onlinevideoconrter pop ups

Hello, here’s the fixlog
[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 28.04.2019
Ran by Gallagher (28-04-2019 14:29:01) Run:1
Running from C:\Users\Gallagher\Desktop
Loaded Profiles: Gallagher & Paul’s Ipod & Administrator & Guest (Available Profiles: Gallagher & Paul’s Ipod & Administrator & Guest)
Boot Mode: Normal[/HEADING]
fixlist content:

---

start
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 → C:\Users\Gallagher\AppData\Local\Google\Update\1.3 .33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 → C:\Users\Gallagher\AppData\Local\Google\Update\1.3 .33.17\psuser_64.dll => No File
ShellServiceObjects: No Name → {37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} =>
ShellServiceObjects: No Name → {6FDEDD65-AC51-43CA-B2D0-9EB5D1155D03} =>
ShellServiceObjects: No Name → {7007ACCF-3202-11D1-AAD2-00805FC1270E} =>
ShellServiceObjects: No Name → {A1607060-5D4C-467a-B711-2B59A6F25957} =>
ShellServiceObjects-x32: No Name → {37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} =>
ShellServiceObjects-x32: No Name → {7007ACCF-3202-11D1-AAD2-00805FC1270E} =>
ShellServiceObjects-x32: No Name → {A1607060-5D4C-467a-B711-2B59A6F25957} =>
ShellIconOverlayIdentifiers: [SharingPrivate] → {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => → No File
ShellIconOverlayIdentifiers-x32: [SharingPrivate] → {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => → No File
ContextMenuHandlers5: [igfxcui] → {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => → No File
Shortcut: C:\Users\Gallagher\Favorites\NCH Software Download Site.lnk → hxxp://www.nch.com.au/index.htm
FirewallRules: [{6E9B26BE-A3EE-43B9-8AD9-E2AA9D14ABD7}] => (Allow) LPort=13148
FirewallRules: [{EF809E25-E4B3-4989-8058-879F3EE58EDF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPD VD14.exe No File
FirewallRules: [{DDB7E469-DE88-430E-BE79-BD7A9ADBF22D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe No File
FirewallRules: [{0F461E8A-A5B0-4BE1-8B54-89748D083890}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [TCP Query User{50C07EEF-DC35-4EA0-88EF-DD2D5B11DC8C}C:\users\gallagher\appdata\local\amaz on music\amazon music helper.exe] => (Block) C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC → Amazon Services LLC)
FirewallRules: [UDP Query User{132F0907-D320-4B55-9527-30985CE19CAA}C:\users\gallagher\appdata\local\amaz on music\amazon music helper.exe] => (Block) C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC → Amazon Services LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://85.221.20.19/activex/AMC.cab
DPF: HKLM-x32 {A3D93B25-4601-49D2-B3AF-F447C73D561F} hxxp://85.93.227.36/program/SonySncRz25View.cab
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
reboot:
end

---

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD} => removed successfully
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellServiceObjects{37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} => removed successfully
HKLM\Software\Classes\CLSID{37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellServiceObjects{6FDEDD65-AC51-43CA-B2D0-9EB5D1155D03} => removed successfully
HKLM\Software\Classes\CLSID{6FDEDD65-AC51-43CA-B2D0-9EB5D1155D03} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellServiceObjects{7007ACCF-3202-11D1-AAD2-00805FC1270E} => removed successfully
HKLM\Software\Classes\CLSID{7007ACCF-3202-11D1-AAD2-00805FC1270E} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellServiceObjects{A1607060-5D4C-467a-B711-2B59A6F25957} => removed successfully
HKLM\Software\Classes\CLSID{A1607060-5D4C-467a-B711-2B59A6F25957} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellServiceObjects{37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID{37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellServiceObjects{7007ACCF-3202-11D1-AAD2-00805FC1270E} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID{7007ACCF-3202-11D1-AAD2-00805FC1270E} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellServiceObjects{A1607060-5D4C-467a-B711-2B59A6F25957} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID{A1607060-5D4C-467a-B711-2B59A6F25957} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\SharingPrivate => removed successfully
HKLM\Software\Classes\CLSID{08244EE6-92F0-47f2-9FC9-929BAA2E7235} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\Shar ingPrivate => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{08244EE6-92F0-47f2-9FC9-929BAA2E7235} => not found
HKLM\Software\Classes\Directory\Background\ShellEx \ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Users\Gallagher\Favorites\NCH Software Download Site.lnk => moved successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{6E9B26 BE-A3EE-43B9-8AD9-E2AA9D14ABD7}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{EF809E 25-E4B3-4989-8058-879F3EE58EDF}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{DDB7E4 69-DE88-430E-BE79-BD7A9ADBF22D}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\{0F461E 8A-A5B0-4BE1-8B54-89748D083890}” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\TCP Query User{50C07EEF-DC35-4EA0-88EF-DD2D5B11DC8C}C:\users\gallagher\appdata\local\amaz on music\amazon music helper.exe” => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\UDP Query User{132F0907-D320-4B55-9527-30985CE19CAA}C:\users\gallagher\appdata\local\amaz on music\amazon music helper.exe” => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units{DE625294-70E6-45ED-B895-CFFA13AEB044} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{DE625294-70E6-45ED-B895-CFFA13AEB044} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units{A3D93B25-4601-49D2-B3AF-F447C73D561F} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID{A3D93B25-4601-49D2-B3AF-F447C73D561F} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

The following helper DLL cannot be loaded: NAPMONTR.DLL.
Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state On =========

The following helper DLL cannot be loaded: NAPMONTR.DLL.
Ok.

========= End of CMD: =========

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-2034169645-2416740140-1732510107-500\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
“HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\Internet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\Internet Settings\Connections\SavedLegacySettings” => removed successfully
“HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Inter net Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Inter net Settings\Connections\SavedLegacySettings” => removed successfully
“HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings” => removed successfully
“HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings” => removed successfully
“HKU\S-1-5-21-2034169645-2416740140-1732510107-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Inte rnet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-21-2034169645-2416740140-1732510107-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Inte rnet Settings\Connections\SavedLegacySettings” => removed successfully
“HKU\S-1-5-21-2034169645-2416740140-1732510107-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Inte rnet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-21-2034169645-2416740140-1732510107-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Inte rnet Settings\Connections\SavedLegacySettings” => removed successfully

========= End of RemoveProxy: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

The following helper DLL cannot be loaded: NAPMONTR.DLL.

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

The following helper DLL cannot be loaded: NAPMONTR.DLL.
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /release =========

Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 1 while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 1:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter WiFi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d903:7c0e:516d:139%9
Default Gateway . . . . . . . . . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========

========= ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 1 while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 1:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter WiFi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d903:7c0e:516d:139%9
IPv4 Address. . . . . . . . . . . : 192.168.0.48
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========

========= netsh int ipv4 reset =========

The following helper DLL cannot be loaded: NAPMONTR.DLL.
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

The following helper DLL cannot be loaded: NAPMONTR.DLL.
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 143911120 B
Java, Flash, Steam htmlcache => 58159986 B
Windows/system/drivers => 4620938 B
Edge => 5633297 B
Chrome => 337541357 B
Firefox => 15462775 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 5429567 B
systemprofile32 => 0 B
LocalService => 121740 B
LocalService => 0 B
NetworkService => 101800 B
NetworkService => 0 B
Gallagher => 41992247 B
Paul’s Ipod => 80969825 B
Administrator => 0 B
Guest => 0 B

RecycleBin => 17376183 B
EmptyTemp: => 688.9 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:33:28 ====

How are things now?

Ok just got another pop up about 5 mins ago, but i will monitor it today & let you know later if that’s OK?

Sounds good I await your results

Hi Jmarket
Ok it looks like i have had 4 of those pop ups so far

Cheers

Go ahead and do the following for me.

Download ResetBrowser to your desktop.

Now close all open browsers. All browsers MUST be closed during this operation!

Right click and Run as Administrator



Click on Reset Chrome– Allow completion.
Click on Reset Firefox– Allow completion.
Click on Reset Internet Explorer– Allow completion.

Now reboot your machine.

We need you to run Malwarebytes Anti-Malware (MBAM) to get a log. Please download the free version of Malwarebytes HERE

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear and after the install click the new desktop icon https://pchelpforum.net/attachments/mwb-jpg.481 to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

[ul]If the dashboard is not already displayed select it.[/ul]
[ul]Then select Update to get the latest definition database.[/ul]



[ul]Next we need to change a scanning option, select Settings on the main menu[/ul]
[ul]Then Detection and Protection on the left.[/ul]
[ul]Then select Scan for rootkits in the detection options, as well as the other two options already checked.[/ul]



Now return to Dashboard on the main menu and select Scan Now at the bottom of the screen.



[ul]Allow Malwarebytes to scan your system. It may take some time depending on how much data loaded onto your hard drive. When the scan is finished any threats will be listed for action. Ensure all threats are selected, and click Remove Selected
[/ul]



A dialogue box may open and ask to restart the computer, if so select Yes



Once the computer restarts open Malwarebytes again and select History on the menu bar, Application logs, then click the scan just completed, then click Export, choose text file. Name the text file and select a location, preferably the desktop and close Malwarebytes.



Please copy and paste the contents of the text file in your next post

Hi there, heres the MBAM log

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/30/19
Scan Time: 2:29 PM
Log File: 00e46271-6b4c-11e9-903b-ace2d359f950.json
-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.10400
License: Free
-System Information-
OS: Windows 10 (Build 17134.706)
CPU: x64
File System: NTFS
User: DESKTOP-G3G6FFA\Gallagher
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 412040
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 27 min, 37 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)

(end)

Did you run the ResetBrowser tool and instructions?

Yes & i rebooted as well

We will need a log from Zemana, can you please download the free trial HERE. Save it to somewhere you can find, double click the downloaded file and start the installation. Accept the default install options and you can safely ignore any security warnings and allow Zemana to complete the install. Once completed click the new desktop icon https://pchelpforum.net/attachments/zamicon-jpg.786 to open the program. If Zemana opens and informs of any available updates allow it to so. Next change Zemana’s default from “Smart Scan” to Deep Scan as shown below.



Then click scan



When the scan is complete allow Zemana to Quarantine any infections found by clicking Next



Once the infections are quarantined a message box will indicate success, then click the logs icon as below.



Select the latest scan and choose Open Report from the upper menu. or simply double left click on the scan just run.



The log will open as a text file. Please Copy and Paste the contents of that file in your next post

After doing that, please let me know how things are and also post fresh FRST logs as well. We’re getting there

Hi, here’s the Zem ana log

Zemana AntiMalware 2.74.2.664 (Installed)

---

Scan Result : Completed
Scan Date : 2019/5/2
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core™ i3-7100U CPU @ 2.40GHz
BIOS Mode : UEFI
CUID : 122C94BC7B83B75773CFBA
Scan Type : System Scan
Duration : 59m 30s
Scanned Objects : 397201
Detected Objects : 3
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
Avast SafePrice | Comparison, deals, coupons
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\eofcbnmajmjmplflapaojjnihc jkigck
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - Avast SafePrice | Comparison, deals, coupons

Adaware Ad Block
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\cmllgdnjnkbapbchnebiedipoj hmnjej
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - Adaware Ad Block

advinstanalytics
Status : Scanned
Object : NE->c:\users\gallagher\appdata\local\advinstanalyti cs
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA:Win32/Traffic Exchange.F!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
[HEADING=1]Cleaning Result[/HEADING]
Cleaned : 3
Reported as safe : 0
Failed : 0

You forgot fresh FRST logs.

How are things now?

Do you have any updates for us @gallorgs?

Hi Sorry been a mad last couple of days at work etc

There hasnt been any more pop ups

I will attach the FRST log in a minute

cheers

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-05.2019
Ran by Gallagher (administrator) on DESKTOP-G3G6FFA (HP HP All-in-One 24-e0XX) (04-05-2019 14:16:22)
Running from C:\Users\Gallagher\Desktop
Loaded Profiles: Gallagher & Paul’s Ipod & Administrator & Guest (Available Profiles: Gallagher & Paul’s Ipod & Administrator & Guest)
Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x6 4__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19 021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.ex e
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1 903.21.0_x64__8wekyb3d8bbwe\Calculator.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.114 11.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adguard Software Limited → Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe
(Adguard Software Limited → Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Adobe Systems Incorporated → Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Adobe Systems, Incorporated → Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Amazon Services LLC → Amazon Services LLC) C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc. → Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. → Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc. → Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. → Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. → Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. → Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc. → Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. → Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. → Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. → Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc. → Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc. → Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software s.r.o. → AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. → AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. → AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. → AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. → AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Canon Inc. → ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. → CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Dropbox, Inc → Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc → Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc → Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc → Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc → Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc → The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\71.4.108\QtWebEngineProcess.e xe
(Google Inc → Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google Inc → Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.ex e
(Google Inc → Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64. exe
(Google LLC → Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC → Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC → Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC → Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC → Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC → Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC → Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC → Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company → HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(HP Inc. → ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. → HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. → HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. → HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. → HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. → HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. → HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(HP Inc. → HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(IDSA Production signing key → Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key → Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key → Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group → Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group → Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki1 29407.inf_amd64_f26f36ac54ce3076\igfxCUIService.ex e
(Intel(R) pGFX → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki1 29407.inf_amd64_f26f36ac54ce3076\igfxEM.exe
(Intel(R) pGFX → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki1 29407.inf_amd64_f26f36ac54ce3076\IntelCpHDCPSvc.ex e
(Intel(R) pGFX → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki1 29407.inf_amd64_f26f36ac54ce3076\IntelCpHeciSvc.ex e
(Intel(R) Rapid Storage Technology → Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology → Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Laplink Software Inc. → Laplink Software, Inc.) C:\Program Files (x86)\Laplink\PCmover\PcmService.exe
(Livedrive Internet LTD → ) C:\Program Files (x86)\Cloud Storage\VSSService.exe
(Livedrive Internet LTD → DSG Retail Limited) C:\Program Files (x86)\Cloud Storage\CloudStorage.exe
(Malwarebytes Corporation → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxOutlo ok.exe
(Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxTsr.e xe
(Microsoft Corporation → Microsoft Corporation) C:\Users\Gallagher\AppData\Local\Microsoft\OneDriv e\OneDrive.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x6 4__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.100 1.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows → Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows → Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation → NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Oracle America, Inc. → Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd → Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp → Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Realtek Semiconductor Corp → Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Western Digital Technologies, Inc. → WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital Technologies, Inc. → Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Western Digital Technologies, Inc. → Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Zemana D.O.O. Sarajevo → Copyright 2018.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Zemana D.O.O. Sarajevo → Copyright 2018.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows → Microsoft Corporation)
HKLM...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp → Realtek Semiconductor Corporation)
HKLM...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [318920 2019-03-07] (Intel(R) Rapid Storage Technology → Intel Corporation)
HKLM...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. → Apple Inc.)
HKLM...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
HKLM...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo → Copyright 2018.)
HKLM-x32...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. → HP Inc.)
HKLM-x32...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (Canon Inc. → CANON INC.)
HKLM-x32...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5537088 2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. → Oracle Corporation)
HKU\S-1-5-19...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows → Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143613868...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows → Microsoft Corporation)
HKU\S-1-5-20...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows → Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143614181...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows → Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\Run: [Google Photos Backup] => C:\Users\Gallagher\AppData\Local\Programs\Google\G oogle Photos Backup\Google Photos Backup.exe [3791704 2018-06-01] (Google Inc → Google, Inc)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\Run: [Google Update] => C:\Users\Gallagher\AppData\Local\Google\Update\1.3 .34.7\GoogleUpdateCore.exe [752424 2019-03-27] (Google Inc → Google LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\Run: [GoogleDriveSync] => “C:\Program Files (x86)\Google\Drive\googledrivesync.exe” /autostart
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-03-13] (Apple Inc. → Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. → Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-16] (Valve → Valve Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\Run: [Amazon Music Helper] => C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe [3052472 2018-11-14] (Amazon Services LLC → Amazon Services LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-02-04] (Piriform Software Ltd → Piriform Software Ltd)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\Run: [CloudStorage] => C:\Program Files (x86)\Cloud Storage\CloudStorage.exe [4252088 2019-01-16] (Livedrive Internet LTD → DSG Retail Limited)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5735784 2018-10-30] (Adguard Software Limited → Adguard Software Ltd)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Control Panel\Desktop\SCRNSAVE.EXE → C:\WINDOWS\system32\Mystify.scr [149504 2018-04-12] (Microsoft Windows → Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\Run: [Google Photos Backup] => C:\Users\Gallagher\AppData\Local\Programs\Google\G oogle Photos Backup\Google Photos Backup.exe [3791704 2018-06-01] (Google Inc → Google, Inc)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\Run: [Google Update] => C:\Users\Gallagher\AppData\Local\Google\Update\1.3 .34.7\GoogleUpdateCore.exe [752424 2019-03-27] (Google Inc → Google LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\Run: [GoogleDriveSync] => “C:\Program Files (x86)\Google\Drive\googledrivesync.exe” /autostart
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-03-13] (Apple Inc. → Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. → Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-16] (Valve → Valve Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\Run: [Amazon Music Helper] => C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe [3052472 2018-11-14] (Amazon Services LLC → Amazon Services LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-02-04] (Piriform Software Ltd → Piriform Software Ltd)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\Run: [CloudStorage] => C:\Program Files (x86)\Cloud Storage\CloudStorage.exe [4252088 2019-01-16] (Livedrive Internet LTD → DSG Retail Limited)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5735784 2018-10-30] (Adguard Software Limited → Adguard Software Ltd)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\Control Panel\Desktop\SCRNSAVE.EXE → C:\WINDOWS\system32\Mystify.scr [149504 2018-04-12] (Microsoft Windows → Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q “C:\Users\Paul’s Ipod\AppData\Local\Microsoft\OneDrive\Update\OneDr iveSetup.exe”
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q “C:\Users\Paul’s Ipod\AppData\Local\Microsoft\OneDrive\StandaloneUp dater\OneDriveSetup.exe”
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Control Panel\Desktop\SCRNSAVE.EXE → C:\Windows\System32\Packard Bell.scr [425984 2009-08-05] () [File not signed]
HKU\S-1-5-21-2034169645-2416740140-1732510107-500...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows → Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-500\Control Panel\Desktop\SCRNSAVE.EXE → C:\Windows\System32\Packard Bell.scr [425984 2009-08-05] () [File not signed]
HKU\S-1-5-21-2034169645-2416740140-1732510107-501...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows → Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Control Panel\Desktop\SCRNSAVE.EXE → C:\Windows\System32\Packard Bell.scr [425984 2009-08-05] () [File not signed]
HKLM...\Drivers32: [vidc.ffds] => C:\WINDOWS\system32\ff_vfw.dll [127488 2014-05-13] () [File not signed]
HKLM...\Drivers32: [vidc.XVID] => C:\WINDOWS\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM...\Drivers32-x32: [msacm.ac3filter] => ac3filter.acm
HKLM...\Drivers32-x32: [msacm.divxa32] => DivXa32.acm
HKLM...\Drivers32-x32: [vidc.divx] => divx.dll
HKLM...\Drivers32: [vidc.ffds] => C:\WINDOWS\SysWOW64\ff_vfw.dll [112640 2014-05-13] () [File not signed]
HKLM...\Drivers32-x32: [vidc.lags] => lagarith.dll
HKLM...\Drivers32-x32: [vidc.x264] => x264vfw.dll
HKLM...\Drivers32: [vidc.XVID] => C:\WINDOWS\SysWOW64\xvidvfw.dll [235520 2014-04-08] () [File not signed]
HKLM\Software...\AppCompatFlags\Custom\iexplore.ex e: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] → Internet Explorer (Enable DEP)
HKLM\Software...\AppCompatFlags\InstalledSDB{a9264 802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] → C:\Windows\AppPatch\Custom{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Inst aller\chrmstp.exe [2019-05-03] (Google LLC → Google Inc.)
Startup: C:\Users\Gallagher\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-03-09]
ShortcutTarget: Send to OneNote.lnk → C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation → Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CFC626-B104-4C99-AA7A-F227C9EAA1EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. → HP Inc.)
Task: {03BF19C2-1380-4BC1-9198-279DA6265B86} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-07-28] (HP Inc. → )
Task: {065533B2-78CA-41CA-8B3C-8A7A7B5B649D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112160 2019-04-27] (Microsoft Corporation → Microsoft Corporation)
Task: {0781FCB3-B8A0-4EF9-B53B-80FAF7943FD3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112160 2019-04-27] (Microsoft Corporation → Microsoft Corporation)
Task: {108A2B1D-7EC0-446E-9ED3-1936E8AC5544} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {119EE018-89B7-46E7-8B87-B3D3B59E6C97} - System32\Tasks\GoogleUpdateTaskMachineUA1d3f6474a8 e6c77 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc → Google Inc.)
Task: {1B9D74FD-9109-4D81-991A-F67B6BFFEFB1} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc → Google Inc.)
Task: {20F69267-7ABE-4A02-9B08-45C9E2F94D55} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd → Piriform Software Ltd)
Task: {21189011-3F15-467D-B86E-3283CCF4EB05} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe [1432200 2019-04-27] (Microsoft Corporation → Microsoft Corporation)
Task: {223A5654-A3AF-4ED6-B9A7-456EA6B15421} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [219512 2018-12-24] (HP Inc. → HP Inc.)
Task: {22BE3B25-364A-4DFA-A64F-A6F391278663} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [25906688 2019-04-19] (Microsoft Corporation → Microsoft Corporation)
Task: {2878EE1A-9F63-4857-94CF-F7A99BA118D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280295809-455121606-167572049-1001UA => C:\Users\Paul Gallagher\AppData\Local\Google\Update\GoogleUpdate .exe
Task: {2A1F8DB2-BD6E-4EFE-9FC8-8D0EFCD29726} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2019-03-13] (Apple Inc. → Apple Inc.)
Task: {2CAADB57-FCF9-4185-970A-6F6ECCFC124F} - System32\Tasks{8D187D24-F468-4C08-BF52-2AAB072164C3} => C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe [9534752 2009-12-10] (VSO-SOFTWARE → VSO Software SARL)
Task: {3682E9D5-B10B-4670-AF17-D724E5A9ACFB} - System32\Tasks\RtHDVBg_HP_VOICEMODE_FOR_SKYPE => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505840 2018-10-04] (Realtek Semiconductor Corp. → Realtek Semiconductor)
Task: {3D6DFC6B-84E0-473F-8A50-ABF697C9F4B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. → HP Inc.)
Task: {3ECEE8FF-002C-44B9-8119-3C9DC5827199} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. → HP Inc.)
Task: {43159D3D-A8BB-45EC-9B01-5BA0C0D38088} - System32\Tasks\dropboxupdatetaskmachineua => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc → Dropbox, Inc.)
Task: {4965B220-09BC-44A6-9939-C52E4C861810} - System32\Tasks\S-1-5-21-2034169645-2416740140-1732510107-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [132608 2018-12-08] (Microsoft Windows → Microsoft Corporation)
Task: {596E5CBD-396B-48E9-950E-7538EE4DE563} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard Company → Hewlett-Packard)
Task: {601D90C3-505D-440E-844A-145A79C78FB1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
Task: {66A0CEBF-ADFD-47D0-AAAC-6BE4033E127D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe [1432200 2019-04-27] (Microsoft Corporation → Microsoft Corporation)
Task: {73B329E2-ED6C-4A13-8C9E-8D000223B46D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279520 2018-10-04] (Realtek Semiconductor Corp. → Realtek Semiconductor)
Task: {7494402D-DF3C-4B1D-9315-9FB2BD4D7EBC} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. → HP Inc.)
Task: {79CE75FB-6AD8-43F0-826A-9AC356DF60A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. → HP Inc.)
Task: {7AD014FF-ABCC-451E-8933-10C22405E7D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [272384 2018-03-01] (Adobe Systems Incorporated → Adobe Systems Incorporated)
Task: {7ED6EA18-A62D-49C7-899D-4ECF20CBA49C} - System32\Tasks\HPCeeScheduleForGallagher => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99392 2016-05-12] (Hewlett-Packard Company → HP Development Company, L.P.)
Task: {8219C8B0-A55E-42C4-8862-1015BF86644E} - System32\Tasks\dropboxupdatetaskmachinecore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc → Dropbox, Inc.)
Task: {822751D8-F241-4A68-9C4F-6E9C402352F9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [25906688 2019-04-19] (Microsoft Corporation → Microsoft Corporation)
Task: {86087E1A-1DCA-42BD-86CB-D71A204B8801} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.ex e [198696 2016-12-06] (HP Inc. → HP Inc.)
Task: {98D02E12-72E5-48BC-AED2-192D3B2404AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. → HP Inc.)
Task: {9E2C7F07-4F17-4D3D-BB09-6459A18DCA64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280295809-455121606-167572049-1001Core => C:\Users\Paul Gallagher\AppData\Local\Google\Update\GoogleUpdate .exe
Task: {AFBED28B-FD21-4C0F-9BA9-3E691EA31CF7} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwa reAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager → Intel Corporation)
Task: {BC3EE4B0-4CCC-413C-8536-E9D7ED9CE947} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {BEDFCBDC-FED0-45B9-86F9-26EC39EA0A2D} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [1573720 2011-02-09] (IObit Information Technology → IObit)
Task: {BFF2A4B5-ECD6-4C35-9DC7-ABB9329E59C9} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f3e9d eea135a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc → Google Inc.)
Task: {BFF93412-606F-46AA-A357-941F222C8787} - System32\Tasks{4CF3A701-D0F0-40E0-A50C-F3B14AB307E7} => C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe [9534752 2009-12-10] (VSO-SOFTWARE → VSO Software SARL)
Task: {C02A7D6C-5AAF-4E06-97D0-08E9BBF3F929} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [1073528 2019-04-02] (HP Inc. → HP Inc.)
Task: {C6F1DBA6-A04C-4F24-B21A-A023A718BCED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001Core => C:\Users\Gallagher\AppData\Local\Google\Update\Goo gleUpdate.exe [153752 2017-03-19] (Google Inc → Google Inc.)
Task: {C70AF939-20AC-4185-BDD9-CDE9FEEB4759} - System32\Tasks{5790830D-7930-48A1-B5A9-AEC364E27191} => C:\Program Files (x86)\TuneUpMedia\TuneUpApp.exe
Task: {CEB77C69-3774-4D6A-8B9B-0C3256149128} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated → Adobe Systems Incorporated)
Task: {CEDA97DD-92B2-44D5-95E5-EF2121695384} - System32\Tasks\RtHDVBg_CTPreset => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505840 2018-10-04] (Realtek Semiconductor Corp. → Realtek Semiconductor)
Task: {CFE4205C-5676-41E8-915C-2450748D20C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [1073528 2019-04-02] (HP Inc. → HP Inc.)
Task: {D4B85993-7EED-4365-9C0F-41C46E9CCA8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated → Adobe Systems Incorporated)
Task: {D50DA741-A6E0-4AA8-A1DA-0F723AAD500B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-02-04] (Piriform Software Ltd → Piriform Software Ltd)
Task: {D81CB086-8607-4269-8611-5261938DDB3E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwa reAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager → Intel Corporation)
Task: {E304240D-E39C-40A0-8303-20354B94B221} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001UA => C:\Users\Gallagher\AppData\Local\Google\Update\Goo gleUpdate.exe [153752 2017-03-19] (Google Inc → Google Inc.)
Task: {E4813B12-7364-4D40-90DA-3CB7B1C5797D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-10-11] (Intel(R) Trust Services → Intel(R) Corporation)
Task: {EABF7734-26C1-4259-8A00-B23CC74D53A9} - System32\Tasks\GoogleUpdateTaskMachineCore1d3f6474 a80e1b8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc → Google Inc.)
Task: {EB23B918-2487-46A5-902C-5A42C25664F1} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe
Task: {EC5DD5EF-30EE-4DDD-BE0C-8BB0C98BB149} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. → Apple Inc.)
Task: {EDDA2F5D-DCE3-4299-A98C-FD50645AC5D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-03] (AVAST Software s.r.o. → AVAST Software)
Task: {F556EF9C-5E70-4D8A-8E3C-E7F60D01FFB2} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f3e9e0e 2413c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc → Google Inc.)
Task: {FA69E2EC-B89F-4757-ABEB-1C4EF9082600} - System32\Tasks\googleupdatetaskmachinecore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc → Google Inc.)
Task: {FDFF12D4-3CCF-4973-9D78-861952F6A68A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_ 0_0_126_pepper.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForGallagher.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip..\Interfaces{861925f3-20f1-4285-b1d2-a80c1b85936b}: [DhcpNameServer] 194.168.4.100 194.168.8.100
[HEADING=1]Internet Explorer:[/HEADING]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103 116p04d5v1k5y45m1224q
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103 116p04d5v1k5y45m1224q
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103 116p04d5v1k5y45m1224q
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103 116p04d5v1k5y45m1224q
SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU.DEFAULT → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118 → {80870008-2605-42BD-B9B2-DBFB892FC5B3} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1005 → DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1005 → {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-500 → {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: HP Network Check Helper → {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} → C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP luginx64.dll [2016-12-06] (HP Inc. → HP Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-21] (Oracle America, Inc. → Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc → Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc → Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001 → Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc → Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118 → Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc → Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-500 → Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc → Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-501 → Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc → Google Inc.)
DPF: HKLM {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://85.93.227.12/activex/AMC.cab
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} hxxps://user.ssl.eon.com/+CSCOL+/csvrloader32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: HKLM-x32 {96816368-C1E3-414D-A193-63C3CC921990} hxxp://lochalsh-isleofskye.remotemanager.co.uk/common/activex/MJPEGRender.ocx
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.marksandspencerpersonalised.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F8FC1530-0608-11DF-2008-0800200C9A66} hxxps://user.ssl.eon.com/CACHE/sdesktop/install/binaries/instweb.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation → Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Skype Software Sarl → Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Skype Software Sarl → Microsoft Corporation)
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: o9wgdi62.default-1401877949283
FF ProfilePath: C:\Users\Gallagher\AppData\Roaming\Mozilla\Firefox \Profiles\o9wgdi62.default-1401877949283 [not found] <==== ATTENTION
FF ProfilePath: C:\Users\Gallagher\AppData\Roaming\Mozilla\Firefox \Profiles\zjm2bkb8.default [2019-04-30]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Gallagher\AppData\Roaming\Mozilla\Firefox \Profiles\zjm2bkb8.default\Extensionssp@avast.com.xpi [2019-02-27]
FF Extension: (Avast Online Security) - C:\Users\Gallagher\AppData\Roaming\Mozilla\Firefox \Profiles\zjm2bkb8.default\Extensionswrc@avast.com.xpi [2019-02-27]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin → C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc → Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 → C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1 .dll [2019-04-21] (Oracle America, Inc. → Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 → C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-21] (Oracle America, Inc. → Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc → Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc → Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN → VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 → C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll [2016-11-23] (WildTangent Inc → )
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. → Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001: @tools.google.com/Google Update;version=3 → C:\Users\Gallagher\AppData\Local\Google\Update\1.3 .34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc → Google LLC)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001: @tools.google.com/Google Update;version=9 → C:\Users\Gallagher\AppData\Local\Google\Update\1.3 .34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc → Google LLC)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118: @tools.google.com/Google Update;version=3 → C:\Users\Gallagher\AppData\Local\Google\Update\1.3 .34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc → Google LLC)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118: @tools.google.com/Google Update;version=9 → C:\Users\Gallagher\AppData\Local\Google\Update\1.3 .34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc → Google LLC)
[HEADING=1]Chrome:[/HEADING]
CHR HomePage: Default → hxxp://www.bbc.co.uk/news/
CHR StartupUrls: Default → “hxxp://www.bbc.co.uk/”
CHR Profile: C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default [2019-05-04]
CHR Extension: (Slides) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2019-04-30]
CHR Extension: (Docs) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2019-04-30]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhik gbkllg [2019-05-03]
CHR Extension: (YouTube) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2019-04-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2019-04-30]
CHR Extension: (Google Play Music) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\fahmaaghhglfmonjliepjlchgp gfmobi [2019-04-30]
CHR Extension: (Sheets) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2019-04-30]
CHR Extension: (Google Docs Offline) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2019-04-30]
CHR Extension: (360 Internet Protection) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\glcimepnljoholdmjchkloafkg gfoijh [2019-04-30]
CHR Extension: (Avast Online Security) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2019-04-30]
CHR Extension: (Audio Joiner) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ihiafjkopgiakbmihgoieodihj cblfbk [2019-04-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmig mmcbeh [2019-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2019-04-30]
CHR Extension: (Gmail) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Gallagher\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2019-04-30]
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Gallagher\AppData\Local\Google\Drive\user _default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2018-02-12]
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\SOFTWARE\Google\Chrome\Extension s...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Gallagher\AppData\Local\Google\Drive\user _default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2018-02-12]
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\SOFTWARE\Google\Chrome\Extension s...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [136040 2018-10-30] (Adguard Software Limited → Adguard Software Ltd) <==== ATTENTION
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. → Apple Inc.) <==== ATTENTION
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-04-25] (AVAST Software s.r.o. → AVAST Software) <==== ATTENTION
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-04-25] (AVAST Software s.r.o. → AVAST Software) <==== ATTENTION
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [373416 2019-04-25] (AVAST Software s.r.o. → AVAST Software) <==== ATTENTION
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-04-25] (AVAST Software s.r.o. → AVAST Software) <==== ATTENTION
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp → Realtek Semiconductor Corp.) <==== ATTENTION
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe [1390176 2014-07-14] (Skype Software Sarl → Microsoft Corporation) <==== ATTENTION
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Skype Software Sarl → Microsoft Corporation) <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11084584 2019-04-19] (Microsoft Corporation → Microsoft Corporation) <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc → Dropbox, Inc.) <==== ATTENTION
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc → Dropbox, Inc.) <==== ATTENTION
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [26472 2019-05-02] (IDSA Production signing key → Intel) <==== ATTENTION
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [72552 2019-05-02] (IDSA Production signing key → Intel) <==== ATTENTION
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-08-30] (Macrovision Corporation → Macrovision Europe Ltd.) [File not signed] <==== ATTENTION
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-23] (WildTangent Inc → WildTangent) <==== ATTENTION
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. → HP Inc.) <==== ATTENTION
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc. → HP Inc.) <==== ATTENTION
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc. → HP Inc.) <==== ATTENTION
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company → HP) <==== ATTENTION
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] <==== ATTENTION
R3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. → HP Inc.) <==== ATTENTION
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. → HP Inc.) <==== ATTENTION
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16840 2019-03-07] (Intel(R) Rapid Storage Technology → Intel Corporation) <==== ATTENTION
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [391744 2017-07-11] (Canon Inc. → ) <==== ATTENTION
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Trust Services → Intel(R) Corporation) <==== ATTENTION
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwa reAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager → Intel Corporation) <==== ATTENTION
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Trust Services → Intel(R) Corporation) <==== ATTENTION
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel(R) Embedded Subsystems and IP Blocks Group → Intel Corporation) <==== ATTENTION
R2 LivedriveVSSService; C:\Program Files (x86)\Cloud Storage\VSSService.exe [24504 2019-01-16] (Livedrive Internet LTD → ) <==== ATTENTION
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation → Malwarebytes) <==== ATTENTION
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-08-18] (NVIDIA Corporation → NVIDIA Corporation) <==== ATTENTION
S4 OberonGameConsoleService; C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [44312 2009-08-29] (Oberon Media Inc. → ) <==== ATTENTION
R2 PCmoverService; C:\Program Files (x86)\Laplink\PCmover\PcmService.exe [22160 2018-01-19] (Laplink Software Inc. → Laplink Software, Inc.) <==== ATTENTION
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268328 2018-10-04] (Realtek Semiconductor Corp. → Realtek Semiconductor) <==== ATTENTION
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [317328 2011-08-01] (Western Digital Technologies, Inc. → WDC) <==== ATTENTION
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital Technologies, Inc. → Western Digital ) <==== ATTENTION
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-03-05] (Microsoft Corporation → Microsoft Corporation)
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital Technologies, Inc. → Western Digital ) <==== ATTENTION
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-03-05] (Microsoft Corporation → Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo → Copyright 2018.) <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [89560 2018-09-05] (Microsoft Windows Hardware Compatibility Publisher → )
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [254128 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196000 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320624 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57888 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-02-27] (Microsoft Windows Early Launch Anti-malware Publisher → AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166848 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [526376 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1031000 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [476776 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [220640 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385848 2019-04-25] (AVAST Software s.r.o. → AVAST Software)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-21] (EldoS Corporation → /n software, Inc.)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1094000 2019-03-07] (Intel(R) Rapid Storage Technology → Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-28] (Malwarebytes Corporation → Malwarebytes)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-06-26] (PAIPTAC Driver → )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-11-21] (Realtek Semiconductor Corp. → Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. → Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2017-01-06] (Realtek Semiconductor Corp. → Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. → Realtek Semiconductor Corporation )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [43008 2018-09-19] (Intel Corporation → )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher → Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-03-05] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 → Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-03-05] (Microsoft Windows → Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-03-05] (Microsoft Windows → Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2019-05-01] (Zemana Ltd. → Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-05-01] (Zemana Ltd. → Zemana Ltd.)
U1 aswbdisk; no ImagePath
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-04 14:16 - 2019-05-04 14:18 - 000063798 _____ C:\Users\Gallagher\Desktop\FRST.txt
2019-05-04 14:16 - 2019-05-04 14:16 - 000000000 ____D C:\Users\Gallagher\Desktop\FRST-OlderVersion
2019-05-03 20:52 - 2019-05-03 20:52 - 000001009 _____ C:\Users\Public\Desktop\Adguard.lnk
2019-05-03 20:52 - 2019-05-03 20:52 - 000000000 ____D C:\Users\Gallagher\AppData\Roaming\Adguard Software Ltd
2019-05-03 20:52 - 2019-05-03 20:52 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Adguard_Software_ Ltd
2019-05-03 20:52 - 2019-05-03 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2019-05-03 20:52 - 2019-05-03 20:52 - 000000000 ____D C:\Program Files (x86)\Adguard
2019-05-03 20:51 - 2019-05-03 20:51 - 000111496 _____ (Adguard Software Ltd) C:\Users\Gallagher\Downloads\adguardInstaller (2).exe
2019-05-03 20:51 - 2019-05-03 20:51 - 000111496 _____ (Adguard Software Ltd) C:\Users\Gallagher\Downloads\adguardInstaller (1).exe
2019-05-03 13:44 - 2019-05-03 13:44 - 001273688 _____ C:\Users\Gallagher\Documents\IMG_20190503_0002.pdf
2019-05-03 13:43 - 2019-05-03 13:43 - 001272266 _____ C:\Users\Gallagher\Documents\IMG_20190503_0001.pdf
2019-05-02 04:57 - 2019-05-02 04:57 - 000000000 ____D C:\Users\Paul’s Ipod\AppData\Roaming\Windows Live Writer
2019-05-02 04:57 - 2019-05-02 04:57 - 000000000 ____D C:\Users\Paul’s Ipod\AppData\Local\Windows Live Writer
2019-05-02 04:29 - 2019-05-02 04:29 - 000000000 ____D C:\Users\Paul’s Ipod\AppData\Local\Zemana
2019-05-02 01:11 - 2019-05-02 01:11 - 012946608 _____ (Zemana Ltd. ) C:\Users\Gallagher\Downloads\Zemana.AntiMalware.Se tup (1).exe
2019-05-01 20:22 - 2019-05-04 14:18 - 000802954 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-05-01 20:22 - 2019-05-04 14:16 - 006536067 _____ C:\WINDOWS\ZAM.krnl.trace
2019-05-01 20:22 - 2019-05-01 20:22 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2019-05-01 20:22 - 2019-05-01 20:22 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2019-05-01 20:22 - 2019-05-01 20:22 - 000001228 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2019-05-01 20:22 - 2019-05-01 20:22 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Zemana
2019-05-01 20:22 - 2019-05-01 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2019-05-01 20:22 - 2019-05-01 20:22 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2019-05-01 20:20 - 2019-05-01 20:20 - 012946608 _____ (Zemana Ltd. ) C:\Users\Gallagher\Downloads\Zemana.AntiMalware.Se tup.exe
2019-04-30 19:31 - 2019-05-03 01:06 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-30 19:31 - 2019-05-03 01:06 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-30 14:17 - 2019-04-30 14:17 - 000000000 ___HD C:\OneDriveTemp
2019-04-30 14:03 - 2019-04-30 14:03 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-04-30 14:03 - 2019-04-30 14:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-04-30 13:51 - 2019-04-30 13:51 - 000000000 ____D C:\ProgramData\Mozilla
2019-04-30 13:47 - 2019-04-30 13:47 - 001622528 _____ C:\Users\Gallagher\Desktop\ResetBrowser.exe
2019-04-30 13:40 - 2019-04-30 13:40 - 001622528 _____ C:\Users\Gallagher\Downloads\ResetBrowser.exe
2019-04-28 14:35 - 2019-04-28 14:35 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-28 14:35 - 2019-04-28 14:35 - 000000000 ___HD C:\ProgramData\temp
2019-04-28 14:28 - 2019-05-04 14:16 - 002430464 _____ (Farbar) C:\Users\Gallagher\Desktop\FRST64.exe
2019-04-28 04:37 - 2019-04-28 04:37 - 000019690 _____
2019-04-26 13:48 - 2019-04-26 13:53 - 000069185 _____ C:\Users\Gallagher\Downloads\Addition.txt
2019-04-26 13:45 - 2019-04-26 13:53 - 000112309 _____ C:\Users\Gallagher\Downloads\FRST.txt
2019-04-26 13:26 - 2019-04-28 14:26 - 000000000 ____D C:\Users\Gallagher\Downloads\FRST-OlderVersion
2019-04-26 02:36 - 2019-04-28 14:40 - 000000000 ____D C:\ProgramData\McInstTemp0115411556242566
2019-04-26 00:45 - 2019-04-26 00:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-04-25 00:00 - 2019-04-25 00:00 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-04-23 19:22 - 2019-05-04 14:16 - 000000000 ____D C:\FRST
2019-04-23 19:21 - 2019-04-28 14:26 - 002429952 _____ (Farbar) C:\Users\Gallagher\Downloads\FRST64.exe
2019-04-23 13:13 - 2019-04-23 13:13 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-04-23 13:13 - 2019-04-23 13:13 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-04-23 13:13 - 2019-04-23 13:13 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-04-23 13:13 - 2019-04-23 13:13 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-04-22 19:20 - 2019-05-03 20:52 - 000000262 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2019-04-22 19:20 - 2019-05-03 20:52 - 000000262 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2019-04-22 19:20 - 2019-05-03 20:52 - 000000262 _____ C:\ProgramData\fontcacheev1.dat
2019-04-22 19:20 - 2018-09-05 08:54 - 000089560 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2019-04-22 19:19 - 2019-05-04 14:18 - 000000000 ____D C:\ProgramData\Adguard
2019-04-22 19:17 - 2019-04-22 19:17 - 000111496 _____ (Adguard Software Ltd) C:\Users\Gallagher\Downloads\adguardInstaller.exe
2019-04-22 18:45 - 2019-04-22 18:45 - 003927160 _____ (Google) C:\Users\Gallagher\Downloads\chrome_cleanup_tool.e xe
2019-04-21 22:32 - 2019-04-21 22:32 - 002043232 _____ (Oracle Corporation) C:\Users\Gallagher\Downloads\JavaSetup8u211.exe
2019-04-12 20:26 - 2019-04-12 20:26 - 014221344 _____ (Intel) C:\Users\Gallagher\Downloads\Intel Driver and Support Assistant Installer (5).exe
2019-04-12 19:34 - 2019-04-25 00:02 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-04-09 20:12 - 2019-04-02 13:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-09 20:12 - 2019-04-02 13:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-09 20:12 - 2019-04-02 13:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-09 20:12 - 2019-04-02 13:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-09 20:12 - 2019-04-02 13:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-09 20:12 - 2019-04-02 13:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-09 20:12 - 2019-04-02 13:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-09 20:12 - 2019-04-02 13:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-09 20:12 - 2019-04-02 13:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-09 20:12 - 2019-04-02 10:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-09 20:12 - 2019-04-02 10:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-09 20:12 - 2019-04-02 10:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-09 20:12 - 2019-04-02 10:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-09 20:12 - 2019-04-02 10:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-09 20:12 - 2019-04-02 09:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-09 20:12 - 2019-04-02 09:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-09 20:12 - 2019-04-02 09:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-09 20:12 - 2019-04-02 09:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2019-04-09 20:12 - 2019-04-02 09:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-09 20:12 - 2019-04-02 09:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-09 20:12 - 2019-04-02 09:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-09 20:12 - 2019-04-02 09:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-09 20:12 - 2019-04-02 09:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-09 20:12 - 2019-04-02 09:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-09 20:12 - 2019-04-02 09:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-09 20:12 - 2019-04-02 08:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-09 20:12 - 2019-04-02 08:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-09 20:12 - 2019-04-02 08:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-09 20:12 - 2019-04-02 08:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-09 20:12 - 2019-04-02 08:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-09 20:12 - 2019-04-02 08:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2019-04-09 20:12 - 2019-04-02 08:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-09 20:12 - 2019-04-02 08:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2019-04-09 20:12 - 2019-04-02 08:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-09 20:12 - 2019-04-02 08:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-09 20:12 - 2019-04-02 08:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-09 20:12 - 2019-04-02 06:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-09 20:12 - 2019-04-02 06:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2019-04-09 20:12 - 2019-04-02 06:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-09 20:12 - 2019-04-02 05:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-09 20:12 - 2019-04-02 05:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-09 20:12 - 2019-04-02 05:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-09 20:12 - 2019-04-02 05:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-09 20:12 - 2019-04-02 05:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-09 20:12 - 2019-03-14 15:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-09 20:12 - 2019-03-14 15:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-09 20:12 - 2019-03-14 15:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dl l
2019-04-09 20:12 - 2019-03-14 15:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-09 20:12 - 2019-03-14 14:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-09 20:12 - 2019-03-14 09:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-09 20:12 - 2019-03-14 09:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-09 20:12 - 2019-03-14 09:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-09 20:12 - 2019-03-14 09:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-09 20:12 - 2019-03-14 09:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-09 20:12 - 2019-03-14 09:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-09 20:12 - 2019-03-14 09:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-09 20:12 - 2019-03-14 09:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-09 20:12 - 2019-03-14 09:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-09 20:12 - 2019-03-14 09:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-09 20:12 - 2019-03-14 09:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-09 20:12 - 2019-03-14 09:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-09 20:12 - 2019-03-14 09:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-09 20:12 - 2019-03-14 09:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-09 20:12 - 2019-03-14 09:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-09 20:12 - 2019-03-14 09:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-09 20:12 - 2019-03-14 09:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-09 20:12 - 2019-03-14 09:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-09 20:12 - 2019-03-14 09:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-09 20:12 - 2019-03-14 09:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-09 20:12 - 2019-03-14 08:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-09 20:12 - 2019-03-14 08:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-09 20:12 - 2019-03-14 08:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-09 20:12 - 2019-03-14 08:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-09 20:12 - 2019-03-14 08:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-09 20:12 - 2019-03-14 08:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dl l
2019-04-09 20:12 - 2019-03-14 08:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-09 20:12 - 2019-03-14 08:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-09 20:12 - 2019-03-14 08:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-09 20:12 - 2019-03-14 08:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-09 20:12 - 2019-03-14 08:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-09 20:12 - 2019-03-14 08:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-09 20:12 - 2019-03-14 08:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-09 20:12 - 2019-03-14 08:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-09 20:12 - 2019-03-14 08:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-09 20:12 - 2019-03-14 08:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-09 20:12 - 2019-03-14 02:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-09 20:11 - 2019-04-02 13:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-09 20:11 - 2019-04-02 13:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-09 20:11 - 2019-04-02 13:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-09 20:11 - 2019-04-02 13:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-09 20:11 - 2019-04-02 13:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-09 20:11 - 2019-04-02 13:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-09 20:11 - 2019-04-02 13:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-09 20:11 - 2019-04-02 10:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-09 20:11 - 2019-04-02 10:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-09 20:11 - 2019-04-02 10:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-09 20:11 - 2019-04-02 10:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-09 20:11 - 2019-04-02 09:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-09 20:11 - 2019-04-02 09:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-09 20:11 - 2019-04-02 09:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-09 20:11 - 2019-04-02 09:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-09 20:11 - 2019-04-02 09:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-09 20:11 - 2019-04-02 09:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-09 20:11 - 2019-04-02 08:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-09 20:11 - 2019-04-02 08:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-09 20:11 - 2019-04-02 08:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-09 20:11 - 2019-04-02 08:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-09 20:11 - 2019-04-02 08:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-09 20:11 - 2019-04-02 08:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-09 20:11 - 2019-04-02 08:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-09 20:11 - 2019-04-02 07:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-09 20:11 - 2019-04-02 06:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-09 20:11 - 2019-04-02 06:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-09 20:11 - 2019-04-02 05:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-09 20:11 - 2019-04-02 05:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-09 20:11 - 2019-04-02 05:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-09 20:11 - 2019-04-02 05:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-09 20:11 - 2019-04-02 05:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-09 20:11 - 2019-04-02 05:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-09 20:11 - 2019-03-16 13:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapt ure.dll
2019-04-09 20:11 - 2019-03-16 10:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapt ure.dll
2019-04-09 20:11 - 2019-03-14 15:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-09 20:11 - 2019-03-14 15:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-09 20:11 - 2019-03-14 15:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-09 20:11 - 2019-03-14 15:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-09 20:11 - 2019-03-14 15:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-09 20:11 - 2019-03-14 15:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-09 20:11 - 2019-03-14 15:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-09 20:11 - 2019-03-14 15:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-09 20:11 - 2019-03-14 15:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-09 20:11 - 2019-03-14 14:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-09 20:11 - 2019-03-14 14:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-09 20:11 - 2019-03-14 14:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dl l
2019-04-09 20:11 - 2019-03-14 14:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-09 20:11 - 2019-03-14 14:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-09 20:11 - 2019-03-14 09:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-09 20:11 - 2019-03-14 09:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-09 20:11 - 2019-03-14 09:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-09 20:11 - 2019-03-14 09:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-09 20:11 - 2019-03-14 09:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-09 20:11 - 2019-03-14 09:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-09 20:11 - 2019-03-14 09:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-09 20:11 - 2019-03-14 09:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-09 20:11 - 2019-03-14 09:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.d ll
2019-04-09 20:11 - 2019-03-14 09:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-09 20:11 - 2019-03-14 09:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-09 20:11 - 2019-03-14 09:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-09 20:11 - 2019-03-14 09:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-09 20:11 - 2019-03-14 09:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Work flow.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-09 20:11 - 2019-03-14 09:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-09 20:11 - 2019-03-14 08:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-09 20:11 - 2019-03-14 08:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-09 20:11 - 2019-03-14 08:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-09 20:11 - 2019-03-14 08:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.d ll
2019-04-09 20:11 - 2019-03-14 08:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-09 20:11 - 2019-03-14 08:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-09 20:11 - 2019-03-14 08:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-09 20:11 - 2019-03-14 08:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-09 20:11 - 2019-03-14 08:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Work flow.dll
2019-04-09 20:11 - 2019-03-14 08:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-09 20:11 - 2019-03-14 08:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-09 20:11 - 2019-03-14 08:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-09 20:11 - 2019-03-14 08:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-09 20:11 - 2019-03-14 08:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-09 20:11 - 2019-03-14 08:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-08 17:44 - 2019-04-08 17:44 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-04-08 17:44 - 2019-04-08 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-04-08 17:44 - 2019-04-08 17:44 - 000000000 ____D C:\Program Files\iPod
2019-04-08 17:32 - 2019-04-08 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-04-08 12:20 - 2019-04-08 12:20 - 000002346 _____ C:\Users\Public\Desktop\Intel® Rapid Storage Technology.lnk
2019-04-08 12:19 - 2019-04-08 12:19 - 000000000 ____D C:\Program Files\Common Files\Intel
2019-04-05 10:32 - 2019-04-05 10:33 - 000000000 ___HD C:\ProgramData\CanonIJScan

