Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01 Ran by Administrator (administrator) on TS01 (28-09-2017 08:12:02) Running from C:\Users\administrator.BOULET\Desktop Loaded Profiles: marco & charles & caroll & PierreB & Melodie & Vannak & Alexandra & Services & taher & PhilippeS & FRANCOISP & Administrator (Available Profiles: Administrator & marco & charles & alexis & Sforest & richard & rogerb & caroll & pierre & raymond & mimi & Gabrielle & andre & Production & Yanick & sylvie & PierreB & Melodie & Jerome & pvanier & salle-montre & MicheleH & Vannak & MichelleT & Alexandra & vannak2 & Services & JulieD & StephanieG & sebastien & taher & PhilippeS & Francois & FRANCOISP & Administrator) Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe (VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epupdateservice.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epsecurityservice.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epag.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epintegrationservice.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (Microsoft Corporation) C:\Windows\System32\proquota.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (Microsoft Corporation) C:\Windows\System32\proquota.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (Microsoft Corporation) C:\Windows\System32\proquota.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe () \\DC01\VOL1\Apps\vfp70\Services\launcher.exe (Microsoft Corporation) C:\Windows\System32\proquota.exe (Microsoft Corporation) \\DC01\VOL1\Apps\vfp90\vfp9.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) C:\Windows\System32\proquota.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (Microsoft Corporation) C:\Windows\System32\proquota.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE () \\DC01\VOL1\Apps\vfp70\Services\launcher.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe (Microsoft Corporation) C:\Windows\System32\proquota.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (Microsoft Corporation) C:\Windows\System32\proquota.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Akamai Technologies, Inc.) C:\Users\administrator.BOULET\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\administrator.BOULET\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) \\DC01\VOL1\Apps\vfp90\vfp9.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (Microsoft Corporation) C:\Windows\System32\proquota.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Windows\System32\proquota.exe (Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (Microsoft Corporation) C:\Windows\splwow64.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (Microsoft Corporation) C:\Windows\System32\proquota.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1317184 2014-07-16] (FileOpen Systems Inc.) HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [74968 2015-06-18] (VMware, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company) HKLM\...\Policies\Explorer: [ShowSuperHidden] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\system: [EnableProfileQuota] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\system: [MaxProfileSize] 500000 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\system: [WarnUser] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\system: [WarnUserTimeout] 60 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoNetHood] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoPropertiesMyDocuments] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoPropertiesRecycleBin] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [Intellimenus] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoSMBalloonTip] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoClose] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoNetworkConnections] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoDrives] 15 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoAutoUpdate] 0 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoNetConnectDisconnect] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoManageMyComputerVerb] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [AlwaysShowClassicMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoHardwareTab] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [HideSCANetwork] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoCommonGroups] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoStartMenuPinnedList] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoSimpleStartMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [NoTaskGrouping] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [RecycleBinSize] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\Policies\Explorer: [RestrictCpl] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1114\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm" HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\system: [EnableProfileQuota] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\system: [MaxProfileSize] 500000 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\system: [WarnUser] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\system: [WarnUserTimeout] 60 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoNetHood] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoPropertiesMyDocuments] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoPropertiesRecycleBin] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [Intellimenus] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoSMBalloonTip] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoClose] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoNetworkConnections] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoDrives] 15 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoAutoUpdate] 0 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoNetConnectDisconnect] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoManageMyComputerVerb] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [AlwaysShowClassicMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoHardwareTab] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [HideSCANetwork] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoCommonGroups] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoStartMenuPinnedList] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoSimpleStartMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [NoTaskGrouping] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [RecycleBinSize] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\Policies\Explorer: [RestrictCpl] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1115\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm" HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\system: [EnableProfileQuota] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\system: [MaxProfileSize] 500000 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\system: [WarnUser] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\system: [WarnUserTimeout] 60 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoNetHood] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoPropertiesMyDocuments] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoPropertiesRecycleBin] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [Intellimenus] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoSMBalloonTip] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoClose] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoNetworkConnections] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoDrives] 15 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoAutoUpdate] 0 