Ransomeware help

**MickD** · 2018-03-26, 04:17

I ran Malwarebytes, thank you.
In the scans there are some things in the host and registry and also kept seeing the name Andy?

Addition Scan

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by mikef (25-03-2018 16:17:20)
Running from F:\Programs
Windows 10 Home Version 1709 16299.125 (X64) (2017-12-02 11:28:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2844788878-880486787-4179794426-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2844788878-880486787-4179794426-503 - Limited - Disabled)
guero (S-1-5-21-2844788878-880486787-4179794426-1004 - Administrator - Enabled)
Guest (S-1-5-21-2844788878-880486787-4179794426-501 - Limited - Disabled)
mfuda (S-1-5-21-2844788878-880486787-4179794426-1005 - Administrator - Enabled)
mikef (S-1-5-21-2844788878-880486787-4179794426-1001 - Administrator - Enabled) => C:\Users\mikef
WDAGUtilityAccount (S-1-5-21-2844788878-880486787-4179794426-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Emsisoft Anti-Malware (Disabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Advanced Uninstaller PRO - Version 12 (HKLM-x32\...\AU11_is1) (Version: 12.21.0.95 - Innovative Solutions)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{7BCB15FE-CC5D-4C6D-B1C6-B0AF74EE09E0}) (Version: 20.6.20117.44471 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{7BCB15FE-CC5D-4C6D-B1C6-B0AF74EE09E0}) (Version: 20.6.20117.44471 - Alcor Micro Corp.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.101 - ICEpower a/s)
Bandicam (HKLM-x32\...\Bandicam) (Version: 4.1.1.1371 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.59 - Conexant)
CrazyTalk Animator v3.22 PRO (HKLM-x32\...\{6B844167-0760-43FD-BBCA-2463EC967721}) (Version: 3.22.2426.1 - Reallusion Inc.)
CrazyTalk v8.13 PRO (HKLM-x32\...\{239FA754-71DE-44A4-9DBC-9C9070AF058E}) (Version: 8.13.3615.1 - Reallusion Inc.)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.01 - NCH Software)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
DfuSe v3.0.5 (HKLM-x32\...\{61D44ABF-A11F-4FA4-98E6-C05BBBD0B52A}) (Version: 3.0.5 - STMicroelectronics)
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.71 - NCH Software)
DrawPad Graphic Design Software (HKLM-x32\...\DrawPad) (Version: 4.00 - NCH Software)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.6 - Emsisoft Ltd.)
Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
Evernote v. 6.9.7 (HKLM-x32\...\{531A27D2-11C0-11E8-B634-005056951CAD}) (Version: 6.9.7.6770 - Evernote Corp.)
Express Animate (HKLM-x32\...\ExpressAnimate) (Version: 3.11 - NCH Software)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoPro Studio (HKLM-x32\...\{BE06FF1A-83A0-42F2-913E-6E405393145C}) (Version: 5.12.5383 - GoPro, Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iClone 3DXchange v7.2 Pipeline (HKLM-x32\...\{AB0B6F1C-6F6F-4EEC-93A9-B3D50C2E1CFF}) (Version: 7.2.1220.1 - Reallusion Inc.)
iClone v7.2 (HKLM-x32\...\{13398646-FA8A-4389-8C4D-91F6677E2DD7}) (Version: 7.2.1220.1 - Reallusion Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Laplink PCmover Express - Personal Use (HKLM-x32\...\{16463F64-5878-4E56-B87D-5F5EE9D37729}) (Version: 10.00.641 - Laplink Software, Inc.)
LibreOffice 6.0.0.3 (HKLM\...\{DD7E9D37-CA78-459A-8BA8-29BBF29CF257}) (Version: 6.0.0.3 - The Document Foundation)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1 - Mozilla)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenTX Companion 2.0 (HKLM-x32\...\OpenTX Companion 2.0) (Version: - OpenTX)
Opera Stable 51.0.2830.55 (HKLM-x32\...\Opera 51.0.2830.55) (Version: 51.0.2830.55 - Opera Software)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 4.00 - NCH Software)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 5.02 - NCH Software)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 3.04 - NCH Software)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Quik (HKLM\...\{DF7EE9CB-0369-44F3-9B91-BF05A2D4891D}) (Version: 0.1.5383 - GoPro, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Rotor Rush (HKLM-x32\...\{9DC252BF-1428-49C8-AD6B-2AEFF7846FBD}) (Version: 5.4.1 - Vmach Media Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Secure Eraser (HKLM-x32\...\Secure Eraser_is1) (Version: 5.0.0.1 - ASCOMP Software GmbH)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
UE4 Prerequisites (x86) (HKLM-x32\...\{6EAAE1C0-6000-45FA-B46D-D206144925BF}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (HKLM-x32\...\{f1203e43-4ddb-4280-974e-73f14d793dbd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{61702639-6539-473A-8FE5-618E194C0069}) (Version: 2.7.0.0 - Microsoft Corporation)
USB Interface Utility (HKLM-x32\...\{8F711388-B16D-4015-86D4-67FED5DA59FE}) (Version: 1.2 - VMach Media Ltd)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
Velocidrone version 1.3.28 (HKLM\...\{3EB73E26-2153-4940-880E-F4436C1220A7}_is1) (Version: 1.3.28 - Bat Cave Games)
VFW_Codec32 (HKLM-x32\...\{ECDB3455-70F4-4EE6-B89E-3B4C5E9FF592}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{AE4073DE-7596-4E3B-9DE3-18BE2C3EFAA6}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.11 - NCH Software)
Virtual Com port driver V1.4.0 (HKLM-x32\...\{AF0ACDD1-3842-47C7-B153-B8DB92CDA42D}) (Version: 1.4.0 - STMicroelectronics)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Voxal Voice Changer (HKLM-x32\...\Voxal) (Version: 2.00 - NCH Software)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 8.01 - NCH Software)
WD Backup (HKLM-x32\...\{4AACAFC7-951A-4215-B430-3DFCFF2E6CED}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{7CC2EDF2-83EC-4707-BDD3-72469236A6CC}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows Driver Package - OpenPilot (usbser) Ports (11/21/2014 3.0.0.0) (HKLM\...\BD9150BF7DFF447F2F59CE296CC81C0AABAD7C01) (Version: 11/21/2014 3.0.0.0 - OpenPilot)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-25D45E75801D}\InprocServer32 -> %%sy.stemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> F:\Programs\Evernote Notes\EvernoteCCx64.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> F:\Programs\Evernote Notes\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{93c503ec-b307-4339-bca2-37fe3b4836e8}\InprocServer32 -> F:\Programs\Evernote Notes\EvernoteOLShim64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-08-28] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [Secure Eraser] -> {2A8DEC8D-934E-4FF8-825A-05A800047649} => F:\Programs\Secure Eraser\SecEraser64.dll [2016-02-03] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2012-04-01] ()
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-08-28] ()
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers6-x32: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6-x32: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6-x32: [Secure Eraser] -> {2A8DEC8D-934E-4FF8-825A-05A800047649} => F:\Programs\Secure Eraser\SecEraser64.dll [2016-02-03] ()
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03EBFD46-C746-4DA0-BAEB-F5CA61390248} - System32\Tasks\OrangeDefender => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
Task: {06A920B9-B407-426B-A434-24B032E0ED4E} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {0AF1E9FF-4B79-4FF5-AE15-31DA46522678} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {179C8342-2B77-4DF2-B3AB-57D60EA21609} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {228A45C3-9E2C-4E8B-89B7-22892704FEDD} - System32\Tasks\AdobeGCInvoker-1.0-NEGROTRES-mikef => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {22C767D3-6E0B-478E-9526-A1CDDDE64334} - System32\Tasks\NCH Software\DoxillionDowngrade => C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe [2017-11-09] (NCH Software)
Task: {28F5C682-B28F-4705-A2E3-2C11540275FA} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {292EC022-C90A-434B-853B-D40CEDC1A984} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {3A05543D-E482-44DA-ADCB-D822FA848B84} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {3CD8A4AF-ADA8-42EF-8CDE-43CB6F70D0CD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {504518C2-5BDB-4B97-B5C9-99534D14304F} - System32\Tasks\HPCeeScheduleFormikef => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {5A19F576-2169-4975-BFF2-A2FA539C49DD} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe
Task: {67ECF63A-E973-438F-BFB4-D32AFC510113} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {704F990B-DD1A-4D57-9C89-B6D311726A8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {71DA49D5-3FAF-4E9B-9F95-8E8632C50B40} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {77AD8B33-1EB8-434A-AD35-DA724436D766} - System32\Tasks\Avast Emergency Update => F:\Programs\Avast Anti virus\AvEmUpdate.exe
Task: {8762F122-5796-42E1-907F-1DA3BC4F2FCC} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {8FC31531-8EE3-4225-B895-8F42E143A938} - System32\Tasks\{C57E97CC-9025-4C60-9091-2CA62ECA2512} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\mikef\AppData\Local\uninstallce.exe
Task: {97C5972D-2FDF-43F2-8EA0-36F1B9669C8F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-16] ()
Task: {991EE7A9-5D78-4B05-87C3-959961846191} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {9F51B259-916F-4ABE-A104-B9E63FCF69C0} - System32\Tasks\{E879D36B-7B9D-4B38-9D50-1245197A8C25} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\mikef\AppData\Local\{A2BB94E7-8613-F85F-EB8B-DDB7CFE3212F}\uninst.exe -c -FN=""-P=/Uninstall /s /noun /DelSelfDir
Task: {A0D76D92-8BA9-48CD-A630-C843E1476C15} - System32\Tasks\Opera scheduled Autoupdate 1511452126 => C:\Program Files\Opera\launcher.exe [2018-03-07] (Opera Software)
Task: {A6CFB7EC-4787-4E77-937A-E4F7404F1CD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {AC5B173D-1D2A-4C1D-B39B-AAFC20B5C4A3} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
Task: {AD979737-F1C6-4841-9A60-39B9A16ACB08} - System32\Tasks\OrangeDefenderUpdate => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\updAvTask.exe
Task: {ADF4C576-61AE-4CF8-BD19-BAAB2CB9E943} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {AF452EDC-144F-4A3C-93B6-EB47B731E813} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {B811B41C-1BE5-4746-ADD8-D64EDD8547FB} - System32\Tasks\AupAvUpdate => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe [2017-08-10] (Innovative Solutions)
Task: {C067201E-25BB-4DC8-88D4-0442B7596F7F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-16] (Adobe Systems Incorporated)
Task: {C06BE5BF-FD06-4800-816E-FA5EDE11C951} - System32\Tasks\BackUp_Maker-mikef => C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe
Task: {C175D2BE-EF18-4C1A-BC98-A88C81E31F17} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {D0F3152F-900F-4D34-94CA-693D589AF071} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {DC088422-203E-4B6C-99B4-9D84FA38F0E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {DCD9A15F-3D52-4BB7-926F-02AAFE777009} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {F0B0F162-2C9A-4CDB-989E-9887B6ED8252} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {F5AF6B6F-2630-498E-B59C-586430B1B447} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {F956BFC8-7A07-4867-9C86-330B248A9F83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH5AC811FY => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleFormikef.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\OrangeDefender.job => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Notification.job => F:\Programs\Solvusoft\WinThruster\Sync.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Startup.job => F:\Programs\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Betaflight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=kdaghagfopacdngbohiknlhcocjccjao
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\BLHeli - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=mejfjggmbnocnfibbibmoogocnjbcjnk
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dcnofaichneijfbkdkghmhjjbepjmble
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Journey (Diary, Journal).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=jlncjaehedpdoinepaejmlpbmdkgmpog
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\KissFC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dpnfknficgldmilnkddfhmbafkcipkkh
ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RaceFlight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=ffkgelfmnmeofidahjaefimpdgekflha

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-08-10 03:42 - 2016-08-01 05:54 - 000133056 ____C () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-19 10:11 - 2015-05-19 10:11 - 000007680 ____C () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2017-08-19 23:09 - 2016-02-03 12:33 - 000566440 ____C () F:\Programs\Secure Eraser\SecEraser64.dll
2017-07-22 18:46 - 2012-04-01 00:06 - 002689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2017-08-28 18:41 - 2017-08-28 18:41 - 000155504 ____C () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-12-13 08:40 - 2017-11-26 05:23 - 011044864 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 08:40 - 2017-11-26 05:01 - 001804288 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-16 17:15 - 2017-03-16 17:15 - 000037808 ____C () F:\Programs\GoPro Desktop App\GoProDeviceDetection.exe
2017-07-21 23:23 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-07-21 23:23 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-20 06:48 - 2014-05-13 13:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-20 06:48 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-25 10:40 - 2015-08-25 10:40 - 000027648 ____C () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 000124928 ____C () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-11-02 23:00 - 2015-07-23 21:22 - 000011920 ____C () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-09-04 21:34 - 2015-09-04 21:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.

IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-07-24 05:29 - 2018-03-25 14:46 - 000454450 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123simsen.com

There are 15600 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2844788878-880486787-4179794426-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: DsSvc => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ComcastAntispyClient => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
MSCONFIG\startupreg: ddoctorv2 => "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Desktop Software => "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
MSCONFIG\startupreg: EEventManager => C:\Program Files (x86)\EPSONS~1\EVENTM~1\EEventManager.exe
MSCONFIG\startupreg: Gateway Photo Frame => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\MikeF\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\MikeF\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
MSCONFIG\startupreg: WinCalendarV3 => "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
HKLM\...\StartupApproved\Run: => "GoPro Tray App"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run32: => "Everalbum"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\StartupFolder: => "Shredder.bat"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "HP Officejet Pro 6830 (NET)"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "com.squirrel.slack.slack"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0192E56E-9BB9-40DA-954A-E6BC759DCAB2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{127EE995-1BE4-4F78-AA33-F419104015C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9804EB70-1C1B-4BFA-A76A-C221EB970965}] => (Allow) C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
FirewallRules: [{6B3F5AF4-3A63-4AAB-90CE-FE1C4980FA29}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{4B445AC9-1820-4E8E-86FD-624400C913DD}] => (Block) F:\Programs\CrazyTalk Animator 3\bin64\CrazyTalkAnimator.exe
FirewallRules: [{F32830F1-9BD3-48AA-971E-2E4CE83EBDFA}] => (Block) F:\Programs\CrazyTalk Animator 3\bin64\CrazyTalkAnimator.exe
FirewallRules: [{BAE363B3-F7A9-4FD5-9FDB-F31CE3B8DC88}] => (Block) F:\Programs\CrazyTalk Animator 3\bin64\CrazyTalkAnimator.exe
FirewallRules: [{7D184720-4179-4F3A-A664-8853AC4B6966}] => (Block) F:\Programs\CrazyTalk Animator 3\bin64\CrazyTalkAnimator.exe
FirewallRules: [{ED8D3D7B-3211-44D6-8271-E5576BFF1E65}] => (Allow) F:\Programs\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{21DD3971-9638-4E55-8233-521701AF7EAA}] => (Allow) F:\Programs\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{387560CC-6CBB-4E9A-9B26-72885F817582}] => (Allow) F:\Programs\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{4F827037-A02D-46D8-93B5-5031595AF62D}] => (Allow) F:\Programs\GoPro Desktop App\GoPro Quik.exe
FirewallRules: [{C532C020-1482-41CE-A650-FDC4D775BB32}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{B4F06E65-D3D6-4A25-AC26-80CFBE94BFC2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [UDP Query User{24B6D1A7-21EA-4B80-9773-FB96F639BC26}F:\programs\drlsimulator_1-1-0_win\simulator\drlsimulator.exe] => (Allow) F:\programs\drlsimulator_1-1-0_win\simulator\drlsimulator.exe
FirewallRules: [TCP Query User{147B489B-8382-4ADC-AFDB-EF839ABAF3C2}F:\programs\drlsimulator_1-1-0_win\simulator\drlsimulator.exe] => (Allow) F:\programs\drlsimulator_1-1-0_win\simulator\drlsimulator.exe
FirewallRules: [{7718C90A-BD33-4901-8078-B8144B61CAE0}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{7571C4C9-8E98-4258-886B-2752509D8092}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{15FF93DB-838C-494E-B163-98B3210E825A}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{A2365D31-3614-4B2C-B3B2-377FCEE0D30A}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{C2FF43C3-B68A-4CDC-B28D-0B75BD089422}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{92170D43-C695-4B7C-BA63-2B19314BE6D6}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{4E14ADF7-27EC-4774-B93D-F077EC2905DB}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{FB9CCAE6-4451-4C05-BF27-51F45FC57009}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{913E0180-CC73-41C3-88CC-808C14AC6E10}] => (Allow) C:\Users\mikef\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{45E67BD3-BD1A-4E4B-A364-BB4E22D6FD87}] => (Block) C:\Windows\explorer.exe
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
FirewallRules: [UDP Query User{278A8347-81F1-4DA3-A7A2-4033BB6E5214}C:\users\mikef\downloads\drlsimulator_1-0-8_win\drlsimulator_1-0-8_win\simulator\drlsimulator.exe] => (Allow) C:\users\mikef\downloads\drlsimulator_1-0-8_win\drlsimulator_1-0-8_win\simulator\drlsimulator.exe
FirewallRules: [TCP Query User{BBE8B569-3802-4456-9B59-4E5BC64FE1DA}C:\users\mikef\downloads\drlsimulator_1-0-8_win\drlsimulator_1-0-8_win\simulator\drlsimulator.exe] => (Allow) C:\users\mikef\downloads\drlsimulator_1-0-8_win\drlsimulator_1-0-8_win\simulator\drlsimulator.exe
FirewallRules: [UDP Query User{22C2005C-C444-4625-96C2-B3F8360AE4D6}F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Block) F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [TCP Query User{5E3FDAFF-2D19-48DA-80F1-3132CCA53B64}F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Block) F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [UDP Query User{11F7405B-9EBF-4419-8C7C-3910477E984B}F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [TCP Query User{7235E679-81A8-4169-9B5A-37B470D0DEF1}F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [{88A99397-F5FD-490E-AA93-69F21978D9D4}] => (Allow) C:\Program Files (x86)\Laplink\PCmover\pcmover.exe
FirewallRules: [{6D1FFE3E-A743-49CF-8B3D-231B7456247A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5D7FD833-6D8F-4716-AE62-6C5F9FF56836}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{57D27020-35F9-4BAB-A8E4-55866C5D9CAC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
FirewallRules: [{9932BE6C-6065-433E-8788-142FB8C6D0F6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
FirewallRules: [{66093D00-1387-4EA6-9D7C-926A476223F8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
FirewallRules: [{2F0AB679-4BCB-45B7-ABE0-92A67F2D1253}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
FirewallRules: [{056E1BEB-F740-4526-91FD-F656D7F645F5}] => (Allow) LPort=5357
FirewallRules: [{415148F0-DA72-48DF-868A-211A83800748}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{AEFEB1B4-004D-4C1B-BA92-E00A8EF98FCD}C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [UDP Query User{FE1A6E57-EB90-4647-8FD9-D9981D5A64DD}C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [TCP Query User{528B829E-4718-4188-A933-57DE99CDB771}C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [UDP Query User{E0752CDF-9489-443B-9777-DE39DE8B00EC}C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
FirewallRules: [{7CBC0525-54E6-4602-B76C-3105F71D1111}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{3B826CAA-4252-4EE6-B38D-9B4557EB232D}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{4A3D1C24-9219-4FE0-A001-5DB069B8898B}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{669309B8-918B-439A-AD1A-1313BCBDDEE8}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{D6DFA72C-0AE7-4066-92A1-FA381E86A872}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{27892B31-73D0-4AA0-85F4-2CB608F7E809}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{D687402A-CBC4-43F0-8053-71D08303B5D0}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{AB0E9925-E723-4925-98EC-E15DC105FDBB}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{715201BF-EDF7-4074-AA92-13A3FE7FDACC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{84E96F96-531A-4587-9EAF-A37DCB986BF4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{90B98612-E8D2-4E76-973F-CA3794F32CFF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CF1DA14D-516B-4A71-A3F3-3519888C6298}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F95C5596-3C70-4582-BCE4-CFD2570EEE7F}] => (Allow) C:\Program Files\Opera\51.0.2830.40\opera.exe
FirewallRules: [TCP Query User{0535286E-86B0-4354-AA5C-F0BC423FF618}F:\programs\muvizu\binaries\muvizu.exe] => (Allow) F:\programs\muvizu\binaries\muvizu.exe
FirewallRules: [UDP Query User{CEE1D7D6-3AAF-47DC-B0E6-0BDCB3671E1D}F:\programs\muvizu\binaries\muvizu.exe] => (Allow) F:\programs\muvizu\binaries\muvizu.exe
FirewallRules: [{034F8069-CA78-4553-8498-9DFDA9E9BFC8}] => (Allow) C:\Program Files\Opera\51.0.2830.55\opera.exe
FirewallRules: [{AD1B7BF7-0E1F-4D6A-A6D4-413640008B6C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

08-03-2018 10:40:38 Removed Track Pack DDC
16-03-2018 13:50:49 Scheduled Checkpoint
23-03-2018 09:13:27 JRT Pre-Junkware Removal
25-03-2018 12:41:21 After installing Advanced Uninstaller PRO
25-03-2018 13:16:55 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2018 03:18:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_smphost, version: 10.0.16299.15, time stamp: 0x9c786b9a
Faulting module name: msvcrt.dll, version: 7.0.16299.125, time stamp: 0x20688290
Exception code: 0xc0000005
Fault offset: 0x00000000000731ba
Faulting process id: 0x2d40
Faulting application start time: 0x01d3c487352f592c
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\System32\msvcrt.dll
Report Id: 20827e03-46bb-43bc-acaf-4d0384cfe5e2
Faulting package full name:
Faulting package-relative application ID:

Error: (03/25/2018 03:18:40 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/25/2018 03:18:40 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/25/2018 03:18:29 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/25/2018 03:18:29 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/25/2018 09:23:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname NegroTres.local already in use; will try NegroTres-2.local instead

Error: (03/25/2018 09:23:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 NegroTres.local. Addr 10.0.0.195

Error: (03/25/2018 09:23:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.195:5353 16 NegroTres.local. AAAA 2601:0201:0282:5A01:0000:0000:0000:A936

System errors:
=============
Error: (03/25/2018 04:14:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/25/2018 04:00:58 PM) (Source: DCOM) (EventID: 10010) (User: NEGROTRES)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Windows Defender:
===================================
Date: 2017-12-05 09:19:18.956
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {05A1E94E-3FF9-4B66-88D3-7215CB4ABA91}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-23 09:10:50.796
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.562.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2018-03-23 09:10:50.796
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.5.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2018-03-23 09:10:44.964
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.562.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-23 09:10:44.963
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.562.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-23 09:10:44.963
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.562.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-03-25 16:08:47.201
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2018-03-25 16:08:47.196
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2018-03-25 16:08:47.167
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2018-03-25 16:08:47.162
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2018-03-25 16:04:07.776
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-25 16:04:07.774
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-25 16:03:57.352
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-25 16:03:57.351
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 8084.27 MB
Available physical RAM: 3975.44 MB
Total Virtual: 11084.27 MB
Available Virtual: 5741.6 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:237.72 GB) (Free:164.77 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:527.76 GB) NTFS

\\?\Volume{2ea052e8-0a14-4730-b8e7-5d2f634e9ad2}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{f885f58c-2350-43d0-a38d-08247bfbbb90}\ () (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: EBA450F1)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CB536EDD)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

FRST Scan

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by mikef (administrator) on NEGROTRES (25-03-2018 16:16:36)
Running from F:\Programs
Loaded Profiles: mikef (Available Profiles: mikef)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Copyright 2017.) F:\Programs\Zemana AntiMalware\ZAM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() F:\Programs\GoPro Desktop App\GoProDeviceDetection.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5913720 2017-05-23] (Safer-Networking Ltd.)
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\Run: [AdobeBridge] => [X]
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE3F5A~1.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(6).dll [94568 2017-01-19] (Zemana Ltd.)
Startup: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shredder.bat [2018-03-04] ()
BootExecute: autocheck autochk * bddel.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{449da3d2-0683-4c05-a995-2ca8434c1492}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2844788878-880486787-4179794426-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS380US380
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {6b0d4c9d-c6eb-4a9a-981c-ac3f9d8373c0} URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&cid=xfstart_tech_search&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {99FFAE1F-493D-44F2-84D3-A9771953A756} URL = hxxps://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

FireFox:
========
FF DefaultProfile: inyi5s32.default-1521871370978
FF ProfilePath: C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978 [2018-03-25]
FF Extension: (Grammarly for Firefox) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-03-23]
FF Extension: (Firefox Multi-Account Containers) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\@testpilot-containers.xpi [2018-03-23]
FF Extension: (AdBlocker Ultimate) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\adblockultimate@adblockultimate.net.xpi [2018-03-23]
FF Extension: (TubeBuddy for YouTube) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2018-03-23]
FF Extension: (Easy Screenshot) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\easyscreenshot@mozillaonline.com.xpi [2018-03-23]
FF Extension: (Enhancer for YouTube™) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2018-03-23]
FF Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\hotspot-shield@anchorfree.com.xpi [2018-03-23] [Legacy]
FF Extension: (AdBlock) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-03-23]
FF Extension: (AdBlocker for YouTube™) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2018-03-23]
FF Extension: (Tab Session Manager) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\Tab-Session-Manager@sienori.xpi [2018-03-23]
FF Extension: (uBlock Origin) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\uBlock0@raymondhill.net.xpi [2018-03-23]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-03-23]
FF Extension: (Screengrab!) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-03-23]
FF Extension: (igtranslator) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{059cddf1-f66c-4b63-a79a-c35ac7e6ac65}.xpi [2018-03-23]
FF Extension: (Adblock for Youtube™) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{0ac04bdb-d698-452f-8048-bcef1a3f4b0d}.xpi [2018-03-23]
FF Extension: (__MSG_appName__) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-03-23]
FF Extension: (Adblock Plus) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-03-23]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\features\{9bba7b1f-f9c1-45a6-b0d2-8e253c3f4a32}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-23] [Legacy]
FF HKLM\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-14] ()
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [No File]
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-2844788878-880486787-4179794426-1001: @citrixonline.com/appdetectorplugin -> C:\Users\MikeF\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]

Chrome:
=======
CHR DefaultProfile: Profile 3
CHR HomePage: Profile 3 -> search.ask.com/?gct=hp
CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default [2018-03-25]
CHR Extension: (Google Docs) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-18]
CHR Extension: (Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
CHR Extension: (YouTube) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
CHR Extension: (Google Search) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-18]
CHR Extension: (Gmail) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18]
CHR Extension: (Chrome Media Router) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-02-20]
CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-02-20]
CHR Extension: (Google Slides) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-18]
CHR Extension: (Google Docs) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-18]
CHR Extension: (Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
CHR Extension: (YouTube) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
CHR Extension: (Google Search) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18]
CHR Extension: (Google Sheets) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-18]
CHR Extension: (SiteAdvisor) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-18]
CHR Extension: (Gmail) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18]
CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-02-20]
CHR Extension: (Google Slides) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-18]
CHR Extension: (Google Docs) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-18]
CHR Extension: (Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
CHR Extension: (YouTube) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
CHR Extension: (Google Search) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18]
CHR Extension: (Google Sheets) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-18]
CHR Extension: (SiteAdvisor) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-18]
CHR Extension: (Gmail) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18]
CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3 [2018-03-25]
CHR Extension: (h264ify) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aleakchihdccplidncghkekgioiakgal [2017-08-04]
CHR Extension: (Docs) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-01-21]
CHR Extension: (Social Blade) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2018-03-23]
CHR Extension: (uBlock Origin) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-03-23]
CHR Extension: (Fair AdBlocker App) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-07-31]
CHR Extension: (KissFC) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dpnfknficgldmilnkddfhmbafkcipkkh [2017-04-16]
CHR Extension: (RaceFlight - Configurator) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ffkgelfmnmeofidahjaefimpdgekflha [2017-04-09]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-03-23]
CHR Extension: (HTTPS Everywhere) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Save to Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-02-20]
CHR Extension: (Windscribe - Free VPN and Ad Blocker) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2018-03-06]
CHR Extension: (Journey (Diary, Journal)) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jlncjaehedpdoinepaejmlpbmdkgmpog [2018-03-06]
CHR Extension: (Grammarly for Chrome) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-03-23]
CHR Extension: (Betaflight - Configurator) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kdaghagfopacdngbohiknlhcocjccjao [2018-03-06]
CHR Extension: (The Great Suspender) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-09-02]
CHR Extension: (Google Maps) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-03-04]
CHR Extension: (Video Converter) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2016-06-12]
CHR Extension: (BLHeli - Configurator) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mejfjggmbnocnfibbibmoogocnjbcjnk [2018-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Social Media Improver) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\opnfbjkeinmnibcpmlpjacekjaldnjmj [2018-03-23]
CHR Extension: (XFINITY® TV Go Stream Live TV Online) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pbefpbidnpmpfbkledpohpejdcgfnfif [2016-09-16]
CHR Extension: (Chrome Media Router) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]
CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-21]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MikeF\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gkcffmoikcgfhagefelmhiakelnjihik] - hxxps://chrome.google.com/webstore/detail/gkcffmoikcgfhagefelmhiakelnjihik
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx <not found>

Opera:
=======
OPR StartupUrls: "hxxp://facebook.com/","hxxp://youtube.com/","hxxp://gmail.com/","hxxps://mail.yahoo.com/"
OPR Session Restore: -> is enabled.
OPR Extension: (AdBlock) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-11-23]
OPR Extension: (Unlimited Free VPN - Hola) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-12-15]
OPR Extension: (Translate) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2017-11-23]
OPR Extension: (Grammarly for Chrome) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-12-11]
OPR Extension: (Install Chrome Extensions) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2017-12-15]
OPR Extension: (AdBlock) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-11-23]
OPR Extension: (History Eraser) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpoajlbkhlfoeeokbppmecpplmieedm [2017-11-23]
OPR Extension: (AdBlock) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2017-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9317264 2018-03-08] (Emsisoft Ltd)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-16] (Intel Corporation)
R2 GoProDeviceDetectionService; F:\Programs\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
S3 MBAMService; F:\Programs\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
R2 SAService; C:\Windows\system32\SAsrv.exe [427224 2015-04-17] (Conexant Systems, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-11] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-11] (Microsoft Corporation)
R2 ZAMSvc; F:\Programs\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
S2 AdobeUpdateService; "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" [X]
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [138744 2015-08-17] (ASUS Corporation)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320528 2017-09-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-09-02] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343296 2017-09-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-09-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47016 2017-09-02] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-02] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147784 2017-09-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-09-02] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-09-02] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1016384 2017-09-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [590880 2017-09-02] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [199312 2017-09-02] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-09-02] (AVAST Software)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-08-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-08-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-08-01] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-08-01] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-16] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-16] (Intel Corporation)
R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-16] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
R3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [161408 2017-03-22] (Zemana Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-25] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-25] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-25] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-25] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-25] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-07-27] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [83360 2017-05-23] (Safer-Networking Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [44184 2012-07-20] (STMicroelectronics)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-03-25] ()
R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx64.sys [52976 2018-02-25] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-11] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-08-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-28] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-25 16:15 - 2018-03-25 16:16 - 000000000 ___DC C:\FRST
2018-03-25 15:56 - 2018-03-25 15:56 - 000001762 ____C C:\Users\mikef\Desktop\AdwCleaner Scan 3.18.txt
2018-03-25 15:53 - 2018-03-25 15:57 - 000000000 ___DC C:\AdwCleaner
2018-03-25 15:22 - 2018-03-25 15:22 - 000012510 ____C C:\Users\mikef\Desktop\roguekiller scan 2.txt
2018-03-25 15:21 - 2018-03-25 15:21 - 000012508 ____C C:\Users\mikef\Desktop\roguekiller scan 1.txt
2018-03-25 14:49 - 2018-03-25 14:49 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-03-25 14:48 - 2018-03-25 14:48 - 000000000 ___DC C:\ProgramData\RogueKiller
2018-03-25 14:46 - 2018-02-28 22:46 - 000454450 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20180325-144632.backup
2018-03-25 13:09 - 2018-03-25 13:09 - 000000000 ___DC C:\Users\mikef\AppData\Local\Wolf of Webstreet OPC Private Limited
2018-03-25 12:57 - 2018-03-25 12:57 - 000001924 ____C C:\Users\Public\Desktop\HitmanPro.lnk
2018-03-25 12:57 - 2018-03-25 12:57 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-03-25 12:57 - 2018-03-25 12:57 - 000000000 ___DC C:\Program Files\HitmanPro
2018-03-25 12:41 - 2018-03-25 12:41 - 000001676 ____C C:\Users\mikef\Desktop\Advanced Uninstaller PRO 12.lnk
2018-03-25 12:41 - 2018-03-25 12:41 - 000001560 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk
2018-03-25 12:41 - 2018-03-25 12:41 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2018-03-25 12:31 - 2018-03-25 12:31 - 000003186 _____ C:\WINDOWS\System32\Tasks\BDAntiCryptoWallTask
2018-03-25 12:21 - 2018-03-25 12:21 - 004778360 ____C (Bitdefender ) C:\Users\mikef\Desktop\BDAntiRansomwareSetup (1).exe
2018-03-25 10:29 - 2018-03-25 10:30 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-25 10:29 - 2018-03-25 10:29 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-25 10:29 - 2018-03-25 10:29 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-25 10:29 - 2018-03-25 10:29 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-25 10:29 - 2018-03-25 10:29 - 000045960 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-25 10:29 - 2018-03-25 10:29 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-25 09:22 - 2018-03-25 10:58 - 000000000 ___DC C:\WINDOWS\Minidump
2018-03-23 12:56 - 2018-03-23 12:56 - 000003044 ____C C:\Users\mikef\Desktop\eset scan.txt
2018-03-23 12:27 - 2018-03-25 12:00 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-03-23 12:27 - 2018-03-25 12:00 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-03-23 11:44 - 2018-03-23 11:44 - 124300000 ____C (Microsoft Corporation) C:\Users\mikef\Desktop\msert.exe
2018-03-23 11:14 - 2018-03-23 11:14 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-23 11:14 - 2018-03-23 11:14 - 040510072 ____C (Microsoft Corporation) C:\Users\mikef\Desktop\Windows-KB890830-x64-V5.58.exe
2018-03-23 09:11 - 2018-03-23 09:12 - 000031474 ____C C:\Users\mikef\Desktop\Rkill.txt
2018-03-17 09:49 - 2018-03-22 23:15 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\Microsoft Visual Pack x86
2018-03-15 16:23 - 2018-03-15 16:23 - 000000000 ___DC C:\Program Files (x86)\Adobe
2018-03-11 12:02 - 2018-03-11 12:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-08 18:00 - 2018-03-08 18:00 - 000037274 ____C C:\Users\mikef\Desktop\contactc rx.pdf
2018-03-08 10:52 - 2018-03-08 10:52 - 000001912 ____C C:\Users\Public\Desktop\Rotor Rush Help.lnk
2018-03-08 10:52 - 2018-03-08 10:52 - 000000761 ____C C:\Users\Public\Desktop\Rotor Rush.lnk
2018-03-06 13:01 - 2018-03-06 13:01 - 000221473 ____C C:\Users\mikef\Desktop\Contacts Rx .pdf
2018-03-04 16:20 - 2018-03-04 16:20 - 000000000 ___DC C:\adobeTemp
2018-03-04 13:49 - 2018-03-25 13:24 - 000000645 ____C C:\Users\mikef\Desktop\JRT.txt
2018-03-04 10:03 - 2008-07-31 11:41 - 000238088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2018-03-04 10:03 - 2008-07-31 11:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2018-03-04 10:03 - 2008-07-31 11:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2018-03-04 10:03 - 2008-07-31 11:41 - 000068616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2018-03-04 10:03 - 2008-07-31 11:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2018-03-04 10:03 - 2008-07-31 11:40 - 000509448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2018-03-04 10:03 - 2008-07-12 09:18 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2018-03-04 10:03 - 2008-07-12 09:18 - 003851784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2018-03-04 10:03 - 2008-07-12 09:18 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2018-03-04 10:03 - 2008-07-12 09:18 - 001493528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2018-03-04 10:03 - 2008-07-12 09:18 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2018-03-04 10:03 - 2008-07-12 09:18 - 000467984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2018-03-04 10:03 - 2008-05-30 15:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2018-03-04 10:03 - 2008-05-30 15:19 - 000507400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2018-03-04 10:03 - 2008-05-30 15:18 - 000238088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2018-03-04 10:03 - 2008-05-30 15:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2018-03-04 10:03 - 2008-05-30 15:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2018-03-04 10:03 - 2008-05-30 15:17 - 000065032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2018-03-04 10:03 - 2008-05-30 15:17 - 000025608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2018-03-04 10:03 - 2008-05-30 15:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2018-03-04 10:03 - 2008-05-30 15:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2018-03-04 10:03 - 2008-05-30 15:11 - 003850760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2018-03-04 10:03 - 2008-05-30 15:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2018-03-04 10:03 - 2008-05-30 15:11 - 001491992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2018-03-04 10:03 - 2008-05-30 15:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2018-03-04 10:03 - 2008-05-30 15:11 - 000467984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2018-03-04 10:03 - 2008-03-05 17:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2018-03-04 10:03 - 2008-03-05 17:03 - 000479752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2018-03-04 10:03 - 2008-03-05 17:03 - 000238088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2018-03-04 10:03 - 2008-03-05 17:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2018-03-04 10:03 - 2008-03-05 17:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2018-03-04 10:03 - 2008-03-05 17:00 - 000025608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2018-03-04 10:03 - 2008-03-05 16:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2018-03-04 10:03 - 2008-03-05 16:56 - 003786760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2018-03-04 10:03 - 2008-03-05 16:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2018-03-04 10:03 - 2008-03-05 16:56 - 001420824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2018-03-04 10:03 - 2008-02-06 00:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2018-03-04 10:03 - 2008-02-06 00:07 - 000462864 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2018-03-04 10:03 - 2007-10-22 04:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2018-03-04 10:03 - 2007-10-22 04:39 - 000267272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2018-03-04 10:03 - 2007-10-22 04:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2018-03-04 10:03 - 2007-10-22 04:37 - 000017928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2018-03-04 10:03 - 2007-10-12 16:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2018-03-04 10:03 - 2007-10-12 16:14 - 003734536 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2018-03-04 10:03 - 2007-10-12 16:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2018-03-04 10:03 - 2007-10-12 16:14 - 001374232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2018-03-04 10:03 - 2007-10-02 10:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2018-03-04 10:03 - 2007-10-02 10:56 - 000444776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2018-03-04 10:03 - 2007-07-20 01:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2018-03-04 10:03 - 2007-07-20 01:57 - 000267112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2018-03-04 10:03 - 2007-07-19 19:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2018-03-04 10:03 - 2007-07-19 19:14 - 003727720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2018-03-04 10:03 - 2007-07-19 19:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2018-03-04 10:03 - 2007-07-19 19:14 - 001358192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2018-03-04 10:03 - 2007-07-19 19:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2018-03-04 10:03 - 2007-07-19 19:14 - 000444776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2018-03-04 10:03 - 2007-06-20 21:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2018-03-04 10:03 - 2007-06-20 21:46 - 000266088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2018-03-04 10:03 - 2007-05-16 17:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2018-03-04 10:03 - 2007-05-16 17:45 - 003497832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2018-03-04 10:03 - 2007-05-16 17:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2018-03-04 10:03 - 2007-05-16 17:45 - 001124720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2018-03-04 10:03 - 2007-05-16 17:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2018-03-04 10:03 - 2007-05-16 17:45 - 000443752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2018-03-04 10:03 - 2007-04-04 19:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2018-03-04 10:03 - 2007-04-04 19:55 - 000261480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2018-03-04 10:03 - 2007-03-15 17:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2018-03-04 10:03 - 2007-03-15 17:57 - 000443752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2018-03-04 10:03 - 2007-03-12 17:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2018-03-04 10:03 - 2007-03-12 17:42 - 003495784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2018-03-04 10:03 - 2007-03-12 17:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2018-03-04 10:03 - 2007-03-12 17:42 - 001123696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2018-03-04 10:03 - 2007-03-05 13:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2018-03-04 10:03 - 2007-03-05 13:42 - 000015128 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2018-03-04 10:03 - 2007-01-24 16:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2018-03-04 10:03 - 2007-01-24 16:27 - 000255848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2018-03-04 10:03 - 2006-12-08 13:02 - 000251672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2018-03-04 10:03 - 2006-12-08 13:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2018-03-04 10:03 - 2006-11-29 14:06 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2018-03-04 10:03 - 2006-11-29 14:06 - 003426072 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2018-03-04 10:03 - 2006-11-29 14:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2018-03-04 10:03 - 2006-11-29 14:06 - 000440080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2018-03-04 10:03 - 2006-09-28 17:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2018-03-04 10:03 - 2006-09-28 17:05 - 002414360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2018-03-04 10:03 - 2006-09-28 17:05 - 000237848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2018-03-04 10:03 - 2006-09-28 17:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2018-03-04 10:03 - 2006-07-28 10:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2018-03-04 10:03 - 2006-07-28 10:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2018-03-04 10:03 - 2006-07-28 10:30 - 000236824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2018-03-04 10:03 - 2006-07-28 10:30 - 000062744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2018-03-04 10:03 - 2006-05-31 08:24 - 000230168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2018-03-04 10:03 - 2006-05-31 08:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2018-03-04 10:03 - 2006-03-31 13:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2018-03-04 10:03 - 2006-03-31 13:40 - 002388176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2018-03-04 10:03 - 2006-03-31 13:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2018-03-04 10:03 - 2006-03-31 13:39 - 000229584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2018-03-04 10:03 - 2006-03-31 13:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2018-03-04 10:03 - 2006-03-31 13:39 - 000062672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2018-03-04 10:03 - 2006-02-03 09:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2018-03-04 10:03 - 2006-02-03 09:43 - 002332368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2018-03-04 10:03 - 2006-02-03 09:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2018-03-04 10:03 - 2006-02-03 09:42 - 000230096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2018-03-04 10:03 - 2006-02-03 09:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2018-03-04 10:03 - 2006-02-03 09:41 - 000014032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2018-03-04 10:03 - 2005-12-05 19:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2018-03-04 10:03 - 2005-12-05 19:09 - 002323664 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2018-03-04 10:03 - 2005-07-22 20:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2018-03-04 10:03 - 2005-07-22 20:59 - 002319568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2018-03-04 10:03 - 2005-05-26 16:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2018-03-04 10:03 - 2005-05-26 16:34 - 002297552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2018-03-04 10:03 - 2005-03-18 18:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2018-03-04 10:03 - 2005-03-18 18:19 - 002337488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2018-03-04 10:03 - 2005-02-05 20:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2018-03-04 10:03 - 2005-02-05 20:45 - 002222800 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2018-03-03 16:59 - 2018-03-03 17:11 - 000000942 ___HC C:\Users\mikef\.lmmsrc.xml
2018-03-03 13:12 - 2018-03-03 13:12 - 000000000 ___DC C:\Users\mikef\Documents\Audacity
2018-03-03 12:09 - 2018-03-03 12:09 - 000000000 ___DC C:\Users\mikef\Documents\Mixpad Projects
2018-03-02 09:32 - 2018-03-02 09:32 - 000000000 ___DC C:\Users\mikef\AppData\Local\iClone
2018-03-02 09:00 - 2018-03-02 09:00 - 000000875 ____C C:\Users\Public\Desktop\iClone v7.2.lnk
2018-03-02 08:59 - 2018-03-02 08:59 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iClone 7
2018-03-01 13:01 - 2018-03-01 13:01 - 000000000 ___DC C:\Users\mikef\Documents\DrawPad
2018-03-01 12:43 - 2018-03-01 12:43 - 000001229 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Animate.lnk
2018-03-01 12:43 - 2018-03-01 12:43 - 000001217 ____C C:\Users\Public\Desktop\Express Animate.lnk
2018-03-01 12:43 - 2018-03-01 12:43 - 000001165 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2018-03-01 12:43 - 2018-03-01 12:43 - 000001153 ____C C:\Users\Public\Desktop\WavePad Sound Editor.lnk
2018-03-01 12:40 - 2018-03-01 12:40 - 000001157 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2018-03-01 12:40 - 2018-03-01 12:40 - 000001145 ____C C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2018-03-01 12:13 - 2018-03-01 12:54 - 000001187 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DrawPad Graphic Design Software.lnk
2018-03-01 12:13 - 2018-03-01 12:54 - 000001175 ____C C:\Users\Public\Desktop\DrawPad Graphic Design Software.lnk
2018-02-28 22:46 - 2017-12-12 10:46 - 000454450 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20180228-214624.backup
2018-02-28 15:57 - 2018-02-28 15:57 - 000000000 ___DC C:\Users\mikef\AppData\Local\MorphCreator
2018-02-27 15:57 - 2018-02-27 15:57 - 000001735 ____C C:\Users\mikef\Desktop\Evernote.lnk
2018-02-27 11:58 - 2018-02-27 12:05 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\YouTubeByClick
2018-02-27 11:57 - 2018-03-04 14:58 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\ByClick
2018-02-26 15:06 - 2011-09-07 16:25 - 000000000 ___DC C:\Users\mikef\Desktop\Ex_Files_AE_Cr8_Char
2018-02-26 15:05 - 2018-02-26 15:05 - 009715947 ____C C:\Users\mikef\Desktop\Ex_Files_AE_Cr8_Char.zip
2018-02-26 10:47 - 2018-02-26 10:47 - 000001181 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk
2018-02-26 10:45 - 2018-02-26 10:45 - 000001199 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Image Converter.lnk
2018-02-26 10:45 - 2018-02-26 10:45 - 000001187 ____C C:\Users\Public\Desktop\Pixillion Image Converter.lnk
2018-02-25 16:40 - 2018-02-25 16:40 - 000000976 ____C C:\Users\Public\Desktop\iClone 3DXchange v7.2 Pipeline.lnk
2018-02-25 16:40 - 2018-02-25 16:40 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iClone 3DXchange 7
2018-02-25 16:14 - 2018-02-25 16:14 - 000052976 _____ C:\WINDOWS\system32\Drivers\voxaldriverx64.sys
2018-02-25 16:14 - 2018-02-25 16:14 - 000001167 ____C C:\Users\mikef\AppData\Roaming\trace_FilterInstaller.txt
2018-02-25 16:14 - 2018-02-25 16:14 - 000001139 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
2018-02-25 16:14 - 2018-02-25 16:14 - 000001127 ____C C:\Users\Public\Desktop\Voxal Voice Changer.lnk
2018-02-25 16:14 - 2018-02-25 16:14 - 000000000 ____C C:\Users\mikef\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2018-02-23 19:06 - 2018-02-24 08:38 - 000000000 ___DC C:\Users\mikef\AppData\Local\EvernoteNW
2018-02-23 14:58 - 2018-02-23 15:01 - 000000000 ___DC C:\Users\mikef\Evernote
2018-02-23 14:57 - 2018-02-27 15:57 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-25 16:15 - 2017-07-28 16:41 - 000077691 ____C C:\WINDOWS\ZAM.krnl.trace
2018-03-25 16:15 - 2017-07-28 16:41 - 000037986 ____C C:\WINDOWS\ZAM_Guard.krnl.trace
2018-03-25 16:06 - 2017-12-02 04:27 - 001896192 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-25 15:59 - 2016-11-24 10:47 - 000000000 ___DC C:\Users\mikef\AppData\LocalLow\Mozilla
2018-03-25 15:59 - 2015-11-03 00:07 - 000000165 ____C C:\Users\mikef\AppData\Roaming\sp_data.sys
2018-03-25 15:59 - 2015-11-03 00:07 - 000000000 __SHD C:\Users\mikef\IntelGraphicsProfiles
2018-03-25 15:58 - 2017-12-02 04:27 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2018-03-25 15:58 - 2017-09-29 01:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-25 15:58 - 2017-07-29 07:32 - 000000000 ___DC C:\Program Files\Emsisoft Anti-Malware
2018-03-25 14:19 - 2017-12-02 04:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-25 12:55 - 2017-09-02 16:10 - 000000000 ___DC C:\ProgramData\AVAST Software
2018-03-25 12:41 - 2017-12-02 04:27 - 000004100 _____ C:\WINDOWS\System32\Tasks\AupAvUpdate
2018-03-25 10:29 - 2017-07-23 15:01 - 000000781 ____C C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-25 10:29 - 2017-07-23 15:01 - 000000000 ___DC C:\ProgramData\Malwarebytes
2018-03-25 10:25 - 2016-02-18 19:44 - 001388432 ____C C:\Users\Public\VOIP.dat
2018-03-25 09:17 - 2016-03-09 18:59 - 000000352 ____C C:\WINDOWS\Tasks\HPCeeScheduleFormikef.job
2018-03-25 00:27 - 2017-12-02 04:27 - 000003244 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFormikef
2018-03-23 23:51 - 2017-11-28 11:03 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2018-03-23 23:51 - 2017-11-28 11:03 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-23 23:35 - 2017-11-29 18:44 - 000000955 ____C C:\Users\Public\Desktop\Firefox.lnk
2018-03-23 23:35 - 2017-11-28 11:03 - 000000967 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-23 23:34 - 2017-11-28 11:03 - 000311176 ____C (Mozilla) C:\Users\mikef\Downloads\Firefox Installer.exe
2018-03-23 23:28 - 2017-12-02 04:27 - 000003644 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-03-23 23:02 - 2017-11-28 11:04 - 000000000 ___DC C:\Users\mikef\Desktop\Old Firefox Data
2018-03-23 21:56 - 2017-09-29 06:46 - 000000000 ___DC C:\WINDOWS\DeliveryOptimization
2018-03-23 11:14 - 2015-11-03 02:28 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-23 09:15 - 2017-09-29 06:46 - 000000000 ___DC C:\WINDOWS\AppReadiness
2018-03-23 00:38 - 2016-02-20 14:19 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\vlc
2018-03-22 23:33 - 2017-12-02 04:22 - 000000000 __HDC C:\Users\mikef
2018-03-22 23:30 - 2017-07-30 12:51 - 000001221 ____C C:\Users\mikef\Desktop\Emsisoft Anti-Malware.lnk
2018-03-22 23:20 - 2016-02-22 15:54 - 000000000 ___DC C:\Program Files (x86)\NCH Software
2018-03-22 23:20 - 2016-02-20 12:17 - 000000000 ___DC C:\ProgramData\NCH Software
2018-03-22 23:15 - 2017-07-20 22:08 - 000070834 ____C C:\WINDOWS\SysWOW64\bddel.dat
2018-03-22 15:08 - 2016-02-18 19:16 - 000002263 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-22 15:08 - 2016-02-18 19:16 - 000002222 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-22 10:06 - 2017-09-29 06:46 - 000000000 __HDC C:\Program Files\WindowsApps
2018-03-19 15:12 - 2017-12-01 07:47 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2844788878-880486787-4179794426-1001
2018-03-19 15:12 - 2017-12-01 07:46 - 000002365 ____C C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-19 15:12 - 2017-12-01 07:46 - 000000000 __RDC C:\Users\mikef\OneDrive
2018-03-17 18:51 - 2016-02-20 12:17 - 000000000 ___DC C:\Users\mikef\AppData\LocalLow\Adobe
2018-03-17 14:48 - 2016-02-20 13:58 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\NCH Software
2018-03-16 19:02 - 2016-02-20 13:51 - 000000000 ___DC C:\Users\mikef\AppData\Local\ElevatedDiagnostics
2018-03-13 16:50 - 2016-11-29 13:10 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Screen Recorder
2018-03-12 08:58 - 2017-12-02 04:27 - 000003946 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1511452126
2018-03-12 08:58 - 2017-11-23 08:48 - 000001040 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-03-12 08:58 - 2017-11-23 08:48 - 000000000 ___DC C:\Program Files\Opera
2018-03-11 12:06 - 2017-09-29 06:46 - 000000000 ___DC C:\Program Files\Windows Defender
2018-03-11 12:02 - 2017-12-02 04:20 - 005178344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-08 10:52 - 2017-04-04 11:23 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rotor Rush
2018-03-08 10:52 - 2016-03-07 22:37 - 000000000 ___DC C:\Users\mikef\AppData\Local\UnrealEngine
2018-03-05 08:47 - 2017-03-10 18:05 - 000000000 ___DC C:\ProgramData\Adobe
2018-03-04 18:07 - 2017-03-26 09:17 - 000000000 ___DC C:\ProgramData\regid.1986-12.com.adobe
2018-03-04 16:34 - 2015-11-03 00:07 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\Adobe
2018-03-04 09:46 - 2018-02-09 12:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2018-03-02 08:56 - 2015-11-02 23:12 - 000000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
2018-03-01 11:51 - 2017-09-29 06:44 - 000000000 ___DC C:\WINDOWS\INF
2018-02-27 11:58 - 2016-02-20 12:17 - 000000000 ___DC C:\ProgramData\Caphyon
2018-02-27 11:24 - 2017-09-29 06:46 - 000000000 ___DC C:\WINDOWS\LiveKernelReports
2018-02-25 15:24 - 2018-02-02 18:34 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion
2018-02-25 15:24 - 2017-08-13 22:32 - 000000000 ___DC C:\Users\mikef\AppData\Local\Reallusion
2018-02-25 12:12 - 2017-08-28 12:17 - 000000000 __HDC C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupAdvanced Uninstaller
2018-02-25 12:10 - 2015-11-02 22:55 - 000000000 ___DC C:\ProgramData\Package Cache
2018-02-25 12:01 - 2017-12-02 04:22 - 000000000 ___DC C:\Users\mikef\AppData\Local\Packages
2018-02-25 11:54 - 2018-02-20 23:43 - 000000000 ___DC C:\Users\mikef\AppData\Local\PlaceholderTileLogoFolder
2018-02-24 14:23 - 2017-05-10 08:23 - 000000000 ___DC C:\Users\mikef\Documents\Adobe
2018-02-24 08:38 - 2017-08-11 16:34 - 000000000 ___DC C:\Program Files\SUPERAntiSpyware
2018-02-23 19:46 - 2017-09-29 06:46 - 000000000 ___DC C:\WINDOWS\SysWOW64\Macromed

==================== Files in the root of some directories =======

2017-11-08 16:45 - 2017-11-08 16:45 - 000000008 ____C () C:\ProgramData\sysqcl1131236454.dat
2016-02-18 19:44 - 2018-03-25 10:25 - 001388432 ____C () C:\Users\Public\VOIP.dat
2017-01-02 16:36 - 2017-03-10 17:25 - 000000096 ____C () C:\Users\mikef\AppData\Roaming\Camdata.ini
2017-01-02 16:36 - 2017-03-10 17:25 - 000000408 ____C () C:\Users\mikef\AppData\Roaming\CamLayout.ini
2017-01-02 16:36 - 2017-03-10 17:25 - 000000408 ____C () C:\Users\mikef\AppData\Roaming\CamShapes.ini
2017-01-02 16:36 - 2017-03-10 17:25 - 000004536 ____C () C:\Users\mikef\AppData\Roaming\CamStudio.cfg
2015-01-06 13:06 - 2015-01-12 01:42 - 000000746 ____C () C:\Users\mikef\AppData\Roaming\DriveCalculator Preferences
2015-11-03 00:07 - 2018-03-25 15:59 - 000000165 ____C () C:\Users\mikef\AppData\Roaming\sp_data.sys
2018-02-25 16:14 - 2018-02-25 16:14 - 000001167 ____C () C:\Users\mikef\AppData\Roaming\trace_FilterInstaller.txt
2018-02-25 16:14 - 2018-02-25 16:14 - 000000000 ____C () C:\Users\mikef\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-05-03 14:40 - 2017-05-03 14:40 - 000000078 ____C () C:\Users\mikef\AppData\Roaming\VC.dat
2016-11-29 12:58 - 2017-03-10 17:24 - 000000096 ____C () C:\Users\mikef\AppData\Roaming\version2.xml
2016-11-03 16:46 - 2016-11-03 16:46 - 000051211 ____C () C:\Users\mikef\AppData\Roaming\VideoPad.dmp
2010-05-31 14:03 - 2014-01-10 13:59 - 000000794 ____C () C:\Users\mikef\AppData\Roaming\wklnhst.dat
2014-07-08 12:51 - 2017-07-29 07:56 - 000008704 ___HC () C:\Users\mikef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-04 00:07 - 2016-03-04 00:07 - 000000861 ___HC () C:\Users\mikef\AppData\Local\recently-used.xbel
2010-10-24 08:12 - 2017-06-27 06:08 - 000007597 ___HC () C:\Users\mikef\AppData\Local\resmon.resmoncfg
2011-09-18 07:29 - 2011-09-18 07:29 - 000017408 ___HC () C:\Users\mikef\AppData\Local\WebpageIcons.db

Some files in TEMP:
====================
2018-03-25 14:48 - 2017-12-02 04:15 - 001954048 ____C (Microsoft Corporation) C:\Users\mikef\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-24 11:02

==================== End of FRST.txt ============================

,

Here is a RogueKiller Scan done after everything else

RogueKiller V12.12.9.0 (x64) [Mar 19 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : mikef [Administrator]
Started from : F:\Programs\RogueKiller_portable64.exe
Mode : Scan -- Date : 03/25/2018 18:04:57 (Duration : 00:37:23)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HFS256G39MND-2300A +++++
--- User ---
[MBR] df1863962a03673101c75437f6cfffc3
[BSP] 7309b564c7154fdcd7ea26378ec14b1f : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 243422 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 499095552 | Size: 499 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WD My Passport 0827 USB Device +++++
--- User ---
[MBR] a6ef9e9e43ec973a4f6a66e765f7ccf7
[BSP] 885814df319cc6e825466bdc3e388595 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Thread: Ransomeware help

Thread Tools

Display

Threaded View

Posting Permissions