Start:: SystemRestore: On CloseProcesses: CreateRestorePoint: Removeproxy: Hosts: FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction DeleteKey: HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe cmd: schtasks /Delete /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig" /f cmd: schtasks /Delete /TN "\Microsoft\Windows\UNP\RunCampaignManager" /f cmd: schtasks /Delete /TN "\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig" /f cmd: schtasks /Delete /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" /f cmd: schtasks /Delete /TN "\Microsoft\Windows\Setup\gwx\refreshgwxcontent" /f cmd: schtasks /Delete /TN "\Microsoft\Windows\Setup\gwx\launchtrayprocess" /f SearchScopes: HKU\S-1-5-21-744824034-3375447864-2465421029-1001 -> DefaultScope {8E67BD80-AE23-480E-9F40-A4CF05F70C16} URL = SearchScopes: HKU\S-1-5-21-744824034-3375447864-2465421029-1001 -> {8E67BD80-AE23-480E-9F40-A4CF05F70C16} URL = BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\bin\dtplugin\npDeployJava1.dll [No File] FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\bin\plugin2\npjp2.dll [No File] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File AlternateDataStreams: C:\Users\Public\AppData:CSM [229] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [464] IE trusted site: HKU\S-1-5-21-744824034-3375447864-2465421029-1001\...\hola.org -> hxxp://hola.org IE trusted site: HKU\S-1-5-21-744824034-3375447864-2465421029-1001\...\sharepoint.com -> hxxps://viacesifr-files.sharepoint.com cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on cmd: netsh winsock reset Emptytemp: End: