CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION CHR Extension: (No Name) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhlggpfgfhboddiaobbadofpaoamana [2014-12-24] CHR HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\BR\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [Not Found] CHR HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Chrome\Extension: [oiffmnkajgkhjjchngmajlomfdhfjdma] - C:\Users\BR\AppData\Local\CRE\oiffmnkajgkhjjchngmajlomfdhfjdma.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\BR\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [cielokkdbnmofbmnbpcejffmiphehkfh] - C:\ProgramData\ADDICT-THING\cielokkdbnmofbmnbpcejffmiphehkfh.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [nbpjhhdlpbeomimlbihkcknjdkcnmhfk] - C:\ProgramData\ADDICT-THING\nbpjhhdlpbeomimlbihkcknjdkcnmhfk.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [oiffmnkajgkhjjchngmajlomfdhfjdma] - C:\Users\BR\AppData\Local\CRE\oiffmnkajgkhjjchngmajlomfdhfjdma.crx [Not Found] C:\Windows\System32\Tasks\YourFileDownloader Installer Starter C:\Users\BR\Downloads\free_download_bobcat_753_parts_manual_pdf_downloader.exe CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\BR\AppData\Roaming\tricomfi\tivesen.dll No File <==== ATTENTION Task: {27D71A6F-22F6-4B2E-9904-223164E70563} - \SpeeditUp Update No Task File <==== ATTENTION Task: {A90692A5-EF3B-4528-88C1-87C7A202D5CA} - System32\Tasks\YourFileDownloader Installer Starter => C:\Users\BR\AppData\Local\Temp\YourFileDownloaderpoWld6tLtZ.exe [2014-12-24] (http://yourfile-downloader.com) <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78723285.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89621689.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78723285.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\89621689.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" FF Extension: TinyWallet - C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\Extensions\bnNfUyOHFO@E.com [2014-12-24] S4 LMIRfsClientNP; No ImagePath Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F EmptyTemp: