start 
CreateRestorePoint: 
CloseProcesses: 
RemoveProxy: 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
HKU\S-1-5-21-2460075080-491719790-2508453021-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome 
HKU\S-1-5-21-2460075080-491719790-2508453021-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
HKU\S-1-5-21-2460075080-491719790-2508453021-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
HKU\S-1-5-21-2460075080-491719790-2508453021-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130945455584426952&GUID=00000000-0000-0000-0000-000000000000 
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 
SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 
SearchScopes: HKU\S-1-5-21-2460075080-491719790-2508453021-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2460075080-491719790-2508453021-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 
SearchScopes: HKU\S-1-5-21-2460075080-491719790-2508453021-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150702__yaie&p={searchTerms} 
FF ProfilePath: C:\Users\H!ch@m\AppData\Roaming\Mozilla\Firefox\Profiles\5xthzhe0.default-1479913138085 [2017-01-22] 
FF Homepage: Mozilla\Firefox\Profiles\5xthzhe0.default-1479913138085 -> google.com/ 
FF NetworkProxy: Mozilla\Firefox\Profiles\5xthzhe0.default-1479913138085 -> type", 
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] 
S3 catchme; \??\C:\Users\H!ch@m\AppData\Local\Temp\catchme.sys [X] 
S3 dgderdrv; System32\drivers\dgderdrv.sys [X] 
S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X] 
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] 
S3 taphss; system32\DRIVERS\taphss.sys [X] 
S3 taphss6; system32\DRIVERS\taphss6.sys [X] 
S3 tsusbhub; system32\drivers\tsusbhub.sys [X] 
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] 
S3 VGPU; System32\drivers\rdvgkmd.sys [X] 
S2 WCMVCAM; system32\DRIVERS\wcmvcam.sys [X] 







CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp: 
Reboot:
end