CloseProcesses: CreateRestorePoint: Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-737372550-802146199-2201841198-1000\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-21-737372550-802146199-2201841198-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-737372550-802146199-2201841198-1000\...\Policies\Explorer: [NoControlPanel] 0 GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 -> DefaultScope {88A141E8-F700-41F3-B121-C8AAA3833166} URL = SearchScopes: HKU\S-1-5-21-737372550-802146199-2201841198-1000 -> DefaultScope {EF8561B0-20BA-46EC-B79B-382B51BA9672} URL = SearchScopes: HKU\S-1-5-21-737372550-802146199-2201841198-1000 -> {57A335D9-472F-4B1E-8903-CE5F5EE90B38} URL = SearchScopes: HKU\S-1-5-21-737372550-802146199-2201841198-1000 -> {749135CD-D3CC-484A-8AA9-F932132A681B} URL = SearchScopes: HKU\S-1-5-21-737372550-802146199-2201841198-1000 -> {88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6} URL = hxxp://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1884 SearchScopes: HKU\S-1-5-21-737372550-802146199-2201841198-1000 -> {EF8561B0-20BA-46EC-B79B-382B51BA9672} URL = Toolbar: HKU\S-1-5-21-737372550-802146199-2201841198-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File Toolbar: HKU\S-1-5-21-737372550-802146199-2201841198-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF ProfilePath: C:\Users\ME-Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\q8wnt2u0.default FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAQaeFsIWV1HDAIUdwsVVVsSFBhCdw1eTA1EFlYXdQBeBQgTRxNBNARaB0tXUUEeGGlxR1dMZVxEKU1ZDXQeU1A= FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggSeQFaUQEVFxgUdw4KTA0TQgAOIQ4MBxRFFAJAdAwBB11AQ1MFIk0FA18DB0VXfWFoKB8fHHFKJ1BMAFU8TkdG FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p= CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch","hxxps://www.yahoo.com/" CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=926458&p={searchTerms} CHR DefaultSearchKeyword: Default -> yahoo.com search CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [57768 2015-05-29] () <==== ATTENTION U4 aspnet_state; no ImagePath S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; no ImagePath 2015-12-02 23:34 - 2014-10-28 12:34 - 00001702 _____ C:\WINDOWS\Tasks\DDHZVYBS.job 2015-12-02 22:57 - 2014-10-28 12:40 - 00001354 _____ C:\WINDOWS\Tasks\CSGDGW.job 2014-09-01 03:18 - 2014-11-10 06:32 - 0001171 _____ () C:\Users\ME-Laptop\AppData\Roaming\CSGDGW 2014-09-01 03:18 - 2014-11-03 06:54 - 0000365 _____ () C:\Users\ME-Laptop\AppData\Roaming\DDHZVYBS 2014-09-01 03:18 - 2014-11-03 06:54 - 0000365 _____ () C:\Users\ME-Laptop\AppData\Roaming\ZBJUQHP C:\ProgramData\fontcacheev1.dat C:\Users\ME-Laptop\my quicken 10 - 070213-081015OFXLOG.DAT CustomCLSID: HKU\S-1-5-21-737372550-802146199-2201841198-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> no filepath Task: {1F261867-A3EC-4E06-9A60-2FFEDB179D5B} - System32\Tasks\XC => C:\Users\ME-Laptop\AppData\Roaming\XC.exe <==== ATTENTION Task: {2458AC6C-C516-4FFC-A567-8F49A5911471} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {3104D77E-367B-4783-B30F-29FC30949249} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {355938C8-7DB1-4D1E-8E5F-93B9F2ED910A} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [2015-05-29] () <==== ATTENTION C:\Program Files (x86)\MyPC Backup Task: {4D652706-E1FD-49BD-88AA-74930F5ADD34} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {516B50DC-053E-4E84-A126-50AFFD21D39C} - \ProPCCleaner_Start -> No File <==== ATTENTION Task: {658AA47D-7B41-4F26-932B-2ABFEC2592D6} - System32\Tasks\CSGDGW => C:\Users\ME-Laptop\AppData\Roaming\CSGDGW.exe <==== ATTENTION Task: {66BC49F7-DD6E-43C2-81C4-03FA73245B4D} - \ProPCCleaner_Popup -> No File <==== ATTENTION Files (x86)\TweakBit\Speedtest Optimizer\SpeedtestOptimizer.exe [2015-07-20] (TweakBit) <==== ATTENTION Task: {7F1AF317-99AF-459B-9F31-184C8DFB8027} - \Optimizer Pro Schedule -> No File <==== ATTENTION Task: {82151297-8A1A-46E1-BC2B-C7CD3F7DAF57} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {84033C7C-F3C2-4E8D-962A-490933257D67} - \24324cf6-1bee-47b3-b003-4649dcebfd2f-10_user -> No File <==== ATTENTION Task: {9BA5A54D-78B4-4504-8CDC-D7ACA30B0B96} - \APSnotifierPP1 -> No File <==== ATTENTION Task: {C7F1060D-094A-40A7-9632-9DB41060F6CF} - System32\Tasks\DDHZVYBS => C:\Users\ME-Laptop\AppData\Roaming\DDHZVYBS.exe <==== ATTENTION Task: {DAA9E3D7-B5F7-46F6-96CB-3D98ADCDFF7D} - System32\Tasks\ZBJUQHP => C:\Users\ME-Laptop\AppData\Roaming\ZBJUQHP.exe <==== ATTENTION Task: {DE907894-8F31-4A0A-B634-24975CBD3F29} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe [2015-08-31] (TweakBit) <==== ATTENTION C:\Program Files (x86)\TweakBit Task: C:\WINDOWS\Tasks\CSGDGW.job => C:\Users\ME-Laptop\AppData\Roaming\CSGDGW.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\DDHZVYBS.job => C:\Users\ME-Laptop\AppData\Roaming\DDHZVYBS.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\XC.job => C:\Users\ME-Laptop\AppData\Roaming\XC.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\ZBJUQHP.job => C:\Users\ME-Laptop\AppData\Roaming\ZBJUQHP.exe <==== ATTENTION C:\Users\ME-Laptop\AppData\Roaming\XC.exe AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 AlternateDataStreams: C:\ProgramData\TEMP:7C60A173 AlternateDataStreams: C:\ProgramData\TEMP:8BD8CD95 AlternateDataStreams: C:\ProgramData\TEMP:C22C13A5 AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 AlternateDataStreams: C:\ProgramData\TEMP:EB825D08 AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns RemoveProxy: hosts: Emptytemp: