CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-1038181654-2723990138-2818527679-1000_Classes\CLSID\{caffac23-bb21-4945-8574-40cf5a940ad0}\InprocServer32 -> C:\Users\Curt\AppData\Roaming\Catalina – Print Savings\npBcsKtTcIO.dll No File
CustomCLSID: HKU\S-1-5-21-1038181654-2723990138-2818527679-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> No File
hosts:
Task: {00DFC859-FC90-4E08-96DE-A517767BF38B} - System32\Tasks\task99669 => cmd.exe  <==== ATTENTION
Task: {33BE426A-6862-4A37-ABA3-9F18B0D64B2E} - System32\Tasks\winupd => C:\Users\Curt\AppData\Local\Temp:winupd.exe
Task: {96EA2D84-B5C6-463A-8376-57794E69C2DC} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {D0FBEF40-6929-4116-8335-B60A8F7FBF3C} - System32\Tasks\Inj_App_Ex => C:\Users\Curt\Downloads\SecurityPatchUpdater.exe
Task: {E36D859C-BBEA-4A09-8618-4F43951AB6AF} - \2932700368 No Task File <==== ATTENTION
Task: {EF6A9AA0-52D5-4BD6-A97C-D46401F47A0A} - System32\Tasks\task489058937 => cmd.exe  <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:FC595E85
Cmd: wevtutil cl application
Cmd: wevtutil cl system
Cmd: wevtutil cl security
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1038181654-2723990138-2818527679-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68}
SearchScopes: HKU\S-1-5-21-1038181654-2723990138-2818527679-1000 -> Backup.Old.DefaultScope {54EFAE1D-13AD-4089-98A7-F691DD0A63A5}
SearchScopes: HKU\S-1-5-21-1038181654-2723990138-2818527679-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Backup.Old.DefaultScope {54EFAE1D-13AD-4089-98A7-F691DD0A63A5}
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Curt\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Chrome PDF Viewer) - chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/ No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - internal-pdf-viewer No File
CHR Extension: (No Name) - C:\Users\Curt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-22]
2014-04-06 17:19 - 2014-04-06 17:19 - 0002785 _____ () C:\Users\Curt\AppData\Roaming\HOW_DECRYPT.HTML
2014-04-06 17:19 - 2014-04-06 17:19 - 0001267 _____ () C:\Users\Curt\AppData\Roaming\HOW_DECRYPT.TXT
2014-04-06 17:19 - 2014-04-06 17:19 - 0000135 _____ () C:\Users\Curt\AppData\Roaming\HOW_DECRYPT.URL
2012-01-02 15:44 - 2012-01-02 15:50 - 0010952 ___SH () C:\Users\Curt\AppData\Local\020qb55rv70j00614350kirkhx0o338ikc6yh13544v
2012-01-08 14:59 - 2012-01-08 15:01 - 0010224 ___SH () C:\Users\Curt\AppData\Local\647w8y7f5547
2013-07-26 12:10 - 2013-07-26 12:10 - 0322988 _____ () C:\Users\Curt\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53
2014-04-06 17:10 - 2014-04-06 17:10 - 0002785 _____ () C:\Users\Curt\AppData\Local\HOW_DECRYPT.HTML
2014-04-06 17:10 - 2014-04-06 17:10 - 0001267 _____ () C:\Users\Curt\AppData\Local\HOW_DECRYPT.TXT
2014-04-06 17:10 - 2014-04-06 17:10 - 0000135 _____ () C:\Users\Curt\AppData\Local\HOW_DECRYPT.URL
2012-01-02 15:44 - 2012-01-02 15:50 - 0010952 ___SH () C:\ProgramData\020qb55rv70j00614350kirkhx0o338ikc6yh13544v
2012-01-08 14:59 - 2012-01-08 15:01 - 0010224 ___SH () C:\ProgramData\647w8y7f5547
2014-04-06 16:57 - 2014-04-06 16:57 - 0002785 _____ () C:\ProgramData\HOW_DECRYPT.HTML
2014-04-06 16:57 - 2014-04-06 16:57 - 0001267 _____ () C:\ProgramData\HOW_DECRYPT.TXT
2014-04-06 16:57 - 2014-04-06 16:57 - 0000135 _____ () C:\ProgramData\HOW_DECRYPT.URL
2013-03-04 14:36 - 2013-03-04 14:36 - 0108320 _____ () C:\ProgramData\wwkmyvuoezuezha
EmptyTemp: