CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 GroupPolicy: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2092268736-3581782249-471380157-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311108¶m1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC12waXQwTJMZYht4oQrCVkGXK0xI76upIG7%2FpBadU9uOib3Rahmd6LUrDLIC480U6fsz%2FAwauP2whozJVY1TubDIhkiB3OYLVmwH3RSrJYYMvOpZHBJYqM%2FFK1DSzrLp%2BgxdEXOSazEKt%2Fp9MpWKC8nNxQAVRyG3jM6LTITOQUPi7zTP4wNrmVoafaPyXb8iUuGWJdXSZ3rX60LDvhE2l15JQhi2SS3A0LFRU4wrYn69w%3D%3D SearchScopes: HKU\S-1-5-21-2092268736-3581782249-471380157-1005 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311108¶m1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC12waXQwTJMZYht4oQrCVkGwed3BGHXu%2FaOWrWpEN813mbMpcEVUjMUsA6IXhKuZ1FYzEryuVVHI9gsmv9%2BQFfzmad2R0iBQVV2MC%2FDoPwYCrhL3RSITKOHZ7JDIp2xDBrCKbKX90q8UmBQASFIUzoJL2OY1uD94FuesVn7Q2GnR3M9Mr5y2Ui0pJLUdUEziV68qhu2n7blZivqV0k%2BKx%2BuedkN9apHT1oJkTpbqfItMg%3D%3D&p={searchTerms} SearchScopes: HKU\S-1-5-21-2092268736-3581782249-471380157-1005 -> {D05D80AF-C65D-41C4-AC4E-21559EA4EDD1} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US400D20160313&p={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-02-24] (Microsoft Corporation) BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311108¶m1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC12waXQwTJMZYht4oQrCVkGDjMCgLUhqxqvJtdB74E6jCg79QJbNkeM%2FAdBy%2F7vR%2FgdGU9SJ94bxQMMk3vxDrTh1ZnqA9Oz9UMH5azgNor6ufBwG%2FmtTy2rUtN%2Bq%2FAniyaTfmKqfh%2BEmF8GcY70PMibDFaGEilvlmD%2FzRHri3di6hGleKnBUPeJTKgms7JWqOgREMDbiG8Fxvosd7r0WoghKQ1wrFOFSJCrwvcbYlx%2FCmN%2FgYrrx4ccul4QXNgcD1o%3D CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311108¶m1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC12waXQwTJMZYht4oQrCVkGXcq1TxUykTD4PfTfb24NXiztjbSCK9VAKJ5243fcyBDNCaKqYbC%2Bf6UWdZ%2B4j6UDHW1UZgfpIYIhXxqG2OOL%2FCb1sKR1uQQiPc2MzH1gNjvW984QGhr%2Fka0w0i0gS7dD6bX5T4cv1NmHA23C87rS0DMtxdWHWuxX8s4A%2BWzYnh7SgaNilmiWJwxTWDA7givII%2BCUDWJqfDXxiCy5z1zDQiUdOCpKC5F4Tes3xljdZzM%3D", "hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311108¶m1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC12waXQwTJMZYht4oQrCVkG6P5Z15gQoafyxCW2SDHhNL2MzEN5x3FHeRJQXvSZ1XCfFp%2BEtaB2Lg8AvllfFZIZTWhwTJ83%2B8QOUEGE%2BO5AtAlPlZHe541UQ%2FmFbqRq8WxvB0e98TXKKdQVzgSsyRk1%2FvKWynDQSGbTfa8%2BEV4UIsv81ckW2Uha3MHv0hWgn31tM%2FBvZ57rpTt%2BdblxqVJgXit4UZheY4AwkefLJICing%3D%3D&p={searchTerms} CHR DefaultNewTabURL: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311108¶m1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC12waXQwTJMZYht4oQrCVkG8IN%2BgZa06q0N5G6Bn4yqZDwDXkcznOA0xi9uq0xQPwywNVb5qqALZe9NbUJOy2J6p3LSz4uJtm2btm%2BJjhTIKNrV%2BblfckEYY8oM8tPodY5AcRcP0yv4H5zFE9RzFMmyqv0JzD99H5yfnGjSpjnq%2BvwZUi%2BlVgNzsx%2Bf8Ao7T29k4Z5jOyEy60lqxX5M9jBxT8z8Ud4SqG7cmXzyaapl5Q%3D%3D CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms} "Livanletdi" => service was unlocked. <==== ATTENTION R2 Livanletdi; C:\Program Files (x86)\Common Files\Livanletdi\Livanletdi.exe [715984 2018-03-02] (Livanletdi Inc.) [File not signed] C:\Program Files (x86)\Common Files\Livanletdi ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File Task: {3540B49F-5FD1-4559-96CF-C14EFA273AEA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {41AC3B22-48B7-4901-8CB1-0FFFF4BB0FB5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {4931000B-8F4E-4589-AF40-BB50FC98A4F9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {583F9BF9-36E9-4F22-A01B-731A0C540B05} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {60479CCC-67D6-418D-8097-40D1A5CC021C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {69BD1424-93C3-43E2-83FF-496340456038} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {72560532-8A96-4AEB-A161-B5BFD68404C2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {837FB429-2D37-4894-8487-F1ACA770084C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {98E8D6A0-40C6-48FF-AEFA-1A551D19A6D2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {ABEFC10B-31F7-439F-9678-65F708816021} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {D352E79B-23BA-4DF3-B689-0CCF7E252708} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {E5C56B1E-C7AF-434B-A68F-14BB55533208} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {EFDF4308-B7EA-416B-A98D-AEDD60725610} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns RemoveProxy: hosts: Emptytemp: