Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 35

Thread: Ransomeware help

  1. #11
    Junior Member
    Join Date
    Jul 2017
    Posts
    19

    Default

    I ran Malwarebytes, thank you.
    In the scans there are some things in the host and registry and also kept seeing the name Andy?


    Addition Scan

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
    Ran by mikef (25-03-2018 16:17:20)
    Running from F:\Programs
    Windows 10 Home Version 1709 16299.125 (X64) (2017-12-02 11:28:56)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2844788878-880486787-4179794426-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2844788878-880486787-4179794426-503 - Limited - Disabled)
    guero (S-1-5-21-2844788878-880486787-4179794426-1004 - Administrator - Enabled)
    Guest (S-1-5-21-2844788878-880486787-4179794426-501 - Limited - Disabled)
    mfuda (S-1-5-21-2844788878-880486787-4179794426-1005 - Administrator - Enabled)
    mikef (S-1-5-21-2844788878-880486787-4179794426-1001 - Administrator - Enabled) => C:\Users\mikef
    WDAGUtilityAccount (S-1-5-21-2844788878-880486787-4179794426-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
    AV: Emsisoft Anti-Malware (Disabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Emsisoft Anti-Malware (Disabled - Up to date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
    Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
    Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
    Advanced Uninstaller PRO - Version 12 (HKLM-x32\...\AU11_is1) (Version: 12.21.0.95 - Innovative Solutions)
    Alcor Micro USB Card Reader Driver (HKLM-x32\...\{7BCB15FE-CC5D-4C6D-B1C6-B0AF74EE09E0}) (Version: 20.6.20117.44471 - Alcor Micro Corp.) Hidden
    Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{7BCB15FE-CC5D-4C6D-B1C6-B0AF74EE09E0}) (Version: 20.6.20117.44471 - Alcor Micro Corp.)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
    AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.101 - ICEpower a/s)
    Bandicam (HKLM-x32\...\Bandicam) (Version: 4.1.1.1371 - Bandicam.com)
    Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.59 - Conexant)
    CrazyTalk Animator v3.22 PRO (HKLM-x32\...\{6B844167-0760-43FD-BBCA-2463EC967721}) (Version: 3.22.2426.1 - Reallusion Inc.)
    CrazyTalk v8.13 PRO (HKLM-x32\...\{239FA754-71DE-44A4-9DBC-9C9070AF058E}) (Version: 8.13.3615.1 - Reallusion Inc.)
    Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.01 - NCH Software)
    Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
    DfuSe v3.0.5 (HKLM-x32\...\{61D44ABF-A11F-4FA4-98E6-C05BBBD0B52A}) (Version: 3.0.5 - STMicroelectronics)
    Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.71 - NCH Software)
    DrawPad Graphic Design Software (HKLM-x32\...\DrawPad) (Version: 4.00 - NCH Software)
    Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.6 - Emsisoft Ltd.)
    Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
    Evernote v. 6.9.7 (HKLM-x32\...\{531A27D2-11C0-11E8-B634-005056951CAD}) (Version: 6.9.7.6770 - Evernote Corp.)
    Express Animate (HKLM-x32\...\ExpressAnimate) (Version: 3.11 - NCH Software)
    File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
    Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    GoPro Studio (HKLM-x32\...\{BE06FF1A-83A0-42F2-913E-6E405393145C}) (Version: 5.12.5383 - GoPro, Inc.) Hidden
    HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
    HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
    HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.47.1 - HP)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    iClone 3DXchange v7.2 Pipeline (HKLM-x32\...\{AB0B6F1C-6F6F-4EEC-93A9-B3D50C2E1CFF}) (Version: 7.2.1220.1 - Reallusion Inc.)
    iClone v7.2 (HKLM-x32\...\{13398646-FA8A-4389-8C4D-91F6677E2DD7}) (Version: 7.2.1220.1 - Reallusion Inc.)
    Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
    Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
    Laplink PCmover Express - Personal Use (HKLM-x32\...\{16463F64-5878-4E56-B87D-5F5EE9D37729}) (Version: 10.00.641 - Laplink Software, Inc.)
    LibreOffice 6.0.0.3 (HKLM\...\{DD7E9D37-CA78-459A-8BA8-29BBF29CF257}) (Version: 6.0.0.3 - The Document Foundation)
    Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
    Microsoft OneDrive (HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
    Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1 - Mozilla)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    OpenTX Companion 2.0 (HKLM-x32\...\OpenTX Companion 2.0) (Version: - OpenTX)
    Opera Stable 51.0.2830.55 (HKLM-x32\...\Opera 51.0.2830.55) (Version: 51.0.2830.55 - Opera Software)
    PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 4.00 - NCH Software)
    Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 5.02 - NCH Software)
    Prism Video File Converter (HKLM-x32\...\Prism) (Version: 3.04 - NCH Software)
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    Quik (HKLM\...\{DF7EE9CB-0369-44F3-9B91-BF05A2D4891D}) (Version: 0.1.5383 - GoPro, Inc.) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
    Rotor Rush (HKLM-x32\...\{9DC252BF-1428-49C8-AD6B-2AEFF7846FBD}) (Version: 5.4.1 - Vmach Media Ltd.)
    SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
    Secure Eraser (HKLM-x32\...\Secure Eraser_is1) (Version: 5.0.0.1 - ASCOMP Software GmbH)
    Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
    UE4 Prerequisites (x86) (HKLM-x32\...\{6EAAE1C0-6000-45FA-B46D-D206144925BF}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
    UE4 Prerequisites (x86) (HKLM-x32\...\{f1203e43-4ddb-4280-974e-73f14d793dbd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{61702639-6539-473A-8FE5-618E194C0069}) (Version: 2.7.0.0 - Microsoft Corporation)
    USB Interface Utility (HKLM-x32\...\{8F711388-B16D-4015-86D4-67FED5DA59FE}) (Version: 1.2 - VMach Media Ltd)
    VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
    Velocidrone version 1.3.28 (HKLM\...\{3EB73E26-2153-4940-880E-F4436C1220A7}_is1) (Version: 1.3.28 - Bat Cave Games)
    VFW_Codec32 (HKLM-x32\...\{ECDB3455-70F4-4EE6-B89E-3B4C5E9FF592}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
    VFW_Codec64 (HKLM\...\{AE4073DE-7596-4E3B-9DE3-18BE2C3EFAA6}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.11 - NCH Software)
    Virtual Com port driver V1.4.0 (HKLM-x32\...\{AF0ACDD1-3842-47C7-B153-B8DB92CDA42D}) (Version: 1.4.0 - STMicroelectronics)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    Voxal Voice Changer (HKLM-x32\...\Voxal) (Version: 2.00 - NCH Software)
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 8.01 - NCH Software)
    WD Backup (HKLM-x32\...\{4AACAFC7-951A-4215-B430-3DFCFF2E6CED}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
    WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
    WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
    WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
    WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
    WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
    WD Security (HKLM-x32\...\{7CC2EDF2-83EC-4707-BDD3-72469236A6CC}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
    Windows Driver Package - OpenPilot (usbser) Ports (11/21/2014 3.0.0.0) (HKLM\...\BD9150BF7DFF447F2F59CE296CC81C0AABAD7C01) (Version: 11/21/2014 3.0.0.0 - OpenPilot)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
    WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
    Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-25D45E75801D}\InprocServer32 -> %%sy.stemroot%%\system32\shell32.dll => No File
    CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> F:\Programs\Evernote Notes\EvernoteCCx64.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> F:\Programs\Evernote Notes\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{93c503ec-b307-4339-bca2-37fe3b4836e8}\InprocServer32 -> F:\Programs\Evernote Notes\EvernoteOLShim64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => -> No File
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => -> No File
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => -> No File
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
    ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
    ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-08-28] ()
    ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
    ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [Secure Eraser] -> {2A8DEC8D-934E-4FF8-825A-05A800047649} => F:\Programs\Secure Eraser\SecEraser64.dll [2016-02-03] ()
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
    ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
    ContextMenuHandlers2-x32: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2012-04-01] ()
    ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
    ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
    ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
    ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
    ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-08-28] ()
    ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
    ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
    ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
    ContextMenuHandlers6-x32: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
    ContextMenuHandlers6-x32: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6-x32: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6-x32: [Secure Eraser] -> {2A8DEC8D-934E-4FF8-825A-05A800047649} => F:\Programs\Secure Eraser\SecEraser64.dll [2016-02-03] ()
    ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03EBFD46-C746-4DA0-BAEB-F5CA61390248} - System32\Tasks\OrangeDefender => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
    Task: {06A920B9-B407-426B-A434-24B032E0ED4E} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {0AF1E9FF-4B79-4FF5-AE15-31DA46522678} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {179C8342-2B77-4DF2-B3AB-57D60EA21609} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {228A45C3-9E2C-4E8B-89B7-22892704FEDD} - System32\Tasks\AdobeGCInvoker-1.0-NEGROTRES-mikef => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
    Task: {22C767D3-6E0B-478E-9526-A1CDDDE64334} - System32\Tasks\NCH Software\DoxillionDowngrade => C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe [2017-11-09] (NCH Software)
    Task: {28F5C682-B28F-4705-A2E3-2C11540275FA} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
    Task: {292EC022-C90A-434B-853B-D40CEDC1A984} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
    Task: {3A05543D-E482-44DA-ADCB-D822FA848B84} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
    Task: {3CD8A4AF-ADA8-42EF-8CDE-43CB6F70D0CD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {504518C2-5BDB-4B97-B5C9-99534D14304F} - System32\Tasks\HPCeeScheduleFormikef => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {5A19F576-2169-4975-BFF2-A2FA539C49DD} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe
    Task: {67ECF63A-E973-438F-BFB4-D32AFC510113} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {704F990B-DD1A-4D57-9C89-B6D311726A8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
    Task: {71DA49D5-3FAF-4E9B-9F95-8E8632C50B40} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
    Task: {77AD8B33-1EB8-434A-AD35-DA724436D766} - System32\Tasks\Avast Emergency Update => F:\Programs\Avast Anti virus\AvEmUpdate.exe
    Task: {8762F122-5796-42E1-907F-1DA3BC4F2FCC} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {8FC31531-8EE3-4225-B895-8F42E143A938} - System32\Tasks\{C57E97CC-9025-4C60-9091-2CA62ECA2512} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\mikef\AppData\Local\uninstallce.exe
    Task: {97C5972D-2FDF-43F2-8EA0-36F1B9669C8F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-16] ()
    Task: {991EE7A9-5D78-4B05-87C3-959961846191} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {9F51B259-916F-4ABE-A104-B9E63FCF69C0} - System32\Tasks\{E879D36B-7B9D-4B38-9D50-1245197A8C25} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\mikef\AppData\Local\{A2BB94E7-8613-F85F-EB8B-DDB7CFE3212F}\uninst.exe -c -FN=""-P=/Uninstall /s /noun /DelSelfDir
    Task: {A0D76D92-8BA9-48CD-A630-C843E1476C15} - System32\Tasks\Opera scheduled Autoupdate 1511452126 => C:\Program Files\Opera\launcher.exe [2018-03-07] (Opera Software)
    Task: {A6CFB7EC-4787-4E77-937A-E4F7404F1CD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
    Task: {AC5B173D-1D2A-4C1D-B39B-AAFC20B5C4A3} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
    Task: {AD979737-F1C6-4841-9A60-39B9A16ACB08} - System32\Tasks\OrangeDefenderUpdate => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\updAvTask.exe
    Task: {ADF4C576-61AE-4CF8-BD19-BAAB2CB9E943} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
    Task: {AF452EDC-144F-4A3C-93B6-EB47B731E813} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
    Task: {B811B41C-1BE5-4746-ADD8-D64EDD8547FB} - System32\Tasks\AupAvUpdate => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe [2017-08-10] (Innovative Solutions)
    Task: {C067201E-25BB-4DC8-88D4-0442B7596F7F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-16] (Adobe Systems Incorporated)
    Task: {C06BE5BF-FD06-4800-816E-FA5EDE11C951} - System32\Tasks\BackUp_Maker-mikef => C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe
    Task: {C175D2BE-EF18-4C1A-BC98-A88C81E31F17} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
    Task: {D0F3152F-900F-4D34-94CA-693D589AF071} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
    Task: {DC088422-203E-4B6C-99B4-9D84FA38F0E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
    Task: {DCD9A15F-3D52-4BB7-926F-02AAFE777009} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
    Task: {F0B0F162-2C9A-4CDB-989E-9887B6ED8252} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
    Task: {F5AF6B6F-2630-498E-B59C-586430B1B447} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {F956BFC8-7A07-4867-9C86-330B248A9F83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH5AC811FY => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\HPCeeScheduleFormikef.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\OrangeDefender.job => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
    Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Notification.job => F:\Programs\Solvusoft\WinThruster\Sync.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Startup.job => F:\Programs\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Betaflight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=kdaghagfopacdngbohiknlhcocjccjao
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\BLHeli - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=mejfjggmbnocnfibbibmoogocnjbcjnk
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dcnofaichneijfbkdkghmhjjbepjmble
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Journey (Diary, Journal).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=jlncjaehedpdoinepaejmlpbmdkgmpog
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\KissFC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dpnfknficgldmilnkddfhmbafkcipkkh
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RaceFlight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=ffkgelfmnmeofidahjaefimpdgekflha

    ==================== Loaded Modules (Whitelisted) ==============

    2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2016-08-10 03:42 - 2016-08-01 05:54 - 000133056 ____C () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-05-19 10:11 - 2015-05-19 10:11 - 000007680 ____C () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
    2017-08-19 23:09 - 2016-02-03 12:33 - 000566440 ____C () F:\Programs\Secure Eraser\SecEraser64.dll
    2017-07-22 18:46 - 2012-04-01 00:06 - 002689536 _____ () C:\Program Files\File Shredder\fsshell.dll
    2017-08-28 18:41 - 2017-08-28 18:41 - 000155504 ____C () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
    2017-12-13 08:40 - 2017-11-26 05:23 - 011044864 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-12-13 08:40 - 2017-11-26 05:01 - 001804288 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-03-16 17:15 - 2017-03-16 17:15 - 000037808 ____C () F:\Programs\GoPro Desktop App\GoProDeviceDetection.exe
    2017-07-21 23:23 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2017-07-21 23:23 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2016-02-20 06:48 - 2014-05-13 13:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-02-20 06:48 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-08-25 10:40 - 2015-08-25 10:40 - 000027648 ____C () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
    2015-08-25 10:40 - 2015-08-25 10:40 - 000124928 ____C () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
    2015-11-02 23:00 - 2015-07-23 21:22 - 000011920 ____C () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-09-04 21:34 - 2015-09-04 21:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7936 more sites.

    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\123simsen.com -> www.123simsen.com

    There are 7937 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2017-07-24 05:29 - 2018-03-25 14:46 - 000454450 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com
    127.0.0.1 123simsen.com

    There are 15600 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: DsSvc => 3
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: ComcastAntispyClient => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
    MSCONFIG\startupreg: ddoctorv2 => "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
    MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    MSCONFIG\startupreg: Desktop Software => "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    MSCONFIG\startupreg: EEventManager => C:\Program Files (x86)\EPSONS~1\EVENTM~1\EEventManager.exe
    MSCONFIG\startupreg: Gateway Photo Frame => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\MikeF\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
    MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\MikeF\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
    MSCONFIG\startupreg: WinCalendarV3 => "C:\Program Files (x86)\Sapro Systems WinCalendarV3\WinCalendarV3_SysTray.exe" /q /c
    HKLM\...\StartupApproved\Run: => "GoPro Tray App"
    HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
    HKLM\...\StartupApproved\Run32: => "Everalbum"
    HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\StartupFolder: => "Shredder.bat"
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "HP Officejet Pro 6830 (NET)"
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "Discord"
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "com.squirrel.slack.slack"
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "Windscribe"
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "CyberGhost"
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{0192E56E-9BB9-40DA-954A-E6BC759DCAB2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{127EE995-1BE4-4F78-AA33-F419104015C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{9804EB70-1C1B-4BFA-A76A-C221EB970965}] => (Allow) C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
    FirewallRules: [{6B3F5AF4-3A63-4AAB-90CE-FE1C4980FA29}] => (Allow) C:\WINDOWS\system32\rundll32.exe
    FirewallRules: [{4B445AC9-1820-4E8E-86FD-624400C913DD}] => (Block) F:\Programs\CrazyTalk Animator 3\bin64\CrazyTalkAnimator.exe
    FirewallRules: [{F32830F1-9BD3-48AA-971E-2E4CE83EBDFA}] => (Block) F:\Programs\CrazyTalk Animator 3\bin64\CrazyTalkAnimator.exe
    FirewallRules: [{BAE363B3-F7A9-4FD5-9FDB-F31CE3B8DC88}] => (Block) F:\Programs\CrazyTalk Animator 3\bin64\CrazyTalkAnimator.exe
    FirewallRules: [{7D184720-4179-4F3A-A664-8853AC4B6966}] => (Block) F:\Programs\CrazyTalk Animator 3\bin64\CrazyTalkAnimator.exe
    FirewallRules: [{ED8D3D7B-3211-44D6-8271-E5576BFF1E65}] => (Allow) F:\Programs\GoPro Desktop App\GoProLauncher.exe
    FirewallRules: [{21DD3971-9638-4E55-8233-521701AF7EAA}] => (Allow) F:\Programs\GoPro Desktop App\GoProIDService.exe
    FirewallRules: [{387560CC-6CBB-4E9A-9B26-72885F817582}] => (Allow) F:\Programs\GoPro Desktop App\GoProMsgBus.exe
    FirewallRules: [{4F827037-A02D-46D8-93B5-5031595AF62D}] => (Allow) F:\Programs\GoPro Desktop App\GoPro Quik.exe
    FirewallRules: [{C532C020-1482-41CE-A650-FDC4D775BB32}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{B4F06E65-D3D6-4A25-AC26-80CFBE94BFC2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [UDP Query User{24B6D1A7-21EA-4B80-9773-FB96F639BC26}F:\programs\drlsimulator_1-1-0_win\simulator\drlsimulator.exe] => (Allow) F:\programs\drlsimulator_1-1-0_win\simulator\drlsimulator.exe
    FirewallRules: [TCP Query User{147B489B-8382-4ADC-AFDB-EF839ABAF3C2}F:\programs\drlsimulator_1-1-0_win\simulator\drlsimulator.exe] => (Allow) F:\programs\drlsimulator_1-1-0_win\simulator\drlsimulator.exe
    FirewallRules: [{7718C90A-BD33-4901-8078-B8144B61CAE0}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
    FirewallRules: [{7571C4C9-8E98-4258-886B-2752509D8092}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
    FirewallRules: [{15FF93DB-838C-494E-B163-98B3210E825A}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\Updater.exe
    FirewallRules: [{A2365D31-3614-4B2C-B3B2-377FCEE0D30A}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\Updater.exe
    FirewallRules: [{C2FF43C3-B68A-4CDC-B28D-0B75BD089422}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\Activation.exe
    FirewallRules: [{92170D43-C695-4B7C-BA63-2B19314BE6D6}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\Activation.exe
    FirewallRules: [{4E14ADF7-27EC-4774-B93D-F077EC2905DB}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\VideoEditor.exe
    FirewallRules: [{FB9CCAE6-4451-4C05-BF27-51F45FC57009}] => (Allow) F:\Programs\FlashIntegro\VideoEditor\VideoEditor.exe
    FirewallRules: [{913E0180-CC73-41C3-88CC-808C14AC6E10}] => (Allow) C:\Users\mikef\AppData\Local\Chromium\Application\chrome.exe
    FirewallRules: [{45E67BD3-BD1A-4E4B-A364-BB4E22D6FD87}] => (Block) C:\Windows\explorer.exe
    FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
    FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
    FirewallRules: [UDP Query User{278A8347-81F1-4DA3-A7A2-4033BB6E5214}C:\users\mikef\downloads\drlsimulator_1-0-8_win\drlsimulator_1-0-8_win\simulator\drlsimulator.exe] => (Allow) C:\users\mikef\downloads\drlsimulator_1-0-8_win\drlsimulator_1-0-8_win\simulator\drlsimulator.exe
    FirewallRules: [TCP Query User{BBE8B569-3802-4456-9B59-4E5BC64FE1DA}C:\users\mikef\downloads\drlsimulator_1-0-8_win\drlsimulator_1-0-8_win\simulator\drlsimulator.exe] => (Allow) C:\users\mikef\downloads\drlsimulator_1-0-8_win\drlsimulator_1-0-8_win\simulator\drlsimulator.exe
    FirewallRules: [UDP Query User{22C2005C-C444-4625-96C2-B3F8360AE4D6}F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Block) F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
    FirewallRules: [TCP Query User{5E3FDAFF-2D19-48DA-80F1-3132CCA53B64}F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Block) F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
    FirewallRules: [UDP Query User{11F7405B-9EBF-4419-8C7C-3910477E984B}F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
    FirewallRules: [TCP Query User{7235E679-81A8-4169-9B5A-37B470D0DEF1}F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) F:\programs\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
    FirewallRules: [{88A99397-F5FD-490E-AA93-69F21978D9D4}] => (Allow) C:\Program Files (x86)\Laplink\PCmover\pcmover.exe
    FirewallRules: [{6D1FFE3E-A743-49CF-8B3D-231B7456247A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{5D7FD833-6D8F-4716-AE62-6C5F9FF56836}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
    FirewallRules: [{57D27020-35F9-4BAB-A8E4-55866C5D9CAC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
    FirewallRules: [{9932BE6C-6065-433E-8788-142FB8C6D0F6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
    FirewallRules: [{66093D00-1387-4EA6-9D7C-926A476223F8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
    FirewallRules: [{2F0AB679-4BCB-45B7-ABE0-92A67F2D1253}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
    FirewallRules: [{056E1BEB-F740-4526-91FD-F656D7F645F5}] => (Allow) LPort=5357
    FirewallRules: [{415148F0-DA72-48DF-868A-211A83800748}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [TCP Query User{AEFEB1B4-004D-4C1B-BA92-E00A8EF98FCD}C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
    FirewallRules: [UDP Query User{FE1A6E57-EB90-4647-8FD9-D9981D5A64DD}C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
    FirewallRules: [TCP Query User{528B829E-4718-4188-A933-57DE99CDB771}C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
    FirewallRules: [UDP Query User{E0752CDF-9489-443B-9777-DE39DE8B00EC}C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe] => (Allow) C:\program files (x86)\vmach media ltd\fpv event pe\simulator\drone_simulator\binaries\win32\drone_simulator-win32-shipping.exe
    FirewallRules: [{7CBC0525-54E6-4602-B76C-3105F71D1111}] => (Allow) C:\Program Files\Andy\andy.exe
    FirewallRules: [{3B826CAA-4252-4EE6-B38D-9B4557EB232D}] => (Allow) C:\Program Files\Andy\andy.exe
    FirewallRules: [{4A3D1C24-9219-4FE0-A001-5DB069B8898B}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
    FirewallRules: [{669309B8-918B-439A-AD1A-1313BCBDDEE8}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
    FirewallRules: [{D6DFA72C-0AE7-4066-92A1-FA381E86A872}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{27892B31-73D0-4AA0-85F4-2CB608F7E809}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
    FirewallRules: [{D687402A-CBC4-43F0-8053-71D08303B5D0}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
    FirewallRules: [{AB0E9925-E723-4925-98EC-E15DC105FDBB}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
    FirewallRules: [{715201BF-EDF7-4074-AA92-13A3FE7FDACC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{84E96F96-531A-4587-9EAF-A37DCB986BF4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{90B98612-E8D2-4E76-973F-CA3794F32CFF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{CF1DA14D-516B-4A71-A3F3-3519888C6298}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{F95C5596-3C70-4582-BCE4-CFD2570EEE7F}] => (Allow) C:\Program Files\Opera\51.0.2830.40\opera.exe
    FirewallRules: [TCP Query User{0535286E-86B0-4354-AA5C-F0BC423FF618}F:\programs\muvizu\binaries\muvizu.exe] => (Allow) F:\programs\muvizu\binaries\muvizu.exe
    FirewallRules: [UDP Query User{CEE1D7D6-3AAF-47DC-B0E6-0BDCB3671E1D}F:\programs\muvizu\binaries\muvizu.exe] => (Allow) F:\programs\muvizu\binaries\muvizu.exe
    FirewallRules: [{034F8069-CA78-4553-8498-9DFDA9E9BFC8}] => (Allow) C:\Program Files\Opera\51.0.2830.55\opera.exe
    FirewallRules: [{AD1B7BF7-0E1F-4D6A-A6D4-413640008B6C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    08-03-2018 10:40:38 Removed Track Pack DDC
    16-03-2018 13:50:49 Scheduled Checkpoint
    23-03-2018 09:13:27 JRT Pre-Junkware Removal
    25-03-2018 12:41:21 After installing Advanced Uninstaller PRO
    25-03-2018 13:16:55 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/25/2018 03:18:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_smphost, version: 10.0.16299.15, time stamp: 0x9c786b9a
    Faulting module name: msvcrt.dll, version: 7.0.16299.125, time stamp: 0x20688290
    Exception code: 0xc0000005
    Fault offset: 0x00000000000731ba
    Faulting process id: 0x2d40
    Faulting application start time: 0x01d3c487352f592c
    Faulting application path: C:\WINDOWS\System32\svchost.exe
    Faulting module path: C:\WINDOWS\System32\msvcrt.dll
    Report Id: 20827e03-46bb-43bc-acaf-4d0384cfe5e2
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/25/2018 03:18:40 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
    Description: Event-ID 5000

    Error: (03/25/2018 03:18:40 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
    Description: Event-ID 5000

    Error: (03/25/2018 03:18:29 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
    Description: Event-ID 5000

    Error: (03/25/2018 03:18:29 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
    Description: Event-ID 5000

    Error: (03/25/2018 09:23:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Local Hostname NegroTres.local already in use; will try NegroTres-2.local instead

    Error: (03/25/2018 09:23:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 NegroTres.local. Addr 10.0.0.195

    Error: (03/25/2018 09:23:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 10.0.0.195:5353 16 NegroTres.local. AAAA 2601:0201:0282:5A01:0000:0000:0000:A936


    System errors:
    =============
    Error: (03/25/2018 04:14:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/25/2018 04:00:58 PM) (Source: DCOM) (EventID: 10010) (User: NEGROTRES)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/25/2018 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2017-12-05 09:19:18.956
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {05A1E94E-3FF9-4B66-88D3-7215CB4ABA91}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-03-23 09:10:50.796
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.263.562.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14600.4
    Error code: 0x80070645
    Error description: This action is only valid for products that are currently installed.

    Date: 2018-03-23 09:10:50.796
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 118.5.0.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: Network Inspection System
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 2.1.14202.0
    Error code: 0x80070645
    Error description: This action is only valid for products that are currently installed.

    Date: 2018-03-23 09:10:44.964
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.263.562.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14600.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-03-23 09:10:44.963
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.263.562.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14600.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-03-23 09:10:44.963
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.263.562.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14600.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    CodeIntegrity:
    ===================================

    Date: 2018-03-25 16:08:47.201
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

    Date: 2018-03-25 16:08:47.196
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2018-03-25 16:08:47.167
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

    Date: 2018-03-25 16:08:47.162
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2018-03-25 16:04:07.776
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-03-25 16:04:07.774
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-03-25 16:03:57.352
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-03-25 16:03:57.351
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
    Percentage of memory in use: 50%
    Total physical RAM: 8084.27 MB
    Available physical RAM: 3975.44 MB
    Total Virtual: 11084.27 MB
    Available Virtual: 5741.6 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:237.72 GB) (Free:164.77 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:527.76 GB) NTFS

    \\?\Volume{2ea052e8-0a14-4730-b8e7-5d2f634e9ad2}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
    \\?\Volume{f885f58c-2350-43d0-a38d-08247bfbbb90}\ () (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: EBA450F1)

    Partition: GPT.

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CB536EDD)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================








    FRST Scan


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
    Ran by mikef (administrator) on NEGROTRES (25-03-2018 16:16:36)
    Running from F:\Programs
    Loaded Profiles: mikef (Available Profiles: mikef)
    Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Copyright 2017.) F:\Programs\Zemana AntiMalware\ZAM.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    () F:\Programs\GoPro Desktop App\GoProDeviceDetection.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
    HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5913720 2017-05-23] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\...\Run: [AdobeBridge] => [X]
    AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE3F5A~1.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(6).dll [94568 2017-01-19] (Zemana Ltd.)
    Startup: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shredder.bat [2018-03-04] ()
    BootExecute: autocheck autochk * bddel.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{449da3d2-0683-4c05-a995-2ca8434c1492}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2844788878-880486787-4179794426-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> OldSearch URL =
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS380US380
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {6b0d4c9d-c6eb-4a9a-981c-ac3f9d8373c0} URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&cid=xfstart_tech_search&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {99FFAE1F-493D-44F2-84D3-A9771953A756} URL = hxxps://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

    FireFox:
    ========
    FF DefaultProfile: inyi5s32.default-1521871370978
    FF ProfilePath: C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978 [2018-03-25]
    FF Extension: (Grammarly for Firefox) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-03-23]
    FF Extension: (Firefox Multi-Account Containers) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\@testpilot-containers.xpi [2018-03-23]
    FF Extension: (AdBlocker Ultimate) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\adblockultimate@adblockultimate.net.xpi [2018-03-23]
    FF Extension: (TubeBuddy for YouTube) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2018-03-23]
    FF Extension: (Easy Screenshot) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\easyscreenshot@mozillaonline.com.xpi [2018-03-23]
    FF Extension: (Enhancer for YouTube™) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2018-03-23]
    FF Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\hotspot-shield@anchorfree.com.xpi [2018-03-23] [Legacy]
    FF Extension: (AdBlock) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-03-23]
    FF Extension: (AdBlocker for YouTube™) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2018-03-23]
    FF Extension: (Tab Session Manager) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\Tab-Session-Manager@sienori.xpi [2018-03-23]
    FF Extension: (uBlock Origin) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\uBlock0@raymondhill.net.xpi [2018-03-23]
    FF Extension: (1-Click YouTube Video Downloader) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-03-23]
    FF Extension: (Screengrab!) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-03-23]
    FF Extension: (igtranslator) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{059cddf1-f66c-4b63-a79a-c35ac7e6ac65}.xpi [2018-03-23]
    FF Extension: (Adblock for Youtube™) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{0ac04bdb-d698-452f-8048-bcef1a3f4b0d}.xpi [2018-03-23]
    FF Extension: (__MSG_appName__) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-03-23]
    FF Extension: (Adblock Plus) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-03-23]
    FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\mikef\AppData\Roaming\Mozilla\Firefox\Profiles\inyi5s32.default-1521871370978\features\{9bba7b1f-f9c1-45a6-b0d2-8e253c3f4a32}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-23] [Legacy]
    FF HKLM\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-14] ()
    FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-14] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [No File]
    FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [No File]
    FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
    FF Plugin HKU\S-1-5-21-2844788878-880486787-4179794426-1001: @citrixonline.com/appdetectorplugin -> C:\Users\MikeF\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]

