CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\Run: [Evztion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Axlykajill04\AppData\Local\YjPack\gzxwabmm.dll GroupPolicy: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_wncy_ir_16_14¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyBtDtDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyByEyCyB0D0FtCyEtGtCyCyB0BtGtB0E0A0FtGtB0DyDyBtGtD0ByEtCtB0Azz0C0F0EyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D1942080598%26a%3Dhdr_s_16_34_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_wncy_ir_16_14¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyBtDtDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyByEyCyB0D0FtCyEtGtCyCyB0BtGtB0E0A0FtGtB0DyDyBtGtD0ByEtCtB0Azz0C0F0EyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D1942080598%26a%3Dhdr_s_16_34_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_wncy_ir_16_14¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyBtDtDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyByEyCyB0D0FtCyEtGtCyCyB0BtGtB0E0A0FtGtB0DyDyBtGtD0ByEtCtB0Azz0C0F0EyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D1942080598%26a%3Dhdr_s_16_34_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_41_wncy_ir_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyByEyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyD0BzzyDzzyE0E0EtGyD0AyB0FtG0Ezyzy0DtGyD0ByD0BtGyCtCtDyCtB0BtD0C0CtAtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D502036834%26a%3Dhdr_s_16_41_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_41_wncy_ir_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyByEyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyD0BzzyDzzyE0E0EtGyD0AyB0FtG0Ezyzy0DtGyD0ByD0BtGyCtCtDyCtB0BtD0C0CtAtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D502036834%26a%3Dhdr_s_16_41_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1995861311-3636309898-3167673773-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = SearchScopes: HKU\S-1-5-21-1995861311-3636309898-3167673773-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://mysearch.avg.com/search?cid={3D4F94BF-8522-4280-8818-74A60A13F601}&mid=c19c7de75d6647cda339999b6284922b-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-11-02 20:34:24&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1995861311-3636309898-3167673773-1001 -> {3A7FD686-1594-48D5-AA8E-9F444C56B911} URL = SearchScopes: HKU\S-1-5-21-1995861311-3636309898-3167673773-1001 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_41_wncy_ir_16_14¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyByEyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyD0BzzyDzzyE0E0EtGyD0AyB0FtG0Ezyzy0DtGyD0ByD0BtGyCtCtDyCtB0BtD0C0CtAtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D502036834%26a%3Dhdr_s_16_41_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage&p={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-10] (Oracle Corporation) BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.4.122\AVG Web TuneUp.dll [2016-08-23] (AVG) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File Toolbar: HKU\S-1-5-21-1995861311-3636309898-3167673773-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File FF NewTab: Mozilla\Firefox\Profiles\3u032o1y.default -> about:newtab FF DefaultSearchEngine: Mozilla\Firefox\Profiles\3u032o1y.default -> YHS FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3u032o1y.default -> YHS FF Homepage: Mozilla\Firefox\Profiles\3u032o1y.default -> hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wncy_ir_16_14¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtDyDtAtAzy0ByBzz0C0FtN0D0Tzu0StCyBtBzztN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StCtCtCtAyDyD0A0CtGtCtCtD0FtGyC0C0D0BtGyC0BtC0DtGzytDyEzytBzzyEzy0FzyyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Azy0CtCtA0C0A0BtGyB0D0D0AtGyE0E0DtAtG0AtDyCtBtG0CyC0CtA0BzytAzz0ByE0A0B2QtN0A0LzuyE%26cr%3D1542198389%26a%3Dhdr_s_16_38_wncy_ir_16_14%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage FF Keyword.URL: Mozilla\Firefox\Profiles\3u032o1y.default -> user_pref("keyword.URL", true); CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> mysearch.avg.com/?rvt=1 CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms} CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com S2 Dreary Life; C:\Users\Axlykajill04\AppData\Roaming\Dreary Life\Dreary Life.exe [X] S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X] S3 X6va034; \??\C:\WINDOWS\SysWOW64\Drivers\X6va034 [X] C:\ProgramData\@000001.dat C:\ProgramData\msgia.exe C:\Windows\Tasks\{0F4C76BB-9725-2605-06C7-39CFE411FE67}.job C:\Windows\Tasks\{41EBE507-AFEF-6C62-D2DB-32F7BE0E4294}.job C:\Windows\Tasks\{544942CE-FCB9-C6F2-1111-40E260E4631C}.job Task: {67B4C22E-4B39-4781-AAC1-0A7625B79688} - System32\Tasks\{0F4C76BB-9725-2605-06C7-39CFE411FE67} => C:\Users\AXLYKA~1\AppData\Local\{58A66~1\UNINST~1.EXE <==== ATTENTION Task: {B058D334-557A-4154-9427-36B94A64B0B3} - System32\Tasks\{41EBE507-AFEF-6C62-D2DB-32F7BE0E4294} => C:\Users\Axlykajill04\AppData\Roaming\{58FB6E40-7DA9-0336-169F-24E4CA4DD9DA}\helperupdate.exe [2013-05-08] () <==== ATTENTION C:\Users\Axlykajill04\AppData\Roaming\{58FB6E40-7DA9-0336-169F-24E4CA4DD9DA} C:\Users\AXLYKA~1\AppData\Local\{58A66~1\UNINST~1.EXE Task: C:\WINDOWS\Tasks\{0F4C76BB-9725-2605-06C7-39CFE411FE67}.job => C:\Users\AXLYKA~1\AppData\Local\{58A66~1\UNINST~1.EXE <==== ATTENTION Task: C:\WINDOWS\Tasks\{41EBE507-AFEF-6C62-D2DB-32F7BE0E4294}.job => C:\Users\AXLYKA~1\AppData\Roaming\{58FB6~1\HELPER~1.EXE <==== ATTENTION Task: C:\WINDOWS\Tasks\{544942CE-FCB9-C6F2-1111-40E260E4631C}.job => C:\Users\AXLYKA~1\AppData\Roaming\{58FB6~1\HELPER~1.EXE <==== ATTENTION CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns RemoveProxy: hosts: Emptytemp: