C:\Windows\System32\Drivers\b57nd60x.sys
[MD5.A74B3F041F293946CFB8D5D1F15D031E] - [05/07/2016 14:06:48] - (.Copyright 2000-2010, Broadcom Corporation. - Broadcom Bluetooth Firmware Download Filter.) - [164.29 Ko] - (6.5.1.2700) - C:\Windows\System32\Drivers\bcbtums.sys
[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - [13/07/2009 20:59:16] - (.Copyright (C) Brother Industries, Ltd. 2001-2003 - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) - [13.25 Ko] - (1.10.0.2) - C:\Windows\System32\Drivers\BrFiltLo.sys
[MD5.56801AD62213A41F6497F96DEE83755A] - [13/07/2009 20:58:59] - (.Copyright (C) Brother Industries, Ltd. 2001 - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) - [5.13 Ko] - (1.4.0.1) - C:\Windows\System32\Drivers\BrFiltUp.sys
[MD5.845B8CE732E67F3B4133164868C666EA] - [13/07/2009 20:57:25] - (.Copyright (C) Brother Industries Ltd.1997-2006 - Brotehr Serial I/F Driver (WDM).) - [265.75 Ko] - (1.0.1.6) - C:\Windows\System32\Drivers\BrSerId.sys
[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - [13/07/2009 20:59:02] - (.Copyright (C) Brother Industries Ltd.1997-2003 - Brother Serial driver (WDM version).) - [60.88 Ko] - (1.0.0.20) - C:\Windows\System32\Drivers\BrSerWdm.sys
[MD5.BD456606156BA17E60A04E18016AE54B] - [13/07/2009 20:58:27] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB MDM Driver.) - [11.88 Ko] - (1.0.0.12) - C:\Windows\System32\Drivers\BrUsbMdm.sys
[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - [13/07/2009 20:58:35] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB Serial Driver.) - [11.63 Ko] - (1.0.1.3) - C:\Windows\System32\Drivers\BrUsbSer.sys
[MD5.3D925732553CCC0F3727C37FE476AB83] - [13/10/2015 17:59:08] - (.Copyright 2015 Motorola Solutions, Inc. - Bluetooth Audio Driver.) - [70.48 Ko] - (18.1.1511.552) - C:\Windows\System32\Drivers\btmaud.sys
[MD5.1E80DE4D209C85744170DEA67D99D558] - [13/10/2015 17:59:10] - (.Copyright 2015 Motorola Solutions, Inc. - Bluetooth Auxiliary Driver.) - [113.48 Ko] - (18.1.1511.552) - C:\Windows\System32\Drivers\btmaux.sys
[MD5.546DBC93A563F456A6233E1A1228998D] - [01/08/2016 14:20:55] - (.Copyright 2000-2010, Broadcom Corporation. - Broadcom Bluetooth USB AMP Filter for Windows Vista.) - [492.54 Ko] - (6.5.1.2700) - C:\Windows\System32\Drivers\btwampfl.sys
[MD5.D382D0DE5A39B16A08D59B93A4CB2AFD] - [27/02/2017 15:03:55] - (.Copyright 2000-2010, Broadcom Corporation. - Bluetooth Audio Device.) - [149.54 Ko] - (6.5.1.2700) - C:\Windows\System32\Drivers\btwaudio.sys
[MD5.C8D1ADEFD6D5FEAF95C6C7A2CC6B4B97] - [27/02/2017 15:03:55] - (.Copyright 2000-2010, Broadcom Corporation. - Broadcom Bluetooth AVDT Service.) - [171.04 Ko] - (6.5.1.2500) - C:\Windows\System32\Drivers\btwavdt.sys
[MD5.E26610D44609574E13BAAD367AB34967] - [27/02/2017 15:03:55] - (.Copyright 2000-2010, Broadcom Corporation. - Broadcom Bluetooth L2CAP Service.) - [33.04 Ko] - (6.5.1.100) - C:\Windows\System32\Drivers\btwl2cap.sys
[MD5.C49CC9B5E06FBDC87137BA24018B6EDE] - [27/02/2017 15:03:55] - (.Copyright 2000-2010, Broadcom Corporation. - Bluetooth Remote Control HID Minidriver.) - [18.29 Ko] - (6.5.1.2500) - C:\Windows\System32\Drivers\btwrchid.sys
[MD5.1A231ABEC60FD316EC54C66715543CEC] - [10/06/2009 17:17:52] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [420 Ko] - (4.8.2.0) - C:\Windows\System32\Drivers\bxvbdx.sys
[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - [13/07/2009 19:11:18] - (.Copyright (C) CMD Technology, Inc. 1999-2000 - CMD PCI IDE Bus Driver.) - [15.58 Ko] - (2.0.7.0) - C:\Windows\System32\Drivers\cmdide.sys
[MD5.8B30250D573A8F6B4BD23195160D8707] - [10/06/2009 17:20:26] - (.Copyright © Adaptec, Inc. 2000 - Adaptec Ultra SCSI miniport.) - [69.06 Ko] - (6.0.0.0) - C:\Windows\System32\Drivers\djsvs.sys
[MD5.CF0A6015F437161698C5B2A0A12CF052] - [13/07/2009 18:02:50] - (.Copyright (C) 2007 Intel Corporation. - Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver.) - [206.5 Ko] - (9.13.4.10) - C:\Windows\System32\Drivers\e1e6032.sys
[MD5.377AD53E4154477339290B4212E69D53] - [01/08/2016 14:12:31] - (.Copyright (C) 2012 Intel Corporation. - Intel(R) Network Adapter NDIS 6 deserialized driver.) - [226.87 Ko] - (9.16.10.0) - C:\Windows\System32\Drivers\e1e6232.sys
[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - [10/06/2009 17:19:19] - (.Copyright © 2003-2009 Emulex - Storport Miniport Driver for LightPulse HBAs.) - [443.08 Ko] - (5.2.10.211) - C:\Windows\System32\Drivers\elxstor.sys
[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - [10/06/2009 17:17:55] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) - [3027.5 Ko] - (4.8.13.0) - C:\Windows\System32\Drivers\evbdx.sys
[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - [13/07/2009 18:54:14] - (.Copyright ©2007-2009 Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) - [26 Ko] - (1.31.27127.0) - C:\Windows\System32\Drivers\hcw85cir.sys
[MD5.0BF1D760B05CAAAF231123D53C4789E2] - [23/07/2012 19:52:45] - (.Copyright (c) 2003-2009 Intel Corporation. - Intel(R) Management Engine Interface.) - [44.13 Ko] - (3.2.20.1046) - C:\Windows\System32\Drivers\HECI.sys
[MD5.295FDC419039090EB8B49FFDBB374549] - [13/07/2009 18:09:17] - (.Copyright (c) 2004-2008 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [65.58 Ko] - (6.12.4.32) - C:\Windows\System32\Drivers\HpSAMD.sys
[MD5.9B8A611B87ED33F77FCBD8C8F3C4D57F] - [27/02/2014 08:55:54] - (.Copyright (C) 1998 - 2011 Intel Corporation. - NDIS 6.1 Advanced Networking Services..) - [137.31 Ko] - (9.8.52.0) - C:\Windows\System32\Drivers\iANSW60.sys
[MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - [03/07/2016 12:25:37] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - ia32.) - [324.38 Ko] - (8.6.2.1014) - C:\Windows\System32\Drivers\iaStorV.sys
[MD5.9467514EA189475A6E7FDC5D7BDE9D3F] - [23/09/2009 19:18:14] - (.Copyright (c) 1998-2006 Intel Corporation. - Intel Graphics Kernel Mode Driver.) - [4695.5 Ko] - (8.14.10.1930) - C:\Windows\System32\Drivers\igdkmd32.sys
[MD5.4173FF5708F3236CF25195FECD742915] - [13/07/2009 18:09:17] - (.Copyright © 2002-05 Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) - [40.08 Ko] - (5.4.22.0) - C:\Windows\System32\Drivers\iirsp.sys
[MD5.5E0566889D7E8D5A5F7309616405C799] - [15/09/2014 05:13:40] - (.Copyright (C) 2002-2013 Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) - [30.75 Ko] - (1.3.0.7) - C:\Windows\System32\Drivers\iqvw32.sys
[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - [13/07/2009 18:09:19] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT FC Driver (StorPort).) - [93.58 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_fc.sys
[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - [13/07/2009 18:09:18] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SAS Driver (StorPort).) - [87.08 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_sas.sys
[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - [13/07/2009 18:09:18] - (.Copyright © LSI Corporation 2009 - LSI SAS Gen2 Driver (StorPort).) - [53.58 Ko] - (2.0.2.71) - C:\Windows\System32\Drivers\lsi_sas2.sys
[MD5.0A036C7D7CAB643A7F07135AC47E0524] - [13/07/2009 18:09:18] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SCSI Driver (StorPort).) - [94.58 Ko] - (1.28.3.67) - C:\Windows\System32\Drivers\lsi_scsi.sys
[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - [10/06/2009 17:19:35] - (.Copyright © LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) - [30.08 Ko] - (4.5.1.32) - C:\Windows\System32\Drivers\megasas.sys
[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - [13/07/2009 18:09:17] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [230.06 Ko] - (13.5.409.2009) - C:\Windows\System32\Drivers\MegaSR.sys
[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - [13/07/2009 18:09:17] - (.(C) Copyright IBM Corp. 1994, 2002. - IBM ServeRAID Controller Driver.) - [43.58 Ko] - (7.10.0.0) - C:\Windows\System32\Drivers\nfrd960.sys
[MD5.B3E25EE28883877076E0E1FF877D02E0] - [03/07/2016 12:25:37] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [114.38 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvraid.sys
[MD5.4380E59A170D88C4F1022EFF6719A8A4] - [03/07/2016 12:25:37] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [140.38 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvstor.sys
[MD5.AB95ECF1F6659A60DDC166D8315B0751] - [10/06/2009 17:20:06] - (.Copyright © QLogic Corporation 1996-2009 - QLogic Fibre Channel Stor Miniport Driver.) - [1351.06 Ko] - (9.1.8.6) - C:\Windows\System32\Drivers\ql2300.sys
[MD5.B4DD51DD25182244B86737DC51AF2270] - [13/07/2009 18:09:18] - (.© QLogic Corporation. - QLogic iSCSI Storport Miniport Driver.) - [103.58 Ko] - (2.1.3.20) - C:\Windows\System32\Drivers\ql40xx.sys
[MD5.90A3935D05B494A5A39D37E71F09A677] - [13/07/2009 22:05:20] - (.© 2006 Macrovision Corporation - Macrovision SECURITY Driver.) - [20 Ko] - (4.3.86.0) - C:\Windows\System32\Drivers\secdrv.sys
[MD5.A9F0486851BECB6DDA1D89D381E71055] - [10/06/2009 17:20:08] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [39.08 Ko] - (5.1.1039.2600) - C:\Windows\System32\Drivers\sisraid2.sys
[MD5.3727097B55738E2F554972C3BE5BC1AA] - [13/07/2009 18:09:18] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [76.06 Ko] - (5.1.1039.3600) - C:\Windows\System32\Drivers\sisraid4.sys
[MD5.DBC7034E2F2804A1D9ABC05C5AFD00BC] - [26/09/2016 12:36:34] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics SMBus Driver.) - [26.16 Ko] - (19.0.9.4) - C:\Windows\System32\Drivers\Smb_driver_Intel.sys
[MD5.B8AF290680D6995D98801F70E1BAB56D] - [31/08/2016 14:55:44] - (.Copyright ⓒ SAMSUNG - SAMSUNG USB Composite Device Driver.) - [105.13 Ko] - (2.12.3.0) - C:\Windows\System32\Drivers\ssudbus.sys
[MD5.AF6E785B1B28BFED5EF6D95F76977C03] - [31/08/2016 14:55:44] - (.Copyright ⓒ SAMSUNG - SAMSUNG Android Modem Device Driver.) - [142.63 Ko] - (2.12.3.0) - C:\Windows\System32\Drivers\ssudmdm.sys
[MD5.DB32D325C192B801DF274BFD12A7E72B] - [13/07/2009 18:09:18] - (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) - [20.58 Ko] - (5.0.1.1) - C:\Windows\System32\Drivers\stexstor.sys
[MD5.1FD8760CFCB68178F147EA97F0A8AC45] - [01/08/2016 13:59:19] - (.-.) - [10.97 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\SWDUMon.sys
[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - [13/07/2009 19:11:20] - (.Copyright (C) VIA Technologies, Inc. 2000-2007 - VIA Generic PCI IDE Bus Driver.) - [16.58 Ko] - (6.0.6000.170) - C:\Windows\System32\Drivers\viaide.sys
[MD5.9DFA0CC2F8855A04816729651175B631] - [10/06/2009 17:20:24] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [138.58 Ko] - (6.0.6000.6210) - C:\Windows\System32\Drivers\vsmraid.sys

---------- | Uninstall

[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\58d94f3ce2c27db0] : (Dell System Detect.-.Dell) -> "C:\Users\hilton\AppData\Local\Apps\2.0\3VGPG9W0.MPE\2E0VXQW4.WA5\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\Uninstaller.exe" uninstall
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Amazon Amazon Music] : (Amazon Music.-.Amazon Services LLC) -> C:\Users\hilton\AppData\Local\Amazon Music\Uninstall.exe
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\FromDocToPDFTooltab Uninstall Internet Explorer] : (FromDocToPDF Internet Explorer Homepage and New Tab.-.Mindspark Interactive Network, Inc.) -> Rundll32.exe "C:\Users\hilton\AppData\Local\FromDocToPDFTooltab\TooltabExtension.dll" U uninstall:FromDocToPDF
[HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Kodi] : (Kodi.-.XBMC-Foundation) -> C:\Program Files\Kodi\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] : (Adobe Flash Player 25 ActiveX.-.Adobe Systems Incorporated) -> C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_127_ActiveX.exe -maintain activex
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AI RoboForm] : (RoboForm 8-3-1-1 (All Users).-.Siber Systems) -> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Avast Antivirus] : (Avast Internet Security.-.AVAST Software) -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CanonQuickMenu] : (Canon Quick Menu.-.Canon Inc.) -> "C:\Program Files\Canon\Quick Menu\uninst.exe" /UninstallRemove C:\Program Files\Canon\Quick Menu\uninst.ini
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DriverUpdate] : (DriverUpdate.-.Slimware Utilities Holdings, Inc.) -> "C:\Program Files\DriverUpdate\UninstallStub.exe" --log {b72bc52b-65a8-44bb-a94d-e5c9b1d644b6}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\setup.exe" --uninstall --system-level
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HDMI] : (Intel(R) Graphics Media Accelerator Driver.-.Intel Corporation) -> C:\Windows\system32\igxpun.exe -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HECI] : (Intel(R) Management Engine Interface.-.Intel Corporation) -> C:\Windows\system32\heciudlg.exe -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MESOL] : (Intel® Active Management Technology.-.Intel Corporation) -> C:\Windows\system32\mesoludlg.exe -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 52.0.2 (x86 en-US)] : (Mozilla Firefox 52.0.2 (x86 en-US).-.Mozilla) -> "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PROSetDX] : (Intel(R) Network Connections 19.5.303.0.-.Intel) -> MsiExec.exe /i{D8A3D01E-BCBB-491B-856F-61E3B8563E32} ARPREMOVE=1
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SafeZone 3.55.2393.590] : (SafeZone Stable 3.55.2393.590.-.Avast Software) -> "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Stardock Fences 3] : (Stardock Fences 3.-.Stardock Software, Inc.) -> "C:\Program Files\Stardock\Fences\uninstall.exe" "/U:C:\Program Files\Stardock\Fences\Uninstall\uninstall.xml"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Stardock ObjectDock] : (Stardock ObjectDock.-.Stardock Software, Inc.) -> "C:\Program Files\Stardock\ObjectDock\uninstall.exe" "/U:C:\Program Files\Stardock\ObjectDock\Uninstall\uninstall.xml"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series] : (Canon MG3200 series MP Drivers.-.Canon Inc.) -> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series\DELDRV.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series /L0x0009
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2A4CAF55-4B18-4B61-BE9E-94A54209F547}] : (eM Client.-.eM Client Inc.) -> MsiExec.exe /X{2A4CAF55-4B18-4B61-BE9E-94A54209F547}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{302600C1-6BDF-4FD1-1603-148929CC1385}] : (Intel(R) Wireless Bluetooth(R)(patch version 19.0.1629.3590).-.Intel Corporation) ->
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{34BF287B-24D9-4CFC-94A6-B1F4A92EC55D}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{34BF287B-24D9-4CFC-94A6-B1F4A92EC55D}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}] : (Intel(R) Chipset Device Software.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}\SetupChipset.exe" /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}] : (WIDCOMM Bluetooth Software.-.Broadcom Corporation) -> MsiExec.exe /X{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824211354}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824211354}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B72BC52B-65A8-44BB-A94D-E5C9B1D644B6}] : (DriverUpdate.-.Slimware Utilities Holdings, Inc.) -> MsiExec.exe /X{B72BC52B-65A8-44BB-A94D-E5C9B1D644B6}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}] : (Samsung USB Driver for Mobile Phones.-.Samsung Electronics Co., Ltd.) -> C:\Program Files\Samsung\USB Drivers\Uninstall.exe
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D8A3D01E-BCBB-491B-856F-61E3B8563E32}] : (Intel(R) Network Connections 19.5.303.0.-.Intel) -> MsiExec.exe /i{D8A3D01E-BCBB-491B-856F-61E3B8563E32} ARPREMOVE=1
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}] : (OpenOffice 4.1.3.-.Apache Software Foundation) -> MsiExec.exe /I{EEA30AEB-8BA7-465B-85D4-098BB99733E7}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C}] : (SoundMAX.-.Analog Devices) -> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly

---------- | Installer

[HKCR\Installer\Products\1C006203FDB61DF46130419892CC3158] : Intel(R) Wireless Bluetooth(R)(patch version 19.0.1629.3590) -> C:\Windows\Installer\{302600C1-6BDF-4FD1-1603-148929CC1385}\IntelBluetoothICO
[HKCR\Installer\Products\245938095D5836842ABBE6F4FC9A27B6] :
[HKCR\Installer\Products\26FCC409D8185764CB673DE73B999F71] : Windows Mobile Device Center -> C:\Windows\Installer\{904CCF62-818D-4675-BC76-D37EB399F917}\wmdc.exe
[HKCR\Installer\Products\52E4407E830367A4094643A40C8340E3] : Windows Mobile Device Center Driver Update -> C:\Windows\Installer\{E7044E25-3038-4A76-9064-344AC038043E}\WindowsMobileDeviceCenter.ico
[HKCR\Installer\Products\55FAC4A281B416B4EBE9495A24905F74] : eM Client -> C:\Windows\Installer\{2A4CAF55-4B18-4B61-BE9E-94A54209F547}\MailClientIcon.exe
[HKCR\Installer\Products\68AB67CA408033019195008142123145] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824211354}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA73301B744CAF070E41400] : Adobe Acrobat Reader DC -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\AE08842601676B744B6A04DD38BDA14B] :
[HKCR\Installer\Products\B25CB27B8A56BB449AD45E9C1B6D446B] : DriverUpdate -> C:\Windows\Installer\{B72BC52B-65A8-44BB-A94D-E5C9B1D644B6}\Icon.exe
[HKCR\Installer\Products\B782FB439D42CFC4496A1B4F9AE25CD5] : Intel(R) Chipset Device Software
[HKCR\Installer\Products\BEA03AEE7AB8B564584D90B89B79337E] : OpenOffice 4.1.3 -> C:\Windows\Installer\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}\soffice.ico
[HKCR\Installer\Products\E10D3A8DBBCBB19458F6163E8B65E323] : -> C:\Windows\Installer\{D8A3D01E-BCBB-491B-856F-61E3B8563E32}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F4D9341A64DF2F741A3DEF0E792CA990] : WIDCOMM Bluetooth Software -> C:\Windows\Installer\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F85AF62A6DA0C9F41A43EFC2BFE2EA79] :

---------- | ADS


---------- | Drives

Disk: 0 Size=19.1T
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 27-UNKNWN 3.1G Yes No 2,048 6,348,800
1 1 07-NTFS 19.0T No No 6,350,848 900,676,096

---------- | MBR

Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: OptiPlex 755
Logical Drives Mask: 0x0000000c

Analysis of file "C:\QuickDiag\MBR.bin":
Windows 7 MBR code detected

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_HUA722020ALA331 rev.JKAOA3NH -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys aswSP.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
C:\Windows\system32\drivers\aswSP.sys AVAST Software Avast Antivirus
1 ntkrnlpa!IofCallDriver[0x82C800C5] -> \Device\Harddisk0\DR0[0x86377190]
3 aswSP[0x91269EFB] -> ntkrnlpa!IofCallDriver[0x82C800C5] -> \Device\Ide\IdeDeviceP2T0L0-2[0x85EB5908]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK

---------- | 20 LastEventLog

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------

Activation context generation failed for "C:\Program Files\DriverUpdate\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
------------

Activation context generation failed for "C:\Program Files\DriverUpdate\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

LMS Service lost connection to HECI driver
------------

The program iexplore.exe version 11.0.9600.18616 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1290
Start Time: 01d2a7e9763e43e5
Termination Time: 40
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:

------------

The program iexplore.exe version 11.0.9600.18616 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 11fc
Start Time: 01d2a7e91114cad4
Termination Time: 32
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:

------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------

The program iexplore.exe version 11.0.9600.18616 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1610
Start Time: 01d2a70f2a82658c
Termination Time: 43
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:

------------

LMS Service lost connection to HECI driver
------------

The program iexplore.exe version 11.0.9600.18616 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1e74
Start Time: 01d2a667e52b28e9
Termination Time: 23
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:

------------

LMS Service lost connection to HECI driver
------------

LMS Service lost connection to HECI driver
------------


----------( EOF)---------- - 2794 | 12:29:50
 

Attachments

Last edited by a moderator:
Hello
  • Disable Windows Defender, Firewall & Antivirus prior to running this tool!!
  • Save AdsFix to your desktop.
  • Right Click & Run As Administrator.
  • With an infected machine, it could take several seconds to be charged.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
adsfix1-1.png


  • Click Options then select Unlock the deletion.
  • Then click on clean.
  • Enter your country
  • Don’t use the machine while scanning and be patient
  • Once the scan has completed, please copy and paste the report in your next reply.
  • The report will be C:\AdsFix_date_hour.txt or on your dektop with the same name.
 
  • Like
Reactions: Malnutrition
g3n-h@ckm@n said:
Hello
  • Disable Windows Defender, Firewall & Antivirus prior to running this tool!!
  • Save AdsFix to your desktop.
  • Right Click & Run As Administrator.
  • With an infected machine, it could take several seconds to be charged.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
adsfix1-1.png


  • Click Options then select Unlock the deletion.
  • Then click on clean.
  • Enter your country
  • Don’t use the machine while scanning and be patient
  • Once the scan has completed, please copy and paste the report in your next reply.
  • The report will be C:\AdsFix_date_hour.txt or on your dektop with the same name.
Click to expand...
ok..hope this helps...

---------- | AdsFix | g3n-h@ckm@n | V4_02.04.17.3

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 12:24:34 - 02/04/2017

update on : 02/04/2017 | 16.50 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\hilton\Desktop\AdsFix.exe
Boot: Normal boot
[hilton (Administrator)] - [HILTON-PC] - (usa [0409])
SID = S-1-5-21-3292114827-816517840-1514174382-1000 || [68696c746f6e205e5e]
PC : Dell Inc. - 0GM819 -
Processor : X64 - 1862 - Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Bios : Dell Inc. - 06/11/2012 - V.A22
CoreTemp : ? C

CPU #1 value:37 %
CPU #2 value:37 %
Total Overall CPU Usage value:37 %

System : Windows 7 Professional (32 bits) Professional Service Pack 1
RAM memory = Total (MB) : 3396 | Free (MB) : 1873
Pagefile = Total (MB) : 6791 | Free (MB) : 4946
Virtual = Total (MB) : 2097 | Free (MB) : 1877

C:\ -> [Fixed] | [Windows] | Total : 1859.99 Go | Free : 1820.36 Go -> NTFS [ATA]

Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [02.04.2017 @ 12_24_32]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2017-04-02 06:57:34
Last downloaded : 2017-03-14 19:23:58
Last installation : 2017-03-15 07:07:26
Next search : 2017-04-03 02:10:53

Windows Is Activated

---------- | Browsers

IE : 11.0.9600.18616 (© Microsoft Corporation. All rights reserved.)
FF : 52.0.2.6291 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 56.0.2924.87 (Copyright 2016 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

FW : Avast Antivirus Disabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Manual(3)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 25.0.0.127

---------- | Killed processes

1468 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1676 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.21.1354) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1712 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Intel Corporation - Displays state of Intel® Active Management Technology..) - (3.0.0.6) = C:\Program Files\Intel\AMT\atchksrv.exe
1756 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Broadcom Corporation. - Bluetooth Support Server.) - (6.5.1.2700) = C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1868 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Intel Corporation - Intel(R) Wireless Bluetooth(R) iBtSiva Service.) - (19.0.1629.3590) = C:\Program Files\Intel\Bluetooth\ibtsiva.exe
1904 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Intel Corporation - Intel® PROSet Monitoring Service.) - (19.5.302.0) = C:\Windows\System32\IPROSetMonitor.exe
1948 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Intel - Local Manageability Service.) - (3.0.10.1053) = C:\Program Files\Intel\AMT\LMS.exe
2040 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Intel - User Notification Service.) - (3.2.0.1053) = C:\Program Files\Intel\AMT\UNS.exe
3812 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Motorola Solutions, Inc. - Bluetooth Device Monitor.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\devmonsrv.exe
3916 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Motorola Solutions, Inc. - Bluetooth Media Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\mediasrv.exe
3980 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.Motorola Solutions, Inc. - Bluetooth OBEX Service.) - (19.0.1603.650) = C:\Program Files\Intel\Bluetooth\obexsrv.exe
2540 | [Owner : SYSTEM |Parent : 2128()] - (.Google Inc. - Google Crash Handler.) - (1.3.32.7) = C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
3212 | [Owner : NETWORK SERVICE |Parent : 524(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
3500 | [Owner : hilton |Parent : 1004(svchost.exe)] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
1216 | [Owner : hilton |Parent : 1004(svchost.exe)] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
3716 | [Owner : hilton |Parent : 524(services.exe)] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
4032 | [Owner : hilton |Parent : 1216()] - (.SlimWare Utilities, Inc. - DriverUpdate.) - (4.0.0.0) = C:\Program Files\DriverUpdate\DriverUpdate.exe
3380 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Intel Corporation - Displays state of Intel® Active Management Technology..) - (3.0.0.9) = C:\Program Files\Intel\AMT\atchk.exe
2212 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Analog Devices, Inc. - SMax4PNP.) - (6.1.7200.179) = C:\Program Files\Analog Devices\Core\smax4pnp.exe
2856 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.CANON INC. - Canon Quick Menu.) - (2.7.1.0) = C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
2460 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Microsoft Corporation - Windows Mobile Device Center.) - (6.1.6965.0) = C:\Windows\WindowsMobile\wmdc.exe
3676 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe
3140 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Amazon Services LLC - Amazon Music Helper.) - (5.3.6.1743) = C:\Users\hilton\AppData\Local\Amazon Music\Amazon Music Helper.exe
1508 | [Owner : hilton |Parent : 3500()] - (.Piriform Ltd - CCleaner.) - (5.28.0.6005) = C:\Program Files\CCleaner\CCleaner.exe
968 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Siber Systems - RoboForm TaskBar Icon.) - (8.3.1.1) = C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
2696 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Dell - Dell System Detect.) - (7.11.0.6) = C:\Users\hilton\AppData\Local\Apps\2.0\3VGPG9W0.MPE\2E0VXQW4.WA5\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\DellSystemDetect.exe
1236 | [Owner : hilton |Parent : 3436(explorer.exe)] - (.Broadcom Corporation. - Bluetooth Tray Application.) - (6.5.1.2700) = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
5216 | [Owner : hilton |Parent : 4004()] - (.Microsoft Corporation - Windows host process (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe
5480 | [Owner : SYSTEM |Parent : 524(services.exe)] - (.SlimWare Utilities Holdings, Inc. - SlimWare.Services Service.) - (1.0.0.0) = C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
5536 | [Owner : SYSTEM |Parent : 700(svchost.exe)] - (.SlimWare Utilities Holdings, Inc. - SlimWare.Session Server.) - (1.0.0.0) = C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe
5628 | [Owner : hilton |Parent : 2856()] - (.CANON INC. - Canon Quick Menu Updater.) - (2.7.1.0) = C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
2448 | [Owner : hilton |Parent : 700(svchost.exe)] - (.Intel Corporation - igfxsrvc Module.) - (8.14.10.1930) = C:\Windows\System32\igfxsrvc.exe
3412 | [Owner : hilton |Parent : 1392(avastui.exe)] - (.Microsoft Corporation - CTF Loader.) - (6.1.7600.16385) = C:\Windows\System32\ctfmon.exe
1620 | [Owner : hilton |Parent : 700(svchost.exe)] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller 25.0 r0.) - (25.0.0.127) = C:\Windows\System32\Macromed\Flash\FlashUtil32_25_0_0_127_ActiveX.exe
4640 | [Owner : NETWORK SERVICE |Parent : 524(services.exe)] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe

---------- | Tasks

Deleted successfully : Driver Support
Deleted successfully : DriverUpdate Scan
Deleted successfully : DriverUpdate Startup.job


---------- | Services

Deleted service : SWDUMon : system32\DRIVERS\SWDUMon.sys

---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot


---------- | Winsock


---------- | DNS

Repaired : [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7F3D0977-3F81-48D1-8A0D-5B6CF1496778}]~[NameServer] : 77.234.40.79 ->