    Chrome:
    =======
    CHR DefaultProfile: Profile 3
    CHR HomePage: Profile 3 -> search.ask.com/?gct=hp
    CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default [2018-03-25]
    CHR Extension: (Google Docs) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-18]
    CHR Extension: (Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
    CHR Extension: (YouTube) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
    CHR Extension: (Google Search) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18]
    CHR Extension: (Google Docs Offline) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-18]
    CHR Extension: (Gmail) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18]
    CHR Extension: (Chrome Media Router) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
    CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-02-20]
    CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-02-20]
    CHR Extension: (Google Slides) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-18]
    CHR Extension: (Google Docs) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-18]
    CHR Extension: (Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
    CHR Extension: (YouTube) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
    CHR Extension: (Google Search) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18]
    CHR Extension: (Google Sheets) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-18]
    CHR Extension: (SiteAdvisor) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-02-18]
    CHR Extension: (Google Docs Offline) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-18]
    CHR Extension: (Gmail) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18]
    CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-02-20]
    CHR Extension: (Google Slides) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-18]
    CHR Extension: (Google Docs) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-18]
    CHR Extension: (Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
    CHR Extension: (YouTube) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
    CHR Extension: (Google Search) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18]
    CHR Extension: (Google Sheets) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-18]
    CHR Extension: (SiteAdvisor) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-02-18]
    CHR Extension: (Google Docs Offline) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-18]
    CHR Extension: (Gmail) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18]
    CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3 [2018-03-25]
    CHR Extension: (h264ify) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aleakchihdccplidncghkekgioiakgal [2017-08-04]
    CHR Extension: (Docs) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
    CHR Extension: (Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-01-21]
    CHR Extension: (Social Blade) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2018-03-23]
    CHR Extension: (uBlock Origin) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-03-23]
    CHR Extension: (Fair AdBlocker App) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-07-31]
    CHR Extension: (KissFC) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dpnfknficgldmilnkddfhmbafkcipkkh [2017-04-16]
    CHR Extension: (RaceFlight - Configurator) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ffkgelfmnmeofidahjaefimpdgekflha [2017-04-09]
    CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-03-23]
    CHR Extension: (HTTPS Everywhere) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-03-06]
    CHR Extension: (Google Docs Offline) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
    CHR Extension: (Save to Google Drive) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-02-20]
    CHR Extension: (Windscribe - Free VPN and Ad Blocker) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2018-03-06]
    CHR Extension: (Journey (Diary, Journal)) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jlncjaehedpdoinepaejmlpbmdkgmpog [2018-03-06]
    CHR Extension: (Grammarly for Chrome) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-03-23]
    CHR Extension: (Betaflight - Configurator) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kdaghagfopacdngbohiknlhcocjccjao [2018-03-06]
    CHR Extension: (The Great Suspender) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-09-02]
    CHR Extension: (Google Maps) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-03-04]
    CHR Extension: (Video Converter) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2016-06-12]
    CHR Extension: (BLHeli - Configurator) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mejfjggmbnocnfibbibmoogocnjbcjnk [2018-03-06]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
    CHR Extension: (Social Media Improver) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\opnfbjkeinmnibcpmlpjacekjaldnjmj [2018-03-23]
    CHR Extension: (XFINITY® TV Go Stream Live TV Online) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pbefpbidnpmpfbkledpohpejdcgfnfif [2016-09-16]
    CHR Extension: (Chrome Media Router) - C:\Users\mikef\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]
    CHR Profile: C:\Users\mikef\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-21]
    CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MikeF\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
    CHR HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gkcffmoikcgfhagefelmhiakelnjihik] - hxxps://chrome.google.com/webstore/detail/gkcffmoikcgfhagefelmhiakelnjihik
    CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx <not found>

    Opera:
    =======
    OPR StartupUrls: "hxxp://facebook.com/","hxxp://youtube.com/","hxxp://gmail.com/","hxxps://mail.yahoo.com/"
    OPR Session Restore: -> is enabled.
    OPR Extension: (AdBlock) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-11-23]
    OPR Extension: (Unlimited Free VPN - Hola) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-12-15]
    OPR Extension: (Translate) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2017-11-23]
    OPR Extension: (Grammarly for Chrome) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-12-11]
    OPR Extension: (Install Chrome Extensions) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2017-12-15]
    OPR Extension: (AdBlock) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-11-23]
    OPR Extension: (History Eraser) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpoajlbkhlfoeeokbppmecpplmieedm [2017-11-23]
    OPR Extension: (AdBlock) - C:\Users\mikef\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2017-12-15]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
    R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9317264 2018-03-08] (Emsisoft Ltd)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
    R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-16] (Intel Corporation)
    R2 GoProDeviceDetectionService; F:\Programs\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] ()
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc.)
    R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
    S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
    R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
    S3 MBAMService; F:\Programs\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
    R2 SAService; C:\Windows\system32\SAsrv.exe [427224 2015-04-17] (Conexant Systems, Inc.)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-11] (Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-11] (Microsoft Corporation)
    R2 ZAMSvc; F:\Programs\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
    S2 AdobeUpdateService; "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" [X]
    S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
    S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [138744 2015-08-17] (ASUS Corporation)
    R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320528 2017-09-02] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-09-02] (AVAST Software s.r.o.)
    R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343296 2017-09-02] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-09-02] (AVAST Software s.r.o.)
    S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47016 2017-09-02] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-02] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147784 2017-09-02] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-09-02] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-09-02] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1016384 2017-09-02] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [590880 2017-09-02] (AVAST Software)
    R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [199312 2017-09-02] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-09-02] (AVAST Software)
    R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-08-01] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-08-01] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-08-01] (Avira Operations GmbH & Co. KG)
    R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-08-01] (Avira Operations GmbH & Co. KG)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
    R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-16] (Intel Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-16] (Intel Corporation)
    R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-16] (Intel Corporation)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
    R3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [161408 2017-03-22] (Zemana Ltd.)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-25] (Malwarebytes)
    S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-25] (Malwarebytes)
    S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-25] (Malwarebytes)
    S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-25] (Malwarebytes)
    S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-25] (Malwarebytes)
    R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-07-27] (Realtek )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [83360 2017-05-23] (Safer-Networking Ltd.)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
    S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [44184 2012-07-20] (STMicroelectronics)
    S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-03-25] ()
    R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx64.sys [52976 2018-02-25] ()
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-11] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-11] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-11] (Microsoft Corporation)
    R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-08-17] (Zemana Ltd.)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-28] (Zemana Ltd.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-03-25 16:15 - 2018-03-25 16:16 - 000000000 ___DC C:\FRST
    2018-03-25 15:56 - 2018-03-25 15:56 - 000001762 ____C C:\Users\mikef\Desktop\AdwCleaner Scan 3.18.txt
    2018-03-25 15:53 - 2018-03-25 15:57 - 000000000 ___DC C:\AdwCleaner
    2018-03-25 15:22 - 2018-03-25 15:22 - 000012510 ____C C:\Users\mikef\Desktop\roguekiller scan 2.txt
    2018-03-25 15:21 - 2018-03-25 15:21 - 000012508 ____C C:\Users\mikef\Desktop\roguekiller scan 1.txt
    2018-03-25 14:49 - 2018-03-25 14:49 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2018-03-25 14:48 - 2018-03-25 14:48 - 000000000 ___DC C:\ProgramData\RogueKiller
    2018-03-25 14:46 - 2018-02-28 22:46 - 000454450 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20180325-144632.backup
    2018-03-25 13:09 - 2018-03-25 13:09 - 000000000 ___DC C:\Users\mikef\AppData\Local\Wolf of Webstreet OPC Private Limited
    2018-03-25 12:57 - 2018-03-25 12:57 - 000001924 ____C C:\Users\Public\Desktop\HitmanPro.lnk
    2018-03-25 12:57 - 2018-03-25 12:57 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2018-03-25 12:57 - 2018-03-25 12:57 - 000000000 ___DC C:\Program Files\HitmanPro
    2018-03-25 12:41 - 2018-03-25 12:41 - 000001676 ____C C:\Users\mikef\Desktop\Advanced Uninstaller PRO 12.lnk
    2018-03-25 12:41 - 2018-03-25 12:41 - 000001560 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk
    2018-03-25 12:41 - 2018-03-25 12:41 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
    2018-03-25 12:31 - 2018-03-25 12:31 - 000003186 _____ C:\WINDOWS\System32\Tasks\BDAntiCryptoWallTask
    2018-03-25 12:21 - 2018-03-25 12:21 - 004778360 ____C (Bitdefender ) C:\Users\mikef\Desktop\BDAntiRansomwareSetup (1).exe
    2018-03-25 10:29 - 2018-03-25 10:30 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2018-03-25 10:29 - 2018-03-25 10:29 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2018-03-25 10:29 - 2018-03-25 10:29 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2018-03-25 10:29 - 2018-03-25 10:29 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2018-03-25 10:29 - 2018-03-25 10:29 - 000045960 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2018-03-25 10:29 - 2018-03-25 10:29 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-03-25 09:22 - 2018-03-25 10:58 - 000000000 ___DC C:\WINDOWS\Minidump
    2018-03-23 12:56 - 2018-03-23 12:56 - 000003044 ____C C:\Users\mikef\Desktop\eset scan.txt
    2018-03-23 12:27 - 2018-03-25 12:00 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
    2018-03-23 12:27 - 2018-03-25 12:00 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
    2018-03-23 11:44 - 2018-03-23 11:44 - 124300000 ____C (Microsoft Corporation) C:\Users\mikef\Desktop\msert.exe
    2018-03-23 11:14 - 2018-03-23 11:14 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
    2018-03-23 11:14 - 2018-03-23 11:14 - 040510072 ____C (Microsoft Corporation) C:\Users\mikef\Desktop\Windows-KB890830-x64-V5.58.exe
    2018-03-23 09:11 - 2018-03-23 09:12 - 000031474 ____C C:\Users\mikef\Desktop\Rkill.txt
    2018-03-17 09:49 - 2018-03-22 23:15 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\Microsoft Visual Pack x86
    2018-03-15 16:23 - 2018-03-15 16:23 - 000000000 ___DC C:\Program Files (x86)\Adobe
    2018-03-11 12:02 - 2018-03-11 12:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2018-03-08 18:00 - 2018-03-08 18:00 - 000037274 ____C C:\Users\mikef\Desktop\contactc rx.pdf
    2018-03-08 10:52 - 2018-03-08 10:52 - 000001912 ____C C:\Users\Public\Desktop\Rotor Rush Help.lnk
    2018-03-08 10:52 - 2018-03-08 10:52 - 000000761 ____C C:\Users\Public\Desktop\Rotor Rush.lnk
    2018-03-06 13:01 - 2018-03-06 13:01 - 000221473 ____C C:\Users\mikef\Desktop\Contacts Rx .pdf
    2018-03-04 16:20 - 2018-03-04 16:20 - 000000000 ___DC C:\adobeTemp
    2018-03-04 13:49 - 2018-03-25 13:24 - 000000645 ____C C:\Users\mikef\Desktop\JRT.txt
    2018-03-04 10:03 - 2008-07-31 11:41 - 000238088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
    2018-03-04 10:03 - 2008-07-31 11:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
    2018-03-04 10:03 - 2008-07-31 11:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
    2018-03-04 10:03 - 2008-07-31 11:41 - 000068616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
    2018-03-04 10:03 - 2008-07-31 11:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
    2018-03-04 10:03 - 2008-07-31 11:40 - 000509448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
    2018-03-04 10:03 - 2008-07-12 09:18 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
    2018-03-04 10:03 - 2008-07-12 09:18 - 003851784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
    2018-03-04 10:03 - 2008-07-12 09:18 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
    2018-03-04 10:03 - 2008-07-12 09:18 - 001493528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
    2018-03-04 10:03 - 2008-07-12 09:18 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
    2018-03-04 10:03 - 2008-07-12 09:18 - 000467984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
    2018-03-04 10:03 - 2008-05-30 15:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
    2018-03-04 10:03 - 2008-05-30 15:19 - 000507400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
    2018-03-04 10:03 - 2008-05-30 15:18 - 000238088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
    2018-03-04 10:03 - 2008-05-30 15:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
    2018-03-04 10:03 - 2008-05-30 15:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
    2018-03-04 10:03 - 2008-05-30 15:17 - 000065032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
    2018-03-04 10:03 - 2008-05-30 15:17 - 000025608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
    2018-03-04 10:03 - 2008-05-30 15:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
    2018-03-04 10:03 - 2008-05-30 15:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
    2018-03-04 10:03 - 2008-05-30 15:11 - 003850760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
    2018-03-04 10:03 - 2008-05-30 15:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
    2018-03-04 10:03 - 2008-05-30 15:11 - 001491992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
    2018-03-04 10:03 - 2008-05-30 15:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
    2018-03-04 10:03 - 2008-05-30 15:11 - 000467984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
    2018-03-04 10:03 - 2008-03-05 17:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
    2018-03-04 10:03 - 2008-03-05 17:03 - 000479752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
    2018-03-04 10:03 - 2008-03-05 17:03 - 000238088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
    2018-03-04 10:03 - 2008-03-05 17:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
    2018-03-04 10:03 - 2008-03-05 17:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
    2018-03-04 10:03 - 2008-03-05 17:00 - 000025608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
    2018-03-04 10:03 - 2008-03-05 16:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
    2018-03-04 10:03 - 2008-03-05 16:56 - 003786760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
    2018-03-04 10:03 - 2008-03-05 16:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
    2018-03-04 10:03 - 2008-03-05 16:56 - 001420824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
    2018-03-04 10:03 - 2008-02-06 00:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
    2018-03-04 10:03 - 2008-02-06 00:07 - 000462864 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
    2018-03-04 10:03 - 2007-10-22 04:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
    2018-03-04 10:03 - 2007-10-22 04:39 - 000267272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
    2018-03-04 10:03 - 2007-10-22 04:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
    2018-03-04 10:03 - 2007-10-22 04:37 - 000017928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
    2018-03-04 10:03 - 2007-10-12 16:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
    2018-03-04 10:03 - 2007-10-12 16:14 - 003734536 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
    2018-03-04 10:03 - 2007-10-12 16:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
    2018-03-04 10:03 - 2007-10-12 16:14 - 001374232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
    2018-03-04 10:03 - 2007-10-02 10:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
    2018-03-04 10:03 - 2007-10-02 10:56 - 000444776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
    2018-03-04 10:03 - 2007-07-20 01:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
    2018-03-04 10:03 - 2007-07-20 01:57 - 000267112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
    2018-03-04 10:03 - 2007-07-19 19:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
    2018-03-04 10:03 - 2007-07-19 19:14 - 003727720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
    2018-03-04 10:03 - 2007-07-19 19:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
    2018-03-04 10:03 - 2007-07-19 19:14 - 001358192 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
    2018-03-04 10:03 - 2007-07-19 19:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
    2018-03-04 10:03 - 2007-07-19 19:14 - 000444776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
    2018-03-04 10:03 - 2007-06-20 21:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
    2018-03-04 10:03 - 2007-06-20 21:46 - 000266088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
    2018-03-04 10:03 - 2007-05-16 17:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
    2018-03-04 10:03 - 2007-05-16 17:45 - 003497832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
    2018-03-04 10:03 - 2007-05-16 17:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
    2018-03-04 10:03 - 2007-05-16 17:45 - 001124720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
    2018-03-04 10:03 - 2007-05-16 17:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
    2018-03-04 10:03 - 2007-05-16 17:45 - 000443752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
    2018-03-04 10:03 - 2007-04-04 19:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
    2018-03-04 10:03 - 2007-04-04 19:55 - 000261480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
    2018-03-04 10:03 - 2007-03-15 17:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
    2018-03-04 10:03 - 2007-03-15 17:57 - 000443752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
    2018-03-04 10:03 - 2007-03-12 17:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
    2018-03-04 10:03 - 2007-03-12 17:42 - 003495784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
    2018-03-04 10:03 - 2007-03-12 17:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
    2018-03-04 10:03 - 2007-03-12 17:42 - 001123696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
    2018-03-04 10:03 - 2007-03-05 13:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
    2018-03-04 10:03 - 2007-03-05 13:42 - 000015128 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
    2018-03-04 10:03 - 2007-01-24 16:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
    2018-03-04 10:03 - 2007-01-24 16:27 - 000255848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
    2018-03-04 10:03 - 2006-12-08 13:02 - 000251672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
    2018-03-04 10:03 - 2006-12-08 13:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
    2018-03-04 10:03 - 2006-11-29 14:06 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
    2018-03-04 10:03 - 2006-11-29 14:06 - 003426072 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
    2018-03-04 10:03 - 2006-11-29 14:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
    2018-03-04 10:03 - 2006-11-29 14:06 - 000440080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
    2018-03-04 10:03 - 2006-09-28 17:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
    2018-03-04 10:03 - 2006-09-28 17:05 - 002414360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
    2018-03-04 10:03 - 2006-09-28 17:05 - 000237848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
    2018-03-04 10:03 - 2006-09-28 17:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
    2018-03-04 10:03 - 2006-07-28 10:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
    2018-03-04 10:03 - 2006-07-28 10:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
    2018-03-04 10:03 - 2006-07-28 10:30 - 000236824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
    2018-03-04 10:03 - 2006-07-28 10:30 - 000062744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
    2018-03-04 10:03 - 2006-05-31 08:24 - 000230168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
    2018-03-04 10:03 - 2006-05-31 08:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
    2018-03-04 10:03 - 2006-03-31 13:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
    2018-03-04 10:03 - 2006-03-31 13:40 - 002388176 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
    2018-03-04 10:03 - 2006-03-31 13:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
    2018-03-04 10:03 - 2006-03-31 13:39 - 000229584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
    2018-03-04 10:03 - 2006-03-31 13:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
    2018-03-04 10:03 - 2006-03-31 13:39 - 000062672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
    2018-03-04 10:03 - 2006-02-03 09:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
    2018-03-04 10:03 - 2006-02-03 09:43 - 002332368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
    2018-03-04 10:03 - 2006-02-03 09:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
    2018-03-04 10:03 - 2006-02-03 09:42 - 000230096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
    2018-03-04 10:03 - 2006-02-03 09:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
    2018-03-04 10:03 - 2006-02-03 09:41 - 000014032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
    2018-03-04 10:03 - 2005-12-05 19:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
    2018-03-04 10:03 - 2005-12-05 19:09 - 002323664 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
    2018-03-04 10:03 - 2005-07-22 20:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
    2018-03-04 10:03 - 2005-07-22 20:59 - 002319568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
    2018-03-04 10:03 - 2005-05-26 16:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
    2018-03-04 10:03 - 2005-05-26 16:34 - 002297552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
    2018-03-04 10:03 - 2005-03-18 18:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
    2018-03-04 10:03 - 2005-03-18 18:19 - 002337488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
    2018-03-04 10:03 - 2005-02-05 20:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
    2018-03-04 10:03 - 2005-02-05 20:45 - 002222800 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
    2018-03-03 16:59 - 2018-03-03 17:11 - 000000942 ___HC C:\Users\mikef\.lmmsrc.xml
    2018-03-03 13:12 - 2018-03-03 13:12 - 000000000 ___DC C:\Users\mikef\Documents\Audacity
    2018-03-03 12:09 - 2018-03-03 12:09 - 000000000 ___DC C:\Users\mikef\Documents\Mixpad Projects
    2018-03-02 09:32 - 2018-03-02 09:32 - 000000000 ___DC C:\Users\mikef\AppData\Local\iClone
    2018-03-02 09:00 - 2018-03-02 09:00 - 000000875 ____C C:\Users\Public\Desktop\iClone v7.2.lnk
    2018-03-02 08:59 - 2018-03-02 08:59 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iClone 7
    2018-03-01 13:01 - 2018-03-01 13:01 - 000000000 ___DC C:\Users\mikef\Documents\DrawPad
    2018-03-01 12:43 - 2018-03-01 12:43 - 000001229 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Animate.lnk
    2018-03-01 12:43 - 2018-03-01 12:43 - 000001217 ____C C:\Users\Public\Desktop\Express Animate.lnk
    2018-03-01 12:43 - 2018-03-01 12:43 - 000001165 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
    2018-03-01 12:43 - 2018-03-01 12:43 - 000001153 ____C C:\Users\Public\Desktop\WavePad Sound Editor.lnk
    2018-03-01 12:40 - 2018-03-01 12:40 - 000001157 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
    2018-03-01 12:40 - 2018-03-01 12:40 - 000001145 ____C C:\Users\Public\Desktop\Debut Video Capture Software.lnk
    2018-03-01 12:13 - 2018-03-01 12:54 - 000001187 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DrawPad Graphic Design Software.lnk
    2018-03-01 12:13 - 2018-03-01 12:54 - 000001175 ____C C:\Users\Public\Desktop\DrawPad Graphic Design Software.lnk
    2018-02-28 22:46 - 2017-12-12 10:46 - 000454450 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20180228-214624.backup
    2018-02-28 15:57 - 2018-02-28 15:57 - 000000000 ___DC C:\Users\mikef\AppData\Local\MorphCreator
    2018-02-27 15:57 - 2018-02-27 15:57 - 000001735 ____C C:\Users\mikef\Desktop\Evernote.lnk
    2018-02-27 11:58 - 2018-02-27 12:05 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\YouTubeByClick
    2018-02-27 11:57 - 2018-03-04 14:58 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\ByClick
    2018-02-26 15:06 - 2011-09-07 16:25 - 000000000 ___DC C:\Users\mikef\Desktop\Ex_Files_AE_Cr8_Char
    2018-02-26 15:05 - 2018-02-26 15:05 - 009715947 ____C C:\Users\mikef\Desktop\Ex_Files_AE_Cr8_Char.zip
    2018-02-26 10:47 - 2018-02-26 10:47 - 000001181 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk
    2018-02-26 10:45 - 2018-02-26 10:45 - 000001199 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Image Converter.lnk
    2018-02-26 10:45 - 2018-02-26 10:45 - 000001187 ____C C:\Users\Public\Desktop\Pixillion Image Converter.lnk
    2018-02-25 16:40 - 2018-02-25 16:40 - 000000976 ____C C:\Users\Public\Desktop\iClone 3DXchange v7.2 Pipeline.lnk
    2018-02-25 16:40 - 2018-02-25 16:40 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iClone 3DXchange 7
    2018-02-25 16:14 - 2018-02-25 16:14 - 000052976 _____ C:\WINDOWS\system32\Drivers\voxaldriverx64.sys
    2018-02-25 16:14 - 2018-02-25 16:14 - 000001167 ____C C:\Users\mikef\AppData\Roaming\trace_FilterInstaller.txt
    2018-02-25 16:14 - 2018-02-25 16:14 - 000001139 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
    2018-02-25 16:14 - 2018-02-25 16:14 - 000001127 ____C C:\Users\Public\Desktop\Voxal Voice Changer.lnk
    2018-02-25 16:14 - 2018-02-25 16:14 - 000000000 ____C C:\Users\mikef\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
    2018-02-23 19:06 - 2018-02-24 08:38 - 000000000 ___DC C:\Users\mikef\AppData\Local\EvernoteNW
    2018-02-23 14:58 - 2018-02-23 15:01 - 000000000 ___DC C:\Users\mikef\Evernote
    2018-02-23 14:57 - 2018-02-27 15:57 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-03-25 16:15 - 2017-07-28 16:41 - 000077691 ____C C:\WINDOWS\ZAM.krnl.trace
    2018-03-25 16:15 - 2017-07-28 16:41 - 000037986 ____C C:\WINDOWS\ZAM_Guard.krnl.trace
    2018-03-25 16:06 - 2017-12-02 04:27 - 001896192 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-03-25 15:59 - 2016-11-24 10:47 - 000000000 ___DC C:\Users\mikef\AppData\LocalLow\Mozilla
    2018-03-25 15:59 - 2015-11-03 00:07 - 000000165 ____C C:\Users\mikef\AppData\Roaming\sp_data.sys
    2018-03-25 15:59 - 2015-11-03 00:07 - 000000000 __SHD C:\Users\mikef\IntelGraphicsProfiles
    2018-03-25 15:58 - 2017-12-02 04:27 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
    2018-03-25 15:58 - 2017-09-29 01:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2018-03-25 15:58 - 2017-07-29 07:32 - 000000000 ___DC C:\Program Files\Emsisoft Anti-Malware
    2018-03-25 14:19 - 2017-12-02 04:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-03-25 12:55 - 2017-09-02 16:10 - 000000000 ___DC C:\ProgramData\AVAST Software
    2018-03-25 12:41 - 2017-12-02 04:27 - 000004100 _____ C:\WINDOWS\System32\Tasks\AupAvUpdate
    2018-03-25 10:29 - 2017-07-23 15:01 - 000000781 ____C C:\Users\Public\Desktop\Malwarebytes.lnk
    2018-03-25 10:29 - 2017-07-23 15:01 - 000000000 ___DC C:\ProgramData\Malwarebytes
    2018-03-25 10:25 - 2016-02-18 19:44 - 001388432 ____C C:\Users\Public\VOIP.dat
    2018-03-25 09:17 - 2016-03-09 18:59 - 000000352 ____C C:\WINDOWS\Tasks\HPCeeScheduleFormikef.job
    2018-03-25 00:27 - 2017-12-02 04:27 - 000003244 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFormikef
    2018-03-23 23:51 - 2017-11-28 11:03 - 000000000 ___DC C:\Program Files\Mozilla Firefox
    2018-03-23 23:51 - 2017-11-28 11:03 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
    2018-03-23 23:35 - 2017-11-29 18:44 - 000000955 ____C C:\Users\Public\Desktop\Firefox.lnk
    2018-03-23 23:35 - 2017-11-28 11:03 - 000000967 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2018-03-23 23:34 - 2017-11-28 11:03 - 000311176 ____C (Mozilla) C:\Users\mikef\Downloads\Firefox Installer.exe
    2018-03-23 23:28 - 2017-12-02 04:27 - 000003644 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
    2018-03-23 23:02 - 2017-11-28 11:04 - 000000000 ___DC C:\Users\mikef\Desktop\Old Firefox Data
    2018-03-23 21:56 - 2017-09-29 06:46 - 000000000 ___DC C:\WINDOWS\DeliveryOptimization
    2018-03-23 11:14 - 2015-11-03 02:28 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-03-23 09:15 - 2017-09-29 06:46 - 000000000 ___DC C:\WINDOWS\AppReadiness
    2018-03-23 00:38 - 2016-02-20 14:19 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\vlc
    2018-03-22 23:33 - 2017-12-02 04:22 - 000000000 __HDC C:\Users\mikef
    2018-03-22 23:30 - 2017-07-30 12:51 - 000001221 ____C C:\Users\mikef\Desktop\Emsisoft Anti-Malware.lnk
    2018-03-22 23:20 - 2016-02-22 15:54 - 000000000 ___DC C:\Program Files (x86)\NCH Software
    2018-03-22 23:20 - 2016-02-20 12:17 - 000000000 ___DC C:\ProgramData\NCH Software
    2018-03-22 23:15 - 2017-07-20 22:08 - 000070834 ____C C:\WINDOWS\SysWOW64\bddel.dat
    2018-03-22 15:08 - 2016-02-18 19:16 - 000002263 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-03-22 15:08 - 2016-02-18 19:16 - 000002222 ____C C:\Users\Public\Desktop\Google Chrome.lnk
    2018-03-22 10:06 - 2017-09-29 06:46 - 000000000 __HDC C:\Program Files\WindowsApps
    2018-03-19 15:12 - 2017-12-01 07:47 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2844788878-880486787-4179794426-1001
    2018-03-19 15:12 - 2017-12-01 07:46 - 000002365 ____C C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-03-19 15:12 - 2017-12-01 07:46 - 000000000 __RDC C:\Users\mikef\OneDrive
    2018-03-17 18:51 - 2016-02-20 12:17 - 000000000 ___DC C:\Users\mikef\AppData\LocalLow\Adobe
    2018-03-17 14:48 - 2016-02-20 13:58 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\NCH Software
    2018-03-16 19:02 - 2016-02-20 13:51 - 000000000 ___DC C:\Users\mikef\AppData\Local\ElevatedDiagnostics
    2018-03-13 16:50 - 2016-11-29 13:10 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Screen Recorder
    2018-03-12 08:58 - 2017-12-02 04:27 - 000003946 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1511452126
    2018-03-12 08:58 - 2017-11-23 08:48 - 000001040 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
    2018-03-12 08:58 - 2017-11-23 08:48 - 000000000 ___DC C:\Program Files\Opera
    2018-03-11 12:06 - 2017-09-29 06:46 - 000000000 ___DC C:\Program Files\Windows Defender
    2018-03-11 12:02 - 2017-12-02 04:20 - 005178344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-03-08 10:52 - 2017-04-04 11:23 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rotor Rush
    2018-03-08 10:52 - 2016-03-07 22:37 - 000000000 ___DC C:\Users\mikef\AppData\Local\UnrealEngine
    2018-03-05 08:47 - 2017-03-10 18:05 - 000000000 ___DC C:\ProgramData\Adobe
    2018-03-04 18:07 - 2017-03-26 09:17 - 000000000 ___DC C:\ProgramData\regid.1986-12.com.adobe
    2018-03-04 16:34 - 2015-11-03 00:07 - 000000000 ___DC C:\Users\mikef\AppData\Roaming\Adobe
    2018-03-04 09:46 - 2018-02-09 12:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
    2018-03-02 08:56 - 2015-11-02 23:12 - 000000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
    2018-03-01 11:51 - 2017-09-29 06:44 - 000000000 ___DC C:\WINDOWS\INF
    2018-02-27 11:58 - 2016-02-20 12:17 - 000000000 ___DC C:\ProgramData\Caphyon
    2018-02-27 11:24 - 2017-09-29 06:46 - 000000000 ___DC C:\WINDOWS\LiveKernelReports
    2018-02-25 15:24 - 2018-02-02 18:34 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion
    2018-02-25 15:24 - 2017-08-13 22:32 - 000000000 ___DC C:\Users\mikef\AppData\Local\Reallusion
    2018-02-25 12:12 - 2017-08-28 12:17 - 000000000 __HDC C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupAdvanced Uninstaller
    2018-02-25 12:10 - 2015-11-02 22:55 - 000000000 ___DC C:\ProgramData\Package Cache
    2018-02-25 12:01 - 2017-12-02 04:22 - 000000000 ___DC C:\Users\mikef\AppData\Local\Packages
    2018-02-25 11:54 - 2018-02-20 23:43 - 000000000 ___DC C:\Users\mikef\AppData\Local\PlaceholderTileLogoFolder
    2018-02-24 14:23 - 2017-05-10 08:23 - 000000000 ___DC C:\Users\mikef\Documents\Adobe
    2018-02-24 08:38 - 2017-08-11 16:34 - 000000000 ___DC C:\Program Files\SUPERAntiSpyware
    2018-02-23 19:46 - 2017-09-29 06:46 - 000000000 ___DC C:\WINDOWS\SysWOW64\Macromed

    ==================== Files in the root of some directories =======

    2017-11-08 16:45 - 2017-11-08 16:45 - 000000008 ____C () C:\ProgramData\sysqcl1131236454.dat
    2016-02-18 19:44 - 2018-03-25 10:25 - 001388432 ____C () C:\Users\Public\VOIP.dat
    2017-01-02 16:36 - 2017-03-10 17:25 - 000000096 ____C () C:\Users\mikef\AppData\Roaming\Camdata.ini
    2017-01-02 16:36 - 2017-03-10 17:25 - 000000408 ____C () C:\Users\mikef\AppData\Roaming\CamLayout.ini
    2017-01-02 16:36 - 2017-03-10 17:25 - 000000408 ____C () C:\Users\mikef\AppData\Roaming\CamShapes.ini
    2017-01-02 16:36 - 2017-03-10 17:25 - 000004536 ____C () C:\Users\mikef\AppData\Roaming\CamStudio.cfg
    2015-01-06 13:06 - 2015-01-12 01:42 - 000000746 ____C () C:\Users\mikef\AppData\Roaming\DriveCalculator Preferences
    2015-11-03 00:07 - 2018-03-25 15:59 - 000000165 ____C () C:\Users\mikef\AppData\Roaming\sp_data.sys
    2018-02-25 16:14 - 2018-02-25 16:14 - 000001167 ____C () C:\Users\mikef\AppData\Roaming\trace_FilterInstaller.txt
    2018-02-25 16:14 - 2018-02-25 16:14 - 000000000 ____C () C:\Users\mikef\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
    2017-05-03 14:40 - 2017-05-03 14:40 - 000000078 ____C () C:\Users\mikef\AppData\Roaming\VC.dat
    2016-11-29 12:58 - 2017-03-10 17:24 - 000000096 ____C () C:\Users\mikef\AppData\Roaming\version2.xml
    2016-11-03 16:46 - 2016-11-03 16:46 - 000051211 ____C () C:\Users\mikef\AppData\Roaming\VideoPad.dmp
    2010-05-31 14:03 - 2014-01-10 13:59 - 000000794 ____C () C:\Users\mikef\AppData\Roaming\wklnhst.dat
    2014-07-08 12:51 - 2017-07-29 07:56 - 000008704 ___HC () C:\Users\mikef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-03-04 00:07 - 2016-03-04 00:07 - 000000861 ___HC () C:\Users\mikef\AppData\Local\recently-used.xbel
    2010-10-24 08:12 - 2017-06-27 06:08 - 000007597 ___HC () C:\Users\mikef\AppData\Local\resmon.resmoncfg
    2011-09-18 07:29 - 2011-09-18 07:29 - 000017408 ___HC () C:\Users\mikef\AppData\Local\WebpageIcons.db

    Some files in TEMP:
    ====================
    2018-03-25 14:48 - 2017-12-02 04:15 - 001954048 ____C (Microsoft Corporation) C:\Users\mikef\AppData\Local\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-03-24 11:02

    ==================== End of FRST.txt ============================
























    ,



    Here is a RogueKiller Scan done after everything else


    RogueKiller V12.12.9.0 (x64) [Mar 19 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.16299) 64 bits version
    Started in : Normal mode
    User : mikef [Administrator]
    Started from : F:\Programs\RogueKiller_portable64.exe
    Mode : Scan -- Date : 03/25/2018 18:04:57 (Duration : 00:37:23)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: HFS256G39MND-2300A +++++
    --- User ---
    [MBR] df1863962a03673101c75437f6cfffc3
    [BSP] 7309b564c7154fdcd7ea26378ec14b1f : Empty MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
    1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
    2 - Basic data partition | Offset (sectors): 567296 | Size: 243422 MB
    3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 499095552 | Size: 499 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WD My Passport 0827 USB Device +++++
    --- User ---
    [MBR] a6ef9e9e43ec973a4f6a66e765f7ccf7
    [BSP] 885814df319cc6e825466bdc3e388595 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows XP Bootstrap | Windows XP Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

  2. #12
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,777

    Default

    I ran Malwarebytes, thank you.
    Did it find anything?

    ~~~~~~~~~~~~~~~~~~~~`
    In the scans there are some things in the host and registry and also kept seeing the name Andy?
    C:\Program Files\Andy\andy.exe
    Did you download and install this? => Android OS -Android app emulator

    ~~`
    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::



    Start::
    CloseProcesses:
    CreateRestorePoint:
    CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-25D45E75801D}\InprocServer32 -> %%sy.stemroot%%\system32\shell32.dll => No File
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => -> No File
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => -> No File
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => -> No File
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
    ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
    ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Task: {03EBFD46-C746-4DA0-BAEB-F5CA61390248} - System32\Tasks\OrangeDefender => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
    Task: {3CD8A4AF-ADA8-42EF-8CDE-43CB6F70D0CD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {5A19F576-2169-4975-BFF2-A2FA539C49DD} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe
    Task: {8FC31531-8EE3-4225-B895-8F42E143A938} - System32\Tasks\{C57E97CC-9025-4C60-9091-2CA62ECA2512} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\mikef\AppData\Local\uninstallce.exe
    Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Notification.job => F:\Programs\Solvusoft\WinThruster\Sync.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Startup.job => F:\Programs\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Betaflight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=kdaghagfopacdngbohiknlhcocjccjao
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\BLHeli - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=mejfjggmbnocnfibbibmoogocnjbcjnk
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dcnofaichneijfbkdkghmhjjbepjmble
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Journey (Diary, Journal).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=jlncjaehedpdoinepaejmlpbmdkgmpog
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\KissFC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dpnfknficgldmilnkddfhmbafkcipkkh
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RaceFlight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=ffkgelfmnmeofidahjaefimpdgekflha
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> OldSearch URL =
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {99FFAE1F-493D-44F2-84D3-A9771953A756} URL = hxxps://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
    FF HKLM\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [No File]
    FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [No File]
    FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
    FF Plugin HKU\S-1-5-21-2844788878-880486787-4179794426-1001: @citrixonline.com/appdetectorplugin -> C:\Users\MikeF\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
    CHR HomePage: Profile 3 -> search.ask.com/?gct=hp
    CHR HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MikeF\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx <not found>
    2018-03-25 14:48 - 2017-12-02 04:15 - 001954048 ____C (Microsoft Corporation) C:\Users\mikef\AppData\Local\Temp\dllnt_dump.dll
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset catalog
    CMD: Bitsadmin /Reset /Allusers
    Emptytemp:
    End::


    Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ******

    Since you were using Firefox when this happened, let's reset the browser.

    Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
    Backup Firefox Bookmarks

    Proceed with the reset once done.
    Firefox:Reset Firefox

    ~~~~~

    I want to take precautions and run a rootkit scan.

    Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

    https://forums.malwarebytes.com/topi...-malwarebytes/

    run the scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

    Please post these 2 logs when finished.
    Tell me how the computer is at the moment.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #13
    Junior Member
    Join Date
    Jul 2017
    Posts
    19

    Default

    Hi,
    First thing before I forget, I want to thank you for taking your time to help me. I really appreciate it.

    I ran Malwarebytes last night and it came up clean.

    I ran FRST Fix scan and will post the report.
    I don't understand what I'm to do with the "start to end" text I was to copy. Where do I paste it? I also reset Firefox.

    I will now go and run the MBAR and post results when I'm finished.

    I have been using the laptop off and on, but pretty constant for more than 24hrs with no other contact from the person and everything seems to be working, but with some issues.

    Issues I've noticed,

    I will begin typing and it is going backward the letters. I have to stop and delete whatever I am typing and start again for it to work correctly. This has happened a few times.

    Pages not loading all the way or parts of the page have big blacked out sections when nothing loaded. This is the most frequent issue.

    Generally, things seem to work so far, but it seems a lot slower and it gets stuck and just spinning the blue ring until I close it and start over fresh.

    These have appeared after the initial contact with whoever it was.



