start
CreateRestorePoint:
CloseProcesses:
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
AutoConfigURL: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
HKLM\...\Run: [cutoauto] => C:\Program Files (x86)\sorrier\harold.exe [41196 2017-02-18] ()
KLM\...\Run: [interpee] => C:\Program Files (x86)\Enervate\apocalyptic.exe [10752 2017-02-18] ()
C:\Program Files (x86)\sorrier
C:\Program Files (x86)\Enervate
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_17_04¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDzzyCtDyC0EyEzzyDyBtA0EyDzytByBtN0D0Tzu0StCzzyEzytN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtCzyyE0CyByB0FtGtAzy0AyEtGtBtDzz0CtGtA0E0D0DtGyC0F0BtByBzyyB0FtAzzyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0F0F0ByByD0DtGtDtA0CyBtGyEtB0D0CtG0AyBtAyEtG0A0F0Dzy0F0B0CtByEyCzyyC2QtN0A0LzuyE%26cr%3D1357470261%26a%3Dwbf_mncrfprj_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_17_04¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDzzyCtDyC0EyEzzyDyBtA0EyDzytByBtN0D0Tzu0StCzzyEzytN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtCzyyE0CyByB0FtGtAzy0AyEtGtBtDzz0CtGtA0E0D0DtGyC0F0BtByBzyyB0FtAzzyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0F0F0ByByD0DtGtDtA0CyBtGyEtB0D0CtG0AyBtAyEtG0A0F0Dzy0F0B0CtByEyCzyyC2QtN0A0LzuyE%26cr%3D1357470261%26a%3Dwbf_mncrfprj_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-783448517-647833336-481893931-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_17_04¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDzzyCtDyC0EyEzzyDyBtA0EyDzytByBtN0D0Tzu0StCzzyEzytN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtCzyyE0CyByB0FtGtAzy0AyEtGtBtDzz0CtGtA0E0D0DtGyC0F0BtByBzyyB0FtAzzyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0F0F0ByByD0DtGtDtA0CyBtGyEtB0D0CtG0AyBtAyEtG0A0F0Dzy0F0B0CtByEyCzyyC2QtN0A0LzuyE%26cr%3D1357470261%26a%3Dwbf_mncrfprj_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_16_40¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDzzyCtDyC0EyEzzyDyBtA0EyDzytByBtN0D0Tzu0StCyByEtCtN1L2XzutAtFtByEtFtByDtFyDyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0CyDtDzz0AtAyBtGtBtD0FtCtGyC0DzyyEtGyE0F0F0AtGzy0AyCzyyC0E0DyB0E0EtCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0F0F0ByByD0DtGtDtA0CyBtGyEtB0D0CtG0AyBtAyEtG0A0F0Dzy0F0B0CtByEyCzyyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEtCtB%26cr%3D310687501%26a%3Dwbf_mncrfprj_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_16_40¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDzzyCtDyC0EyEzzyDyBtA0EyDzytByBtN0D0Tzu0StCyByEtCtN1L2XzutAtFtByEtFtByDtFyDyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0CyDtDzz0AtAyBtGtBtD0FtCtGyC0DzyyEtGyE0F0F0AtGzy0AyCzyyC0E0DyB0E0EtCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0F0F0ByByD0DtGtDtA0CyBtGyEtB0D0CtG0AyBtAyEtG0A0F0Dzy0F0B0CtByEyCzyyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEtCtB%26cr%3D310687501%26a%3Dwbf_mncrfprj_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_17_04¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDzzyCtDyC0EyEzzyDyBtA0EyDzytByBtN0D0Tzu0StCzzyEzytN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtCzyyE0CyByB0FtGtAzy0AyEtGtBtDzz0CtGtA0E0D0DtGyC0F0BtByBzyyB0FtAzzyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0F0F0ByByD0DtGtDtA0CyBtGyEtB0D0CtG0AyBtAyEtG0A0F0Dzy0F0B0CtByEyCzyyC2QtN0A0LzuyE%26cr%3D1357470261%26a%3Dwbf_mncrfprj_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_16_40¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDzzyCtDyC0EyEzzyDyBtA0EyDzytByBtN0D0Tzu0StCyByEtCtN1L2XzutAtFtByEtFtByDtFyDyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0CyDtDzz0AtAyBtGtBtD0FtCtGyC0DzyyEtGyE0F0F0AtGzy0AyCzyyC0E0DyB0E0EtCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0F0F0ByByD0DtGtDtA0CyBtGyEtB0D0CtG0AyBtAyEtG0A0F0Dzy0F0B0CtByEyCzyyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEtCtB%26cr%3D310687501%26a%3Dwbf_mncrfprj_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_16_40¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDzzyCtDyC0EyEzzyDyBtA0EyDzytByBtN0D0Tzu0StCyByEtCtN1L2XzutAtFtByEtFtByDtFyDyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0CyDtDzz0AtAyBtGtBtD0FtCtGyC0DzyyEtGyE0F0F0AtGzy0AyCzyyC0E0DyB0E0EtCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0F0F0ByByD0DtGtDtA0CyBtGyEtB0D0CtG0AyBtAyEtG0A0F0Dzy0F0B0CtByEyCzyyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEtCtB%26cr%3D310687501%26a%3Dwbf_mncrfprj_16_40%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_17_04¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDzzyCtDyC0EyEzzyDyBtA0EyDzytByBtN0D0Tzu0StCzzyEzytN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtCzyyE0CyByB0FtGtAzy0AyEtGtBtDzz0CtGtA0E0D0DtGyC0F0BtByBzyyB0FtAzzyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0F0F0ByByD0DtGtDtA0CyBtGyEtB0D0CtG0AyBtAyEtG0A0F0Dzy0F0B0CtByEyCzyyC2QtN0A0LzuyE%26cr%3D1357470261%26a%3Dwbf_mncrfprj_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-783448517-647833336-481893931-1001 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_17_04¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDzzyCtDyC0EyEzzyDyBtA0EyDzytByBtN0D0Tzu0StCzzyEzytN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtCzyyE0CyByB0FtGtAzy0AyEtGtBtDzz0CtGtA0E0D0DtGyC0F0BtByBzyyB0FtAzzyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0F0F0ByByD0DtGtDtA0CyBtGyEtB0D0CtG0AyBtAyEtG0A0F0Dzy0F0B0CtByEyCzyyC2QtN0A0LzuyE%26cr%3D1357470261%26a%3Dwbf_mncrfprj_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-783448517-647833336-481893931-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_e89f1aa5_1201_1401_20160424_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-783448517-647833336-481893931-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_17_04¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDzzyCtDyC0EyEzzyDyBtA0EyDzytByBtN0D0Tzu0StCzzyEzytN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtCzyyE0CyByB0FtGtAzy0AyEtGtBtDzz0CtGtA0E0D0DtGyC0F0BtByBzyyB0FtAzzyB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0F0F0ByByD0DtGtDtA0CyBtGyEtB0D0CtG0AyBtAyEtG0A0F0Dzy0F0B0CtByEyCzyyC2QtN0A0LzuyE%26cr%3D1357470261%26a%3Dwbf_mncrfprj_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
U0 aswVmm; no ImagePath
C:\Program Files (x86)\AnonymizerGadget
Task: {09D89F8B-AB1A-4DF0-982F-9875236E49B1} - System32\Tasks\213879593 => C:\Program Files (x86)\shropshire\alltime.exe [2017-02-18] (wallah) <==== ATTENTION
C:\Program Files (x86)\Enervate\apocalyptic.exe
Task: {0E17C043-3086-425B-A76B-57A75E993E8F} - System32\Tasks\966848 => C:\Program Files (x86)\Enervate\apocalyptic.exe [2017-02-18] () <==== ATTENTION
Task: {15CF4540-72E0-46B0-970B-EA1B12CFCB5F} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {19D74E7E-D9D4-4A92-A050-D5969F5C56A4} - System32\Tasks\MSFT_TaskSettings3\CaesarsSlots => powershell.exe -NoProfile -WindowStyle Hidden -command cmd.exe /c if exist C:\Users\Jim\AppData\Local\Packages\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2 start explorer.exe shell:appsFolder\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2!App
Task: {296562E1-B097-463C-AB39-9523796F8761} - \DistromaticSearchProtect-logon -> No File <==== ATTENTION
Task: {4B66409F-528C-4CC6-9E98-D9F5C4D563A3} - System32\Tasks\Da966848966848 => C:\Program Files (x86)\Enervate\apocalyptic.exe [2017-02-18] ()
Task: {4CEF4553-58C3-4512-8E35-E20BCCCAE4BF} - \{E93B1D8E-7144-43CF-AED7-90E7FE9B5827} -> No File <==== ATTENTION
Task: {6E0AC03E-AD18-4883-BBC5-BA77053C033C} - \DistromaticUpdater-logon -> No File <==== ATTENTION
Task: {766C52A9-B31F-4C2C-B26C-1176E17586FA} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {78FBCF49-A629-44CF-82AE-74B9266D059B} - \{17D1B85F-0859-46E2-A8B6-00B63052A523} -> No File <==== ATTENTION
Task: {799231D8-D492-4E80-B400-64B3642849D2} - System32\Tasks\113879593 => C:\Program Files (x86)\shropshire\alltime.exe [2017-02-18] (wallah) <==== ATTENTION
Task: {8594B015-CF2B-4C8E-807E-48A2F3C5638E} - \{5EA21E3C-C6DF-4FAF-BF0A-C897623B028D} -> No File <==== ATTENTION
Task: {95C50509-4001-4D3E-9A2D-F57A90A0EA3E} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {980A9FE3-D226-4BF6-A3DB-54055266C29A} - \Optimize Start Menu Cache Files-S-1-5-21-783448517-647833336-481893931-1001 -> No File <==== ATTENTION
Task: {9DEE923E-1D8E-4ECA-9A31-7EE01AA62187} - \WPD\SqmUpload_S-1-5-21-783448517-647833336-481893931-1001 -> No File <==== ATTENTION
Task: {9E11E09C-7C0E-43B8-9372-FE62CDBD3F01} - \DistromaticUpdater-periodic -> No File <==== ATTENTION
Task: {D6266248-323A-4BE8-B51A-461073D7F22D} - System32\Tasks\76656282 => C:\Program Files (x86)\sorrier\equalized.exe [2017-02-18] (windows 99) <==== ATTENTION
Task: {DF8DFE89-E913-445D-A854-ABB727ED8442} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
Task: {EAC768E5-6FB2-4E5D-8B80-0AD7A8F4CA6A} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {ED004583-CB32-4C6B-882A-CE92F3ECDB0B} - \DistromaticSearchProtect-hourly -> No File <==== ATTENTION
HKLM\...\Run: [interpee] => C:\Program Files (x86)\Enervate\apocalyptic.exe [10752 2017-02-18] ()
EmptyTemp:
Hosts:
End