---------- | Register

Deleted successfully : HKLM\SOFTWARE\Classes\AppID\{6D3BC646-CFCD-4098-8495-B7BD0DF13133} : SlimWare.Session #
Deleted successfully : HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\doubleclick.net
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{58A8BF1A-3608-41EA-AAD1-581AB79105E6} : C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{5B47B102-E05C-41E6-9239-E9276F3758B7}
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{CE74B1E6-4EBC-42A1-A4EF-E03F45195608} : C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{3B8B86CB-0248-4F00-AC0E-EE5C6795D7F4} : {CE74B1E6-4EBC-42A1-A4EF-E03F45195608}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{BDF76960-B341-4592-BDBA-DFC8C74165A9} : {CE74B1E6-4EBC-42A1-A4EF-E03F45195608}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{E58DA376-0D39-45ED-A6EE-A7B6DD10BED2} : {58A8BF1A-3608-41EA-AAD1-581AB79105E6}
Deleted successfully : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]~[PCAcceleratePro.exe]
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]~[PCAcceleratePro.exe]
Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32
Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS
Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\DriverWhiz_RASAPI32
Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\DriverWhiz_RASMANCS
Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\McPartnerSAInstallManager_RASAPI32
Deleted successfully : HKLM\SOFTWARE\Microsoft\Tracing\McSvHost_RASAPI32
Deleted successfully : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]~[C:\Program Files\DriverUpdate\DriverUpdate.UpdateLauncher.exe]
Deleted successfully : HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\FromDocToPDF
Deleted successfully : HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\ProductSetup
Deleted successfully : HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\SlimWare Utilities Inc
Deleted successfully : HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\undefined
Deleted successfully : HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted successfully : HKLM\SOFTWARE\SlimWare.Utilities
Deleted successfully : HKLM\SOFTWARE\SlimWare Utilities, Inc.
Deleted successfully : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} : 1
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3854CF3B2738F1B50811C113A6628B1C : C:\Program Files\DriverUpdate\CrashSender.exe.VC80
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B6C8A96077846C58872590D3F300790 : C:\Program Files\DriverUpdate\mfc80u.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\513C2FCB818471C569E0FDA5A3BDE0E0 : C:\Program Files\DriverUpdate\DriverUpdate.exe
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\518B733684C79CB558F88FE88A841A8E : C:\Program Files\DriverUpdate\msvcp80.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5495805C52029135CA3898C4D31E1381 : C:\Program Files\DriverUpdate\dbghelp-app.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\66D733525E9A58F57966D7601ED64574 : C:\Program Files\DriverUpdate\UnifiedLogger.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9182F476578643550AFFF32CC6EC70A7 : C:\Program Files\DriverUpdate\UninstallStub.exe
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F93A237388CD0485B83A5A3FA718E936 : C:\Program Files\DriverUpdate\msvcr80.dll
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B25CB27B8A56BB449AD45E9C1B6D446B : [C:\Windows\Installer\1e561dab.msi]
Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\Program Files\DriverUpdate\]
Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\Program Files\SlimWare Utilities\]
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate : (DriverUpdate) "C:\Program Files\DriverUpdate\UninstallStub.exe" --log {b72bc52b-65a8-44bb-a94d-e5c9b1d644b6} -> C:\Program Files\DriverUpdate\
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B72BC52B-65A8-44BB-A94D-E5C9B1D644B6} : (DriverUpdate) MsiExec.exe /X{B72BC52B-65A8-44BB-A94D-E5C9B1D644B6}
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMRules
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E1F1D2B-A7F0-47BE-9978-16429AE3489C} : \Driver Support-RTMScan
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E1F1D2B-A7F0-47BE-9978-16429AE3489C} : \Driver Support-RTMScan
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E753F27A-B7AA-4831-A49E-9186D40D7565} : \Driver Support-RTMRules
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E753F27A-B7AA-4831-A49E-9186D40D7565} : \Driver Support-RTMRules

---------- | Folders | Files

Deleted successfully : C:\Program Files\Driver Support\Agent.Common.dll (Copyright © PC Drivers Headquarters INC. 2015.-.Driver Detective) Agent.Common.dll
Deleted successfully : C:\Program Files\Driver Support\Agent.Communication.dll (Copyright © PC Drivers Headquarters INC. 2015.-.Driver Detective) Agent.Communication.dll
Deleted successfully : C:\Program Files\Driver Support\DriverSupport.exe (Copyright © PC Drivers Headquarters INC. 2015.-.Driver Support) DriverSupport.exe
Deleted successfully : C:\Program Files\Driver Support\ExceptionLogging.dll (Copyright © PC Drivers Headquarters INC. 2012.-.Driver Detective) ExceptionLogging.dll
Deleted successfully : C:\Program Files\Driver Support\RuleEngine.dll (Copyright © PC Drivers Headquarters INC. 2015.-.Driver Detective) RuleEngine.dll
Reboot : C:\Program Files\DriverUpdate
Deleted successfully : C:\Program Files\SlimWare Utilities
Deleted successfully : C:\Users\Public\Desktop\DriverUpdate.lnk (.-.) (Offsets)
Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate Help.lnk (.-.)
Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate.lnk (.-.)
Deleted successfully : C:\Users\Public\Documents\Downloaded Installers
Reboot : C:\Users\hilton\AppData\Local\76f7c66
Deleted successfully : C:\Users\hilton\AppData\Local\88efa
Deleted successfully : C:\Users\hilton\AppData\Local\Chromium
Deleted successfully : C:\Users\hilton\AppData\Local\CrashRpt
Deleted successfully : C:\Users\hilton\AppData\Local\f1aad
Reboot : C:\Users\hilton\AppData\Local\FromDocToPDFTooltab
Deleted successfully : C:\Users\hilton\AppData\Local\PC_Drivers_Headquarters
Deleted successfully : C:\Users\hilton\AppData\Local\SlimWare Utilities Inc
Deleted successfully : C:\Users\hilton\AppData\Roaming\InstantSupport
Reboot : C:\Users\hilton\Local Settings\76f7c66
Reboot : C:\Users\hilton\Local Settings\FromDocToPDFTooltab
Deleted successfully : C:\ProgramData\PC Drivers HeadQuarters
Deleted successfully : C:\ProgramData\SlimWare Utilities Inc
Deleted successfully : C:\ProgramData\SlimWare Utilities, Inc
Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
Deleted successfully : C:\Users\hilton\AppData\LocalLow\Microsoft\Internet Explorer\Services\winsearch.ico (.-.)
Deleted successfully : C:\Windows\Installer\1e561dab.msi (.-.) [Package Install]
Deleted successfully : C:\Windows\system32\DRIVERS\SWDUMon.sys (.-.)
Deleted successfully : C:\Windows\System32\Tasks\Driver Support-RTMRules (.-.)
Deleted successfully : C:\Windows\System32\Tasks\Driver Support-RTMUpdater (.-.)
Deleted successfully : C:\Windows\System32\Tasks\Driver Support-RTMScan (.-.)
Deleted successfully : C:\Windows\System32\Config\Systemprofile\AppData\Local\CrashRpt