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoNetConnectDisconnect] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoManageMyComputerVerb] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [AlwaysShowClassicMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoHardwareTab] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [HideSCANetwork] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoCommonGroups] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoStartMenuPinnedList] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoSimpleStartMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [NoTaskGrouping] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [RecycleBinSize] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\Policies\Explorer: [RestrictCpl] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1121\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm" HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\system: [EnableProfileQuota] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\system: [MaxProfileSize] 500000 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\system: [WarnUser] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\system: [WarnUserTimeout] 60 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoNetHood] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoPropertiesMyDocuments] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoPropertiesRecycleBin] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [Intellimenus] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoSMBalloonTip] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoClose] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoNetworkConnections] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoDrives] 15 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoAutoUpdate] 0 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoNetConnectDisconnect] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoManageMyComputerVerb] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [AlwaysShowClassicMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoHardwareTab] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [HideSCANetwork] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoCommonGroups] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoStartMenuPinnedList] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoSimpleStartMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [NoTaskGrouping] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [RecycleBinSize] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\Policies\Explorer: [RestrictCpl] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1174\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm" HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\system: [EnableProfileQuota] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\system: [MaxProfileSize] 500000 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\system: [WarnUser] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\system: [WarnUserTimeout] 60 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoNetHood] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoPropertiesMyDocuments] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoPropertiesRecycleBin] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [Intellimenus] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoSMBalloonTip] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoClose] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoNetworkConnections] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoDrives] 15 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoAutoUpdate] 0 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoNetConnectDisconnect] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoManageMyComputerVerb] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [AlwaysShowClassicMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoHardwareTab] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [HideSCANetwork] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoCommonGroups] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoStartMenuPinnedList] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoSimpleStartMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [NoTaskGrouping] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [RecycleBinSize] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\Policies\Explorer: [RestrictCpl] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1185\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm" HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation) HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\system: [EnableProfileQuota] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\system: [MaxProfileSize] 500000 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\system: [WarnUser] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\system: [WarnUserTimeout] 60 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoNetHood] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoPropertiesMyDocuments] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoPropertiesRecycleBin] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [Intellimenus] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoSMBalloonTip] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoClose] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoNetworkConnections] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoDrives] 15 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoAutoUpdate] 0 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoNetConnectDisconnect] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoManageMyComputerVerb] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [AlwaysShowClassicMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoHardwareTab] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [HideSCANetwork] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoCommonGroups] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoStartMenuPinnedList] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoSimpleStartMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [NoTaskGrouping] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [RecycleBinSize] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\Policies\Explorer: [RestrictCpl] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1215\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm" HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Run: [Google Update] => C:\Users\Alexandra\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.) HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\system: [EnableProfileQuota] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\system: [MaxProfileSize] 500000 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\system: [WarnUser] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\system: [WarnUserTimeout] 60 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoNetHood] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoPropertiesMyDocuments] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoPropertiesRecycleBin] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [Intellimenus] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoSMBalloonTip] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoClose] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoNetworkConnections] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoDrives] 15 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoAutoUpdate] 0 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoNetConnectDisconnect] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoManageMyComputerVerb] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [AlwaysShowClassicMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoHardwareTab] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [HideSCANetwork] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoCommonGroups] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoStartMenuPinnedList] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoSimpleStartMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [NoTaskGrouping] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [RecycleBinSize] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\Policies\Explorer: [RestrictCpl] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1218\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm" HKU\S-1-5-21-606344767-3282361405-600652822-1218\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\system: [EnableProfileQuota] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\system: [MaxProfileSize] 500000 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\system: [WarnUser] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\system: [WarnUserTimeout] 60 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoNetHood] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoPropertiesMyDocuments] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoPropertiesRecycleBin] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [Intellimenus] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoSMBalloonTip] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoClose] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoNetworkConnections] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoDrives] 15 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoAutoUpdate] 0 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoNetConnectDisconnect] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoManageMyComputerVerb] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [AlwaysShowClassicMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoHardwareTab] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [HideSCANetwork] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoCommonGroups] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoStartMenuPinnedList] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoSimpleStartMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [NoTaskGrouping] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [RecycleBinSize] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\Policies\Explorer: [RestrictCpl] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1614\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm" HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation) HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\system: [EnableProfileQuota] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\system: [MaxProfileSize] 500000 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\system: [WarnUser] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\system: [WarnUserTimeout] 60 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoNetHood] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoPropertiesMyDocuments] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoPropertiesRecycleBin] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [Intellimenus] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoSMBalloonTip] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoClose] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoNetworkConnections] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoDrives] 15 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoAutoUpdate] 0 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoNetConnectDisconnect] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoManageMyComputerVerb] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [AlwaysShowClassicMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoHardwareTab] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [HideSCANetwork] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoCommonGroups] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoStartMenuPinnedList] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoSimpleStartMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [NoTaskGrouping] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [RecycleBinSize] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1634\...\Policies\Explorer: [RestrictCpl] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\system: [EnableProfileQuota] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\system: [MaxProfileSize] 500000 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\system: [WarnUser] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\system: [WarnUserTimeout] 60 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoNetHood] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoPropertiesMyDocuments] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoPropertiesRecycleBin] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [Intellimenus] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoSMBalloonTip] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoClose] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoNetworkConnections] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoDrives] 15 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoAutoUpdate] 0 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoNetConnectDisconnect] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoManageMyComputerVerb] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [AlwaysShowClassicMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoHardwareTab] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [HideSCANetwork] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoCommonGroups] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoStartMenuPinnedList] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoSimpleStartMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [NoTaskGrouping] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [RecycleBinSize] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\Policies\Explorer: [RestrictCpl] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1655\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm" HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\system: [EnableProfileQuota] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\system: [ProfileQuotaMessage] You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\system: [MaxProfileSize] 500000 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\system: [WarnUser] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\system: [WarnUserTimeout] 60 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoNetHood] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoPropertiesMyDocuments] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoPropertiesRecycleBin] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [Intellimenus] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoSMBalloonTip] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoClose] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoSMHelp] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoNetworkConnections] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoDrives] 15 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoAutoUpdate] 0 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoNetConnectDisconnect] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoManageMyComputerVerb] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [AlwaysShowClassicMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoHardwareTab] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [HideSCANetwork] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoCommonGroups] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoStartMenuPinnedList] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoSimpleStartMenu] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [NoTaskGrouping] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [RecycleBinSize] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\Policies\Explorer: [RestrictCpl] 1 HKU\S-1-5-21-606344767-3282361405-600652822-1662\...\MountPoints2: {dadb758d-cc94-11e0-8395-000c29f08056} - E:\vfpstart.exe IE5="vfpstart.hta" IELess="vfpstart.htm" HKU\S-1-5-21-606344767-3282361405-600652822-500\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd) HKU\S-1-5-21-606344767-3282361405-600652822-500\...\Run: [Akamai NetSession Interface] => C:\Users\administrator.BOULET\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.) HKU\S-1-5-21-606344767-3282361405-600652822-500\...\Run: [{AAD1516D-28AB-4EB5-B7C8-DF54FE4442E9}] => "C:\Program Files\Bitdefender\EndpointSetupInformation\{c6b758d7-5ad6-455b-e224-a5c4c58680b9}\SetupLauncher.exe" /run:".\Installer.exe" /args:"rebootIfNeeded=0 " Lsa: [Notification Packages] scecli rassfm ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{82A6834D-9378-48EA-A3A5-1EE6B2FD338F}: [NameServer] 192.168.0.240,192.168.0.250 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-606344767-3282361405-600652822-1114\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-606344767-3282361405-600652822-1115\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-606344767-3282361405-600652822-1121\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-606344767-3282361405-600652822-1174\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-606344767-3282361405-600652822-1185\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-606344767-3282361405-600652822-1215\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-606344767-3282361405-600652822-1218\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-606344767-3282361405-600652822-1614\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-606344767-3282361405-600652822-1634\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-606344767-3282361405-600652822-1655\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-606344767-3282361405-600652822-1662\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp HKU\S-1-5-21-606344767-3282361405-600652822-1114\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-606344767-3282361405-600652822-1115\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/defaultf.aspx?ocid=iehp HKU\S-1-5-21-606344767-3282361405-600652822-1115\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-606344767-3282361405-600652822-1115\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://msn.ca/ HKU\S-1-5-21-606344767-3282361405-600652822-1121\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/fr-ca/ HKU\S-1-5-21-606344767-3282361405-600652822-1121\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fr-ca/?ocid=iehp HKU\S-1-5-21-606344767-3282361405-600652822-1174\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-606344767-3282361405-600652822-1174\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/defaultf.aspx?lang=fr-ca&OCID=iehp HKU\S-1-5-21-606344767-3282361405-600652822-1185\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-606344767-3282361405-600652822-1185\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/defaultf.aspx?lang=fr-ca&OCID=iehp HKU\S-1-5-21-606344767-3282361405-600652822-1215\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-606344767-3282361405-600652822-1215\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://preview.msn.com/fr-ca?lang=fr-ca&OCID=iehp HKU\S-1-5-21-606344767-3282361405-600652822-1218\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-606344767-3282361405-600652822-1218\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/defaultf.aspx?ocid=iehp HKU\S-1-5-21-606344767-3282361405-600652822-1614\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-606344767-3282361405-600652822-1634\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-606344767-3282361405-600652822-1655\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-606344767-3282361405-600652822-1655\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fr-ca/?ocid=iehp HKU\S-1-5-21-606344767-3282361405-600652822-1662\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-606344767-3282361405-600652822-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1114 -> DefaultScope {68D48E5D-20B5-4078-86D6-970D2D72B74F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1114 -> {68D48E5D-20B5-4078-86D6-970D2D72B74F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1115 -> DefaultScope {2119352F-7BF1-4F16-A14B-3E54BD833BEA} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1115 -> {2119352F-7BF1-4F16-A14B-3E54BD833BEA} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1121 -> DefaultScope {9D2FE1E0-AB85-4D72-BFE0-EA603238E913} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1121 -> {9D2FE1E0-AB85-4D72-BFE0-EA603238E913} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1174 -> DefaultScope {F4BF53D1-6E9E-4808-888D-FE408FECCAF1} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1174 -> {F4BF53D1-6E9E-4808-888D-FE408FECCAF1} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1185 -> DefaultScope {59D531BD-2847-4726-AB2F-5F4332B9E30C} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-1185 -> {59D531BD-2847-4726-AB2F-5F4332B9E30C} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-500 -> DefaultScope {C3A1912C-65C9-4F9F-985B-ED788F33B2E4} URL = hxxp://www.google.com/search?hl=en&q={searchTerms} SearchScopes: HKU\S-1-5-21-606344767-3282361405-600652822-500 -> {C3A1912C-65C9-4F9F-985B-ED788F33B2E4} URL = hxxp://www.google.com/search?hl=en&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-606344767-3282361405-600652822-1218: @tools.google.com/Google Update;version=3 -> C:\Users\Alexandra\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File] FF Plugin HKU\S-1-5-21-606344767-3282361405-600652822-1218: @tools.google.com/Google Update;version=9 -> C:\Users\Alexandra\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File] Chrome: ======= CHR Profile: C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default [2017-09-28] CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-12] CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-12] CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-12] CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12] CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-12] CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-27] CHR Extension: (No Name) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-12] CHR Extension: (Chrome Media Router) - C:\Users\administrator.BOULET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-28] StartMenuInternet: Google Chrome.7PPCX5V6GMJ2UMT3LB5IEBJ4RI - C:\Users\Alexandra\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 epag; C:\Program Files\Bitdefender\Endpoint Security\epag.exe [3565928 2017-08-29] (Bitdefender) R2 EPIntegrationService; C:\Program Files\Bitdefender\Endpoint Security\EPIntegrationService.exe [100392 2017-09-28] (Bitdefender) R2 EPSecurityService; C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe [100392 2017-09-28] (Bitdefender) R2 EPUpdateService; C:\Program Files\Bitdefender\Endpoint Security\EPUpdateService.exe [100392 2017-09-28] (Bitdefender) S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-13] (Microsoft Corporation) R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [341312 2014-07-16] (FileOpen Systems Inc.) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [File not signed] S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-13] (Microsoft Corporation) S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-13] (Microsoft Corporation) S3 SrmReports; C:\Windows\system32\srmhost.exe [76288 2010-11-20] (Microsoft Corporation) R2 SrmSvc; C:\Windows\system32\srmsvc.dll [3489792 2010-11-20] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1763744 2017-08-29] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [882672 2017-08-29] (BitDefender) R3 bddevflt; C:\Program Files\Bitdefender\Endpoint Security\bddevflt.sys [109272 2017-02-20] (BitDefender LLC) R0 bdupflt; C:\Windows\System32\DRIVERS\bdupflt.sys [57544 2015-10-06] (Bitdefender) R0 Datascrn; C:\Windows\System32\drivers\datascrn.sys [79936 2009-07-13] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-08-22] (DT Soft Ltd) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [187688 2017-08-08] (BitDefender LLC) S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation) R3 MRxDAV; C:\Windows\SysWOW64\drivers\mrxdav.sys [115712 2010-11-20] (Microsoft Corporation) R0 Quota; C:\Windows\System32\drivers\quota.sys [168016 2009-07-13] (Microsoft Corporation) S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-13] (Microsoft Corporation) R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [441112 2017-08-08] (BitDefender S.R.L.) R2 VMMEMCTL; C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys [22744 2015-06-18] (VMware, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73944 2014-02-10] (VMware, Inc.) U3 tpautoconnsvc; no ImagePath S4 vmrawdsk; \??\C:\Program Files\VMware\VMware Tools\vmrawdsk.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys D5B031C308A409A0A576BFF4CF083D30 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\avc3.sys 8AFE08FD37D6F27C54A13118FD167786 C:\Windows\System32\DRIVERS\avckf.sys 8208896BDA980285901521F9524101DA C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Program Files\Bitdefender\Endpoint Security\bddevflt.sys DFBB791B03DE8C2FD1A45555A4C6A97F C:\Windows\System32\DRIVERS\bdupflt.sys 15EE4DF660019AC2390A8460FCEF0E0E C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\drivers\datascrn.sys 05515E104AAE4FDB3DC66384FF745024 C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\dtsoftbus01.sys D3D64CF7B2BCEAA34A270F45A3FFFB36 C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\E1G6032E.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\gzflt.sys DD528E0A0C57B02A6FC311AA05D430C2 C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\Drivers\qd260x64.sys FF0FB51A0ACC2E2D0D412138A05A0B59 C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mcdbus.sys 79D51E7F5926E8CE1B3EBECEBAE28CFF C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\mrxdav.sys CEB46AB7C01C9F825F8CC6BABC18166A C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\System32\drivers\quota.sys 6BA43DAA24BE55DB3741732550584D24 C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sacdrv.sys D65E5E5C59F70516E856F5350106CDAB C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsp.sys 7AFDE8E361E3919B58FDDAF62490AB3B C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys FC62769E7BFF2896035AEED399108162 C:\Windows\System32\DRIVERS\tcpip.sys FC62769E7BFF2896035AEED399108162 C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\trufos.sys D6B788AAF4ED515CC285A49C588142CF C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\system32\drivers\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C C:\Windows\system32\DRIVERS\usbehci.sys ==> MD5 is legit C:\Windows\system32\drivers\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24 C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\system32\drivers\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\system32\drivers\Vid.sys 1720D283BDB1EAA7F21976586FF52B95 C:\Windows\System32\DRIVERS\vm3dmp.sys 4B76095018EF1861B3F93E619552B0DB C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vmci.sys BE8E5E5D53ACF71D4E8E686B68C99B04 C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys 29696FF37D319FFCE5E723BEB3CBE6AD C:\Windows\System32\DRIVERS\vmmouse.sys BBE7ED0ED87295C4E4F7A323D260DE19 C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vsock.sys 2CE26100BB635E18E029E9DF66A51FE1 C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-28 08:12 - 2017-09-28 08:12 - 000077128 _____ C:\Users\administrator.BOULET\Desktop\FRST.txt 2017-09-28 08:11 - 2017-09-28 08:12 - 000000000 ____D C:\FRST 2017-09-28 08:10 - 2017-09-28 08:11 - 000000000 ____D C:\Users\melodie\AppData\Local\Temp\12 2017-09-28 08:09 - 2017-09-28 08:12 - 000000000 ____D C:\Users\Philippes\AppData\Local\Temp\13 2017-09-28 08:09 - 2017-09-28 08:10 - 000000000 ____D C:\Users\Alexandra\AppData\Local\Temp\11 2017-09-28 08:09 - 2017-09-28 08:09 - 002399744 _____ (Farbar) C:\Users\administrator.BOULET\Desktop\FRST64.exe 2017-09-28 08:09 - 2017-09-28 08:09 - 000091087 _____ C:\Users\administrator.BOULET\Desktop\ZHPDiag.txt 2017-09-28 08:06 - 2017-09-28 08:07 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Roaming\ZHP 2017-09-28 08:06 - 2017-09-28 08:06 - 000000831 _____ C:\Users\administrator.BOULET\Desktop\ZHPDiag.lnk 2017-09-28 08:05 - 2017-09-28 08:05 - 000000760 _____ C:\WinChk.txt 2017-09-28 08:03 - 2017-09-28 08:05 - 000000185 _____ C:\Users\administrator.BOULET\Downloads\ckfiles.txt 2017-09-28 08:02 - 2017-09-28 08:02 - 002892160 _____ C:\Users\administrator.BOULET\Downloads\ZHPDiag3.exe 2017-09-28 08:00 - 2017-09-28 08:00 - 000315000 _____ C:\Users\administrator.BOULET\Downloads\winchk_2.0.exe 2017-09-28 07:58 - 2017-09-28 07:58 - 000468480 _____ () C:\Users\administrator.BOULET\Downloads\CKScanner.exe 2017-09-28 07:57 - 2017-09-28 08:12 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\8 2017-09-28 07:57 - 2017-09-28 08:00 - 000000000 ____D C:\Users\Taher.BOULET\AppData\Local\Temp\9 2017-09-28 07:57 - 2017-09-28 07:58 - 000000000 ____D C:\Users\Francoisp\AppData\Local\Temp\10 2017-09-28 07:56 - 2017-09-28 08:13 - 000000000 ____D C:\Users\PIERREB\AppData\Local\Temp\7 2017-09-28 07:53 - 2017-09-28 07:57 - 000000000 ____D C:\Users\vannak\AppData\Local\Temp\6 2017-09-28 07:43 - 2017-09-28 08:02 - 000000000 ____D C:\Users\pascal\AppData\Local\Temp\5 2017-09-28 06:59 - 2017-09-28 08:12 - 000000000 ____D C:\Users\CHARLES\AppData\Local\Temp\3 2017-09-27 10:32 - 2017-09-27 12:01 - 000000000 ____D C:\Users\Alexandra\AppData\Local\Temp\31 2017-09-27 10:27 - 2017-09-27 13:10 - 000000000 ____D C:\Users\pierre\AppData\Local\Temp\30 2017-09-27 10:26 - 2017-09-27 12:46 - 000000000 ____D C:\Users\gabrielle\AppData\Local\Temp\29 2017-09-27 10:14 - 2017-09-27 13:22 - 000000000 ____D C:\Users\ALEXIS\AppData\Local\Temp\21 2017-09-27 10:09 - 2017-09-27 13:20 - 000000000 ____D C:\Users\vannak\AppData\Local\Temp\26 2017-09-27 10:07 - 2017-09-27 11:49 - 000000000 ____D C:\Users\PIERREB\AppData\Local\Temp\25 2017-09-27 09:56 - 2017-09-27 11:57 - 000000000 ____D C:\Users\CHARLES\AppData\Local\Temp\19 2017-09-27 08:32 - 2017-09-27 10:42 - 000000000 ____D C:\Users\YANICK\AppData\Local\Temp\18 2017-09-27 08:12 - 2017-09-27 13:29 - 000000000 ____D C:\Users\Taher.BOULET\AppData\Local\Temp\16 2017-09-27 08:03 - 2017-09-27 12:36 - 000000000 ____D C:\Users\JulieD\AppData\Local\Temp\13 2017-09-27 07:57 - 2017-09-27 08:01 - 000000000 ____D C:\Users\richard\AppData\Local\Temp\10 2017-09-27 07:54 - 2017-09-27 13:40 - 000000000 ____D C:\Users\Philippes\AppData\Local\Temp\8 2017-09-27 07:50 - 2017-09-27 07:53 - 000000000 ____D C:\Users\jerome\AppData\Local\Temp\7 2017-09-27 07:46 - 2017-09-27 13:12 - 000000000 ____D C:\Users\Francoisp\AppData\Local\Temp\6 2017-09-27 07:29 - 2017-09-28 07:47 - 000000000 ____D C:\Users\caroll\AppData\Local\Temp\4 2017-09-27 05:44 - 2017-09-28 08:11 - 000000000 ____D C:\Users\marco\AppData\Local\Temp\2 2017-09-26 14:52 - 2017-09-26 14:52 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRE3DA.tmp.cvr 2017-09-26 12:38 - 2017-09-26 12:38 - 000000000 _____ C:\Users\sforest\AppData\Local\Temp\UNDEB06F.ac$ 2017-09-26 12:34 - 2017-09-26 12:34 - 000000000 _____ C:\Users\sforest\AppData\Local\Temp\UNDB778A.ac$ 2017-09-25 15:37 - 2017-09-25 15:37 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR982E.tmp.cvr 2017-09-25 14:46 - 2017-09-25 14:46 - 000257412 _____ C:\Users\raymond\AppData\Local\Temp\ArmUI.ini 2017-09-25 11:37 - 2017-09-25 11:37 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR19B1.tmp.cvr 2017-09-25 11:30 - 2017-09-25 11:30 - 000000000 ____D C:\Users\pascal\AppData\Local\Temp\lilo.11268 2017-09-22 08:38 - 2017-09-22 08:39 - 000000000 ____D C:\Users\raymond\AppData\Roaming\Autodesk 2017-09-21 20:42 - 2017-09-21 20:42 - 000000123 _____ C:\Users\administrator.BOULET\AppData\Local\Temp\CFGCA3E.tmp 2017-09-20 17:45 - 2017-09-26 17:19 - 000257412 _____ C:\Users\pierre\AppData\Local\Temp\ArmUI.ini 2017-09-19 15:57 - 2017-09-19 15:57 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRC65B.tmp.cvr 2017-09-19 10:48 - 2017-09-19 10:48 - 000000000 ____D C:\Users\Public\Documents\Hewlett-Packard 2017-09-18 19:46 - 2017-09-27 10:19 - 000257412 _____ C:\Users\PIERREB\AppData\Local\Temp\ArmUI.ini 2017-09-18 16:45 - 2017-09-18 16:45 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRCEA2.tmp.cvr 2017-09-16 17:10 - 2017-09-23 04:26 - 000257412 _____ C:\Users\jerome\AppData\Local\Temp\ArmUI.ini 2017-09-15 09:48 - 2017-09-15 09:48 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRDE0.tmp.cvr 2017-09-14 16:38 - 2017-09-14 16:38 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR869A.tmp.cvr 2017-09-13 14:47 - 2017-09-13 14:47 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR1BDA.tmp.cvr 2017-09-13 12:02 - 2017-09-13 12:02 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR63BF.tmp.cvr 2017-09-12 17:12 - 2017-09-12 17:12 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR12F9.tmp.cvr 2017-09-12 14:12 - 2017-09-12 14:12 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRDC09.tmp.cvr 2017-09-05 10:50 - 2017-09-05 10:50 - 000000250 _____ C:\Users\administrator.BOULET\AppData\Local\Temp\msinterr.txt 2017-09-05 10:47 - 2017-09-05 10:47 - 000002577 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual FoxPro 7.0.lnk 2017-09-05 10:47 - 2017-09-05 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTML Help Workshop 2017-09-05 10:46 - 2017-09-05 10:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual FoxPro 7 2017-09-05 10:46 - 2017-09-05 10:46 - 000000000 ____D C:\Program Files (x86)\HTML Help Workshop 2017-09-05 10:45 - 2017-09-05 10:50 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\SIT11456.tmp 2017-09-05 10:10 - 2017-09-05 10:10 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRE591.tmp.cvr 2017-09-01 14:08 - 2017-09-01 14:08 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR459B.tmp.cvr 2017-09-01 11:04 - 2017-09-26 12:32 - 000002279 _____ C:\Users\Public\Desktop\DWG TrueView 2018 - Français (French).lnk 2017-09-01 11:04 - 2017-09-26 12:32 - 000002279 _____ C:\ProgramData\Desktop\DWG TrueView 2018 - Français (French).lnk 2017-09-01 11:04 - 2017-09-01 11:04 - 000000000 ____D C:\Users\Public\Documents\Autodesk 2017-09-01 11:04 - 2017-09-01 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2017-09-01 11:03 - 2017-09-01 11:04 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared 2017-09-01 11:03 - 2017-09-01 11:03 - 000000000 ____D C:\Program Files\Autodesk 2017-09-01 09:49 - 2017-09-01 10:42 - 000000000 ____D C:\Autodesk 2017-09-01 09:26 - 2017-09-01 09:36 - 828943376 _____ (Autodesk, Inc.) C:\Users\administrator.BOULET\Downloads\DWGTrueView_2018_FRA_64bit.sfx.exe 2017-09-01 09:24 - 2017-09-01 09:24 - 000002600 ____T C:\Users\administrator.BOULET\AppData\Local\Temp\adCE9F.tmp 2017-09-01 09:22 - 2017-09-01 09:22 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AI3C09.tmp 2017-08-31 22:21 - 2017-09-26 14:51 - 000257412 _____ C:\Users\ALEXIS\AppData\Local\Temp\ArmUI.ini 2017-08-31 16:21 - 2017-08-31 16:21 - 000002600 ____T C:\Users\administrator.BOULET\AppData\Local\Temp\adB3C2.tmp 2017-08-31 16:20 - 2017-08-31 16:20 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\{0D7D2D24-F8F0-4C02-818D-D5E924FC3F58} 2017-08-31 09:18 - 2017-09-27 15:51 - 000257412 _____ C:\Users\Francoisp\AppData\Local\Temp\ArmUI.ini 2017-08-31 08:48 - 2017-08-31 08:48 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AI6D22.tmp 2017-08-31 08:45 - 2017-08-31 08:45 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AIFE59.tmp 2017-08-31 08:42 - 2017-08-31 08:42 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AI8AC9.tmp 2017-08-31 08:41 - 2017-08-31 08:41 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AIC3DF.tmp 2017-08-31 08:37 - 2017-08-31 08:37 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AIA56D.tmp 2017-08-31 08:36 - 2017-08-31 08:36 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\_AI9E9.tmp 2017-08-30 16:36 - 2017-08-30 16:36 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRB13B.tmp.cvr 2017-08-30 14:20 - 2017-08-30 14:20 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRDC62.tmp.cvr 2017-08-30 14:18 - 2017-08-30 14:18 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR8F94.tmp.cvr 2017-08-30 10:05 - 2017-08-30 10:05 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR1411.tmp.cvr 2017-08-28 17:11 - 2017-08-28 17:11 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR2C5D.tmp.cvr 2017-08-25 17:36 - 2017-09-21 03:01 - 000257412 _____ C:\Users\gabrielle\AppData\Local\Temp\ArmUI.ini 2017-08-23 16:51 - 2017-08-23 16:51 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRCF84.tmp.cvr 2017-08-23 14:18 - 2017-08-23 14:18 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR4C8D.tmp.cvr 2017-08-22 10:19 - 2017-08-22 10:19 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRE433.tmp.cvr 2017-08-21 10:02 - 2017-08-21 10:02 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR4CDD.tmp.cvr 2017-08-18 10:32 - 2017-08-21 09:00 - 000000000 ____D C:\Users\Francoisp\AppData\Local\Temp\Fichiers Internet temporaires 2017-08-17 16:38 - 2017-08-17 16:38 - 000000000 ____D C:\Users\Francoisp\AppData\Roaming\PDF Writer 2017-08-17 16:38 - 2017-08-17 16:38 - 000000000 ____D C:\Users\Francoisp\AppData\Local\Temp\BullZip 2017-08-17 10:43 - 2017-08-17 10:45 - 000010752 _____ C:\Users\vannak\AppData\Local\Temp\0000JB49000B.TMP 2017-08-17 10:43 - 2017-08-17 10:45 - 000007168 _____ C:\Users\vannak\AppData\Local\Temp\0000JB49000A.TMP 2017-08-17 10:43 - 2017-08-17 10:45 - 000001536 _____ C:\Users\vannak\AppData\Local\Temp\0000JB490008.TMP 2017-08-17 10:14 - 2017-08-17 10:14 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRF8CC.tmp.cvr 2017-08-17 08:15 - 2017-08-17 08:15 - 000000000 ____D C:\Users\Francoisp\AppData\Roaming\FileOpen 2017-08-17 07:07 - 2017-08-17 08:15 - 000000000 ____D C:\Users\Francoisp\AppData\Roaming\Adobe 2017-08-17 07:07 - 2017-08-17 07:07 - 000000000 ____D C:\Users\Francoisp\AppData\LocalLow\Adobe 2017-08-17 07:07 - 2017-08-17 07:07 - 000000000 ____D C:\Users\Francoisp\AppData\Local\Temp\Adobe 2017-08-17 07:06 - 2017-08-17 07:06 - 000000000 ____D C:\Users\Francoisp\AppData\Roaming\Apple Computer 2017-08-17 07:05 - 2017-09-28 07:57 - 000000000 ____D C:\Users\Francoisp 2017-08-17 07:05 - 2017-09-27 22:01 - 000000160 ___SH C:\Users\Francoisp\ntuser.ini 2017-08-17 07:05 - 2017-08-17 07:05 - 000015434 __RSH C:\Users\Francoisp\ntuser.pol 2017-08-16 22:52 - 2017-08-16 22:52 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR6BEE.tmp.cvr 2017-08-16 16:25 - 2017-08-16 16:25 - 000000000 ____D C:\Users\Francois\AppData\Roaming\PDF Writer 2017-08-16 16:25 - 2017-08-16 16:25 - 000000000 ____D C:\Users\Francois\AppData\Local\Temp\BullZip 2017-08-16 11:16 - 2017-08-16 11:16 - 000000000 ____D C:\Users\Francois\AppData\Roaming\FileOpen 2017-08-16 09:24 - 2017-08-16 17:34 - 000257412 _____ C:\Users\Francois\AppData\Local\Temp\ArmUI.ini 2017-08-16 09:13 - 2017-08-16 11:16 - 000000000 ____D C:\Users\Francois\AppData\Roaming\Adobe 2017-08-16 09:13 - 2017-08-16 09:13 - 000000000 ____D C:\Users\Francois\AppData\LocalLow\Adobe 2017-08-16 09:13 - 2017-08-16 09:13 - 000000000 ____D C:\Users\Francois\AppData\Local\Temp\Adobe 2017-08-16 09:07 - 2017-08-16 09:07 - 000000000 ____D C:\Users\Francois\AppData\Roaming\Apple Computer 2017-08-16 09:06 - 2017-08-18 09:08 - 000000160 ___SH C:\Users\Francois\ntuser.ini 2017-08-16 09:06 - 2017-08-18 09:07 - 000000000 ____D C:\Users\Francois 2017-08-16 09:06 - 2017-08-16 09:06 - 000015434 __RSH C:\Users\Francois\ntuser.pol 2017-08-15 09:15 - 2017-08-15 09:15 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRA554.tmp.cvr 2017-08-14 15:31 - 2017-08-14 16:41 - 000000000 ____D C:\Users\pascal\AppData\Local\Temp\34 2017-08-14 15:23 - 2017-08-14 16:14 - 000000000 ____D C:\Users\marco\AppData\Local\Temp\33 2017-08-14 15:16 - 2017-08-14 16:40 - 000000000 ____D C:\Users\PIERREB\AppData\Local\Temp\32 2017-08-14 15:15 - 2017-08-14 16:41 - 000000000 ____D C:\Users\pierre\AppData\Local\Temp\31 2017-08-14 14:30 - 2017-08-14 16:39 - 000000000 ____D C:\Users\Philippes\AppData\Local\Temp\29 2017-08-14 14:22 - 2017-08-14 14:22 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Local\Temp\28 2017-08-14 08:22 - 2017-08-14 13:39 - 000000000 ____D C:\Users\jerome\AppData\Local\Temp\14 2017-08-09 15:56 - 2017-08-09 15:56 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR4DB0.tmp.cvr 2017-08-09 09:29 - 2017-08-09 09:29 - 000000000 ____D C:\Users\pvanier.BOULET.000\AppData\Local\Temp\lilo.4372 2017-08-09 09:10 - 2017-08-09 09:10 - 000000000 ____D C:\Users\pvanier.BOULET.000\AppData\Local\Temp\LogMeInUpdates 2017-08-08 11:33 - 2017-08-08 11:33 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRA7EF.tmp.cvr 2017-08-07 14:10 - 2017-08-07 14:10 - 000000000 ____D C:\Users\gabrielle\AppData\Local\Temp\LogMeInUpdates 2017-07-21 15:19 - 2017-07-21 15:19 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR8986.tmp.cvr 2017-07-20 11:57 - 2017-07-20 11:57 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR4D9.tmp.cvr 2017-07-20 11:24 - 2017-07-20 11:24 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVR921.tmp.cvr 2017-07-19 14:02 - 2017-07-19 14:02 - 000257412 _____ C:\Users\MIMI\AppData\Local\Temp\ArmUI.ini 2017-07-18 08:20 - 2017-09-08 10:53 - 000257412 _____ C:\Users\Taher.BOULET\AppData\Local\Temp\ArmUI.ini 2017-07-17 17:03 - 2017-07-17 17:03 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRBAF8.tmp.cvr 2017-07-17 16:35 - 2017-07-17 16:35 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRCFF.tmp.cvr 2017-07-12 13:47 - 2017-07-12 13:47 - 000000000 ____D C:\Users\gabrielle\AppData\Local\Temp\LogMeInLogs 2017-07-12 10:51 - 2015-05-29 18:14 - 009163792 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\system32\cdintf500_64.dll 2017-07-12 10:51 - 2015-05-29 18:14 - 007269392 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf500.dll 2017-07-11 14:20 - 2017-07-11 14:20 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRCCB5.tmp.cvr 2017-07-10 14:07 - 2017-07-10 14:07 - 000000000 ____D C:\Users\pvanier.BOULET.000\AppData\Local\Temp\LogMeInLogs 2017-07-07 15:28 - 2017-07-07 15:28 - 000000000 _____ C:\Users\ALEXIS\AppData\Local\Temp\CVRFB78.tmp.cvr 2017-07-06 13:57 - 2017-07-06 13:57 - 000344064 _____ C:\Users\pierre\AppData\Local\Temp\~DF838D47FF12D8D722.TMP 2017-07-06 11:38 - 2017-07-06 11:38 - 000000000 _____ C:\Users\sforest\AppData\Local\Temp\UND9719D.ac$ ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-28 08:12 - 2009-07-14 00:49 - 000022112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-28 08:12 - 2009-07-14 00:49 - 000022112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-28 08:10 - 2016-04-26 14:59 - 000001086 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1185UA.job 2017-09-28 08:10 - 2015-04-01 09:41 - 000001098 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1622UA.job 2017-09-28 08:10 - 2015-04-01 09:41 - 000001046 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1622Core.job 2017-09-28 08:10 - 2013-07-09 10:02 - 000000000 ____D C:\Users\Alexandra 2017-09-28 08:10 - 2010-11-23 20:27 - 000000000 ____D C:\Users\melodie 2017-09-28 08:08 - 2017-04-06 08:11 - 000000000 ____D C:\Users\Philippes 2017-09-28 08:08 - 2015-06-03 13:20 - 000000654 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-606344767-3282361405-600652822-1128.job 2017-09-28 08:08 - 2014-05-06 13:43 - 000000558 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-606344767-3282361405-600652822-1128.job 2017-09-28 08:08 - 2010-09-15 11:15 - 000000120 _____ C:\Windows\system32\config\netlogon.ftl 2017-09-28 08:05 - 2017-06-12 08:16 - 000257412 _____ C:\Users\vannak\AppData\Local\Temp\ArmUI.ini 2017-09-28 07:56 - 2016-08-17 10:44 - 000000000 ____D C:\Users\Taher.BOULET 2017-09-28 07:56 - 2016-01-11 12:43 - 000001086 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1118UA.job 2017-09-28 07:56 - 2010-10-05 10:40 - 000000000 ____D C:\Users\PIERREB 2017-09-28 07:53 - 2013-04-02 08:26 - 000000000 ____D C:\Users\vannak 2017-09-28 07:42 - 2011-01-03 15:28 - 000000000 ____D C:\Users\pascal 2017-09-28 07:37 - 2010-10-05 10:26 - 000000000 ___RD C:\Users\caroll 2017-09-28 07:31 - 2014-05-07 08:49 - 000000590 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-606344767-3282361405-600652822-1195.job 2017-09-28 07:14 - 2014-05-20 10:33 - 000001094 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1218UA.job 2017-09-28 07:10 - 2015-06-03 14:46 - 000000686 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-606344767-3282361405-600652822-1195.job 2017-09-28 06:59 - 2010-10-06 10:18 - 000000000 ____D C:\Users\CHARLES 2017-09-28 05:35 - 2010-10-06 10:07 - 000000000 ____D C:\Users\marco 2017-09-28 04:05 - 2010-08-25 15:01 - 000729938 _____ C:\Windows\system32\perfh00C.dat 2017-09-28 04:05 - 2010-08-25 15:01 - 000142368 _____ C:\Windows\system32\perfc00C.dat 2017-09-28 04:05 - 2009-07-14 01:10 - 001612094 _____ C:\Windows\system32\PerfStringBackup.INI 2017-09-28 04:05 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf 2017-09-28 04:01 - 2009-07-14 01:06 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-28 04:01 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\Registration 2017-09-28 04:00 - 2010-09-28 14:49 - 000000160 ___SH C:\Users\sforest\ntuser.ini 2017-09-28 01:34 - 2010-10-05 13:21 - 000000160 ___SH C:\Users\ALEXIS\ntuser.ini 2017-09-27 22:51 - 2010-09-28 14:49 - 000000000 ____D C:\Users\sforest 2017-09-27 22:11 - 2015-06-25 08:19 - 000257412 _____ C:\Users\administrator.BOULET\AppData\Local\Temp\ArmUI.ini 2017-09-27 22:02 - 2017-04-06 08:11 - 000000250 ___SH C:\Users\Philippes\ntuser.ini 2017-09-27 22:02 - 2010-11-23 20:27 - 000000250 ___SH C:\Users\melodie\ntuser.ini 2017-09-27 22:02 - 2010-10-05 10:40 - 000000250 ___SH C:\Users\PIERREB\ntuser.ini 2017-09-27 22:01 - 2014-10-27 09:06 - 000000160 ___SH C:\Users\JulieD\ntuser.ini 2017-09-27 22:01 - 2011-03-23 15:42 - 000000250 ___SH C:\Users\pvanier.BOULET.000\ntuser.ini 2017-09-27 22:01 - 2011-03-23 15:42 - 000000000 ____D C:\Users\pvanier.BOULET.000 2017-09-27 22:01 - 2011-01-13 16:46 - 000000250 ___SH C:\Users\jerome\ntuser.ini 2017-09-27 22:01 - 2010-10-05 11:27 - 000000250 ___SH C:\Users\YANICK\ntuser.ini 2017-09-27 22:01 - 2010-10-05 10:26 - 000000160 ___SH C:\Users\caroll\ntuser.ini 2017-09-27 22:01 - 2010-10-05 09:51 - 000000160 ___SH C:\Users\gabrielle\ntuser.ini 2017-09-27 22:01 - 2010-10-05 09:51 - 000000000 ____D C:\Users\gabrielle 2017-09-27 21:59 - 2010-09-15 11:22 - 000000000 ____D C:\Users\administrator.BOULET 2017-09-27 21:13 - 2015-06-03 14:46 - 000003712 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-606344767-3282361405-600652822-1195 2017-09-27 21:13 - 2014-05-07 08:49 - 000003616 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-606344767-3282361405-600652822-1195 2017-09-27 19:10 - 2016-04-26 14:59 - 000001034 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1185Core.job 2017-09-27 18:45 - 2017-03-24 08:20 - 000257412 _____ C:\Users\JulieD\AppData\Local\Temp\ArmUI.ini 2017-09-27 18:20 - 2010-10-06 10:16 - 000003936 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6E4EFF36-6AB0-451E-A3DB-000AA3F08EC0} 2017-09-27 17:12 - 2010-10-06 10:18 - 000000250 ___SH C:\Users\CHARLES\ntuser.ini 2017-09-27 16:54 - 2011-01-03 15:28 - 000000250 ___SH C:\Users\pascal\ntuser.ini 2017-09-27 16:51 - 2010-10-06 10:07 - 000000250 ___SH C:\Users\marco\ntuser.ini 2017-09-27 16:50 - 2010-10-05 09:56 - 000000160 ___SH C:\Users\raymond\ntuser.ini 2017-09-27 16:45 - 2016-08-17 10:44 - 000000164 ___SH C:\Users\Taher.BOULET\ntuser.ini 2017-09-27 16:39 - 2010-10-05 09:03 - 000000250 ___SH C:\Users\pierre\ntuser.ini 2017-09-27 16:27 - 2013-07-09 10:02 - 000000160 ___SH C:\Users\Alexandra\ntuser.ini 2017-09-27 16:09 - 2010-10-05 09:56 - 000000000 ____D C:\Users\raymond 2017-09-27 15:50 - 2011-01-13 16:46 - 000000000 ____D C:\Users\jerome 2017-09-27 15:01 - 2017-01-10 09:22 - 000257412 _____ C:\Users\Alexandra\AppData\Local\Temp\ArmUI.ini 2017-09-27 14:57 - 2014-03-24 15:48 - 000000000 ____D C:\temp0 2017-09-27 14:56 - 2010-10-05 09:03 - 000000000 ____D C:\Users\pierre 2017-09-27 10:53 - 2015-06-03 13:20 - 000003684 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-606344767-3282361405-600652822-1128 2017-09-27 10:53 - 2014-05-06 13:43 - 000003588 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-606344767-3282361405-600652822-1128 2017-09-27 10:14 - 2010-10-05 13:21 - 000000000 ____D C:\Users\ALEXIS 2017-09-27 09:18 - 2013-04-02 08:26 - 000000160 ___SH C:\Users\vannak\ntuser.ini 2017-09-27 08:31 - 2010-10-05 11:27 - 000000000 ____D C:\Users\YANICK 2017-09-27 08:14 - 2014-05-20 10:33 - 000001042 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1218Core.job 2017-09-27 08:03 - 2014-10-27 09:06 - 000000000 ____D C:\Users\JulieD 2017-09-27 07:56 - 2010-10-05 10:58 - 000000000 ____D C:\Users\richard 2017-09-26 23:55 - 2010-09-15 11:22 - 000000160 ___SH C:\Users\administrator.BOULET\ntuser.ini 2017-09-26 20:07 - 2016-07-11 13:14 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-09-26 20:07 - 2016-07-11 13:14 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-09-26 20:07 - 2016-07-11 13:14 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2017-09-26 12:32 - 2012-06-14 16:33 - 000000000 ____D C:\Users\sforest\AppData\Roaming\Autodesk 2017-09-26 11:00 - 2015-10-22 09:36 - 000257412 _____ C:\Users\YANICK\AppData\Local\Temp\ArmUI.ini 2017-09-26 08:57 - 2016-01-11 12:43 - 000001034 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606344767-3282361405-600652822-1118Core.job 2017-09-22 10:12 - 2017-02-10 17:45 - 000000000 ____D C:\Users\Taher.BOULET\AppData\Roaming\Autodesk 2017-09-13 01:38 - 2012-03-30 06:58 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-09-13 01:38 - 2012-03-30 06:58 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-09-13 01:38 - 2011-11-14 12:42 - 000000000 ____D C:\Windows\system32\Macromed 2017-09-13 01:38 - 2011-05-17 08:17 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-09-13 01:38 - 2010-10-05 08:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-09-12 04:00 - 2010-10-05 10:58 - 000000160 ___SH C:\Users\richard\ntuser.ini 2017-09-10 09:27 - 2017-03-29 01:13 - 000257412 _____ C:\Users\richard\AppData\Local\Temp\ArmUI.ini 2017-09-08 21:00 - 2013-07-09 10:10 - 000000160 ___SH C:\Users\MichelleT\ntuser.ini 2017-09-08 08:46 - 2013-07-09 10:10 - 000000000 ____D C:\Users\MichelleT 2017-09-06 03:49 - 2010-11-23 20:29 - 000003936 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1269B6B6-9A11-432B-ACEC-F0C1920F18D1} 2017-09-05 10:50 - 2010-09-27 14:00 - 000295519 _____ C:\Users\administrator.BOULET\AppData\Local\Temp\DepCheckData.txt 2017-09-05 10:46 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\Help 2017-09-02 04:01 - 2009-07-14 00:49 - 000481376 _____ C:\Windows\system32\FNTCACHE.DAT 2017-09-01 11:03 - 2017-02-10 17:00 - 000000000 ____D C:\ProgramData\Package Cache 2017-09-01 11:03 - 2012-06-14 16:26 - 000000000 ____D C:\ProgramData\Autodesk 2017-09-01 09:24 - 2012-06-14 16:26 - 000000000 ____D C:\Users\administrator.BOULET\AppData\Roaming\Autodesk 2017-08-31 16:20 - 2016-03-14 09:59 - 000000000 ____D C:\Program Files (x86)\HP 2017-08-31 08:24 - 2017-02-14 11:07 - 000000000 ____D C:\Users\PIERREB\AppData\Roaming\Autodesk 2017-08-29 01:02 - 2016-08-22 10:46 - 001763744 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys 2017-08-29 01:02 - 2016-08-22 10:46 - 000882672 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys ==================== Files in the root of some directories ======= 2011-08-22 14:21 - 2017-09-01 09:57 - 000044936 _____ () C:\Users\administrator.BOULET\AppData\Local\DepCheckData.txt 2017-09-01 09:57 - 2017-09-01 09:57 - 000000000 _____ () C:\Users\administrator.BOULET\AppData\Local\errorlog.txt 2017-09-01 09:57 - 2017-09-01 09:58 - 000012628 _____ () C:\Users\administrator.BOULET\AppData\Local\installlog.txt 2017-09-01 09:58 - 2017-09-01 09:58 - 000000250 _____ () C:\Users\administrator.BOULET\AppData\Local\msinterr.txt 2015-02-27 13:55 - 2015-02-27 13:56 - 000000600 _____ () C:\Users\administrator.BOULET\AppData\Local\PUTTY.RND 2015-05-20 10:58 - 2015-06-16 13:12 - 000007597 _____ () C:\Users\administrator.BOULET\AppData\Local\Resmon.ResmonCfg 2017-09-01 09:57 - 2017-09-01 09:58 - 003258058 _____ () C:\Users\administrator.BOULET\AppData\Local\VSMsiLog2885.txt 2016-08-11 13:33 - 2016-08-11 13:36 - 000015682 _____ () C:\ProgramData\1470936805.12836.bin 2016-08-11 13:33 - 2016-08-11 13:33 - 000001421 _____ () C:\ProgramData\1470936805.16576.bin 2016-08-11 13:33 - 2016-08-11 13:33 - 000055203 _____ () C:\ProgramData\1470936805.16688.bin 2016-08-11 13:33 - 2016-08-11 13:33 - 000000544 _____ () C:\ProgramData\1470936805.8268.bin 2016-08-11 14:20 - 2016-08-11 14:20 - 000294340 _____ () C:\ProgramData\1470939291.bdinstall.bin 2016-08-11 14:28 - 2016-08-11 14:28 - 000063535 _____ () C:\ProgramData\1470940093.bdinstall.bin 2016-08-11 14:40 - 2016-08-11 14:40 - 000063535 _____ () C:\ProgramData\1470940789.bdinstall.bin 2016-08-15 09:04 - 2016-08-15 09:04 - 000065786 _____ () C:\ProgramData\1471266131.bdinstall.bin 2016-08-15 17:05 - 2016-08-15 17:05 - 000065786 _____ () C:\ProgramData\1471295024.bdinstall.bin 2016-08-16 07:02 - 2016-08-16 07:02 - 000065782 _____ () C:\ProgramData\1471344704.bdinstall.bin 2016-08-17 07:03 - 2016-08-17 07:03 - 000065782 _____ () C:\ProgramData\1471433955.bdinstall.bin 2016-08-17 10:31 - 2016-08-17 10:31 - 000055450 _____ () C:\ProgramData\1471444261.15856.bin 2016-08-17 10:31 - 2016-08-17 10:31 - 000000551 _____ () C:\ProgramData\1471444261.16260.bin 2016-08-22 10:12 - 2016-08-22 10:12 - 000074840 _____ () C:\ProgramData\1471872943.bdinstall.bin 2016-08-22 10:22 - 2016-08-22 10:22 - 000259795 _____ () C:\ProgramData\1471875164.bdinstall.bin 2016-08-22 10:14 - 2016-08-22 10:14 - 000113514 _____ () C:\ProgramData\1471875166.bdinstall.bin 2016-08-11 14:18 - 2016-08-22 10:15 - 000000160 _____ () C:\ProgramData\45.install.log 2016-08-22 10:13 - 2016-08-22 10:13 - 000000563 _____ () C:\ProgramData\45.rollback.log ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-20 00:50 ==================== End of FRST.txt ============================