Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01
Ran by Administrator (administrator) on TS01 (28-09-2017 08:12:02)
Running from C:\Users\administrator.BOULET\Desktop
Loaded Profiles: marco & charles & caroll & PierreB & Melodie & Vannak & Alexandra & Services & taher & PhilippeS & FRANCOISP & Administrator (Available Profiles: Administrator & marco & charles & alexis & Sforest & richard & rogerb & caroll & pierre & raymond & mimi & Gabrielle & andre & Production & Yanick & sylvie & PierreB & Melodie & Jerome & pvanier & salle-montre & MicheleH & Vannak & MichelleT & Alexandra & vannak2 & Services & JulieD & StephanieG & sebastien & taher & PhilippeS & Francois & FRANCOISP & Administrator)
Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epupdateservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epsecurityservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epag.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epintegrationservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Microsoft Corporation) C:\Windows\System32\proquota.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Microsoft Corporation) C:\Windows\System32\proquota.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Microsoft Corporation) C:\Windows\System32\proquota.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
() \\DC01\VOL1\Apps\vfp70\Services\launcher.exe
(Microsoft Corporation) C:\Windows\System32\proquota.exe
(Microsoft Corporation) \\DC01\VOL1\Apps\vfp90\vfp9.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\proquota.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Microsoft Corporation) C:\Windows\System32\proquota.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() \\DC01\VOL1\Apps\vfp70\Services\launcher.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Microsoft Corporation) C:\Windows\System32\proquota.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Windows\System32\proquota.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Akamai Technologies, Inc.) C:\Users\administrator.BOULET\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\administrator.BOULET\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) \\DC01\VOL1\Apps\vfp90\vfp9.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Windows\System32\proquota.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\proquota.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Microsoft Corporation) C:\Windows\System32\proquota.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1317184 2014-07-16] (FileOpen Systems Inc.)
HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [74968 2015-06-18] (VMware, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\system: [EnableProfileQuota] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\system: [MaxProfileSize] 500000
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\system: [WarnUser] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\system: [WarnUserTimeout] 60
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoPropertiesRecycleBin] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [Intellimenus] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoClose] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoNetworkConnections] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoDrives] 15
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoAutoUpdate] 0
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoHardwareTab] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [HideSCANetwork] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoCommonGroups] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoStartMenuPinnedList] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [RestrictCpl] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm"
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\system: [EnableProfileQuota] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\system: [MaxProfileSize] 500000
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\system: [WarnUser] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\system: [WarnUserTimeout] 60
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoPropertiesRecycleBin] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [Intellimenus] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoClose] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoNetworkConnections] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoDrives] 15
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoAutoUpdate] 0
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoHardwareTab] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [HideSCANetwork] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoCommonGroups] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoStartMenuPinnedList] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [RestrictCpl] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm"
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\system: [EnableProfileQuota] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\system: [MaxProfileSize] 500000
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\system: [WarnUser] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\system: [WarnUserTimeout] 60
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoPropertiesRecycleBin] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [Intellimenus] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoClose] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoNetworkConnections] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoDrives] 15
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoAutoUpdate] 0
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoHardwareTab] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [HideSCANetwork] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoCommonGroups] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoStartMenuPinnedList] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [RestrictCpl] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm"
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\system: [EnableProfileQuota] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\system: [MaxProfileSize] 500000
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\system: [WarnUser] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\system: [WarnUserTimeout] 60
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoPropertiesRecycleBin] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [Intellimenus] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoClose] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoNetworkConnections] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoDrives] 15
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoAutoUpdate] 0
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoHardwareTab] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [HideSCANetwork] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoCommonGroups] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoStartMenuPinnedList] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [RestrictCpl] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm"
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\system: [EnableProfileQuota] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\system: [MaxProfileSize] 500000
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\system: [WarnUser] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\system: [WarnUserTimeout] 60
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoPropertiesRecycleBin] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [Intellimenus] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoClose] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoNetworkConnections] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoDrives] 15
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoAutoUpdate] 0
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoHardwareTab] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [HideSCANetwork] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoCommonGroups] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoStartMenuPinnedList] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [RestrictCpl] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm"
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\system: [EnableProfileQuota] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\system: [MaxProfileSize] 500000
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\system: [WarnUser] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\system: [WarnUserTimeout] 60
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoPropertiesRecycleBin] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [Intellimenus] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoClose] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoNetworkConnections] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoDrives] 15
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoAutoUpdate] 0
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoHardwareTab] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [HideSCANetwork] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoCommonGroups] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoStartMenuPinnedList] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [RestrictCpl] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm"
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Run: [Google Update] => C:\Users\Alexandra\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\system: [EnableProfileQuota] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\system: [MaxProfileSize] 500000
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\system: [WarnUser] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\system: [WarnUserTimeout] 60
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoPropertiesRecycleBin] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [Intellimenus] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoClose] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoNetworkConnections] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoDrives] 15
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoAutoUpdate] 0
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoHardwareTab] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [HideSCANetwork] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoCommonGroups] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoStartMenuPinnedList] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [RestrictCpl] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm"
HKU\S-1-5-21-606344767-3282361405-600652822-1218\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\system: [EnableProfileQuota] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\system: [MaxProfileSize] 500000
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\system: [WarnUser] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\system: [WarnUserTimeout] 60
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoPropertiesRecycleBin] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [Intellimenus] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoClose] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoNetworkConnections] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoDrives] 15
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoAutoUpdate] 0
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoHardwareTab] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [HideSCANetwork] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoCommonGroups] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoStartMenuPinnedList] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [RestrictCpl] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm"
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\system: [EnableProfileQuota] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\system: [MaxProfileSize] 500000
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\system: [WarnUser] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\system: [WarnUserTimeout] 60
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoPropertiesRecycleBin] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [Intellimenus] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoClose] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoNetworkConnections] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoDrives] 15
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoAutoUpdate] 0
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoHardwareTab] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [HideSCANetwork] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoCommonGroups] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoStartMenuPinnedList] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [RestrictCpl] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\system: [EnableProfileQuota] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\system: [MaxProfileSize] 500000
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\system: [WarnUser] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\system: [WarnUserTimeout] 60
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoPropertiesRecycleBin] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [Intellimenus] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoClose] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoNetworkConnections] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoDrives] 15
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoAutoUpdate] 0
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoHardwareTab] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [HideSCANetwork] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoCommonGroups] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoStartMenuPinnedList] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [RestrictCpl] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm"
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\system: [EnableProfileQuota] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\system: [MaxProfileSize] 500000
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\system: [WarnUser] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\system: [WarnUserTimeout] 60
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoPropertiesRecycleBin] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [Intellimenus] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoClose] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoNetworkConnections] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoDrives] 15
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoAutoUpdate] 0
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoHardwareTab] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [HideSCANetwork] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoCommonGroups] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoStartMenuPinnedList] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoTaskGrouping] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [RecycleBinSize] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [RestrictCpl] 1
HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm"
HKU\S-1-5-21-606344767-3282361405-600652822-500\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKU\S-1-5-21-606344767-3282361405-600652822-500\...\Run: [Akamai NetSession Interface] => C:\Users\administrator.BOULET\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-606344767-3282361405-600652822-500\...\Run: [{AAD1516D-28AB-4EB5-B7C8-DF54FE4442E9}] => "C:\Program Files\Bitdefender\EndpointSetupInformation\{c6b758d7-5ad6-455b-e224-a5c4c58680b9}\SetupLauncher.exe" /run:".\Installer.exe" /args:"rebootIfNeeded=0 "
Lsa: [Notification Packages] scecli rassfm

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{82A6834D-9378-48EA-A3A5-1EE6B2FD338F}: [NameServer] 192.168.0.240,192.168.0.250

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-606344767-3282361405-600652822-1114\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-606344767-3282361405-600652822-1115\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-606344767-3282361405-600652822-1121\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-606344767-3282361405-600652822-1174\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-606344767-3282361405-600652822-1185\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-606344767-3282361405-600652822-1215\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-606344767-3282361405-600652822-1218\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-606344767-3282361405-600652822-1614\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-606344767-3282361405-600652822-1634\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-606344767-3282361405-600652822-1655\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-606344767-3282361405-600652822-1662\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
HKU\S-1-5-21-606344767-3282361405-600652822-1114\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-606344767-3282361405-600652822-1115\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/defaultf.aspx?ocid=iehp
HKU\S-1-5-21-606344767-3282361405-600652822-1115\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-606344767-3282361405-600652822-1115\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://msn.ca/
HKU\S-1-5-21-606344767-3282361405-600652822-1121\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/fr-ca/
HKU\S-1-5-21-606344767-3282361405-600652822-1121\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fr-ca/?ocid=iehp
HKU\S-1-5-21-606344767-3282361405-600652822-1174\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-606344767-3282361405-600652822-1174\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/defaultf.aspx?lang=fr-ca&OCID=iehp
HKU\S-1-5-21-606344767-3282361405-600652822-1185\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-606344767-3282361405-600652822-1185\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/defaultf.aspx?lang=fr-ca&OCID=iehp
HKU\S-1-5-21-606344767-3282361405-600652822-1215\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-606344767-3282361405-600652822-1215\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://preview.msn.com/fr-ca?lang=fr-ca&OCID=iehp
HKU\S-1-5-21-606344767-3282361405-600652822-1218\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-606344767-3282361405-600652822-1218\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/defaultf.aspx?ocid=iehp
HKU\S-1-5-21-606344767-3282361405-600652822-1614\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-606344767-3282361405-600652822-1634\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-606344767-3282361405-600652822-1655\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-606344767-3282361405-600652822-1655\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fr-ca/?ocid=iehp
HKU\S-1-5-21-606344767-3282361405-600652822-1662\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-606344767-3282361405-600652822-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1114 -> DefaultScope {68D48E5D-20B5-4078-86D6-970D2D72B74F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1114 -> {68D48E5D-20B5-4078-86D6-970D2D72B74F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1115 -> DefaultScope {2119352F-7BF1-4F16-A14B-3E54BD833BEA} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1115 -> {2119352F-7BF1-4F16-A14B-3E54BD833BEA} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1121 -> DefaultScope {9D2FE1E0-AB85-4D72-BFE0-EA603238E913} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1121 -> {9D2FE1E0-AB85-4D72-BFE0-EA603238E913} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1174 -> DefaultScope {F4BF53D1-6E9E-4808-888D-FE408FECCAF1} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1174 -> {F4BF53D1-6E9E-4808-888D-FE408FECCAF1} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1185 -> DefaultScope {59D531BD-2847-4726-AB2F-5F4332B9E30C} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1185 -> {59D531BD-2847-4726-AB2F-5F4332B9E30C} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-500 -> DefaultScope {C3A1912C-65C9-4F9F-985B-ED788F33B2E4} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-500 -> {C3A1912C-65C9-4F9F-985B-ED788F33B2E4} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-606344767-3282361405-600652822-1218: @tools.google.com/Google Update;version=3 -> C:\Users\Alexandra\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-606344767-3282361405-600652822-1218: @tools.google.com/Google Update;version=9 -> C:\Users\Alexandra\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default [2017-09-28]
CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-12]
CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-12]
CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12]
CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-12]
CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-27]
CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-28]
StartMenuInternet: Google Chrome.7PPCX5V6GMJ2UMT3LB5IEBJ4RI - C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 epag; C:\Program Files\Bitdefender\Endpoint Security\epag.exe [3565928 2017-08-29] (Bitdefender)
R2 EPIntegrationService; C:\Program Files\Bitdefender\Endpoint Security\EPIntegrationService.exe [100392 2017-09-28] (Bitdefender)
R2 EPSecurityService; C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe [100392 2017-09-28] (Bitdefender)
R2 EPUpdateService; C:\Program Files\Bitdefender\Endpoint Security\EPUpdateService.exe [100392 2017-09-28] (Bitdefender)
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-13] (Microsoft Corporation)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [341312 2014-07-16] (FileOpen Systems Inc.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [File not signed]
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-13] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-13] (Microsoft Corporation)
S3 SrmReports; C:\Windows\system32\srmhost.exe [76288 2010-11-20] (Microsoft Corporation)
R2 SrmSvc; C:\Windows\system32\srmsvc.dll [3489792 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1763744 2017-08-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [882672 2017-08-29] (BitDefender)
R3 bddevflt; C:\Program Files\Bitdefender\Endpoint Security\bddevflt.sys [109272 2017-02-20] (BitDefender LLC)
R0 bdupflt; C:\Windows\System32\DRIVERS\bdupflt.sys [57544 2015-10-06] (Bitdefender)
R0 Datascrn; C:\Windows\System32\drivers\datascrn.sys [79936 2009-07-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-08-22] (DT Soft Ltd)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [187688 2017-08-08] (BitDefender LLC)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R3 MRxDAV; C:\Windows\SysWOW64\drivers\mrxdav.sys [115712 2010-11-20] (Microsoft Corporation)
R0 Quota; C:\Windows\System32\drivers\quota.sys [168016 2009-07-13] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-13] (Microsoft Corporation)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [441112 2017-08-08] (BitDefender S.R.L.)
R2 VMMEMCTL; C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys [22744 2015-06-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73944 2014-02-10] (VMware, Inc.)
U3 tpautoconnsvc; no ImagePath
S4 vmrawdsk; \??\C:\Program Files\VMware\VMware Tools\vmrawdsk.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D5B031C308A409A0A576BFF4CF083D30
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avc3.sys 8AFE08FD37D6F27C54A13118FD167786
C:\Windows\System32\DRIVERS\avckf.sys 8208896BDA980285901521F9524101DA
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Program Files\Bitdefender\Endpoint Security\bddevflt.sys DFBB791B03DE8C2FD1A45555A4C6A97F
C:\Windows\System32\DRIVERS\bdupflt.sys 15EE4DF660019AC2390A8460FCEF0E0E
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\drivers\datascrn.sys 05515E104AAE4FDB3DC66384FF745024
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys D3D64CF7B2BCEAA34A270F45A3FFFB36
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\E1G6032E.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\gzflt.sys DD528E0A0C57B02A6FC311AA05D430C2
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\qd260x64.sys FF0FB51A0ACC2E2D0D412138A05A0B59
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mcdbus.sys 79D51E7F5926E8CE1B3EBECEBAE28CFF
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\mrxdav.sys CEB46AB7C01C9F825F8CC6BABC18166A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\quota.sys 6BA43DAA24BE55DB3741732550584D24
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sacdrv.sys D65E5E5C59F70516E856F5350106CDAB
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsp.sys 7AFDE8E361E3919B58FDDAF62490AB3B
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\DRIVERS\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\trufos.sys D6B788AAF4ED515CC285A49C588142CF
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\Vid.sys 1720D283BDB1EAA7F21976586FF52B95
C:\Windows\System32\DRIVERS\vm3dmp.sys 4B76095018EF1861B3F93E619552B0DB
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmci.sys BE8E5E5D53ACF71D4E8E686B68C99B04
C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys 29696FF37D319FFCE5E723BEB3CBE6AD
C:\Windows\System32\DRIVERS\vmmouse.sys BBE7ED0ED87295C4E4F7A323D260DE19
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vsock.sys 2CE26100BB635E18E029E9DF66A51FE1
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-28 08:12 - 2017-09-28 08:12 - 000077128 _____ C:\Users\administrator.BOULET\Desktop\FRST.txt
2017-09-28 08:11 - 2017-09-28 08:12 - 000000000 ____D C:\FRST
2017-09-28 08:10 - 2017-09-28 08:11 - 000000000 ____D C:\Users\melodie\AppData\Local\Temp\12
2017-09-28 08:09 - 2017-09-28 08:12 - 000000000 ____D C:\Users\Philippes\AppData\Local\Temp\13
2017-09-28 08:09 - 2017-09-28 08:10 - 000000000 ____D C:\Users\Alexandra\AppData\Local\Temp\11
2017-09-28 08:09 - 2017-09-28 08:09 - 002399744 _____ (Farbar) C:\Users\administrator.BOULET\Desktop\FRST64.exe
2017-09-28 08:09 - 2017-09-28 08:09 - 000091087 _____ C:\Users\administrator.BOULET\Desktop\ZHPDiag.txt
2017-09-28 08:06 - 2017-09-28 08:07 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Roaming\ZHP
2017-09-28 08:06 - 2017-09-28 08:06 - 000000831 _____ C:\Users\administrator.BOULET\Desktop\ZHPDiag.lnk
2017-09-28 08:05 - 2017-09-28 08:05 - 000000760 _____ C:\WinChk.txt
2017-09-28 08:03 - 2017-09-28 08:05 - 000000185 _____ C:\Users\administrator.BOULET\Downloads\ckfiles.txt
2017-09-28 08:02 - 2017-09-28 08:02 - 002892160 _____ C:\Users\administrator.BOULET\Downloads\ZHPDiag3.exe
2017-09-28 08:00 - 2017-09-28 08:00 - 000315000 _____ C:\Users\administrator.BOULET\Downloads\winchk_2.0.exe
2017-09-28 07:58 - 2017-09-28 07:58 - 000468480 _____ () C:\Users\administrator.BOULET\Downloads\CKScanner.exe
2017-09-28 07:57 - 2017-09-28 08:12 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\8
2017-09-28 07:57 - 2017-09-28 08:00 - 000000000 ____D C:\Users\Taher.BOULET\AppData\Local\Temp\9
2017-09-28 07:57 - 2017-09-28 07:58 - 000000000 ____D C:\Users\Francoisp\AppData\Local\Temp\10
2017-09-28 07:56 - 2017-09-28 08:13 - 000000000 ____D C:\Users\PIERREB\AppData\Local\Temp\7
2017-09-28 07:53 - 2017-09-28 07:57 - 000000000 ____D C:\Users\vannak\AppData\Local\Temp\6
2017-09-28 07:43 - 2017-09-28 08:02 - 000000000 ____D C:\Users\pascal\AppData\Local\Temp\5
2017-09-28 06:59 - 2017-09-28 08:12 - 000000000 ____D C:\Users\CHARLES\AppData\Local\Temp\3
2017-09-27 10:32 - 2017-09-27 12:01 - 000000000 ____D C:\Users\Alexandra\AppData\Local\Temp\31
2017-09-27 10:27 - 2017-09-27 13:10 - 000000000 ____D C:\Users\pierre\AppData\Local\Temp\30
2017-09-27 10:26 - 2017-09-27 12:46 - 000000000 ____D C:\Users\gabrielle\AppData\Local\Temp\29
2017-09-27 10:14 - 2017-09-27 13:22 - 000000000 ____D C:\Users\ALEXIS\AppData\Local\Temp\21
2017-09-27 10:09 - 2017-09-27 13:20 - 000000000 ____D C:\Users\vannak\AppData\Local\Temp\26
2017-09-27 10:07 - 2017-09-27 11:49 - 000000000 ____D C:\Users\PIERREB\AppData\Local\Temp\25
2017-09-27 09:56 - 2017-09-27 11:57 - 000000000 ____D C:\Users\CHARLES\AppData\Local\Temp\19
2017-09-27 08:32 - 2017-09-27 10:42 - 000000000 ____D C:\Users\YANICK\AppData\Local\Temp\18
2017-09-27 08:12 - 2017-09-27 13:29 - 000000000 ____D C:\Users\Taher.BOULET\AppData\Local\Temp\16
2017-09-27 08:03 - 2017-09-27 12:36 - 000000000 ____D C:\Users\JulieD\AppData\Local\Temp\13
2017-09-27 07:57 - 2017-09-27 08:01 - 000000000 ____D C:\Users\richard\AppData\Local\Temp\10
2017-09-27 07:54 - 2017-09-27 13:40 - 000000000 ____D C:\Users\Philippes\AppData\Local\Temp\8
2017-09-27 07:50 - 2017-09-27 07:53 - 000000000 ____D C:\Users\jerome\AppData\Local\Temp\7
2017-09-27 07:46 - 2017-09-27 13:12 - 000000000 ____D C:\Users\Francoisp\AppData\Local\Temp\6
2017-09-27 07:29 - 2017-09-28 07:47 - 000000000 ____D C:\Users\caroll\AppData\Local\Temp\4
2017-09-27 05:44 - 2017-09-28 08:11 - 000000000 ____D C:\Users\marco\AppData\Local\Temp\2
2017-09-26 14:52 - 2017-09-26 14:52 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRE3DA.tmp.cvr
2017-09-26 12:38 - 2017-09-26 12:38 - 000000000 _____ C:\Users\sforest\AppData\Local\Temp\UNDEB06F.ac$
2017-09-26 12:34 - 2017-09-26 12:34 - 000000000 _____ C:\Users\sforest\AppData\Local\Temp\UNDB778A.ac$
2017-09-25 15:37 - 2017-09-25 15:37 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR982E.tmp.cvr
2017-09-25 14:46 - 2017-09-25 14:46 - 000257412 _____ C:\Users\raymond\AppData\Local\Temp\ArmUI.ini
2017-09-25 11:37 - 2017-09-25 11:37 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR19B1.tmp.cvr
2017-09-25 11:30 - 2017-09-25 11:30 - 000000000 ____D C:\Users\pascal\AppData\Local\Temp\lilo.11268
2017-09-22 08:38 - 2017-09-22 08:39 - 000000000 ____D C:\Users\raymond\AppData\Roaming\Autodesk
2017-09-21 20:42 - 2017-09-21 20:42 - 000000123 _____ C:\Users\administrator.BOULET\AppData\Local\Temp\CFGCA3E.tmp
2017-09-20 17:45 - 2017-09-26 17:19 - 000257412 _____ C:\Users\pierre\AppData\Local\Temp\ArmUI.ini
2017-09-19 15:57 - 2017-09-19 15:57 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRC65B.tmp.cvr
2017-09-19 10:48 - 2017-09-19 10:48 - 000000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2017-09-18 19:46 - 2017-09-27 10:19 - 000257412 _____ C:\Users\PIERREB\AppData\Local\Temp\ArmUI.ini
2017-09-18 16:45 - 2017-09-18 16:45 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRCEA2.tmp.cvr
2017-09-16 17:10 - 2017-09-23 04:26 - 000257412 _____ C:\Users\jerome\AppData\Local\Temp\ArmUI.ini
2017-09-15 09:48 - 2017-09-15 09:48 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRDE0.tmp.cvr
2017-09-14 16:38 - 2017-09-14 16:38 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR869A.tmp.cvr
2017-09-13 14:47 - 2017-09-13 14:47 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR1BDA.tmp.cvr
2017-09-13 12:02 - 2017-09-13 12:02 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR63BF.tmp.cvr
2017-09-12 17:12 - 2017-09-12 17:12 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR12F9.tmp.cvr
2017-09-12 14:12 - 2017-09-12 14:12 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRDC09.tmp.cvr
2017-09-05 10:50 - 2017-09-05 10:50 - 000000250 _____ C:\Users\administrator.BOULET\AppData\Local\Temp\msinterr.txt
2017-09-05 10:47 - 2017-09-05 10:47 - 000002577 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual FoxPro 7.0.lnk
2017-09-05 10:47 - 2017-09-05 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTML Help Workshop
2017-09-05 10:46 - 2017-09-05 10:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual FoxPro 7
2017-09-05 10:46 - 2017-09-05 10:46 - 000000000 ____D C:\Program Files (x86)\HTML Help Workshop
2017-09-05 10:45 - 2017-09-05 10:50 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\SIT11456.tmp
2017-09-05 10:10 - 2017-09-05 10:10 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRE591.tmp.cvr
2017-09-01 14:08 - 2017-09-01 14:08 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR459B.tmp.cvr
2017-09-01 11:04 - 2017-09-26 12:32 - 000002279 _____ C:\Users\Public\Desktop\DWG TrueView 2018 - Français (French).lnk
2017-09-01 11:04 - 2017-09-26 12:32 - 000002279 _____ C:\ProgramData\Desktop\DWG TrueView 2018 - Français (French).lnk
2017-09-01 11:04 - 2017-09-01 11:04 - 000000000 ____D C:\Users\Public\Documents\Autodesk
2017-09-01 11:04 - 2017-09-01 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-09-01 11:03 - 2017-09-01 11:04 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-09-01 11:03 - 2017-09-01 11:03 - 000000000 ____D C:\Program Files\Autodesk
2017-09-01 09:49 - 2017-09-01 10:42 - 000000000 ____D C:\Autodesk
2017-09-01 09:26 - 2017-09-01 09:36 - 828943376 _____ (Autodesk, Inc.) C:\Users\administrator.BOULET\Downloads\DWGTrueView_2018_FRA_64bit.sfx.exe
2017-09-01 09:24 - 2017-09-01 09:24 - 000002600 ____T C:\Users\administrator.BOULET\AppData\Local\Temp\adCE9F.tmp
2017-09-01 09:22 - 2017-09-01 09:22 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AI3C09.tmp
2017-08-31 22:21 - 2017-09-26 14:51 - 000257412 _____ C:\Users\ALEXIS\AppData\Local\Temp\ArmUI.ini
2017-08-31 16:21 - 2017-08-31 16:21 - 000002600 ____T C:\Users\administrator.BOULET\AppData\Local\Temp\adB3C2.tmp
2017-08-31 16:20 - 2017-08-31 16:20 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\{0D7D2D24-F8F0-4C02-818D-D5E924FC3F58}
2017-08-31 09:18 - 2017-09-27 15:51 - 000257412 _____ C:\Users\Francoisp\AppData\Local\Temp\ArmUI.ini
2017-08-31 08:48 - 2017-08-31 08:48 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AI6D22.tmp
2017-08-31 08:45 - 2017-08-31 08:45 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AIFE59.tmp
2017-08-31 08:42 - 2017-08-31 08:42 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AI8AC9.tmp
2017-08-31 08:41 - 2017-08-31 08:41 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AIC3DF.tmp
2017-08-31 08:37 - 2017-08-31 08:37 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AIA56D.tmp
2017-08-31 08:36 - 2017-08-31 08:36 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AI9E9.tmp
2017-08-30 16:36 - 2017-08-30 16:36 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRB13B.tmp.cvr
2017-08-30 14:20 - 2017-08-30 14:20 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRDC62.tmp.cvr
2017-08-30 14:18 - 2017-08-30 14:18 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR8F94.tmp.cvr
2017-08-30 10:05 - 2017-08-30 10:05 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR1411.tmp.cvr
2017-08-28 17:11 - 2017-08-28 17:11 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR2C5D.tmp.cvr
2017-08-25 17:36 - 2017-09-21 03:01 - 000257412 _____ C:\Users\gabrielle\AppData\Local\Temp\ArmUI.ini
2017-08-23 16:51 - 2017-08-23 16:51 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRCF84.tmp.cvr
2017-08-23 14:18 - 2017-08-23 14:18 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR4C8D.tmp.cvr
2017-08-22 10:19 - 2017-08-22 10:19 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRE433.tmp.cvr
2017-08-21 10:02 - 2017-08-21 10:02 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR4CDD.tmp.cvr
2017-08-18 10:32 - 2017-08-21 09:00 - 000000000 ____D C:\Users\Francoisp\AppData\Local\Temp\Fichiers Internet temporaires
2017-08-17 16:38 - 2017-08-17 16:38 - 000000000 ____D C:\Users\Francoisp\AppData\Roaming\PDF Writer
2017-08-17 16:38 - 2017-08-17 16:38 - 000000000 ____D C:\Users\Francoisp\AppData\Local\Temp\BullZip
2017-08-17 10:43 - 2017-08-17 10:45 - 000010752 _____ C:\Users\vannak\AppData\Local\Temp\0000JB49000B.TMP
2017-08-17 10:43 - 2017-08-17 10:45 - 000007168 _____ C:\Users\vannak\AppData\Local\Temp\0000JB49000A.TMP
2017-08-17 10:43 - 2017-08-17 10:45 - 000001536 _____ C:\Users\vannak\AppData\Local\Temp\0000JB490008.TMP
2017-08-17 10:14 - 2017-08-17 10:14 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRF8CC.tmp.cvr
2017-08-17 08:15 - 2017-08-17 08:15 - 000000000 ____D C:\Users\Francoisp\AppData\Roaming\FileOpen
2017-08-17 07:07 - 2017-08-17 08:15 - 000000000 ____D C:\Users\Francoisp\AppData\Roaming\Adobe
2017-08-17 07:07 - 2017-08-17 07:07 - 000000000 ____D C:\Users\Francoisp\AppData\LocalLow\Adobe
2017-08-17 07:07 - 2017-08-17 07:07 - 000000000 ____D C:\Users\Francoisp\AppData\Local\Temp\Adobe
2017-08-17 07:06 - 2017-08-17 07:06 - 000000000 ____D C:\Users\Francoisp\AppData\Roaming\Apple Computer
2017-08-17 07:05 - 2017-09-28 07:57 - 000000000 ____D C:\Users\Francoisp
2017-08-17 07:05 - 2017-09-27 22:01 - 000000160 ___SH C:\Users\Francoisp\ntuser.ini
2017-08-17 07:05 - 2017-08-17 07:05 - 000015434 __RSH C:\Users\Francoisp\ntuser.pol
2017-08-16 22:52 - 2017-08-16 22:52 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR6BEE.tmp.cvr
2017-08-16 16:25 - 2017-08-16 16:25 - 000000000 ____D C:\Users\Francois\AppData\Roaming\PDF Writer
2017-08-16 16:25 - 2017-08-16 16:25 - 000000000 ____D C:\Users\Francois\AppData\Local\Temp\BullZip
2017-08-16 11:16 - 2017-08-16 11:16 - 000000000 ____D C:\Users\Francois\AppData\Roaming\FileOpen
2017-08-16 09:24 - 2017-08-16 17:34 - 000257412 _____ C:\Users\Francois\AppData\Local\Temp\ArmUI.ini
2017-08-16 09:13 - 2017-08-16 11:16 - 000000000 ____D C:\Users\Francois\AppData\Roaming\Adobe
2017-08-16 09:13 - 2017-08-16 09:13 - 000000000 ____D C:\Users\Francois\AppData\LocalLow\Adobe
2017-08-16 09:13 - 2017-08-16 09:13 - 000000000 ____D C:\Users\Francois\AppData\Local\Temp\Adobe
2017-08-16 09:07 - 2017-08-16 09:07 - 000000000 ____D C:\Users\Francois\AppData\Roaming\Apple Computer
2017-08-16 09:06 - 2017-08-18 09:08 - 000000160 ___SH C:\Users\Francois\ntuser.ini
2017-08-16 09:06 - 2017-08-18 09:07 - 000000000 ____D C:\Users\Francois
2017-08-16 09:06 - 2017-08-16 09:06 - 000015434 __RSH C:\Users\Francois\ntuser.pol