---------- | .LNK


---------- | opening unknown extension


---------- | Proxy


---------- | Internet Explorer

Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Search Bar] : Preserve -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Page] : https://us.search.yahoo.com/yhs/web...ie_16_28&os_ver=6.1&os=Windows+7+Professional -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1
Repaired : [HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0

---------- | Yandex : X

---------- | Google Chrome

Deleted successfully : HKLM\SOFTWARE\Policies\Google
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\bmnlcjabgnpnenekpadlanbbkooimhnj = description: Automatically find and apply coupon codes when you shop online!
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\hdokiejnpimakedhajhdlcegeplioahd = content_security_policy: default-src 'self' https://1min-ui-prod.service.lastpass.com https://lastpass.com/ https://youtube.com https://lastpass.eu; connect-src 'self' https://lastpass.com/ wss://*.lastpass.com wss://*.lastpass.eu ws://127.0.0.1:19536 https://pollserver.lastpass.com https://loglogin.lastpass.com https://lastpass.com https://www.lastpass.com https://lastpass.eu https://*.google-analytics.com https://*.doubleclick.net; img-src 'self' data: https://lastpass.com/ chrome://favicon https://*.google-analytics.com https://*.doubleclick.net; style-src 'self' https://lastpass.com/ ;
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ]
Deleted successfully : C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pnlccmojcmeohlpggmfnbbiapkmbliob = permissions: [ tabs bookmarks webRequest webRequestBlocking webNavigation nativeMessaging downloads http://*/* https://*/* chrome://favicon/ ]

C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : Avast SafePrice - safe shopping extension. - Avast SafePrice - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\hilton\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx

---------- | SrWare Iron : X

---------- | Comodo Dragon : X

---------- | Firefox

[hilton | pc153f57.default-1485114558992] Deleted successfully : user_pref("media.gmp-widevinecdm.abi", "x86-msvc-x86");
[hilton | pc153f57.default-1485114558992] Deleted successfully : user_pref("media.gmp-widevinecdm.version", "1.4.8.903");

[Profile0] - Name=default-1485114558992 -> Profiles/pc153f57.default-1485114558992

---------- | SeaMonkey : X

---------- | Pale moon : X

---------- | Opera : X

---------- | Spark (Baidu) : X

---------- | StartMenuInternet

Repaired : [HKLM\SOFTWARE\Clients\StartMenuInternet\IExplore.exe\shell\open\command]~[] : iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"

---------- | Javascript


---------- | Firewall


---------- | ADS


Other(s) report(s)


Analyzed : 346649 | Modified : 9 | Deleted : 88

---------- |EOF| ---------- | 16:17:01 | [25 Ko]



hefs
 

Attachments

Download MalwareBytes Anti-Malware : https://www.malwarebytes.com/mwb-download/ take the free version ( on the left )
Perform the installation
Uncheck "Enable Free Trial of Malwarebytes Anti-Malware Premium" if it's asked
Malwarebytes will update, let this update,
Click on the "Settings" tab and then on the "Detection and Protection" tab, Check the box "Search for Rootkits"
Click on the "Analysis" tab and then on "Start analysis"
Once the review is complete, check that all detections are checked and then click [Delete Selection]
If Malwarebytes asks you to restart your PC, click "Yes",
When restarting your PC, restarts Malwarebytes
Opens the "History" tab and then "Application logs"
Double click on the last Scan Log in date (the one above)
At the bottom click [Export] -> select "Text file (* .txt)"
In the explorer selects the desktop, name it mbam.txt, click [Save]

copy/paste the content of the report in your next reply
 
Last edited:
I suppose your helper is out of town or something. sorry for the delay.... Let's get some FRST logs, and @gus will be assisting you. :)

Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked, as well as Shortcut.txt
  • Press Scan button and wait.
  • The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt -- & Shortcut.txt
Please Copy & Paste them into your next reply. But attach Shortcut.txt
 
Malnutrition said:
I suppose your helper is out of town or something. sorry for the delay.... Let's get some FRST logs, and @gus will be assisting you. :)

Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked, as well as Shortcut.txt
  • Press Scan button and wait.
  • The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt -- & Shortcut.txt
Please Copy & Paste them into your next reply. But attach Shortcut.txt
Click to expand...

Sorry..never saw a place that said run as Adm.. I know it is a 32 bit and clicked that..box came uo asking to run or save...hit run and here is what I got...they ended up in note pad..have no idea where that is..so can't see how to send them to you..it must not be right because there were only two of them..
You know by now you are dealing with a computer idiot <G>
Also got something from Gus I broke a rule..not sure what I did but apologise...

Thanks, hefs
 
Hello Hefs,
As per the instructions above, you should have downloaded FRST to the desktop and run it (as administrator) from there. It would have then produced 3 files on the desktop
  1. FRST.txt
  2. Addition.txt
  3. Shortcut.txt
Once you have these files please copy and paste the contents of FRST.txt and Addition.txt in your next post. Also attach Shortcut.txt:)

Hilton Heflin said:
Also got something from Gus I broke a rule..not sure what I did but apologise..
Click to expand...

It's all good, your second newly created member account has been removed because you are only allowed to have one account, and making another thread about the same topic is not helpful, but rest assured we will help you get your issues sorted out(y)

If you are unsure about any of the above instructions please give me a shout.
 
Last edited:
  • Like
Reactions: Malnutrition
Status
Not open for further replies.
Top Bottom