    Fixlog Scan


    Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
    Ran by mikef (26-03-2018 11:33:13) Run:1
    Running from F:\Programs
    Loaded Profiles: mikef (Available Profiles: mikef)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    CustomCLSID: HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-25D45E75801D}\InprocServer32 -> %%sy.stemroot%%\system32\shell32.dll => No File
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => -> No File
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => -> No File
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => -> No File
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
    ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
    ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Task: {03EBFD46-C746-4DA0-BAEB-F5CA61390248} - System32\Tasks\OrangeDefender => C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe
    Task: {3CD8A4AF-ADA8-42EF-8CDE-43CB6F70D0CD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {5A19F576-2169-4975-BFF2-A2FA539C49DD} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe
    Task: {8FC31531-8EE3-4225-B895-8F42E143A938} - System32\Tasks\{C57E97CC-9025-4C60-9091-2CA62ECA2512} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\mikef\AppData\Local\uninstallce.exe
    Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Notification.job => F:\Programs\Solvusoft\WinThruster\Sync.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\WinThruster64-mikef-Startup.job => F:\Programs\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Betaflight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=kdaghagfopacdngbohiknlhcocjccjao
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\BLHeli - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=mejfjggmbnocnfibbibmoogocnjbcjnk
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dcnofaichneijfbkdkghmhjjbepjmble
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Journey (Diary, Journal).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=jlncjaehedpdoinepaejmlpbmdkgmpog
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\KissFC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=dpnfknficgldmilnkddfhmbafkcipkkh
    ShortcutWithArgument: C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RaceFlight - Configurator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=ffkgelfmnmeofidahjaefimpdgekflha
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> OldSearch URL =
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {99FFAE1F-493D-44F2-84D3-A9771953A756} URL = hxxps://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2844788878-880486787-4179794426-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
    FF HKLM\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [@BrowserSafer] - C:\Users\mikef\AppData\Roaming\Mozilla\FireFox\@BrowserSafer.xpi => not found
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [No File]
    FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [No File]
    FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
    FF Plugin HKU\S-1-5-21-2844788878-880486787-4179794426-1001: @citrixonline.com/appdetectorplugin -> C:\Users\MikeF\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
    CHR HomePage: Profile 3 -> search.ask.com/?gct=hp
    CHR HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MikeF\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx <not found>
    2018-03-25 14:48 - 2017-12-02 04:15 - 001954048 ____C (Microsoft Corporation) C:\Users\mikef\AppData\Local\Temp\dllnt_dump.dll
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset catalog
    CMD: Bitsadmin /Reset /Allusers
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKU\S-1-5-21-2844788878-880486787-4179794426-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-25D45E75801D}" => removed successfully
    "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File" => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveBlacklisted => not found
    HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSynced => not found
    HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSyncing => not found
    HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => not found
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco1" => removed successfully
    "HKLM\Software\Classes\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}" => removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco2" => removed successfully
    "HKLM\Software\Classes\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}" => removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco3" => removed successfully
    "HKLM\Software\Classes\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}" => removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
    "HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate" => removed successfully
    HKLM\Software\Classes\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235} => not found
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate" => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235} => not found
    "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AccExt" => removed successfully
    "HKLM\Software\Classes\CLSID\{2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4}" => removed successfully
    "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00asw" => removed successfully
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
    "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
    HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{03EBFD46-C746-4DA0-BAEB-F5CA61390248}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03EBFD46-C746-4DA0-BAEB-F5CA61390248}" => removed successfully
    C:\WINDOWS\System32\Tasks\OrangeDefender => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OrangeDefender" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CD8A4AF-ADA8-42EF-8CDE-43CB6F70D0CD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CD8A4AF-ADA8-42EF-8CDE-43CB6F70D0CD}" => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A19F576-2169-4975-BFF2-A2FA539C49DD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A19F576-2169-4975-BFF2-A2FA539C49DD}" => removed successfully
    C:\WINDOWS\System32\Tasks\Avira Safe Shopping Updater => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira Safe Shopping Updater" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FC31531-8EE3-4225-B895-8F42E143A938}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FC31531-8EE3-4225-B895-8F42E143A938}" => removed successfully
    C:\WINDOWS\System32\Tasks\{C57E97CC-9025-4C60-9091-2CA62ECA2512} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C57E97CC-9025-4C60-9091-2CA62ECA2512}" => removed successfully
    C:\WINDOWS\Tasks\WinThruster64-mikef-Notification.job => moved successfully
    C:\WINDOWS\Tasks\WinThruster64-mikef-Startup.job => moved successfully
    C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Betaflight - Configurator.lnk => Shortcut argument removed successfully
    C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\BLHeli - Configurator.lnk => Shortcut argument removed successfully
    C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk => Shortcut argument removed successfully
    C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Journey (Diary, Journal).lnk => Shortcut argument removed successfully
    C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\KissFC.lnk => Shortcut argument removed successfully
    C:\Users\mikef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RaceFlight - Configurator.lnk => Shortcut argument removed successfully
    C:\ProgramData\Temp => ":5C321E34" ADS removed successfully
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
    "HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    "HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => removed successfully
    HKLM\Software\Classes\CLSID\OldSearch => not found
    "HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
    HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
    "HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{99FFAE1F-493D-44F2-84D3-A9771953A756}" => removed successfully
    HKLM\Software\Classes\CLSID\{99FFAE1F-493D-44F2-84D3-A9771953A756} => not found
    "HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}" => removed successfully
    HKLM\Software\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => not found
    "HKLM\Software\Mozilla\Firefox\Extensions\\@BrowserSafer" => removed successfully
    "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\netsight@nielsen.com" => removed successfully
    "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\@BrowserSafer" => removed successfully
    "HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2" => removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2" => removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098" => removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E" => removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect" => removed successfully
    "HKU\S-1-5-21-2844788878-880486787-4179794426-1001\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin" => removed successfully
    "C:\Users\MikeF\AppData\Local\Citrix\Plugins\104\npappdetector.dll" => not found
    "Chrome HomePage" => removed successfully
    "HKU\S-1-5-21-2844788878-880486787-4179794426-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pjldcfjmnllhmgjclecdnfampinooman" => removed successfully
    C:\Users\mikef\AppData\Local\Temp\dllnt_dump.dll => moved successfully

    ========= netsh advfirewall reset =========

    The following helper DLL cannot be loaded: NAPMONTR.DLL.
    Ok.


    ========= End of CMD: =========


    ========= netsh advfirewall set allprofiles state ON =========

    The following helper DLL cannot be loaded: NAPMONTR.DLL.
    Ok.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========

    The following helper DLL cannot be loaded: NAPMONTR.DLL.

    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= Bitsadmin /Reset /Allusers =========


    BITSADMIN version 3.0
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    0 out of 0 jobs canceled.

    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 9199616 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45127032 B
    Java, Flash, Steam htmlcache => 8915 B
    Windows/system/drivers => 37257989 B
    Edge => 1302812 B
    Chrome => 909235244 B
    Firefox => 395641798 B
    Opera => 474013032 B

    Temp, IE cache, history, cookies, recent:
    Default => 6656 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 254968 B
    NetworkService => 136678 B
    mikef => 95997608 B

    RecycleBin => 0 B
    EmptyTemp: => 1.8 GB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-03-2018 11:35:47)


    Result of scheduled keys to remove after reboot:

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

    ==== End of Fixlog 11:35:48 ====

  4. #14
    Junior Member
    Join Date
    Jul 2017
    Posts
    19

    Default

    I forgot to answer your question.

    I have android phones, but I don't remember installing an Android app emulator.

  5. #15
    Junior Member
    Join Date
    Jul 2017
    Posts
    19

    Default

    edited
    Last edited by Juliet; 2018-03-27 at 01:35. Reason: typo

  6. #16
    Junior Member
    Join Date
    Jul 2017
    Posts
    19

    Default

    I have to break the report up. It's too large to send all together.
    looks like SpyBot did a re-Immunization on host files. I think everything is OK with that.
    Last edited by Juliet; 2018-03-27 at 01:32. Reason: edited

  7. #17
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,777

    Default

    Good thing is, not seeing signs of infection.

    First thing before I forget, I want to thank you for taking your time to help me. I really appreciate it.
    Your welcome

    I will now go and run the MBAR and post results when I'm finished.
    Yes, I would like to know the outcome of that specific scan.

    C:\Program Files\Andy\andy.exe
    Did you download and install this? => Android OS -Android app emulator
    We can remove all files/folders, just let me know.

    I ran FRST Fix scan and will post the report.
    I don't understand what I'm to do with the "start to end" text I was to copy. Where do I paste it? I also reset Firefox.
    It might have sounded confusing but you got it right.

    Firefox might run slow since the reset and it's possible it needs to update to the latest version.
    https://support.mozilla.org/en-US/kb...latest-version

    ~~~~~~~~~~~~~~~~~~~~~~`

    I think we need to run an online scan to check for remnants.

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #18
    Junior Member
    Join Date
    Jul 2017
    Posts
    19

    Default

    Hi
    Very sorry I have not been in contact. Things have been a little crazy right now. An example would be me saving all of the scan reports as Jpegs for some reason, so I attached them to this post. Hope it works out alright. I will post a second post shortly after this with the Emergency Kit scan.


    Thank you!
    Attached Images Attached Images

  9. #19
    Junior Member
    Join Date
    Jul 2017
    Posts
    19

    Default

    I just ran the Emsisoft Emergency Kit scan and it came up clean again. The last few times that I've run virus scan, malware scan, everything is coming back clean, but my laptop is still not working the same as before. How can I be sure everything has been cleaned from the laptop and how can I know that I will be able to use it again without worrying about being watched or someone getting in and looking for things to take, or who knows what else?
    I would also like to ask you what you recommend for me to use to protect my laptop? I have been using SpyBot antivirus and antimalware, but this is the second time I have had a virus or something similar. I spoke with SpyBot and I guess it doesn't protect or get rid of ransomware or similar types of harmful programs, so do you have something you can recommend? I'd like to know about virus, malware, ransomware and everything else protection. I also run periodic scans with Malwarebytes or Emsisoft.
    I am going to be buying a new laptop for my wife and I'd like to use whatever you recommend on this also.

    Thank you so much. Let me know what I need to do next or why I go from here.

    Mike

  10. #20
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,777

    Default

    Jpegs worked fine...just make sure those items found were deleted.

    Have you experimented, booting into safe mode with networking?, to see if all this is still happening?
    Kinda sounds like onboard security is causing issues....just a thought.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    You know, it's just not acting like it malware.

    Please Download Tweaking.com - Windows Repair from Here
    OR
    Windows Repair (all in one) from here.

    Instructions below might be a little out dated, but it's self explanatory if you look at the interface.
    • Install and then run the program
    • Execute the instructions on Step 1 Important
    • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
    • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
    • Click Repairs - Open Repairs in the bottom right corner
    • Uncheck the All repair button then select just the item(s) listed below

      01 - Repair Registry Permissions
      03 - Reset Service permissions
      04 - Register System Files
      05 - Repair WMI
      06 - Repair Windows Firewall
      07 - Repair Internet Explorer
      10 - Remove Policies Set By Infections
      17 - Repair Windows Updates
      19 - Repair Volume Shadow Copy Service
      21 - Repair MSI (Windows Installer)
      26 - Restore Important Windows Services
      27 - Set Windows Service to Default Startup


    • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
    • Please copy and paste the Contents of this file on your next reply.


    Restart the computer normally.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
    Google Chrome appears to have several hits. I would save my favorites, completely uninstall then reinstall

    Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
    Backup Chrome Bookmarks

    I would use Revo uninstaller to get all the little bits and pieces
    • Please download and install Revo Uninstaller.
    • Double click Revo Uninstaller to run it.
    • From the list of programs double click on The Program to remove (Chrome)
    • When prompted if you want to uninstall click Yes.
    • Be sure the Moderate option is selected then click Next.
    • The program will run, If prompted again click Yes
    • when the built-in uninstaller is finished click on Next.
    • Once the program has searched for leftovers click Next.
    • Check/tick the bolded items only on the list then click Delete
    • when prompted click on Yes and then on next.
    • put a check on any folders that are found and select delete
    • when prompted select yes then on next
    • Once done click Finish.


    The download page is below.
    https://www.google.com/chrome/b/

    ~~~

    Let's do this first and see if we can make any headway. I can give you a list of recommendations for security apps and other items you might want to consider for protection.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •