CloseProcesses:
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3961452459-976685310-3845880129-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3961452459-976685310-3845880129-1001 -> DefaultScope {BCFDE135-2908-497E-818E-162789AA7F5F} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3961452459-976685310-3845880129-1001 -> {BCFDE135-2908-497E-818E-162789AA7F5F} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7806848 2016-05-27] (Reimage®)
C:\Program Files\Reimage\Reimage Protector
2016-08-08 22:57 - 2016-08-08 23:27 - 00000000 _____ C:\Windows\system32\reimage.rep
2016-08-08 22:40 - 2016-08-08 23:12 - 00000000 ____D C:\ReimageUndo
2016-08-08 22:25 - 2016-08-08 22:25 - 00004352 _____ C:\Windows\System32\Tasks\ReimageUpdater
2016-08-08 22:25 - 2016-08-08 22:25 - 00001953 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2016-08-08 22:25 - 2016-08-08 22:25 - 00000000 ____D C:\ProgramData\Reimage Protector
2016-08-08 22:25 - 2016-08-08 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2016-08-08 22:25 - 2016-08-08 22:25 - 00000000 ____D C:\Program Files\Reimage
2016-08-08 22:24 - 2016-08-08 23:24 - 00000167 _____ C:\Windows\Reimage.ini
2016-08-08 22:24 - 2016-08-08 23:24 - 00000000 ____D C:\rei
2016-08-08 22:24 - 2016-08-08 22:24 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 22:24 - 2016-08-08 22:24 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 22:23 - 2016-08-08 22:24 - 00603824 _____ (Reimage) C:\Users\gary1\Downloads\ReimageRepair.exe
2016-08-08 21:13 - 2016-08-08 21:13 - 00002691 _____ C:\Users\gary1\Desktop\µTorrent.lnk
2016-08-08 21:13 - 2016-08-08 21:13 - 00002691 _____ C:\Users\gary1\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-08-08 21:13 - 2016-08-08 21:13 - 00000000 ____D C:\Users\gary1\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2016-08-08 21:12 - 2016-08-08 21:13 - 00000000 ____D C:\Users\gary1\AppData\Roaming\uTorrent
Task: {403E3B41-5513-40E8-93A5-D4A5416BF7B9} - \App Explorer -> No File <==== ATTENTION
Task: {C2DBE591-62EB-4121-84DC-7A4F360D2CD9} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-05-27] (Reimage®) <==== ATTENTION
C:\Program Files\Reimage\
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp: