View Full Version : Ransomeware help
A chatbox like IM box appeared on my screen and started chatting with me. Said they have been watching me for awhile and basically they want me to use Paypal to pay them money, they said they have seen me use it before. I did not reply when they asked for money and I shut everything down. I went back online last night for awhile and nothing came up. Everything seems to work fine on my laptop and I have not heard from them again. I have run spybot and malwarebytes and tried to clean with those two programs, but I don't know what to do now. How can I get rid of it and how can I ever be sure that they are gone and can't get back in so that I can use my laptop again and feel secure.
Thanks
MickD.
Hi MickD
If this is really ransomeware then there wont be much I can do to help other then supply you with links to read over with information regarding Ransomeware.
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-23rd-2018-govt-infections-zenis-and-more/
https://www.bleepingcomputer.com/news/security/microsoft-releases-patch-for-older-windows-versions-to-protect-against-wana-decrypt0r/
But, they asked you to use PayPal?....interesting.
On the other hand it kinds resembles scam-ware.....just an idea because it could indeed be Ransomeware.
~~~~~
Before continuing please create a restore point.
~~~~~~~~~~~~~~~`
http://i.imgur.com/RQKuhw1.pngRogueKiller
Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply
http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode
Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Heres another link
https://www.bleepingcomputer.com/virus-removal/threat/ransomware/
What is the computer doing out of the ordinary?
Is it showing symptoms of infection?
Thank you for the reply and I will go through the steps of things to do that you listed. I'm only calling it ransomware because I don't know what else to call it. It doesn't seem like ransomware that I have heard of. It was a chatbox or like an IM box that appeared onscreen while I was online doing nothing really, email, news. It started talking to me and at first I tried to shut it down anyway I could think of and then it said, "you can't close it". He said he wanted money and that I could use paypal to send it and that he knows I know how because he has watched me do it. I asked why me and all those questions and didn't get a straight answer and I cannot tell if it is someone local or foreign or anything. Please ask any other questions you have.
Heres another link
https://www.bleepingcomputer.com/virus-removal/threat/ransomware/
What is the computer doing out of the ordinary?
Is it showing symptoms of infection?
Yes, I'd like to see those logs.
I'm not that good with remembering all the types and functions of ransomewares out there and new ones are created often, but I will ask around.
But I was thinking it kinda locked down your computer and files?, you seen any signs of that?
Also, I'm going to need to see the logs created by the following tool
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan
Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
curious
did you have your web browser open when that chatbox popped up?
curious
did you have your web browser open when that chatbox popped up?
Yes I had a FireFox broser open doing nothing really, checking email or reading news when it apeared. If you need the scan result sent another way let me know. Thank you!!
Here is text of AdwCleaner report
# AdwCleaner 7.0.8.0 - Logfile created on Sun Mar 25 22:57:19 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\Users\mikef\AppData\Local\WinSweeper
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Here is RogueKiller scan
RogueKiller V12.12.9.0 (x64) [Mar 19 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : mikef [Administrator]
Started from : F:\Programs\RogueKiller_portable64.exe
Mode : Scan -- Date : 03/25/2018 14:49:32 (Duration : 00:29:14)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 17 ¤¤¤
[PUP.BestBuy] (X64) HKEY_LOCAL_MACHINE\Software\Best Buy -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2844788878-880486787-4179794426-1001\Software\OCS -> Found
[PUP.Gen0|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2844788878-880486787-4179794426-1001\Software\Solvusoft -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2844788878-880486787-4179794426-1001\Software\OCS -> Found
[PUP.Gen0|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2844788878-880486787-4179794426-1001\Software\Solvusoft -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-cb508e63 -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BA44931F-63B5-490F-AA79-2C7E83E3A1CF} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=c:\users\mikef\appdata\local\temp\ffa.tmp.exe|Name=MAD| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DA58F8EB-A770-4F38-BD85-C5E4C7AF42CB} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\mikef\AppData\Local\Temp\7zS48E5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {06A8A719-BA82-43A2-9B28-D924584F2566} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\mikef\AppData\Local\Temp\7zS48E5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5E7DD3BF-690F-455C-B608-863EA52D1163} : v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\mikef\AppData\Local\Temp\UninstallTemp.exe|Name=AndyRemoveInTemp| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F53BEA4C-F9E5-4F6C-A560-7F003DABDA16} : v2.25|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\mikef\AppData\Local\Temp\UninstallTemp.exe|Name=AndyRemoveOutTemp| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {800EF007-BF0B-4005-B58B-418F1C8F2D07} : v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\mikef\AppData\Local\Temp\Andy_46.2_x64\Setup.exe|Name=AndySetupIn| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {18B8E56F-D848-41FA-B1E4-04F6671B0ECF} : v2.25|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\mikef\AppData\Local\Temp\Andy_46.2_x64\Setup.exe|Name=AndySetupOut| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D5CE597A-7BED-4144-ADD7-AC81F91F7114} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\mikef\AppData\Local\Temp\7zS5B0E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E8EA8238-6868-49DA-90DE-BC339106D8F5} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\mikef\AppData\Local\Temp\7zS5B0E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2844788878-880486787-4179794426-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2844788878-880486787-4179794426-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 4 ¤¤¤
[PUM.HomePage][Firefox:Config] inyi5s32.default-1521871370978 : user_pref("browser.startup.homepage", "https://mail.yahoo.com/|https://www.facebook.com/|https://www.youtube.com/|https://mail.google.com/mail/u/0/#inbox"); -> Found
[PUM.HomePage][Chrome:Config] Profile 3 [SecurePrefs] : session.startup_urls [https://mg.mail.yahoo.com/neo/launch?.rand=b3tbds3kqutb6#7179|http://facebook.com/|http://gmail.com/|http://youtube.com/] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [DuckDuckGo] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [https://ac.duckduckgo.com/ac/?q={searchTerms}&type=list] -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HFS256G39MND-2300A +++++
--- User ---
[MBR] df1863962a03673101c75437f6cfffc3
7309b564c7154fdcd7ea26378ec14b1f : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 243422 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 499095552 | Size: 499 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WD My Passport 0827 USB Device +++++
--- User ---
[MBR] a6ef9e9e43ec973a4f6a66e765f7ccf7
[BSP] 885814df319cc6e825466bdc3e388595 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
[B]Here is a second scan from RogueKiller after the first.
RogueKiller V12.12.9.0 (x64) [Mar 19 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : mikef [Administrator]
Started from : F:\Programs\RogueKiller_portable64.exe
Mode : Scan -- Date : 03/25/2018 14:49:32 (Duration : 00:29:14)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 17 ¤¤¤
[PUP.BestBuy] (X64) HKEY_LOCAL_MACHINE\Software\Best Buy -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2844788878-880486787-4179794426-1001\Software\OCS -> Found
[PUP.Gen0|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2844788878-880486787-4179794426-1001\Software\Solvusoft -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2844788878-880486787-4179794426-1001\Software\OCS -> Found
[PUP.Gen0|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2844788878-880486787-4179794426-1001\Software\Solvusoft -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-cb508e63 -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BA44931F-63B5-490F-AA79-2C7E83E3A1CF} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=c:\users\mikef\appdata\local\temp\ffa.tmp.exe|Name=MAD| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DA58F8EB-A770-4F38-BD85-C5E4C7AF42CB} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\mikef\AppData\Local\Temp\7zS48E5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {06A8A719-BA82-43A2-9B28-D924584F2566} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\mikef\AppData\Local\Temp\7zS48E5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5E7DD3BF-690F-455C-B608-863EA52D1163} : v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\mikef\AppData\Local\Temp\UninstallTemp.exe|Name=AndyRemoveInTemp| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F53BEA4C-F9E5-4F6C-A560-7F003DABDA16} : v2.25|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\mikef\AppData\Local\Temp\UninstallTemp.exe|Name=AndyRemoveOutTemp| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {800EF007-BF0B-4005-B58B-418F1C8F2D07} : v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\mikef\AppData\Local\Temp\Andy_46.2_x64\Setup.exe|Name=AndySetupIn| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {18B8E56F-D848-41FA-B1E4-04F6671B0ECF} : v2.25|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\mikef\AppData\Local\Temp\Andy_46.2_x64\Setup.exe|Name=AndySetupOut| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D5CE597A-7BED-4144-ADD7-AC81F91F7114} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\mikef\AppData\Local\Temp\7zS5B0E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E8EA8238-6868-49DA-90DE-BC339106D8F5} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\mikef\AppData\Local\Temp\7zS5B0E\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2844788878-880486787-4179794426-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2844788878-880486787-4179794426-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 4 ¤¤¤
[PUM.HomePage][Firefox:Config] inyi5s32.default-1521871370978 : user_pref("browser.startup.homepage", "https://mail.yahoo.com/|https://www.facebook.com/|https://www.youtube.com/|https://mail.google.com/mail/u/0/#inbox"); -> Found
[PUM.HomePage][Chrome:Config] Profile 3 [SecurePrefs] : session.startup_urls [https://mg.mail.yahoo.com/neo/launch?.rand=b3tbds3kqutb6#7179|http://facebook.com/|http://gmail.com/|http://youtube.com/] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [DuckDuckGo] -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [https://ac.duckduckgo.com/ac/?q={searchTerms}&type=list] -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HFS256G39MND-2300A +++++
--- User ---
[MBR] df1863962a03673101c75437f6cfffc3
[BSP] 7309b564c7154fdcd7ea26378ec14b1f : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 243422 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 499095552 | Size: 499 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WD My Passport 0827 USB Device +++++
--- User ---
[MBR] a6ef9e9e43ec973a4f6a66e765f7ccf7
[BSP] 885814df319cc6e825466bdc3e388595 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
I think you posted the first RogueKiller log twice?
I'd like to see the log from RogueKiller showing it had deleted those items found.
I need to throw this out there before I probably have to leave for the night
https://i.imgur.com/j1Bynr2.pngMalwarebytes - Clean Mode
Download and install the free version of Malwarebytes (https://www.malwarebytes.org/mwb-download/)
Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
Enable Rootkit Scan
Go in the Settings tab, and then under Protection. From there, scroll down a bit and make sure that the Scan for rootkits option is turned to On under Scan Options.
SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
Let the scan run, the time required to complete the scan depends of your system and computer specs
Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
If it asks you to restart your computer to complete the removal, do so
Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard.
https://i.imgur.com/1CtdZ26.png
Paste the content in your next reply
Use the computer as little as possible till I can see the logs requested.
I ran Malwarebytes, thank you.
In the scans there are some things in the host and registry and also kept seeing the name Andy?
Addition Scan
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by mikef (25-03-2018 16:17:20)
Running from F:\Programs
Windows 10 Home Version 1709 16299.125 (X64) (2017-12-02 11:28:56)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2844788878-880486787-4179794426-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2844788878-880486787-4179794426-503 - Limited - Disabled)
guero (S-1-5-21-2844788878-880486787-4179794426-1004 - Administrator - Enabled)
Guest (S-1-5-21-2844788878-880486787-4179794426-501 - Limited - Disabled)
mfuda (S-1-5-21-2844788878-880486787-4179794426-1005 - Administrator - Enabled)
mikef (S-1-5-21-2844788878-880486787-4179794426-1001 - Administrator - Enabled) => C:\Users\mikef
WDAGUtilityAccount (S-1-5-21-2844788878-880486787-4179794426-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Emsisoft Anti-Malware (Disabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Advanced Uninstaller PRO - Version 12 (HKLM-x32\...\AU11_is1) (Version: 12.21.0.95 - Innovative Solutions)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{7BCB15FE-CC5D-4C6D-B1C6-B0AF74EE09E0}) (Version: 20.6.20117.44471 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{7BCB15FE-CC5D-4C6D-B1C6-B0AF74EE09E0}) (Version: 20.6.20117.44471 - Alcor Micro Corp.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.101 - ICEpower a/s)
Bandicam (HKLM-x32\...\Bandicam) (Version: 4.1.1.1371 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.59 - Conexant)
CrazyTalk Animator v3.22 PRO (HKLM-x32\...\{6B844167-0760-43FD-BBCA-2463EC967721}) (Version: 3.22.2426.1 - Reallusion Inc.)
CrazyTalk v8.13 PRO (HKLM-x32\...\{239FA754-71DE-44A4-9DBC-9C9070AF058E}) (Version: 8.13.3615.1 - Reallusion Inc.)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.01 - NCH Software)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
DfuSe v3.0.5 (HKLM-x32\...\{61D44ABF-A11F-4FA4-98E6-C05BBBD0B52A}) (Version: 3.0.5 - STMicroelectronics)
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.71 - NCH Software)
DrawPad Graphic Design Software (HKLM-x32\...\DrawPad) (Version: 4.00 - NCH Software)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.6 - Emsisoft Ltd.)
Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
Evernote v. 6.9.7 (HKLM-x32\...\{531A27D2-11C0-11E8-B634-005056951CAD}) (Version: 6.9.7.6770 - Evernote Corp.)
Express Animate (HKLM-x32\...\ExpressAnimate) (Version: 3.11 - NCH Software)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoPro Studio (HKLM-x32\...\{BE06FF1A-83A0-42F2-913E-6E405393145C}) (Version: 5.12.5383 - GoPro, Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iClone 3DXchange v7.2 Pipeline (HKLM-x32\...\{AB0B6F1C-6F6F-4EEC-93A9-B3D50C2E1CFF}) (Version: 7.2.1220.1 - Reallusion Inc.)
iClone v7.2 (HKLM-x32\...\{13398646-FA8A-4389-8C4D-91F6677E2DD7}) (Version: 7.2.1220.1 - Reallusion Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Laplink PCmover Express - Personal Use (HKLM-x32\...\{16463F64-5878-4E56-B87D-5F5EE9D37729}) (Version: 10.00.641 - Laplink Software, Inc.)
LibreOffice 6.0.0.3 (HKLM\...\{DD7E9D37-CA78-459A-8BA8-29BBF29CF257}) (Version: 6.0.0.3 - The Document Foundation)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1 - Mozilla)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenTX Companion 2.0 (HKLM-x32\...\OpenTX Companion 2.0) (Version: - OpenTX)
Opera Stable 51.0.2830.55 (HKLM-x32\...\Opera 51.0.2830.55) (Version: 51.0.2830.55 - Opera Software)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 4.00 - NCH Software)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 5.02 - NCH Software)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 3.04 - NCH Software)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Quik (HKLM\...\{DF7EE9CB-0369-44F3-9B91-BF05A2D4891D}) (Version: 0.1.5383 - GoPro, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Rotor Rush (HKLM-x32\...\{9DC252BF-1428-49C8-AD6B-2AEFF7846FBD}) (Version: 5.4.1 - Vmach Media Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Secure Eraser (HKLM-x32\...\Secure Eraser_is1) (Version: 5.0.0.1 - ASCOMP Software GmbH)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
UE4 Prerequisites (x86) (HKLM-x32\...\{6EAAE1C0-6000-45FA-B46D-D206144925BF}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (HKLM-x32\...\{f1203e43-4ddb-4280-974e-73f14d793dbd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{61702639-6539-473A-8FE5-618E194C0069}) (Version: 2.7.0.0 - Microsoft Corporation)
USB Interface Utility (HKLM-x32\...\{8F711388-B16D-4015-86D4-67FED5DA59FE}) (Version: 1.2 - VMach Media Ltd)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
Velocidrone version 1.3.28 (HKLM\...\{3EB73E26-2153-4940-880E-F4436C1220A7}_is1) (Version: 1.3.28 - Bat Cave Games)
VFW_Codec32 (HKLM-x32\...\{ECDB3455-70F4-4EE6-B89E-3B4C5E9FF592}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{AE4073DE-7596-4E3B-9DE3-18BE2C3EFAA6}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.11 - NCH Software)
Virtual Com port driver V1.4.0 (HKLM-x32\...\{AF0ACDD1-3842-47C7-B153-B8DB92CDA42D}) (Version: 1.4.0 - STMicroelectronics)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Voxal Voice Changer (HKLM-x32\...\Voxal) (Version: 2.00 - NCH Software)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 8.01 - NCH Software)
WD Backup (HKLM-x32\...\{4AACAFC7-951A-4215-B430-3DFCFF2E6CED}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{7CC2EDF2-83EC-4707-BDD3-72469236A6CC}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows Driver Package - OpenPilot (usbser) Ports (11/21/2014 3.0.0.0) (HKLM\...\BD9150BF7DFF447F2F59CE296CC81C0AABAD7C01) (Version: 11/21/2014 3.0.0.0 - OpenPilot)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-25D45E75801D}\InprocServer32 -> %%sy.stemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> F:\Programs\Evernote Notes\EvernoteCCx64.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> F:\Programs\Evernote Notes\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{93c503ec-b307-4339-bca2-37fe3b4836e8}\InprocServer32 -> F:\Programs\Evernote Notes\EvernoteOLShim64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-08-28] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [Secure Eraser] -> {2A8DEC8D-934E-4FF8-825A-05A800047649} => F:\Programs\Secure Eraser\SecEraser64.dll [2016-02-03] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2012-04-01] ()
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-08-28] ()
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers6-x32: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6-x32: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6-x32: [Secure Eraser] -> {2A8DEC8D-934E-4FF8-825A-05A800047649} => F:\Programs\Secure Eraser\SecEraser64.dll [2016-02-03] ()
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03EBFD46-C746-4DA0-BAEB-F5CA61390248} - System32\Tasks\OrangeDefender => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
Task: {06A920B9-B407-426B-A434-24B032E0ED4E} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {0AF1E9FF-4B79-4FF5-AE15-31DA46522678} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {179C8342-2B77-4DF2-B3AB-57D60EA21609} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {228A45C3-9E2C-4E8B-89B7-22892704FEDD} - System32\Tasks\AdobeGCInvoker-1.0-NEGROTRES-mikef => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {22C767D3-6E0B-478E-9526-A1CDDDE64334} - System32\Tasks\NCH Software\DoxillionDowngrade => C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe [2017-11-09] (NCH Software)
Task: {28F5C682-B28F-4705-A2E3-2C11540275FA} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {292EC022-C90A-434B-853B-D40CEDC1A984} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {3A05543D-E482-44DA-ADCB-D822FA848B84} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {3CD8A4AF-ADA8-42EF-8CDE-43CB6F70D0CD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {504518C2-5BDB-4B97-B5C9-99534D14304F} - System32\Tasks\HPCeeScheduleFormikef => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {5A19F576-2169-4975-BFF2-A2FA539C49DD} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe
Task: {67ECF63A-E973-438F-BFB4-D32AFC510113} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {704F990B-DD1A-4D57-9C89-B6D311726A8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {71DA49D5-3FAF-4E9B-9F95-8E8632C50B40} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {77AD8B33-1EB8-434A-AD35-DA724436D766} - System32\Tasks\Avast Emergency Update => F:\Programs\Avast Anti virus\AvEmUpdate.exe
Task: {8762F122-5796-42E1-907F-1DA3BC4F2FCC} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {8FC31531-8EE3-4225-B895-8F42E143A938} - System32\Tasks\{C57E97CC-9025-4C60-9091-2CA62ECA2512} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\mikef\AppData\Local\uninstallce.exe
Task: {97C5972D-2FDF-43F2-8EA0-36F1B9669C8F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-16] ()
Task: {991EE7A9-5D78-4B05-87C3-959961846191} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {9F51B259-916F-4ABE-A104-B9E63FCF69C0} - System32\Tasks\{E879D36B-7B9D-4B38-9D50-1245197A8C25} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\mikef\AppData\Local\{A2BB94E7-8613-F85F-EB8B-DDB7CFE3212F}\uninst.exe -c -FN=""-P=/Uninstall /s /noun /DelSelfDir
Task: {A0D76D92-8BA9-48CD-A630-C843E1476C15} - System32\Tasks\Opera scheduled Autoupdate 1511452126 => C:\Program Files\Opera\launcher.exe [2018-03-07] (Opera Software)
Task: {A6CFB7EC-4787-4E77-937A-E4F7404F1CD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {AC5B173D-1D2A-4C1D-B39B-AAFC20B5C4A3} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
Task: {AD979737-F1C6-4841-9A60-39B9A16ACB08} - System32\Tasks\OrangeDefenderUpdate => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\updAvTask.exe
Task: {ADF4C576-61AE-4CF8-BD19-BAAB2CB9E943} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {AF452EDC-144F-4A3C-93B6-EB47B731E813} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {B811B41C-1BE5-4746-ADD8-D64EDD8547FB} - System32\Tasks\AupAvUpdate => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe [2017-08-10] (Innovative Solutions)
Task: {C067201E-25BB-4DC8-88D4-0442B7596F7F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-16] (Adobe Systems Incorporated)
Task: {C06BE5BF-FD06-4800-816E-FA5EDE11C951} - System32\Tasks\BackUp_Maker-mikef => C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe
Task: {C175D2BE-EF18-4C1A-BC98-A88C81E31F17} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {D0F3152F-900F-4D34-94CA-693D589AF071} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {DC088422-203E-4B6C-99B4-9D84FA38F0E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {DCD9A15F-3D52-4BB7-926F-02AAFE777009} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {F0B0F162-2C9A-4CDB-989E-9887B6ED8252} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {F5AF6B6F-2630-498E-B59C-586430B1B447} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {F956BFC8-7A07-4867-9C86-330B248A9F83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH5AC811FY => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormikef.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\OrangeDefender.job => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Notification.job => F:\Programs\Solvusoft\WinThruster\Sync.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Startup.job => F:\Programs\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Betaflight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=kdaghagfopacdngbohiknlhcocjccjao
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\BLHeli - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=mejfjggmbnocnfibbibmoogocnjbcjnk
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dcnofaichneijfbkdkghmhjjbepjmble
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Journey (Diary, Journal).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=jlncjaehedpdoinepaejmlpbmdkgmpog
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\KissFC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dpnfknficgldmilnkddfhmbafkcipkkh
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RaceFlight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=ffkgelfmnmeofidahjaefimpdgekflha
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-08-10 03:42 - 2016-08-01 05:54 - 000133056 ____C () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-19 10:11 - 2015-05-19 10:11 - 000007680 ____C () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2017-08-19 23:09 - 2016-02-03 12:33 - 000566440 ____C () F:\Programs\Secure Eraser\SecEraser64.dll
2017-07-22 18:46 - 2012-04-01 00:06 - 002689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2017-08-28 18:41 - 2017-08-28 18:41 - 000155504 ____C () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-12-13 08:40 - 2017-11-26 05:23 - 011044864 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 08:40 - 2017-11-26 05:01 - 001804288 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-16 17:15 - 2017-03-16 17:15 - 000037808 ____C () F:\Programs\GoPro Desktop App\GoProDeviceDetection.exe
2017-07-21 23:23 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-07-21 23:23 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-20 06:48 - 2014-05-13 13:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-20 06:48 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-25 10:40 - 2015-08-25 10:40 - 000027648 ____C () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 000124928 ____C () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-11-02 23:00 - 2015-07-23 21:22 - 000011920 ____C () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-09-04 21:34 - 2015-09-04 21:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\123simsen.com -> www.123simsen.com
There are 7937 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-07-24 05:29 - 2018-03-25 14:46 - 000454450 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123simsen.com
There are 15600 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: DsSvc => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ComcastAntispyClient => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
MSCONFIG\startupreg: ddoctorv2 => "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Desktop Software => "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
MSCONFIG\startupreg: EEventManager => C:\Program Files (x86)\EPSONS~1\EVENTM~1\EEventManager.exe
MSCONFIG\startupreg: Gateway Photo Frame => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\MikeF\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\MikeF\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
MSCONFIG\startupreg: WinCalendarV3 => "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
HKLM\...\StartupApproved\Run: => "GoPro Tray App"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run32: => "Everalbum"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\StartupFolder: => "Shredder.bat"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "HP Officejet Pro 6830 (NET)"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "com.squirrel.slack.slack"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0192E56E-9BB9-40DA-954A-E6BC759DCAB2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{127EE995-1BE4-4F78-AA33-F419104015C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9804EB70-1C1B-4BFA-A76A-C221EB970965}] => (Allow) C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
FirewallRules: [{6B3F5AF4-3A63-4AAB-90CE-FE1C4980FA29}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{4B445AC9-1820-4E8E-86FD-624400C913DD}] => (Block) F:\Programs\CrazyTalk Animator 3\bin64\CrazyTalkAnimator.exe
FirewallRules: [{F32830F1-9BD3-48AA-971E-2E4CE83EBDFA}] => (Block) F:\Programs\CrazyTalk Animator 3\bin64\CrazyTalkAnimator.exe
FirewallRules: [{BAE363B3-F7A9-4FD5-9FDB-F31CE3B8DC88}] => (Block) F:\Programs\CrazyTalk Animator 3\bin64\CrazyTalkAnimator.exe
FirewallRules: [{7D184720-4179-4F3A-A664-8853AC4B6966}] => (Block) F:\Programs\CrazyTalk Animator 3\bin64\CrazyTalkAnimator.exe
FirewallRules: [{ED8D3D7B-3211-44D6-8271-E5576BFF1E65}] => (Allow) F:\Programs\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{21DD3971-9638-4E55-8233-521701AF7EAA}] => (Allow) F:\Programs\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{387560CC-6CBB-4E9A-9B26-72885F817582}] => (Allow) F:\Programs\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{4F827037-A02D-46D8-93B5-5031595AF62D}] => (Allow) F:\Programs\GoPro Desktop App\GoPro Quik.exe
FirewallRules: [{C532C020-1482-41CE-A650-FDC4D775BB32}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{B4F06E65-D3D6-4A25-AC26-80CFBE94BFC2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [UDP Query User{24B6D1A7-21EA-4B80-9773-FB96F639BC26}F:\programs\drlsimulator_1-1-0_win\simulator\drlsimulator.exe] => (Allow) F:\programs\drlsimulator_1-1-0_win\simulator\drlsimulator.exe
FirewallRules: [TCP Query User{147B489B-8382-4ADC-AFDB-EF839ABAF3C2}F:\programs\drlsimulator_1-1-0_win\simulator\drlsimulator.exe] => (Allow) F:\programs\drlsimulator_1-1-0_win\simulator\drlsimulator.exe
FirewallRules: [{7718C90A-BD33-4901-8078-B8144B61CAE0}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{7571C4C9-8E98-4258-886B-2752509D8092}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{15FF93DB-838C-494E-B163-98B3210E825A}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{A2365D31-3614-4B2C-B3B2-377FCEE0D30A}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{C2FF43C3-B68A-4CDC-B28D-0B75BD089422}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{92170D43-C695-4B7C-BA63-2B19314BE6D6}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{4E14ADF7-27EC-4774-B93D-F077EC2905DB}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{FB9CCAE6-4451-4C05-BF27-51F45FC57009}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{913E0180-CC73-41C3-88CC-808C14AC6E10}] => (Allow) C:\Users\mikef\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{45E67BD3-BD1A-4E4B-A364-BB4E22D6FD87}] => (Block) C:\Windows\explorer.exe
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
FirewallRules: [UDP Query User{278A8347-81F1-4DA3-A7A2-4033BB6E5214}C:\users\mikef\downloads\drlsimulator_1-0-8_win\drlsimulator_1-0-8_win\simulator\drlsimulator.exe] => (Allow) C:\users\mikef\downloads\drlsimulator_1-0-8_win\drlsimulator_1-0-8_win\simulator\drlsimulator.exe
FirewallRules: [TCP Query User{BBE8B569-3802-4456-9B59-4E5BC64FE1DA}C:\users\mikef\downloads\drlsimulator_1-0-8_win\drlsimulator_1-0-8_win\simulator\drlsimulator.exe] => (Allow) C:\users\mikef\downloads\drlsimulator_1-0-8_win\drlsimulator_1-0-8_win\simulator\drlsimulator.exe
FirewallRules: [UDP Query User{22C2005C-C444-4625-96C2-B3F8360AE4D6}F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Block) F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [TCP Query User{5E3FDAFF-2D19-48DA-80F1-3132CCA53B64}F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Block) F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [UDP Query User{11F7405B-9EBF-4419-8C7C-3910477E984B}F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [TCP Query User{7235E679-81A8-4169-9B5A-37B470D0DEF1}F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [{88A99397-F5FD-490E-AA93-69F21978D9D4}] => (Allow) C:\Program Files (x86)\Laplink\PCmover\pcmover.exe
FirewallRules: [{6D1FFE3E-A743-49CF-8B3D-231B7456247A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5D7FD833-6D8F-4716-AE62-6C5F9FF56836}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{57D27020-35F9-4BAB-A8E4-55866C5D9CAC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
FirewallRules: [{9932BE6C-6065-433E-8788-142FB8C6D0F6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
FirewallRules: [{66093D00-1387-4EA6-9D7C-926A476223F8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
FirewallRules: [{2F0AB679-4BCB-45B7-ABE0-92A67F2D1253}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
FirewallRules: [{056E1BEB-F740-4526-91FD-F656D7F645F5}] => (Allow) LPort=5357
FirewallRules: [{415148F0-DA72-48DF-868A-211A83800748}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{AEFEB1B4-004D-4C1B-BA92-E00A8EF98FCD}C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [UDP Query User{FE1A6E57-EB90-4647-8FD9-D9981D5A64DD}C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [TCP Query User{528B829E-4718-4188-A933-57DE99CDB771}C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [UDP Query User{E0752CDF-9489-443B-9777-DE39DE8B00EC}C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [{7CBC0525-54E6-4602-B76C-3105F71D1111}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{3B826CAA-4252-4EE6-B38D-9B4557EB232D}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{4A3D1C24-9219-4FE0-A001-5DB069B8898B}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{669309B8-918B-439A-AD1A-1313BCBDDEE8}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{D6DFA72C-0AE7-4066-92A1-FA381E86A872}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{27892B31-73D0-4AA0-85F4-2CB608F7E809}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{D687402A-CBC4-43F0-8053-71D08303B5D0}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{AB0E9925-E723-4925-98EC-E15DC105FDBB}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{715201BF-EDF7-4074-AA92-13A3FE7FDACC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{84E96F96-531A-4587-9EAF-A37DCB986BF4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{90B98612-E8D2-4E76-973F-CA3794F32CFF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CF1DA14D-516B-4A71-A3F3-3519888C6298}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F95C5596-3C70-4582-BCE4-CFD2570EEE7F}] => (Allow) C:\Program Files\Opera\51.0.2830.40\opera.exe
FirewallRules: [TCP Query User{0535286E-86B0-4354-AA5C-F0BC423FF618}F:\programs\muvizu\binaries\muvizu.exe] => (Allow) F:\programs\muvizu\binaries\muvizu.exe
FirewallRules: [UDP Query User{CEE1D7D6-3AAF-47DC-B0E6-0BDCB3671E1D}F:\programs\muvizu\binaries\muvizu.exe] => (Allow) F:\programs\muvizu\binaries\muvizu.exe
FirewallRules: [{034F8069-CA78-4553-8498-9DFDA9E9BFC8}] => (Allow) C:\Program Files\Opera\51.0.2830.55\opera.exe
FirewallRules: [{AD1B7BF7-0E1F-4D6A-A6D4-413640008B6C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
08-03-2018 10:40:38 Removed Track Pack DDC
16-03-2018 13:50:49 Scheduled Checkpoint
23-03-2018 09:13:27 JRT Pre-Junkware Removal
25-03-2018 12:41:21 After installing Advanced Uninstaller PRO
25-03-2018 13:16:55 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/25/2018 03:18:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_smphost, version: 10.0.16299.15, time stamp: 0x9c786b9a
Faulting module name: msvcrt.dll, version: 7.0.16299.125, time stamp: 0x20688290
Exception code: 0xc0000005
Fault offset: 0x00000000000731ba
Faulting process id: 0x2d40
Faulting application start time: 0x01d3c487352f592c
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\System32\msvcrt.dll
Report Id: 20827e03-46bb-43bc-acaf-4d0384cfe5e2
Faulting package full name:
Faulting package-relative application ID:
Error: (03/25/2018 03:18:40 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (03/25/2018 03:18:40 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (03/25/2018 03:18:29 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (03/25/2018 03:18:29 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (03/25/2018 09:23:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname NegroTres.local already in use; will try NegroTres-2.local instead
Error: (03/25/2018 09:23:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 NegroTres.local. Addr 10.0.0.195
Error: (03/25/2018 09:23:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.195:5353 16 NegroTres.local. AAAA 2601:0201:0282:5A01:0000:0000:0000:A936
System errors:
=============
Error: (03/25/2018 04:14:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/25/2018 04:00:58 PM) (Source: DCOM) (EventID: 10010) (User: NEGROTRES)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2017-12-05 09:19:18.956
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {05A1E94E-3FF9-4B66-88D3-7215CB4ABA91}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-03-23 09:10:50.796
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.562.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2018-03-23 09:10:50.796
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.5.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2018-03-23 09:10:44.964
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.562.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-03-23 09:10:44.963
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.562.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-03-23 09:10:44.963
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.562.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2018-03-25 16:08:47.201
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2018-03-25 16:08:47.196
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.
Date: 2018-03-25 16:08:47.167
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2018-03-25 16:08:47.162
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.
Date: 2018-03-25 16:04:07.776
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-25 16:04:07.774
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-25 16:03:57.352
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-25 16:03:57.351
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 8084.27 MB
Available physical RAM: 3975.44 MB
Total Virtual: 11084.27 MB
Available Virtual: 5741.6 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:237.72 GB) (Free:164.77 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:527.76 GB) NTFS
\\?\Volume{2ea052e8-0a14-4730-b8e7-5d2f634e9ad2}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{f885f58c-2350-43d0-a38d-08247bfbbb90}\ () (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: EBA450F1)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CB536EDD)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
FRST Scan
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by mikef (administrator) on NEGROTRES (25-03-2018 16:16:36)
Running from F:\Programs
Loaded Profiles: mikef (Available Profiles: mikef)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Copyright 2017.) F:\Programs\Zemana AntiMalware\ZAM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() F:\Programs\GoPro Desktop App\GoProDeviceDetection.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5913720 2017-05-23] (Safer-Networking Ltd.)
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\Run: [AdobeBridge] => [X]
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE3F5A~1.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(6).dll [94568 2017-01-19] (Zemana Ltd.)
Startup: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shredder.bat [2018-03-04] ()
BootExecute: autocheck autochk * bddel.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{449da3d2-0683-4c05-a995-2ca8434c1492}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS380US380
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {6b0d4c9d-c6eb-4a9a-981c-ac3f9d8373c0} URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&cid=xfstart_tech_search&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {99FFAE1F-493D-44F2-84D3-A9771953A756} URL = hxxps://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
FireFox:
========
FF DefaultProfile: inyi5s32.default-1521871370978
FF ProfilePath: C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978 [2018-03-25]
FF Extension: (Grammarly for Firefox) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-03-23]
FF Extension: (Firefox Multi-Account Containers) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\@testpilot-containers.xpi [2018-03-23]
FF Extension: (AdBlocker Ultimate) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\adblockultimate@adblockultimate.net.xpi [2018-03-23]
FF Extension: (TubeBuddy for YouTube) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2018-03-23]
FF Extension: (Easy Screenshot) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\easyscreenshot@mozillaonline.com.xpi [2018-03-23]
FF Extension: (Enhancer for YouTube™) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2018-03-23]
FF Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\hotspot-shield@anchorfree.com.xpi [2018-03-23] [Legacy]
FF Extension: (AdBlock) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-03-23]
FF Extension: (AdBlocker for YouTube™) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2018-03-23]
FF Extension: (Tab Session Manager) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\Tab-Session-Manager@sienori.xpi [2018-03-23]
FF Extension: (uBlock Origin) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\uBlock0@raymondhill.net.xpi [2018-03-23]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-03-23]
FF Extension: (Screengrab!) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-03-23]
FF Extension: (igtranslator) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{059cddf1-f66c-4b63-a79a-c35ac7e6ac65}.xpi [2018-03-23]
FF Extension: (Adblock for Youtube™) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{0ac04bdb-d698-452f-8048-bcef1a3f4b0d}.xpi [2018-03-23]
FF Extension: (__MSG_appName__) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-03-23]
FF Extension: (Adblock Plus) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-03-23]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\features\{9bba7b1f-f9c1-45a6-b0d2-8e253c3f4a32}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-23] [Legacy]
FF HKLM\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-14] ()
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [No File]
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-2844788878-880486787-4179794426-1001: @citrixonline.com/appdetectorplugin -> C:\Users\MikeF\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
Chrome:
=======
CHR DefaultProfile: Profile 3
CHR HomePage: Profile 3 -> search.ask.com/?gct=hp
CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default [2018-03-25]
CHR Extension: (Google Docs) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-18]
CHR Extension: (Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
CHR Extension: (YouTube) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
CHR Extension: (Google Search) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-18]
CHR Extension: (Gmail) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18]
CHR Extension: (Chrome Media Router) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-02-20]
CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-02-20]
CHR Extension: (Google Slides) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-18]
CHR Extension: (Google Docs) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-18]
CHR Extension: (Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
CHR Extension: (YouTube) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
CHR Extension: (Google Search) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18]
CHR Extension: (Google Sheets) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-18]
CHR Extension: (SiteAdvisor) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-18]
CHR Extension: (Gmail) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18]
CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-02-20]
CHR Extension: (Google Slides) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-18]
CHR Extension: (Google Docs) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-18]
CHR Extension: (Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
CHR Extension: (YouTube) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
CHR Extension: (Google Search) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18]
CHR Extension: (Google Sheets) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-18]
CHR Extension: (SiteAdvisor) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-18]
CHR Extension: (Gmail) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18]
CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3 [2018-03-25]
CHR Extension: (h264ify) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aleakchihdccplidncghkekgioiakgal [2017-08-04]
CHR Extension: (Docs) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-01-21]
CHR Extension: (Social Blade) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2018-03-23]
CHR Extension: (uBlock Origin) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-03-23]
CHR Extension: (Fair AdBlocker App) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-07-31]
CHR Extension: (KissFC) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dpnfknficgldmilnkddfhmbafkcipkkh [2017-04-16]
CHR Extension: (RaceFlight - Configurator) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ffkgelfmnmeofidahjaefimpdgekflha [2017-04-09]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-03-23]
CHR Extension: (HTTPS Everywhere) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Save to Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-02-20]
CHR Extension: (Windscribe - Free VPN and Ad Blocker) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2018-03-06]
CHR Extension: (Journey (Diary, Journal)) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jlncjaehedpdoinepaejmlpbmdkgmpog [2018-03-06]
CHR Extension: (Grammarly for Chrome) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-03-23]
CHR Extension: (Betaflight - Configurator) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kdaghagfopacdngbohiknlhcocjccjao [2018-03-06]
CHR Extension: (The Great Suspender) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-09-02]
CHR Extension: (Google Maps) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-03-04]
CHR Extension: (Video Converter) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2016-06-12]
CHR Extension: (BLHeli - Configurator) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mejfjggmbnocnfibbibmoogocnjbcjnk [2018-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Social Media Improver) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\opnfbjkeinmnibcpmlpjacekjaldnjmj [2018-03-23]
CHR Extension: (XFINITY® TV Go Stream Live TV Online) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pbefpbidnpmpfbkledpohpejdcgfnfif [2016-09-16]
CHR Extension: (Chrome Media Router) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]
CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-21]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MikeF\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gkcffmoikcgfhagefelmhiakelnjihik] - hxxps://chrome.google.com/webstore/detail/gkcffmoikcgfhagefelmhiakelnjihik
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx <not found>
Opera:
=======
OPR StartupUrls: "hxxp://facebook.com/","hxxp://youtube.com/","hxxp://gmail.com/","hxxps://mail.yahoo.com/"
OPR Session Restore: -> is enabled.
OPR Extension: (AdBlock) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-11-23]
OPR Extension: (Unlimited Free VPN - Hola) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-12-15]
OPR Extension: (Translate) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2017-11-23]
OPR Extension: (Grammarly for Chrome) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-12-11]
OPR Extension: (Install Chrome Extensions) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2017-12-15]
OPR Extension: (AdBlock) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-11-23]
OPR Extension: (History Eraser) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpoajlbkhlfoeeokbppmecpplmieedm [2017-11-23]
OPR Extension: (AdBlock) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2017-12-15]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9317264 2018-03-08] (Emsisoft Ltd)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-16] (Intel Corporation)
R2 GoProDeviceDetectionService; F:\Programs\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
S3 MBAMService; F:\Programs\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
R2 SAService; C:\Windows\system32\SAsrv.exe [427224 2015-04-17] (Conexant Systems, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-11] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-11] (Microsoft Corporation)
R2 ZAMSvc; F:\Programs\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
S2 AdobeUpdateService; "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" [X]
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [138744 2015-08-17] (ASUS Corporation)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320528 2017-09-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-09-02] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343296 2017-09-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-09-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47016 2017-09-02] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-02] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147784 2017-09-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-09-02] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-09-02] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1016384 2017-09-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [590880 2017-09-02] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [199312 2017-09-02] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-09-02] (AVAST Software)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-08-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-08-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-08-01] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-08-01] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-16] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-16] (Intel Corporation)
R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-16] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
R3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [161408 2017-03-22] (Zemana Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-25] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-25] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-25] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-25] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-25] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-07-27] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [83360 2017-05-23] (Safer-Networking Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [44184 2012-07-20] (STMicroelectronics)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-03-25] ()
R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx64.sys [52976 2018-02-25] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-11] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-08-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-28] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-25 16:15 - 2018-03-25 16:16 - 000000000 ___DC C:\FRST
2018-03-25 15:56 - 2018-03-25 15:56 - 000001762 ____C C:\Users\mikef\Desktop\AdwCleaner Scan 3.18.txt
2018-03-25 15:53 - 2018-03-25 15:57 - 000000000 ___DC C:\AdwCleaner
2018-03-25 15:22 - 2018-03-25 15:22 - 000012510 ____C C:\Users\mikef\Desktop\roguekiller scan 2.txt
2018-03-25 15:21 - 2018-03-25 15:21 - 000012508 ____C C:\Users\mikef\Desktop\roguekiller scan 1.txt
2018-03-25 14:49 - 2018-03-25 14:49 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-03-25 14:48 - 2018-03-25 14:48 - 000000000 ___DC C:\ProgramData\RogueKiller
2018-03-25 14:46 - 2018-02-28 22:46 - 000454450 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20180325-144632.backup
2018-03-25 13:09 - 2018-03-25 13:09 - 000000000 ___DC C:\Users\mikef\AppData\Local\Wolf of Webstreet OPC Private Limited
2018-03-25 12:57 - 2018-03-25 12:57 - 000001924 ____C C:\Users\Public\Desktop\HitmanPro.lnk
2018-03-25 12:57 - 2018-03-25 12:57 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-03-25 12:57 - 2018-03-25 12:57 - 000000000 ___DC C:\Program Files\HitmanPro
2018-03-25 12:41 - 2018-03-25 12:41 - 000001676 ____C C:\Users\mikef\Desktop\Advanced Uninstaller PRO 12.lnk
2018-03-25 12:41 - 2018-03-25 12:41 - 000001560 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk
2018-03-25 12:41 - 2018-03-25 12:41 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2018-03-25 12:31 - 2018-03-25 12:31 - 000003186 _____ C:\WINDOWS\System32\Tasks\BDAntiCryptoWallTask
2018-03-25 12:21 - 2018-03-25 12:21 - 004778360 ____C (Bitdefender ) C:\Users\mikef\Desktop\BDAntiRansomwareSetup (1).exe
2018-03-25 10:29 - 2018-03-25 10:30 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-25 10:29 - 2018-03-25 10:29 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-25 10:29 - 2018-03-25 10:29 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-25 10:29 - 2018-03-25 10:29 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-25 10:29 - 2018-03-25 10:29 - 000045960 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-25 10:29 - 2018-03-25 10:29 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-25 09:22 - 2018-03-25 10:58 - 000000000 ___DC C:\WINDOWS\Minidump
2018-03-23 12:56 - 2018-03-23 12:56 - 000003044 ____C C:\Users\mikef\Desktop\eset scan.txt
2018-03-23 12:27 - 2018-03-25 12:00 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-03-23 12:27 - 2018-03-25 12:00 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-03-23 11:44 - 2018-03-23 11:44 - 124300000 ____C (Microsoft Corporation) C:\Users\mikef\Desktop\msert.exe
2018-03-23 11:14 - 2018-03-23 11:14 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-23 11:14 - 2018-03-23 11:14 - 040510072 ____C (Microsoft Corporation) C:\Users\mikef\Desktop\Windows-KB890830-x64-V5.58.exe
2018-03-23 09:11 - 2018-03-23 09:12 - 000031474 ____C C:\Users\mikef\Desktop\Rkill.txt
2018-03-17 09:49 - 2018-03-22 23:15 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\Microsoft Visual Pack x86
2018-03-15 16:23 - 2018-03-15 16:23 - 000000000 ___DC C:\Program Files (x86)\Adobe
2018-03-11 12:02 - 2018-03-11 12:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-08 18:00 - 2018-03-08 18:00 - 000037274 ____C C:\Users\mikef\Desktop\contactc rx.pdf
2018-03-08 10:52 - 2018-03-08 10:52 - 000001912 ____C C:\Users\Public\Desktop\Rotor Rush Help.lnk
2018-03-08 10:52 - 2018-03-08 10:52 - 000000761 ____C C:\Users\Public\Desktop\Rotor Rush.lnk
2018-03-06 13:01 - 2018-03-06 13:01 - 000221473 ____C C:\Users\mikef\Desktop\Contacts Rx .pdf
2018-03-04 16:20 - 2018-03-04 16:20 - 000000000 ___DC C:\adobeTemp
2018-03-04 13:49 - 2018-03-25 13:24 - 000000645 ____C C:\Users\mikef\Desktop\JRT.txt
2018-03-04 10:03 - 2008-07-31 11:41 - 000238088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2018-03-04 10:03 - 2008-07-31 11:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2018-03-04 10:03 - 2008-07-31 11:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2018-03-04 10:03 - 2008-07-31 11:41 - 000068616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2018-03-04 10:03 - 2008-07-31 11:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2018-03-04 10:03 - 2008-07-31 11:40 - 000509448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2018-03-04 10:03 - 2008-07-12 09:18 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2018-03-04 10:03 - 2008-07-12 09:18 - 003851784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2018-03-04 10:03 - 2008-07-12 09:18 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2018-03-04 10:03 - 2008-07-12 09:18 - 001493528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2018-03-04 10:03 - 2008-07-12 09:18 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2018-03-04 10:03 - 2008-07-12 09:18 - 000467984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2018-03-04 10:03 - 2008-05-30 15:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2018-03-04 10:03 - 2008-05-30 15:19 - 000507400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2018-03-04 10:03 - 2008-05-30 15:18 - 000238088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2018-03-04 10:03 - 2008-05-30 15:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2018-03-04 10:03 - 2008-05-30 15:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2018-03-04 10:03 - 2008-05-30 15:17 - 000065032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2018-03-04 10:03 - 2008-05-30 15:17 - 000025608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2018-03-04 10:03 - 2008-05-30 15:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2018-03-04 10:03 - 2008-05-30 15:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2018-03-04 10:03 - 2008-05-30 15:11 - 003850760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2018-03-04 10:03 - 2008-05-30 15:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2018-03-04 10:03 - 2008-05-30 15:11 - 001491992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2018-03-04 10:03 - 2008-05-30 15:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2018-03-04 10:03 - 2008-05-30 15:11 - 000467984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2018-03-04 10:03 - 2008-03-05 17:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2018-03-04 10:03 - 2008-03-05 17:03 - 000479752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2018-03-04 10:03 - 2008-03-05 17:03 - 000238088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2018-03-04 10:03 - 2008-03-05 17:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2018-03-04 10:03 - 2008-03-05 17:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2018-03-04 10:03 - 2008-03-05 17:00 - 000025608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2018-03-04 10:03 - 2008-03-05 16:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2018-03-04 10:03 - 2008-03-05 16:56 - 003786760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2018-03-04 10:03 - 2008-03-05 16:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2018-03-04 10:03 - 2008-03-05 16:56 - 001420824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2018-03-04 10:03 - 2008-02-06 00:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2018-03-04 10:03 - 2008-02-06 00:07 - 000462864 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2018-03-04 10:03 - 2007-10-22 04:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2018-03-04 10:03 - 2007-10-22 04:39 - 000267272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2018-03-04 10:03 - 2007-10-22 04:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2018-03-04 10:03 - 2007-10-22 04:37 - 000017928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2018-03-04 10:03 - 2007-10-12 16:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2018-03-04 10:03 - 2007-10-12 16:14 - 003734536 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2018-03-04 10:03 - 2007-10-12 16:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2018-03-04 10:03 - 2007-10-12 16:14 - 001374232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2018-03-04 10:03 - 2007-10-02 10:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2018-03-04 10:03 - 2007-10-02 10:56 - 000444776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2018-03-04 10:03 - 2007-07-20 01:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2018-03-04 10:03 - 2007-07-20 01:57 - 000267112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2018-03-04 10:03 - 2007-07-19 19:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2018-03-04 10:03 - 2007-07-19 19:14 - 003727720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2018-03-04 10:03 - 2007-07-19 19:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2018-03-04 10:03 - 2007-07-19 19:14 - 001358192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2018-03-04 10:03 - 2007-07-19 19:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2018-03-04 10:03 - 2007-07-19 19:14 - 000444776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2018-03-04 10:03 - 2007-06-20 21:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2018-03-04 10:03 - 2007-06-20 21:46 - 000266088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2018-03-04 10:03 - 2007-05-16 17:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2018-03-04 10:03 - 2007-05-16 17:45 - 003497832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2018-03-04 10:03 - 2007-05-16 17:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2018-03-04 10:03 - 2007-05-16 17:45 - 001124720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2018-03-04 10:03 - 2007-05-16 17:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2018-03-04 10:03 - 2007-05-16 17:45 - 000443752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2018-03-04 10:03 - 2007-04-04 19:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2018-03-04 10:03 - 2007-04-04 19:55 - 000261480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2018-03-04 10:03 - 2007-03-15 17:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2018-03-04 10:03 - 2007-03-15 17:57 - 000443752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2018-03-04 10:03 - 2007-03-12 17:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2018-03-04 10:03 - 2007-03-12 17:42 - 003495784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2018-03-04 10:03 - 2007-03-12 17:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2018-03-04 10:03 - 2007-03-12 17:42 - 001123696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2018-03-04 10:03 - 2007-03-05 13:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2018-03-04 10:03 - 2007-03-05 13:42 - 000015128 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2018-03-04 10:03 - 2007-01-24 16:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2018-03-04 10:03 - 2007-01-24 16:27 - 000255848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2018-03-04 10:03 - 2006-12-08 13:02 - 000251672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2018-03-04 10:03 - 2006-12-08 13:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2018-03-04 10:03 - 2006-11-29 14:06 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2018-03-04 10:03 - 2006-11-29 14:06 - 003426072 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2018-03-04 10:03 - 2006-11-29 14:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2018-03-04 10:03 - 2006-11-29 14:06 - 000440080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2018-03-04 10:03 - 2006-09-28 17:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2018-03-04 10:03 - 2006-09-28 17:05 - 002414360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2018-03-04 10:03 - 2006-09-28 17:05 - 000237848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2018-03-04 10:03 - 2006-09-28 17:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2018-03-04 10:03 - 2006-07-28 10:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2018-03-04 10:03 - 2006-07-28 10:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2018-03-04 10:03 - 2006-07-28 10:30 - 000236824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2018-03-04 10:03 - 2006-07-28 10:30 - 000062744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2018-03-04 10:03 - 2006-05-31 08:24 - 000230168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2018-03-04 10:03 - 2006-05-31 08:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2018-03-04 10:03 - 2006-03-31 13:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2018-03-04 10:03 - 2006-03-31 13:40 - 002388176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2018-03-04 10:03 - 2006-03-31 13:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2018-03-04 10:03 - 2006-03-31 13:39 - 000229584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2018-03-04 10:03 - 2006-03-31 13:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2018-03-04 10:03 - 2006-03-31 13:39 - 000062672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2018-03-04 10:03 - 2006-02-03 09:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2018-03-04 10:03 - 2006-02-03 09:43 - 002332368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2018-03-04 10:03 - 2006-02-03 09:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2018-03-04 10:03 - 2006-02-03 09:42 - 000230096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2018-03-04 10:03 - 2006-02-03 09:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2018-03-04 10:03 - 2006-02-03 09:41 - 000014032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2018-03-04 10:03 - 2005-12-05 19:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2018-03-04 10:03 - 2005-12-05 19:09 - 002323664 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2018-03-04 10:03 - 2005-07-22 20:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2018-03-04 10:03 - 2005-07-22 20:59 - 002319568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2018-03-04 10:03 - 2005-05-26 16:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2018-03-04 10:03 - 2005-05-26 16:34 - 002297552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2018-03-04 10:03 - 2005-03-18 18:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2018-03-04 10:03 - 2005-03-18 18:19 - 002337488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2018-03-04 10:03 - 2005-02-05 20:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2018-03-04 10:03 - 2005-02-05 20:45 - 002222800 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2018-03-03 16:59 - 2018-03-03 17:11 - 000000942 ___HC C:\Users\mikef\.lmmsrc.xml
2018-03-03 13:12 - 2018-03-03 13:12 - 000000000 ___DC C:\Users\mikef\Documents\Audacity
2018-03-03 12:09 - 2018-03-03 12:09 - 000000000 ___DC C:\Users\mikef\Documents\Mixpad Projects
2018-03-02 09:32 - 2018-03-02 09:32 - 000000000 ___DC C:\Users\mikef\AppData\Local\iClone
2018-03-02 09:00 - 2018-03-02 09:00 - 000000875 ____C C:\Users\Public\Desktop\iClone v7.2.lnk
2018-03-02 08:59 - 2018-03-02 08:59 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iClone 7
2018-03-01 13:01 - 2018-03-01 13:01 - 000000000 ___DC C:\Users\mikef\Documents\DrawPad
2018-03-01 12:43 - 2018-03-01 12:43 - 000001229 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Animate.lnk
2018-03-01 12:43 - 2018-03-01 12:43 - 000001217 ____C C:\Users\Public\Desktop\Express Animate.lnk
2018-03-01 12:43 - 2018-03-01 12:43 - 000001165 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2018-03-01 12:43 - 2018-03-01 12:43 - 000001153 ____C C:\Users\Public\Desktop\WavePad Sound Editor.lnk
2018-03-01 12:40 - 2018-03-01 12:40 - 000001157 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2018-03-01 12:40 - 2018-03-01 12:40 - 000001145 ____C C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2018-03-01 12:13 - 2018-03-01 12:54 - 000001187 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DrawPad Graphic Design Software.lnk
2018-03-01 12:13 - 2018-03-01 12:54 - 000001175 ____C C:\Users\Public\Desktop\DrawPad Graphic Design Software.lnk
2018-02-28 22:46 - 2017-12-12 10:46 - 000454450 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20180228-214624.backup
2018-02-28 15:57 - 2018-02-28 15:57 - 000000000 ___DC C:\Users\mikef\AppData\Local\MorphCreator
2018-02-27 15:57 - 2018-02-27 15:57 - 000001735 ____C C:\Users\mikef\Desktop\Evernote.lnk
2018-02-27 11:58 - 2018-02-27 12:05 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\YouTubeByClick
2018-02-27 11:57 - 2018-03-04 14:58 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\ByClick
2018-02-26 15:06 - 2011-09-07 16:25 - 000000000 ___DC C:\Users\mikef\Desktop\Ex_Files_AE_Cr8_Char
2018-02-26 15:05 - 2018-02-26 15:05 - 009715947 ____C C:\Users\mikef\Desktop\Ex_Files_AE_Cr8_Char.zip
2018-02-26 10:47 - 2018-02-26 10:47 - 000001181 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk
2018-02-26 10:45 - 2018-02-26 10:45 - 000001199 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Image Converter.lnk
2018-02-26 10:45 - 2018-02-26 10:45 - 000001187 ____C C:\Users\Public\Desktop\Pixillion Image Converter.lnk
2018-02-25 16:40 - 2018-02-25 16:40 - 000000976 ____C C:\Users\Public\Desktop\iClone 3DXchange v7.2 Pipeline.lnk
2018-02-25 16:40 - 2018-02-25 16:40 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iClone 3DXchange 7
2018-02-25 16:14 - 2018-02-25 16:14 - 000052976 _____ C:\WINDOWS\system32\Drivers\voxaldriverx64.sys
2018-02-25 16:14 - 2018-02-25 16:14 - 000001167 ____C C:\Users\mikef\AppData\Roaming\trace_FilterInstaller.txt
2018-02-25 16:14 - 2018-02-25 16:14 - 000001139 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
2018-02-25 16:14 - 2018-02-25 16:14 - 000001127 ____C C:\Users\Public\Desktop\Voxal Voice Changer.lnk
2018-02-25 16:14 - 2018-02-25 16:14 - 000000000 ____C C:\Users\mikef\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2018-02-23 19:06 - 2018-02-24 08:38 - 000000000 ___DC C:\Users\mikef\AppData\Local\EvernoteNW
2018-02-23 14:58 - 2018-02-23 15:01 - 000000000 ___DC C:\Users\mikef\Evernote
2018-02-23 14:57 - 2018-02-27 15:57 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-25 16:15 - 2017-07-28 16:41 - 000077691 ____C C:\WINDOWS\ZAM.krnl.trace
2018-03-25 16:15 - 2017-07-28 16:41 - 000037986 ____C C:\WINDOWS\ZAM_Guard.krnl.trace
2018-03-25 16:06 - 2017-12-02 04:27 - 001896192 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-25 15:59 - 2016-11-24 10:47 - 000000000 ___DC C:\Users\mikef\AppData\LocalLow\Mozilla
2018-03-25 15:59 - 2015-11-03 00:07 - 000000165 ____C C:\Users\mikef\AppData\Roaming\sp_data.sys
2018-03-25 15:59 - 2015-11-03 00:07 - 000000000 __SHD C:\Users\mikef\IntelGraphicsProfiles
2018-03-25 15:58 - 2017-12-02 04:27 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2018-03-25 15:58 - 2017-09-29 01:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-25 15:58 - 2017-07-29 07:32 - 000000000 ___DC C:\Program Files\Emsisoft Anti-Malware
2018-03-25 14:19 - 2017-12-02 04:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-25 12:55 - 2017-09-02 16:10 - 000000000 ___DC C:\ProgramData\AVAST Software
2018-03-25 12:41 - 2017-12-02 04:27 - 000004100 _____ C:\WINDOWS\System32\Tasks\AupAvUpdate
2018-03-25 10:29 - 2017-07-23 15:01 - 000000781 ____C C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-25 10:29 - 2017-07-23 15:01 - 000000000 ___DC C:\ProgramData\Malwarebytes
2018-03-25 10:25 - 2016-02-18 19:44 - 001388432 ____C C:\Users\Public\VOIP.dat
2018-03-25 09:17 - 2016-03-09 18:59 - 000000352 ____C C:\WINDOWS\Tasks\HPCeeScheduleFormikef.job
2018-03-25 00:27 - 2017-12-02 04:27 - 000003244 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFormikef
2018-03-23 23:51 - 2017-11-28 11:03 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2018-03-23 23:51 - 2017-11-28 11:03 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-23 23:35 - 2017-11-29 18:44 - 000000955 ____C C:\Users\Public\Desktop\Firefox.lnk
2018-03-23 23:35 - 2017-11-28 11:03 - 000000967 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-23 23:34 - 2017-11-28 11:03 - 000311176 ____C (Mozilla) C:\Users\mikef\Downloads\Firefox Installer.exe
2018-03-23 23:28 - 2017-12-02 04:27 - 000003644 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-03-23 23:02 - 2017-11-28 11:04 - 000000000 ___DC C:\Users\mikef\Desktop\Old Firefox Data
2018-03-23 21:56 - 2017-09-29 06:46 - 000000000 ___DC C:\WINDOWS\DeliveryOptimization
2018-03-23 11:14 - 2015-11-03 02:28 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-23 09:15 - 2017-09-29 06:46 - 000000000 ___DC C:\WINDOWS\AppReadiness
2018-03-23 00:38 - 2016-02-20 14:19 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\vlc
2018-03-22 23:33 - 2017-12-02 04:22 - 000000000 __HDC C:\Users\mikef
2018-03-22 23:30 - 2017-07-30 12:51 - 000001221 ____C C:\Users\mikef\Desktop\Emsisoft Anti-Malware.lnk
2018-03-22 23:20 - 2016-02-22 15:54 - 000000000 ___DC C:\Program Files (x86)\NCH Software
2018-03-22 23:20 - 2016-02-20 12:17 - 000000000 ___DC C:\ProgramData\NCH Software
2018-03-22 23:15 - 2017-07-20 22:08 - 000070834 ____C C:\WINDOWS\SysWOW64\bddel.dat
2018-03-22 15:08 - 2016-02-18 19:16 - 000002263 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-22 15:08 - 2016-02-18 19:16 - 000002222 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-22 10:06 - 2017-09-29 06:46 - 000000000 __HDC C:\Program Files\WindowsApps
2018-03-19 15:12 - 2017-12-01 07:47 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2844788878-880486787-4179794426-1001
2018-03-19 15:12 - 2017-12-01 07:46 - 000002365 ____C C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-19 15:12 - 2017-12-01 07:46 - 000000000 __RDC C:\Users\mikef\OneDrive
2018-03-17 18:51 - 2016-02-20 12:17 - 000000000 ___DC C:\Users\mikef\AppData\LocalLow\Adobe
2018-03-17 14:48 - 2016-02-20 13:58 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\NCH Software
2018-03-16 19:02 - 2016-02-20 13:51 - 000000000 ___DC C:\Users\mikef\AppData\Local\ElevatedDiagnostics
2018-03-13 16:50 - 2016-11-29 13:10 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Screen Recorder
2018-03-12 08:58 - 2017-12-02 04:27 - 000003946 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1511452126
2018-03-12 08:58 - 2017-11-23 08:48 - 000001040 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-03-12 08:58 - 2017-11-23 08:48 - 000000000 ___DC C:\Program Files\Opera
2018-03-11 12:06 - 2017-09-29 06:46 - 000000000 ___DC C:\Program Files\Windows Defender
2018-03-11 12:02 - 2017-12-02 04:20 - 005178344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-08 10:52 - 2017-04-04 11:23 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rotor Rush
2018-03-08 10:52 - 2016-03-07 22:37 - 000000000 ___DC C:\Users\mikef\AppData\Local\UnrealEngine
2018-03-05 08:47 - 2017-03-10 18:05 - 000000000 ___DC C:\ProgramData\Adobe
2018-03-04 18:07 - 2017-03-26 09:17 - 000000000 ___DC C:\ProgramData\regid.1986-12.com.adobe
2018-03-04 16:34 - 2015-11-03 00:07 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\Adobe
2018-03-04 09:46 - 2018-02-09 12:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2018-03-02 08:56 - 2015-11-02 23:12 - 000000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
2018-03-01 11:51 - 2017-09-29 06:44 - 000000000 ___DC C:\WINDOWS\INF
2018-02-27 11:58 - 2016-02-20 12:17 - 000000000 ___DC C:\ProgramData\Caphyon
2018-02-27 11:24 - 2017-09-29 06:46 - 000000000 ___DC C:\WINDOWS\LiveKernelReports
2018-02-25 15:24 - 2018-02-02 18:34 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion
2018-02-25 15:24 - 2017-08-13 22:32 - 000000000 ___DC C:\Users\mikef\AppData\Local\Reallusion
2018-02-25 12:12 - 2017-08-28 12:17 - 000000000 __HDC C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupAdvanced Uninstaller
2018-02-25 12:10 - 2015-11-02 22:55 - 000000000 ___DC C:\ProgramData\Package Cache
2018-02-25 12:01 - 2017-12-02 04:22 - 000000000 ___DC C:\Users\mikef\AppData\Local\Packages
2018-02-25 11:54 - 2018-02-20 23:43 - 000000000 ___DC C:\Users\mikef\AppData\Local\PlaceholderTileLogoFolder
2018-02-24 14:23 - 2017-05-10 08:23 - 000000000 ___DC C:\Users\mikef\Documents\Adobe
2018-02-24 08:38 - 2017-08-11 16:34 - 000000000 ___DC C:\Program Files\SUPERAntiSpyware
2018-02-23 19:46 - 2017-09-29 06:46 - 000000000 ___DC C:\WINDOWS\SysWOW64\Macromed
==================== Files in the root of some directories =======
2017-11-08 16:45 - 2017-11-08 16:45 - 000000008 ____C () C:\ProgramData\sysqcl1131236454.dat
2016-02-18 19:44 - 2018-03-25 10:25 - 001388432 ____C () C:\Users\Public\VOIP.dat
2017-01-02 16:36 - 2017-03-10 17:25 - 000000096 ____C () C:\Users\mikef\AppData\Roaming\Camdata.ini
2017-01-02 16:36 - 2017-03-10 17:25 - 000000408 ____C () C:\Users\mikef\AppData\Roaming\CamLayout.ini
2017-01-02 16:36 - 2017-03-10 17:25 - 000000408 ____C () C:\Users\mikef\AppData\Roaming\CamShapes.ini
2017-01-02 16:36 - 2017-03-10 17:25 - 000004536 ____C () C:\Users\mikef\AppData\Roaming\CamStudio.cfg
2015-01-06 13:06 - 2015-01-12 01:42 - 000000746 ____C () C:\Users\mikef\AppData\Roaming\DriveCalculator Preferences
2015-11-03 00:07 - 2018-03-25 15:59 - 000000165 ____C () C:\Users\mikef\AppData\Roaming\sp_data.sys
2018-02-25 16:14 - 2018-02-25 16:14 - 000001167 ____C () C:\Users\mikef\AppData\Roaming\trace_FilterInstaller.txt
2018-02-25 16:14 - 2018-02-25 16:14 - 000000000 ____C () C:\Users\mikef\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-05-03 14:40 - 2017-05-03 14:40 - 000000078 ____C () C:\Users\mikef\AppData\Roaming\VC.dat
2016-11-29 12:58 - 2017-03-10 17:24 - 000000096 ____C () C:\Users\mikef\AppData\Roaming\version2.xml
2016-11-03 16:46 - 2016-11-03 16:46 - 000051211 ____C () C:\Users\mikef\AppData\Roaming\VideoPad.dmp
2010-05-31 14:03 - 2014-01-10 13:59 - 000000794 ____C () C:\Users\mikef\AppData\Roaming\wklnhst.dat
2014-07-08 12:51 - 2017-07-29 07:56 - 000008704 ___HC () C:\Users\mikef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-04 00:07 - 2016-03-04 00:07 - 000000861 ___HC () C:\Users\mikef\AppData\Local\recently-used.xbel
2010-10-24 08:12 - 2017-06-27 06:08 - 000007597 ___HC () C:\Users\mikef\AppData\Local\resmon.resmoncfg
2011-09-18 07:29 - 2011-09-18 07:29 - 000017408 ___HC () C:\Users\mikef\AppData\Local\WebpageIcons.db
Some files in TEMP:
====================
2018-03-25 14:48 - 2017-12-02 04:15 - 001954048 ____C (Microsoft Corporation) C:\Users\mikef\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-03-24 11:02
==================== End of FRST.txt ============================
,
Here is a RogueKiller Scan done after everything else
RogueKiller V12.12.9.0 (x64) [Mar 19 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : mikef [Administrator]
Started from : F:\Programs\RogueKiller_portable64.exe
Mode : Scan -- Date : 03/25/2018 18:04:57 (Duration : 00:37:23)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HFS256G39MND-2300A +++++
--- User ---
[MBR] df1863962a03673101c75437f6cfffc3
[BSP] 7309b564c7154fdcd7ea26378ec14b1f : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 243422 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 499095552 | Size: 499 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WD My Passport 0827 USB Device +++++
--- User ---
[MBR] a6ef9e9e43ec973a4f6a66e765f7ccf7
[BSP] 885814df319cc6e825466bdc3e388595 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
I ran Malwarebytes, thank you.
Did it find anything?
~~~~~~~~~~~~~~~~~~~~`
In the scans there are some things in the host and registry and also kept seeing the name Andy?
C:\Program Files\Andy\andy.exe
Did you download and install this? => Android OS -Android app emulator
~~`
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
Start::
CloseProcesses:
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-25D45E75801D}\InprocServer32 -> %%sy.stemroot%%\system32\shell32.dll => No File
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {03EBFD46-C746-4DA0-BAEB-F5CA61390248} - System32\Tasks\OrangeDefender => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
Task: {3CD8A4AF-ADA8-42EF-8CDE-43CB6F70D0CD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5A19F576-2169-4975-BFF2-A2FA539C49DD} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe
Task: {8FC31531-8EE3-4225-B895-8F42E143A938} - System32\Tasks\{C57E97CC-9025-4C60-9091-2CA62ECA2512} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\mikef\AppData\Local\uninstallce.exe
Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Notification.job => F:\Programs\Solvusoft\WinThruster\Sync.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Startup.job => F:\Programs\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Betaflight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=kdaghagfopacdngbohiknlhcocjccjao
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\BLHeli - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=mejfjggmbnocnfibbibmoogocnjbcjnk
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dcnofaichneijfbkdkghmhjjbepjmble
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Journey (Diary, Journal).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=jlncjaehedpdoinepaejmlpbmdkgmpog
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\KissFC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dpnfknficgldmilnkddfhmbafkcipkkh
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RaceFlight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=ffkgelfmnmeofidahjaefimpdgekflha
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {99FFAE1F-493D-44F2-84D3-A9771953A756} URL = hxxps://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
FF HKLM\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [No File]
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-2844788878-880486787-4179794426-1001: @citrixonline.com/appdetectorplugin -> C:\Users\MikeF\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
CHR HomePage: Profile 3 -> search.ask.com/?gct=hp
CHR HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MikeF\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx <not found>
2018-03-25 14:48 - 2017-12-02 04:15 - 001954048 ____C (Microsoft Corporation) C:\Users\mikef\AppData\Local\Temp\dllnt_dump.dll
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: Bitsadmin /Reset /Allusers
Emptytemp:
End::
Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
******
Since you were using Firefox when this happened, let's reset the browser.
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
Proceed with the reset once done.
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)
~~~~~
I want to take precautions and run a rootkit scan.
Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
run the scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.
Please post these 2 logs when finished.
Tell me how the computer is at the moment.
Hi,
First thing before I forget, I want to thank you for taking your time to help me. I really appreciate it.
I ran Malwarebytes last night and it came up clean.
I ran FRST Fix scan and will post the report.
I don't understand what I'm to do with the "start to end" text I was to copy. Where do I paste it? I also reset Firefox.
I will now go and run the MBAR and post results when I'm finished.
I have been using the laptop off and on, but pretty constant for more than 24hrs with no other contact from the person and everything seems to be working, but with some issues.
Issues I've noticed,
I will begin typing and it is going backward the letters. I have to stop and delete whatever I am typing and start again for it to work correctly. This has happened a few times.
Pages not loading all the way or parts of the page have big blacked out sections when nothing loaded. This is the most frequent issue.
Generally, things seem to work so far, but it seems a lot slower and it gets stuck and just spinning the blue ring until I close it and start over fresh.
These have appeared after the initial contact with whoever it was.
Fixlog Scan
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by mikef (26-03-2018 11:33:13) Run:1
Running from F:\Programs
Loaded Profiles: mikef (Available Profiles: mikef)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-25D45E75801D}\InprocServer32 -> %%sy.stemroot%%\system32\shell32.dll => No File
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {03EBFD46-C746-4DA0-BAEB-F5CA61390248} - System32\Tasks\OrangeDefender => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
Task: {3CD8A4AF-ADA8-42EF-8CDE-43CB6F70D0CD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5A19F576-2169-4975-BFF2-A2FA539C49DD} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe
Task: {8FC31531-8EE3-4225-B895-8F42E143A938} - System32\Tasks\{C57E97CC-9025-4C60-9091-2CA62ECA2512} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\mikef\AppData\Local\uninstallce.exe
Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Notification.job => F:\Programs\Solvusoft\WinThruster\Sync.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Startup.job => F:\Programs\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Betaflight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=kdaghagfopacdngbohiknlhcocjccjao
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\BLHeli - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=mejfjggmbnocnfibbibmoogocnjbcjnk
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dcnofaichneijfbkdkghmhjjbepjmble
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Journey (Diary, Journal).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=jlncjaehedpdoinepaejmlpbmdkgmpog
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\KissFC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dpnfknficgldmilnkddfhmbafkcipkkh
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RaceFlight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=ffkgelfmnmeofidahjaefimpdgekflha
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {99FFAE1F-493D-44F2-84D3-A9771953A756} URL = hxxps://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
FF HKLM\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [No File]
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-2844788878-880486787-4179794426-1001: @citrixonline.com/appdetectorplugin -> C:\Users\MikeF\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
CHR HomePage: Profile 3 -> search.ask.com/?gct=hp
CHR HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MikeF\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx <not found>
2018-03-25 14:48 - 2017-12-02 04:15 - 001954048 ____C (Microsoft Corporation) C:\Users\mikef\AppData\Local\Temp\dllnt_dump.dll
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: Bitsadmin /Reset /Allusers
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-25D45E75801D}" => removed successfully
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveBlacklisted => not found
HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSynced => not found
HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSyncing => not found
HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco1" => removed successfully
"HKLM\Software\Classes\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco2" => removed successfully
"HKLM\Software\Classes\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco3" => removed successfully
"HKLM\Software\Classes\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
"HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate" => removed successfully
HKLM\Software\Classes\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AccExt" => removed successfully
"HKLM\Software\Classes\CLSID\{2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4}" => removed successfully
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{03EBFD46-C746-4DA0-BAEB-F5CA61390248}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03EBFD46-C746-4DA0-BAEB-F5CA61390248}" => removed successfully
C:\WINDOWS\System32\Tasks\OrangeDefender => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OrangeDefender" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CD8A4AF-ADA8-42EF-8CDE-43CB6F70D0CD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CD8A4AF-ADA8-42EF-8CDE-43CB6F70D0CD}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A19F576-2169-4975-BFF2-A2FA539C49DD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A19F576-2169-4975-BFF2-A2FA539C49DD}" => removed successfully
C:\WINDOWS\System32\Tasks\Avira Safe Shopping Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira Safe Shopping Updater" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FC31531-8EE3-4225-B895-8F42E143A938}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FC31531-8EE3-4225-B895-8F42E143A938}" => removed successfully
C:\WINDOWS\System32\Tasks\{C57E97CC-9025-4C60-9091-2CA62ECA2512} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C57E97CC-9025-4C60-9091-2CA62ECA2512}" => removed successfully
C:\WINDOWS\Tasks\WinThruster64-mikef-Notification.job => moved successfully
C:\WINDOWS\Tasks\WinThruster64-mikef-Startup.job => moved successfully
C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Betaflight - Configurator.lnk => Shortcut argument removed successfully
C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\BLHeli - Configurator.lnk => Shortcut argument removed successfully
C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk => Shortcut argument removed successfully
C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Journey (Diary, Journal).lnk => Shortcut argument removed successfully
C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\KissFC.lnk => Shortcut argument removed successfully
C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RaceFlight - Configurator.lnk => Shortcut argument removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => removed successfully
HKLM\Software\Classes\CLSID\OldSearch => not found
"HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{99FFAE1F-493D-44F2-84D3-A9771953A756}" => removed successfully
HKLM\Software\Classes\CLSID\{99FFAE1F-493D-44F2-84D3-A9771953A756} => not found
"HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}" => removed successfully
HKLM\Software\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => not found
"HKLM\Software\Mozilla\Firefox\Extensions\\@BrowserSafer" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\netsight@nielsen.com" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\@BrowserSafer" => removed successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect" => removed successfully
"HKU\S-1-5-21-2844788878-880486787-4179794426-1001\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin" => removed successfully
"C:\Users\MikeF\AppData\Local\Citrix\Plugins\104\npappdetector.dll" => not found
"Chrome HomePage" => removed successfully
"HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pjldcfjmnllhmgjclecdnfampinooman" => removed successfully
C:\Users\mikef\AppData\Local\Temp\dllnt_dump.dll => moved successfully
========= netsh advfirewall reset =========
The following helper DLL cannot be loaded: NAPMONTR.DLL.
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
The following helper DLL cannot be loaded: NAPMONTR.DLL.
Ok.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset catalog =========
The following helper DLL cannot be loaded: NAPMONTR.DLL.
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45127032 B
Java, Flash, Steam htmlcache => 8915 B
Windows/system/drivers => 37257989 B
Edge => 1302812 B
Chrome => 909235244 B
Firefox => 395641798 B
Opera => 474013032 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 254968 B
NetworkService => 136678 B
mikef => 95997608 B
RecycleBin => 0 B
EmptyTemp: => 1.8 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-03-2018 11:35:47)
Result of scheduled keys to remove after reboot:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
==== End of Fixlog 11:35:48 ====
I forgot to answer your question.
I have android phones, but I don't remember installing an Android app emulator.
I have to break the report up. It's too large to send all together.
looks like SpyBot did a re-Immunization on host files. I think everything is OK with that.
Good thing is, not seeing signs of infection.
First thing before I forget, I want to thank you for taking your time to help me. I really appreciate it.
Your welcome
I will now go and run the MBAR and post results when I'm finished.
Yes, I would like to know the outcome of that specific scan.
C:\Program Files\Andy\andy.exe
Did you download and install this? => Android OS -Android app emulator
We can remove all files/folders, just let me know.
I ran FRST Fix scan and will post the report.
I don't understand what I'm to do with the "start to end" text I was to copy. Where do I paste it? I also reset Firefox.
It might have sounded confusing but you got it right.
Firefox might run slow since the reset and it's possible it needs to update to the latest version.
https://support.mozilla.org/en-US/kb/update-firefox-latest-version
~~~~~~~~~~~~~~~~~~~~~~`
I think we need to run an online scan to check for remnants.
http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;
Hi
Very sorry I have not been in contact. Things have been a little crazy right now. An example would be me saving all of the scan reports as Jpegs for some reason, so I attached them to this post. Hope it works out alright. I will post a second post shortly after this with the Emergency Kit scan.
Thank you!
I just ran the Emsisoft Emergency Kit scan and it came up clean again. The last few times that I've run virus scan, malware scan, everything is coming back clean, but my laptop is still not working the same as before. How can I be sure everything has been cleaned from the laptop and how can I know that I will be able to use it again without worrying about being watched or someone getting in and looking for things to take, or who knows what else?
I would also like to ask you what you recommend for me to use to protect my laptop? I have been using SpyBot antivirus and antimalware, but this is the second time I have had a virus or something similar. I spoke with SpyBot and I guess it doesn't protect or get rid of ransomware or similar types of harmful programs, so do you have something you can recommend? I'd like to know about virus, malware, ransomware and everything else protection. I also run periodic scans with Malwarebytes or Emsisoft.
I am going to be buying a new laptop for my wife and I'd like to use whatever you recommend on this also.
Thank you so much. Let me know what I need to do next or why I go from here.
Mike
Jpegs worked fine...just make sure those items found were deleted.
Have you experimented, booting into safe mode with networking?, to see if all this is still happening?
Kinda sounds like onboard security is causing issues....just a thought.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
You know, it's just not acting like it malware.
Please Download Tweaking.com - Windows Repair from Here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
OR
Windows Repair (all in one) from here (http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/).
Instructions below might be a little out dated, but it's self explanatory if you look at the interface.
Install and then run the program
Execute the instructions on Step 1 Important
Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
Click Repairs - Open Repairs in the bottom right corner
Uncheck the All repair button then select just the item(s) listed below
01 - Repair Registry Permissions
03 - Reset Service permissions
04 - Register System Files
05 - Repair WMI
06 - Repair Windows Firewall
07 - Repair Internet Explorer
10 - Remove Policies Set By Infections
17 - Repair Windows Updates
19 - Repair Volume Shadow Copy Service
21 - Repair MSI (Windows Installer)
26 - Restore Important Windows Services
27 - Set Windows Service to Default Startup
Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
Please copy and paste the Contents of this file on your next reply.
Restart the computer normally.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Google Chrome appears to have several hits. I would save my favorites, completely uninstall then reinstall
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)
I would use Revo uninstaller to get all the little bits and pieces
Please download and install Revo Uninstaller (http://www.revouninstaller.com/start_freeware_download.html).
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove (Chrome)
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.
The download page is below.
https://www.google.com/chrome/b/
~~~
Let's do this first and see if we can make any headway. I can give you a list of recommendations for security apps and other items you might want to consider for protection.
Hello,
I ran the Windows repair following your instructions, here is the scan
I deleted Chrome, using the Revo Uninstaller, which is very nice. I've been using Advanced Uninstaller Pro but Revo looks like it has more options. I reinstalled a fresh Chrome after.
I will see how it is running now and let you know. Next step?
Thank you so much
Mike
Tweaking.com - Windows Repair 2018 (v4.0.15)
--------------------------------------------------------------------------------
System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Home
OS Architecture: 64-bit
OS Version: 10.0.16299.125
OS Service Pack:
Computer Name: NEGROTRES
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\mikef
Current Profile SID: S-1-5-21-2844788878-880486787-4179794426-1001
Current Profile Classes: S-1-5-21-2844788878-880486787-4179794426-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\mikef\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:10:49
Process Count: 155
Commit Total: 3.84 GB
Commit Limit: 10.82 GB
Commit Peak: 3.92 GB
Handle Count: 56489
Kernel Total: 704.55 MB
Kernel Paged: 423.86 MB
Kernel Non Paged: 280.70 MB
System Cache: 2.29 GB
Thread Count: 2039
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.89 GB
Memory Used: 3.62 GB(45.8374%)
Memory Avail.: 4.28 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.89 GB
Memory Used: 2.86 GB(36.277%)
Memory Avail.: 5.03 GB
--------------------------------------------------------------------------------
Starting Repairs...
Started at (3/31/2018 4:20:41 PM)
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 67
01 - Reset Registry Permissions
Restore Windows 7/8/10 Default Registry Permissions
Start (3/31/2018 4:20:44 PM)
Decompressing & Updating Windows Permission File F:\Programs\files\permissions\10\hku.7z
Done, 0.27 seconds.
Decompressing & Updating Windows Permission File F:\Programs\files\permissions\10\hklm.7z
Done, 5.83 seconds.
Running Repair Under System Account
Done (3/31/2018 4:22:24 PM)
03 - Reset Service Permissions
Start (3/31/2018 4:22:24 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:23:19 PM)
04 - Register System Files
Start (3/31/2018 4:23:19 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:25:25 PM)
05 - Repair WMI
Start (3/31/2018 4:25:25 PM)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
Spybot - Search and Destroy Exported.
Emsisoft Anti-Malware Exported.
Windows Defender Exported.
Exporting AntiSpyware Info...
Spybot - Search and Destroy Exported.
Emsisoft Anti-Malware Exported.
Windows Defender Exported.
Exporting 3rd Party Firewall Info...
No Firewall Products Reported.
Running Repair Under Current User Account
Done (3/31/2018 4:28:02 PM)
06 - Repair Windows Firewall
Start (3/31/2018 4:28:02 PM)
Decompressing & Updating Windows Permission File F:\Programs\files\permissions\10\services.7z
Done, 0.23 seconds.
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:28:34 PM)
07 - Repair Internet Explorer
Start (3/31/2018 4:28:34 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:29:47 PM)
10 - Remove Policies Set By Infections
Start (3/31/2018 4:29:48 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:30:03 PM)
17 - Repair CD/DVD Missing/Not Working
Start (3/31/2018 4:30:03 PM)
iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
Done (3/31/2018 4:30:04 PM)
19 - Repair Windows Sidebar/Gadgets
Start (3/31/2018 4:30:04 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:30:08 PM)
21 - Repair Windows Snipping Tool
Start (3/31/2018 4:30:08 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:30:10 PM)
26 - Set Windows Services To Default Startup
Skipping Repair.
This repair is currently being updated to support the Windows 10 Fall Update
Cleaning up empty logs...
All Selected Repairs Done.
Done at (3/31/2018 4:30:11 PM)
Total Repair Time: 00:09:31
...YOU MUST RESTART YOUR SYSTEM...
https://i.imgur.com/a6csRll.pngMalwarebytes Anti-Rootkit Beta
Download Malwarebytes Anti-Rootkit Beta (https://malwarebytes.app.box.com/s/flmkkcawxhohv6jf6wlkentlvycq0f3z) and extract it to your desktop (MBAR will be launched shortly after the extraction)
https://i.imgur.com/HTCF1SV.png
Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next
https://i.imgur.com/UJCQPAS.png
Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while)
https://i.imgur.com/v4lJKL5.png
Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required)
After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt
Copy/paste the content of that log in your next reply
Post this log when finished and give me an update on how the computer is at the moment.
Well I just ran the Malwarebytes scan and it came back clean. Nothing found it said!
So far it seems fine, but I've only been using it for a little bit.
Mike
Please download Security Analysis by Rocket Grannie from here (http://rocketgrannie.spywareinfoforum.org/RGSA.exe)
Save it to your Desktop.
Close your security software to avoid potential conflicts.
Double click RGSA.exe
Click OK on the copyright-disclaimer
It will produce a log named SA Log.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
Please copy and paste the contents of that log in this topic.
Hi,
I ran the RGSA scan. I kept waiting for it to pop up and then I though something was wrong until I noticed the SALog was done and sitting there. :laugh:
I still have had a couple of times that I open something and it won't open until I stop it and reopen it again fresh. Also still have some of the strange actions when typing, with the words going backwards when I type, but it only has happend 2 times which is much better. Everything else seems ok, except all my settings are back to the factory settings and microsoft and cortana are trying to make my life difficult haha. It's not problem if I get my laptop back working, I can fix settings easy. Especially with all of the help you have been giving me.
Let me know what you think the next step for me is.
Thank you
Mike
SALog was done and sitting there
Did it show anything needed to be updated?
I still have had a couple of times that I open something and it won't open until I stop it and reopen it again fresh.
I've had this a couple of times and it boiled down to:
Onboard protection scanning the web site I'm trying to open, I'm trying to use the computer when something is trying to update.
Have you waited to see if it finally opens without having to close it?
Also still have some of the strange actions when typing, with the words going backwards when I type, but it only has happend 2 times which is much better. Everything else seems ok, except all my settings are back to the factory settings and microsoft and cortana are trying to make my life difficult haha.
I've heard of this. Let me throw some items out there for you to check and see if it applies here
it's possible that you are pressing a key combination that changes the text direction, like Right Ctrl + Right Shift.
mouse. new battery?
swap out mouse?
check the keyboard settings..in the control panel.
Hardware and devices troubleshooter on the device and check fi it helps. Windows 10 has a built-in troubleshooter to check and fix issues with hardware and devices.
settings are back to the factory settings
Yeah, sorry, kinda had to do that.
Especially with all of the help you have been giving me
We'll git er done!
Hi,
Here is the SALog, I thought I put it in the last post, but I guess I forgot. Seems like everything is up to date except an Adobe program.
Result of Security Analysis by Rocket Grannie (x86) Updated: 24th March, 2018
Running from:F:\Programs (10:45:11 - 04/02/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Microsoft Edge
***------------Antivirus - Antispyware - Firewall-----------***
Spybot - Search and Destroy (Enabled - up to Date)
Emsisoft Anti-Malware (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Spybot - Search and Destroy (Enabled - up to Date)
Emsisoft Anti-Malware (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (28.0.0.126) ==> is out of Date
Google Chrome (65.0.3325.181)
Malwarebytes (3.4.4.2398)
Mozilla Firefox (59.0.2)
Opera (51.0.28
Spybot - Search & Destroy (2.6.46)
SUPERAntiSpyware (6.0.1244)
***----------------Analysis Complete-------------------------***
I am trying to pay attention when I am typing to see if I am resting my hands on something, or putting pressure on something, but I don't notice anything yet. I am wondering about my mouse since you mentioned it. It is a cheapo mouse and I have a problem with the cursor jumping to someplace else while typing and maybe it is the mouse. I will look at them today and get a new one, it needs to be replaced with something better. Any thoughts on a mouse that is rood but won't make me broke?
I ran the trouble shooter before I started talking with you and it didn't seem to help. Should I try it again?
Let me know and thank you,
Mike
I got my last mouse (Logitech wireless) at Walmart, maybe $12.00?
You can run the troubleshooter again but no guarantee it'll work.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
Hi,
I've been using the laptop trying to see how it's working and is it better. It is better, but it still has some quirks, which may be solved with a new mouse I have coming, it would be great if it fixed it. What do you think? Is there more to do or are we runing out of options? I am also not sure I'm ever going to feel completely secure on this laptop or is there a way to assure my paranoia? I may have buy a new one, I am wondering. I bought a new laptop for my wife and I wanted to see if you had recommendations on antivirus malware the whole setup and any tips you might have on the best way to set up a new windows 10 laptop. Please tell me if I am asking too much. Sometimes my brain shuts down and I don't even see that what I might be asking someone is out of line or inconsiderate, so please tell me. I really appriciate all of the help and time you have given me. Thank you. Mike
Hi,
I've been using the laptop trying to see how it's working and is it better. It is better, but it still has some quirks, which may be solved with a new mouse I have coming, it would be great if it fixed it. What do you think? Is there more to do or are we runing out of options? I am also not sure I'm ever going to feel completely secure on this laptop or is there a way to assure my paranoia? I may have buy a new one, I am wondering. I bought a new laptop for my wife and I wanted to see if you had recommendations on antivirus malware the whole setup and any tips you might have on the best way to set up a new windows 10 laptop. Please tell me if I am asking too much. Sometimes my brain shuts down and I don't even see that what I might be asking someone is out of line or inconsiderate, so please tell me. I really appriciate all of the help and time you have given me. Thank you. Mike
As for more scans to see if anything lingers, I don't think so. I've hit it with the hardest things I know of to try to find something and it just wasn't there.
I can post info on tools you can apply to your computer that will offer help in protection. And your not asking for to much, I want to help you and your wife and especially to remain safe.
I'll post info at the end of this post.
~~
The below will remove tools used and quarantine folders
DelFix
Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
*************
Windows Updates
Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.
How To Change Windows Update Settings (http://pcsupport.about.com/od/system-security/f/windows-update-settings.htm)
How To Check For & Install Windows Updates (http://pcsupport.about.com/od/keepingupwithupdates/f/windows-updates.htm)
Keeping your programs up-to-date
Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (https://en.wikipedia.org/wiki/Exploit_kit) (and also 0-days (https://en.wikipedia.org/wiki/Zero-day_(computing))) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like https://i.imgur.com/eF2jhaz.pngUCheck (https://www.adlice.com/download/ucheck/), ]SUMo (http://www.kcsoftwares.com/?sumo) and https://i.imgur.com/y5YE7At.pngHeimdal Free (http://www.bleepingcomputer.com/download/heimdal-free/) will scan your system for outdated programs, and help you identify them, as well as update them.
Anti-Virus, Anti-Malware, Firewall and Anti-Exploit/Ransomware
Having a decent security setup (which also includes an Anti-Virus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.
Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).
Anti-Virus
Sophos Home (https://home.sophos.com/reg)
Bitdefender Free Antivirus (http://www.bitdefender.com/solutions/free.html)
Emsisoft Anti-Malware (https://www.emsisoft.com/en/software/antimalware/) - Free 30 day trial. Once it expires, EAM enters into a freeware mode where it is still considered an Antivirus program, but without real-time protection
Avira Free Antivirus (https://www.avira.com/en/avira-free-antivirus)
avast! Free Antivirus (https://www.avast.com/index)
Anti-Malware
Malwarebytes (https://www.malwarebytes.org/) - Has both a free and paid version. The Premium version of Malwarebytes also offers Exploit and Ransomware protection, for a complete package of: Malware, Web, Exploit and Ransomware protection
HitmanPro 3 (http://www.surfright.nl/en/hitmanpro) - Free 30 day trial
Zemana AntiMalware (https://www.zemana.com/AntiMalware) - Free 30 day trial
Firewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
https://i.imgur.com/7p3JzTS.pngGlassWire (https://www.glasswire.com/) - Has both a free and paid version (with different packages)
https://i.imgur.com/MQIMh6k.pngWindows Firewall Control (http://www.binisoft.org/wfc.php) - Gives you more control over your Windows Firewall
https://i.imgur.com/5RXGshU.pngTinyWall (http://tinywall.pados.hu/) - Lightweight firewall implementing the Windows Firewall and giving you more control over it
Anti-Exploit/Anti-Ransomware
https://i.imgur.com/zGy061p.pngMalwarebytes Anti-Exploit Beta (https://www.malwarebytes.com/antiexploit/) - In a perpetual beta state, and entirely free
https://i.imgur.com/S2NFpNw.pngHitmanPro.Alert (http://www.surfright.nl/en/alert) - Free 30 day trial
https://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/cryptoprevent-malware-prevention/) - Has both a free and paid version
Web Browsers and Web Browsing
Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.
Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:
The Ultimate Guide to Secure your Online Browsing: Chrome, Firefox and Internet Explorer (https://heimdalsecurity.com/blog/ultimate-guide-secure-online-browsing/) on Heimdal Security
Seven Useful Habits For A Safer Internet (https://blog.kaspersky.com/seven-useful-habits-for-a-safer-internet/3717/) on Kapsersky Blog
Tips for Secure Web Browsing: Cybersecurity 101 (https://www.veracode.com/blog/2013/01/tips-for-secure-web-browsing-cybersecurity-101) on VeraCode
Safe browsing habits (https://www.internetsafetyproject.org/wiki/safe-browsing-habits) on Internet Safety Project Wiki
As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.
Other recommendations
Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :
Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7
How Malware Spreads - How did I get infected (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams (aka Grinler)
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes
Tips & Advice (http://www.staysafeonline.org/stop-think-connect/tips-and-advice) on StaySafeOnline.org
created by Aura
http://i.imgur.com/gRvSooB.pngThe End!
Hi
I wanted to again thank you for all of your help. While setting up my wife's new laptop I deleted everything on my external HD on my laptop, which was everything I had for the last 15yrs. A dumb mistake on my part using the HD to install Windows 10 on her laptop and it reformated and deleted everything, so I am starting from zero now. Her setup is good to go now and I think I will eventually wipe everything from my laptop and start fresh which will hopefully end my security issues. I really learned a lot from you and I am still reading through some of the links you sent. Thank you so much you're really nice.
Mike
You know, the best way to ensure safety on the infected computer was to actually reformat it. This also brings to mind the urgent need to make backups to make it all a smoother transition.
If this had happened on mine I would not had hesitated.
We're glad to help.http://i.imgur.com/SakDYGv.gif
I know,I had it backed up but screwed up and deleted it along with everything else. oh well
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.