start CloseProcesses: Hosts: CreateRestorePoint: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe C:\Users\Mohamed\Desktop\advanced-systemcare-free_9-2-0-1110_fr_403234.exe HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4271785191-1134607117-2392673886-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-4271785191-1134607117-2392673886-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = CHR HKU\S-1-5-21-4271785191-1134607117-2392673886-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mohamed\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-04-14] (Enigma Software Group USA, LLC.) S3 CoordinatorServiceHost; "C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe" [X] R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-04-14] (Enigma Software Group USA, LLC.) 2016-04-14 18:31 - 2016-04-14 18:31 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} 2016-04-14 18:21 - 2016-04-14 18:07 - 42683680 ____N (IObit ) C:\Users\Mohamed\Desktop\advanced-systemcare-free_9-2-0-1110_fr_403234.exe 2016-04-14 16:27 - 2016-04-14 16:27 - 00003422 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup 2016-04-14 16:27 - 2016-04-14 16:27 - 00001134 _____ C:\Users\Mohamed\Desktop\SpyHunter.lnk 2016-04-14 16:27 - 2016-04-14 16:27 - 00000000 ____D C:\Users\Mohamed\AppData\Roaming\Enigma Software Group 2016-04-14 16:26 - 2016-04-14 16:27 - 00000000 ____D C:\sh4ldr 2012-11-27 02:17 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2012-11-27 02:17 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2012-11-27 02:17 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS C:\ProgramData\hpeB081.dll Task: {87CDDDAB-FCB8-4B09-B6D7-9DD3D82A0E87} - System32\Tasks\Microsoft\Windows\RVLKL\RVLKL => C:\ProgramData\rvlkl\rvlkl.exe <==== ATTENTION C:\ProgramData\rvlkl\rvlkl.exe Task: {AB150D1E-62B4-4FF9-89ED-3DBD96A930A8} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-04-14] (Enigma Software Group USA, LLC.) AlternateDataStreams: C:\ProgramData\Temp:054203E4 [312] AlternateDataStreams: C:\ProgramData\Temp:7FAE3E0D [294] EmptyTemp: end