2017-08-15 09:15 - 2017-08-15 09:15 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRA554.tmp.cvr
2017-08-14 15:31 - 2017-08-14 16:41 - 000000000 ____D C:\Users\pascal\AppData\Local\Temp\34
2017-08-14 15:23 - 2017-08-14 16:14 - 000000000 ____D C:\Users\marco\AppData\Local\Temp\33
2017-08-14 15:16 - 2017-08-14 16:40 - 000000000 ____D C:\Users\PIERREB\AppData\Local\Temp\32
2017-08-14 15:15 - 2017-08-14 16:41 - 000000000 ____D C:\Users\pierre\AppData\Local\Temp\31
2017-08-14 14:30 - 2017-08-14 16:39 - 000000000 ____D C:\Users\Philippes\AppData\Local\Temp\29
2017-08-14 14:22 - 2017-08-14 14:22 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\28
2017-08-14 08:22 - 2017-08-14 13:39 - 000000000 ____D C:\Users\jerome\AppData\Local\Temp\14
2017-08-09 15:56 - 2017-08-09 15:56 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR4DB0.tmp.cvr
2017-08-09 09:29 - 2017-08-09 09:29 - 000000000 ____D C:\Users\pvanier.BOULET.000\AppData\Local\Temp\lilo.4372
2017-08-09 09:10 - 2017-08-09 09:10 - 000000000 ____D C:\Users\pvanier.BOULET.000\AppData\Local\Temp\LogMeInUpdates
2017-08-08 11:33 - 2017-08-08 11:33 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRA7EF.tmp.cvr
2017-08-07 14:10 - 2017-08-07 14:10 - 000000000 ____D C:\Users\gabrielle\AppData\Local\Temp\LogMeInUpdates
2017-07-21 15:19 - 2017-07-21 15:19 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR8986.tmp.cvr
2017-07-20 11:57 - 2017-07-20 11:57 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR4D9.tmp.cvr
2017-07-20 11:24 - 2017-07-20 11:24 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR921.tmp.cvr
2017-07-19 14:02 - 2017-07-19 14:02 - 000257412 _____ C:\Users\MIMI\AppData\Local\Temp\ArmUI.ini
2017-07-18 08:20 - 2017-09-08 10:53 - 000257412 _____ C:\Users\Taher.BOULET\AppData\Local\Temp\ArmUI.ini
2017-07-17 17:03 - 2017-07-17 17:03 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRBAF8.tmp.cvr
2017-07-17 16:35 - 2017-07-17 16:35 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRCFF.tmp.cvr
2017-07-12 13:47 - 2017-07-12 13:47 - 000000000 ____D C:\Users\gabrielle\AppData\Local\Temp\LogMeInLogs
2017-07-12 10:51 - 2015-05-29 18:14 - 009163792 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\system32\cdintf500_64.dll
2017-07-12 10:51 - 2015-05-29 18:14 - 007269392 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf500.dll
2017-07-11 14:20 - 2017-07-11 14:20 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRCCB5.tmp.cvr
2017-07-10 14:07 - 2017-07-10 14:07 - 000000000 ____D C:\Users\pvanier.BOULET.000\AppData\Local\Temp\LogMeInLogs
2017-07-07 15:28 - 2017-07-07 15:28 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRFB78.tmp.cvr
2017-07-06 13:57 - 2017-07-06 13:57 - 000344064 _____ C:\Users\pierre\AppData\Local\Temp\~DF838D47FF12D8D722.TMP
2017-07-06 11:38 - 2017-07-06 11:38 - 000000000 _____ C:\Users\sforest\AppData\Local\Temp\UND9719D.ac$

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-28 08:12 - 2009-07-14 00:49 - 000022112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-28 08:12 - 2009-07-14 00:49 - 000022112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-28 08:10 - 2016-04-26 14:59 - 000001086 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1185UA.job
2017-09-28 08:10 - 2015-04-01 09:41 - 000001098 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1622UA.job
2017-09-28 08:10 - 2015-04-01 09:41 - 000001046 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1622Core.job
2017-09-28 08:10 - 2013-07-09 10:02 - 000000000 ____D C:\Users\Alexandra
2017-09-28 08:10 - 2010-11-23 20:27 - 000000000 ____D C:\Users\melodie
2017-09-28 08:08 - 2017-04-06 08:11 - 000000000 ____D C:\Users\Philippes
2017-09-28 08:08 - 2015-06-03 13:20 - 000000654 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-606344767-3282361405-600652822-1128.job
2017-09-28 08:08 - 2014-05-06 13:43 - 000000558 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-606344767-3282361405-600652822-1128.job
2017-09-28 08:08 - 2010-09-15 11:15 - 000000120 _____ C:\Windows\system32\config\netlogon.ftl
2017-09-28 08:05 - 2017-06-12 08:16 - 000257412 _____ C:\Users\vannak\AppData\Local\Temp\ArmUI.ini
2017-09-28 07:56 - 2016-08-17 10:44 - 000000000 ____D C:\Users\Taher.BOULET
2017-09-28 07:56 - 2016-01-11 12:43 - 000001086 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1118UA.job
2017-09-28 07:56 - 2010-10-05 10:40 - 000000000 ____D C:\Users\PIERREB
2017-09-28 07:53 - 2013-04-02 08:26 - 000000000 ____D C:\Users\vannak
2017-09-28 07:42 - 2011-01-03 15:28 - 000000000 ____D C:\Users\pascal
2017-09-28 07:37 - 2010-10-05 10:26 - 000000000 ___RD C:\Users\caroll
2017-09-28 07:31 - 2014-05-07 08:49 - 000000590 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-606344767-3282361405-600652822-1195.job
2017-09-28 07:14 - 2014-05-20 10:33 - 000001094 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1218UA.job
2017-09-28 07:10 - 2015-06-03 14:46 - 000000686 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-606344767-3282361405-600652822-1195.job
2017-09-28 06:59 - 2010-10-06 10:18 - 000000000 ____D C:\Users\CHARLES
2017-09-28 05:35 - 2010-10-06 10:07 - 000000000 ____D C:\Users\marco
2017-09-28 04:05 - 2010-08-25 15:01 - 000729938 _____ C:\Windows\system32\perfh00C.dat
2017-09-28 04:05 - 2010-08-25 15:01 - 000142368 _____ C:\Windows\system32\perfc00C.dat
2017-09-28 04:05 - 2009-07-14 01:10 - 001612094 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-28 04:05 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-09-28 04:01 - 2009-07-14 01:06 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-28 04:01 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\Registration
2017-09-28 04:00 - 2010-09-28 14:49 - 000000160 ___SH C:\Users\sforest\ntuser.ini
2017-09-28 01:34 - 2010-10-05 13:21 - 000000160 ___SH C:\Users\ALEXIS\ntuser.ini
2017-09-27 22:51 - 2010-09-28 14:49 - 000000000 ____D C:\Users\sforest
2017-09-27 22:11 - 2015-06-25 08:19 - 000257412 _____ C:\Users\administrator.BOULET\AppData\Local\Temp\ArmUI.ini
2017-09-27 22:02 - 2017-04-06 08:11 - 000000250 ___SH C:\Users\Philippes\ntuser.ini
2017-09-27 22:02 - 2010-11-23 20:27 - 000000250 ___SH C:\Users\melodie\ntuser.ini
2017-09-27 22:02 - 2010-10-05 10:40 - 000000250 ___SH C:\Users\PIERREB\ntuser.ini
2017-09-27 22:01 - 2014-10-27 09:06 - 000000160 ___SH C:\Users\JulieD\ntuser.ini
2017-09-27 22:01 - 2011-03-23 15:42 - 000000250 ___SH C:\Users\pvanier.BOULET.000\ntuser.ini
2017-09-27 22:01 - 2011-03-23 15:42 - 000000000 ____D C:\Users\pvanier.BOULET.000
2017-09-27 22:01 - 2011-01-13 16:46 - 000000250 ___SH C:\Users\jerome\ntuser.ini
2017-09-27 22:01 - 2010-10-05 11:27 - 000000250 ___SH C:\Users\YANICK\ntuser.ini
2017-09-27 22:01 - 2010-10-05 10:26 - 000000160 ___SH C:\Users\caroll\ntuser.ini
2017-09-27 22:01 - 2010-10-05 09:51 - 000000160 ___SH C:\Users\gabrielle\ntuser.ini
2017-09-27 22:01 - 2010-10-05 09:51 - 000000000 ____D C:\Users\gabrielle
2017-09-27 21:59 - 2010-09-15 11:22 - 000000000 ____D C:\Users\administrator.BOULET
2017-09-27 21:13 - 2015-06-03 14:46 - 000003712 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-606344767-3282361405-600652822-1195
2017-09-27 21:13 - 2014-05-07 08:49 - 000003616 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-606344767-3282361405-600652822-1195
2017-09-27 19:10 - 2016-04-26 14:59 - 000001034 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1185Core.job
2017-09-27 18:45 - 2017-03-24 08:20 - 000257412 _____ C:\Users\JulieD\AppData\Local\Temp\ArmUI.ini
2017-09-27 18:20 - 2010-10-06 10:16 - 000003936 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6E4EFF36-6AB0-451E-A3DB-000AA3F08EC0}
2017-09-27 17:12 - 2010-10-06 10:18 - 000000250 ___SH C:\Users\CHARLES\ntuser.ini
2017-09-27 16:54 - 2011-01-03 15:28 - 000000250 ___SH C:\Users\pascal\ntuser.ini
2017-09-27 16:51 - 2010-10-06 10:07 - 000000250 ___SH C:\Users\marco\ntuser.ini
2017-09-27 16:50 - 2010-10-05 09:56 - 000000160 ___SH C:\Users\raymond\ntuser.ini
2017-09-27 16:45 - 2016-08-17 10:44 - 000000164 ___SH C:\Users\Taher.BOULET\ntuser.ini
2017-09-27 16:39 - 2010-10-05 09:03 - 000000250 ___SH C:\Users\pierre\ntuser.ini
2017-09-27 16:27 - 2013-07-09 10:02 - 000000160 ___SH C:\Users\Alexandra\ntuser.ini
2017-09-27 16:09 - 2010-10-05 09:56 - 000000000 ____D C:\Users\raymond
2017-09-27 15:50 - 2011-01-13 16:46 - 000000000 ____D C:\Users\jerome
2017-09-27 15:01 - 2017-01-10 09:22 - 000257412 _____ C:\Users\Alexandra\AppData\Local\Temp\ArmUI.ini
2017-09-27 14:57 - 2014-03-24 15:48 - 000000000 ____D C:\temp0
2017-09-27 14:56 - 2010-10-05 09:03 - 000000000 ____D C:\Users\pierre
2017-09-27 10:53 - 2015-06-03 13:20 - 000003684 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-606344767-3282361405-600652822-1128
2017-09-27 10:53 - 2014-05-06 13:43 - 000003588 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-606344767-3282361405-600652822-1128
2017-09-27 10:14 - 2010-10-05 13:21 - 000000000 ____D C:\Users\ALEXIS
2017-09-27 09:18 - 2013-04-02 08:26 - 000000160 ___SH C:\Users\vannak\ntuser.ini
2017-09-27 08:31 - 2010-10-05 11:27 - 000000000 ____D C:\Users\YANICK
2017-09-27 08:14 - 2014-05-20 10:33 - 000001042 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1218Core.job
2017-09-27 08:03 - 2014-10-27 09:06 - 000000000 ____D C:\Users\JulieD
2017-09-27 07:56 - 2010-10-05 10:58 - 000000000 ____D C:\Users\richard
2017-09-26 23:55 - 2010-09-15 11:22 - 000000160 ___SH C:\Users\administrator.BOULET\ntuser.ini
2017-09-26 20:07 - 2016-07-11 13:14 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-26 20:07 - 2016-07-11 13:14 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-26 20:07 - 2016-07-11 13:14 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2017-09-26 12:32 - 2012-06-14 16:33 - 000000000 ____D C:\Users\sforest\AppData\Roaming\Autodesk
2017-09-26 11:00 - 2015-10-22 09:36 - 000257412 _____ C:\Users\YANICK\AppData\Local\Temp\ArmUI.ini
2017-09-26 08:57 - 2016-01-11 12:43 - 000001034 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1118Core.job
2017-09-22 10:12 - 2017-02-10 17:45 - 000000000 ____D C:\Users\Taher.BOULET\AppData\Roaming\Autodesk
2017-09-13 01:38 - 2012-03-30 06:58 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-13 01:38 - 2012-03-30 06:58 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-13 01:38 - 2011-11-14 12:42 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-13 01:38 - 2011-05-17 08:17 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-13 01:38 - 2010-10-05 08:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-12 04:00 - 2010-10-05 10:58 - 000000160 ___SH C:\Users\richard\ntuser.ini
2017-09-10 09:27 - 2017-03-29 01:13 - 000257412 _____ C:\Users\richard\AppData\Local\Temp\ArmUI.ini
2017-09-08 21:00 - 2013-07-09 10:10 - 000000160 ___SH C:\Users\MichelleT\ntuser.ini
2017-09-08 08:46 - 2013-07-09 10:10 - 000000000 ____D C:\Users\MichelleT
2017-09-06 03:49 - 2010-11-23 20:29 - 000003936 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1269B6B6-9A11-432B-ACEC-F0C1920F18D1}
2017-09-05 10:50 - 2010-09-27 14:00 - 000295519 _____ C:\Users\administrator.BOULET\AppData\Local\Temp\DepCheckData.txt
2017-09-05 10:46 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\Help
2017-09-02 04:01 - 2009-07-14 00:49 - 000481376 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-01 11:03 - 2017-02-10 17:00 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-01 11:03 - 2012-06-14 16:26 - 000000000 ____D C:\ProgramData\Autodesk
2017-09-01 09:24 - 2012-06-14 16:26 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Roaming\Autodesk
2017-08-31 16:20 - 2016-03-14 09:59 - 000000000 ____D C:\Program Files (x86)\HP
2017-08-31 08:24 - 2017-02-14 11:07 - 000000000 ____D C:\Users\PIERREB\AppData\Roaming\Autodesk
2017-08-29 01:02 - 2016-08-22 10:46 - 001763744 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2017-08-29 01:02 - 2016-08-22 10:46 - 000882672 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

==================== Files in the root of some directories =======

2011-08-22 14:21 - 2017-09-01 09:57 - 000044936 _____ () C:\Users\administrator.BOULET\AppData\Local\DepCheckData.txt
2017-09-01 09:57 - 2017-09-01 09:57 - 000000000 _____ () C:\Users\administrator.BOULET\AppData\Local\errorlog.txt
2017-09-01 09:57 - 2017-09-01 09:58 - 000012628 _____ () C:\Users\administrator.BOULET\AppData\Local\installlog.txt
2017-09-01 09:58 - 2017-09-01 09:58 - 000000250 _____ () C:\Users\administrator.BOULET\AppData\Local\msinterr.txt
2015-02-27 13:55 - 2015-02-27 13:56 - 000000600 _____ () C:\Users\administrator.BOULET\AppData\Local\PUTTY.RND
2015-05-20 10:58 - 2015-06-16 13:12 - 000007597 _____ () C:\Users\administrator.BOULET\AppData\Local\Resmon.ResmonCfg
2017-09-01 09:57 - 2017-09-01 09:58 - 003258058 _____ () C:\Users\administrator.BOULET\AppData\Local\VSMsiLog2885.txt
2016-08-11 13:33 - 2016-08-11 13:36 - 000015682 _____ () C:\ProgramData\1470936805.12836.bin
2016-08-11 13:33 - 2016-08-11 13:33 - 000001421 _____ () C:\ProgramData\1470936805.16576.bin
2016-08-11 13:33 - 2016-08-11 13:33 - 000055203 _____ () C:\ProgramData\1470936805.16688.bin
2016-08-11 13:33 - 2016-08-11 13:33 - 000000544 _____ () C:\ProgramData\1470936805.8268.bin
2016-08-11 14:20 - 2016-08-11 14:20 - 000294340 _____ () C:\ProgramData\1470939291.bdinstall.bin
2016-08-11 14:28 - 2016-08-11 14:28 - 000063535 _____ () C:\ProgramData\1470940093.bdinstall.bin
2016-08-11 14:40 - 2016-08-11 14:40 - 000063535 _____ () C:\ProgramData\1470940789.bdinstall.bin
2016-08-15 09:04 - 2016-08-15 09:04 - 000065786 _____ () C:\ProgramData\1471266131.bdinstall.bin
2016-08-15 17:05 - 2016-08-15 17:05 - 000065786 _____ () C:\ProgramData\1471295024.bdinstall.bin
2016-08-16 07:02 - 2016-08-16 07:02 - 000065782 _____ () C:\ProgramData\1471344704.bdinstall.bin
2016-08-17 07:03 - 2016-08-17 07:03 - 000065782 _____ () C:\ProgramData\1471433955.bdinstall.bin
2016-08-17 10:31 - 2016-08-17 10:31 - 000055450 _____ () C:\ProgramData\1471444261.15856.bin
2016-08-17 10:31 - 2016-08-17 10:31 - 000000551 _____ () C:\ProgramData\1471444261.16260.bin
2016-08-22 10:12 - 2016-08-22 10:12 - 000074840 _____ () C:\ProgramData\1471872943.bdinstall.bin
2016-08-22 10:22 - 2016-08-22 10:22 - 000259795 _____ () C:\ProgramData\1471875164.bdinstall.bin
2016-08-22 10:14 - 2016-08-22 10:14 - 000113514 _____ () C:\ProgramData\1471875166.bdinstall.bin
2016-08-11 14:18 - 2016-08-22 10:15 - 000000160 _____ () C:\ProgramData\45.install.log
2016-08-22 10:13 - 2016-08-22 10:13 - 000000563 _____ () C:\ProgramData\45.rollback.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-20 00:50

==================== End of FRST.txt ============================