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-04 14:18 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-04 13:41 - 2019-02-27 03:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-05-04 13:41 - 2018-11-19 13:56 - 000002368 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_HP_VOICEMODE_FOR _SKYPE
2019-05-04 13:41 - 2018-05-28 06:46 - 000003374 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A1d3f6474a8e6c77
2019-05-04 13:41 - 2018-05-28 06:46 - 000003150 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore1d3f6474a80e1b8
2019-05-04 13:41 - 2018-05-16 23:42 - 000003530 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001UA
2019-05-04 13:41 - 2018-05-16 23:42 - 000003262 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001Core
2019-05-04 13:41 - 2018-05-16 20:50 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-05-04 13:41 - 2018-05-16 20:50 - 000003460 _____ C:\WINDOWS\System32\Tasks\dropboxupdatetaskmachine ua
2019-05-04 13:41 - 2018-05-16 20:50 - 000003236 _____ C:\WINDOWS\System32\Tasks\dropboxupdatetaskmachine core
2019-05-04 13:41 - 2018-05-16 20:50 - 000003194 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-04 13:41 - 2018-05-16 20:50 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-05-04 13:41 - 2018-05-16 20:50 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-05-04 13:41 - 2018-05-16 20:50 - 000002970 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-05-04 13:41 - 2018-05-16 20:50 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2034169645-2416740140-1732510107-1005
2019-05-04 13:41 - 2018-05-16 20:50 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2034169645-2416740140-1732510107-1001
2019-05-04 13:41 - 2018-05-16 20:50 - 000002856 _____ C:\WINDOWS\System32\Tasks\HPJumpStartLaunch
2019-05-04 13:41 - 2018-05-16 20:50 - 000002826 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForGallaghe r
2019-05-04 13:41 - 2018-05-16 20:50 - 000002604 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-05-04 13:41 - 2018-05-16 20:50 - 000002502 _____ C:\WINDOWS\System32\Tasks\HPEA3JOBS
2019-05-04 13:41 - 2018-05-16 20:50 - 000002440 _____ C:\WINDOWS\System32\Tasks\HPAudioSwitch
2019-05-04 13:41 - 2018-05-16 20:50 - 000002300 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_CTPreset
2019-05-04 13:41 - 2018-05-16 20:50 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-05-04 13:41 - 2018-05-16 20:50 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-05-04 13:41 - 2018-03-22 05:44 - 000000946 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-05-04 13:41 - 2018-03-22 05:44 - 000000942 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-05-04 13:41 - 2018-01-21 12:06 - 000000380 _____ C:\WINDOWS\Tasks\HPCeeScheduleForGallagher.job
2019-05-04 13:34 - 2018-05-16 20:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-04 02:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-03 20:51 - 2017-10-26 11:58 - 000000000 ____D C:\ProgramData\Package Cache
2019-05-03 14:54 - 2018-02-03 02:54 - 000000000 ____D C:\Users\Gallagher\AppData\Local\CrashDumps
2019-05-03 14:53 - 2019-02-12 00:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-05-03 14:53 - 2017-10-26 13:49 - 000000000 ____D C:\Program Files (x86)\Intel
2019-05-03 13:47 - 2018-01-25 17:58 - 000000000 ____D C:\Users\Gallagher\AppData\LocalLow\Mozilla
2019-05-03 13:43 - 2018-06-22 02:39 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-05-03 13:43 - 2018-01-25 17:58 - 000000000 ____D C:\Users\Gallagher\AppData\Roaming\Mozilla
2019-05-03 00:54 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-03 00:46 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-05-02 17:45 - 2018-01-21 18:15 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Packages
2019-05-02 04:58 - 2010-10-20 03:59 - 000001365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2019-05-02 04:31 - 2018-03-23 00:45 - 000000000 ____D C:\Users\Paul’s Ipod\AppData\Local\Packages
2019-05-02 04:30 - 2018-05-16 20:28 - 000002392 _____ C:\Users\Paul’s Ipod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-02 04:30 - 2018-03-23 00:50 - 000000000 ___RD C:\Users\Paul’s Ipod\OneDrive
2019-05-02 04:28 - 2018-03-23 00:45 - 000000000 __SHD C:\Users\Paul’s Ipod\IntelGraphicsProfiles
2019-05-02 04:28 - 2013-03-18 04:22 - 000002343 _____ C:\Users\Paul’s Ipod\Desktop\Google Chrome.lnk
2019-05-01 23:58 - 2018-05-16 20:28 - 000000000 ____D C:\Users\Gallagher
2019-05-01 22:35 - 2018-02-14 07:44 - 000000000 ____D C:\Users\Gallagher\AppData\Local\ElevatedDiagnosti cs
2019-04-30 19:31 - 2018-01-26 02:19 - 000000000 ____D C:\Program Files (x86)\Google
2019-04-30 14:29 - 2018-01-28 22:13 - 000000000 ___RD C:\Users\Gallagher\iCloudDrive
2019-04-30 14:17 - 2018-01-21 11:05 - 000000000 ___RD C:\Users\Gallagher\OneDrive
2019-04-30 14:16 - 2018-01-26 02:24 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-30 14:15 - 2018-01-21 11:01 - 000000000 __SHD C:\Users\Gallagher\IntelGraphicsProfiles
2019-04-30 14:03 - 2018-01-25 17:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-28 14:37 - 2017-10-26 13:58 - 000000000 ____D C:\Program Files\Common Files\mcafee
2019-04-28 14:35 - 2018-05-16 20:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-28 14:34 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-28 14:32 - 2018-05-04 16:05 - 000000000 ____D C:\Users\Gallagher\AppData\LocalLow\Temp
2019-04-27 20:21 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-27 20:20 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-04-27 02:18 - 2017-10-26 12:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-04-26 02:40 - 2018-05-16 20:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-04-26 02:40 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-26 02:40 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-04-26 02:37 - 2018-05-15 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-04-26 00:47 - 2018-09-24 18:47 - 000000000 ___RD C:\Users\Gallagher\Dropbox
2019-04-26 00:46 - 2017-10-26 12:04 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-04-25 00:02 - 2019-02-27 03:37 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-04-25 00:02 - 2019-02-27 03:36 - 000476776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-04-25 00:02 - 2019-02-27 03:36 - 000385848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-04-25 00:00 - 2019-03-23 11:34 - 000526376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 001031000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000320624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000254128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000220640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000205400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000196000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000166848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000088160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-04-23 03:11 - 2019-02-27 03:34 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-22 07:25 - 2018-05-16 20:28 - 000933368 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-21 22:38 - 2018-01-26 02:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-04-21 22:38 - 2018-01-26 02:21 - 000000000 ____D C:\Program Files (x86)\Java
2019-04-21 22:34 - 2019-03-12 20:07 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-04-17 09:10 - 2018-01-26 02:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-04-12 21:32 - 2018-05-16 20:28 - 000002386 _____ C:\Users\Gallagher\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\OneDrive.lnk
2019-04-10 03:08 - 2018-05-16 20:24 - 000493320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-10 03:05 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-10 03:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-10 03:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-09 20:23 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-09 20:11 - 2018-01-21 12:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-09 20:01 - 2018-01-21 12:35 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-09 18:32 - 2015-12-03 18:28 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-09 14:30 - 2018-01-21 11:21 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Comms
2019-04-08 17:44 - 2018-01-24 00:51 - 000000000 ____D C:\Program Files\iTunes
2019-04-08 12:19 - 2017-10-26 13:47 - 000000000 ____D C:\Program Files\Intel
2019-04-05 10:32 - 2018-06-22 02:51 - 000000000 ____D C:\Users\Gallagher\AppData\Roaming\Canon
2019-04-05 03:39 - 2018-01-21 12:42 - 000000000 ____D C:\Program Files\rempl

==================== Files in the root of some directories =======

2019-04-22 19:20 - 2019-05-03 20:52 - 000000262 _____ () C:\ProgramData\fontcacheev1.dat
2018-02-28 17:15 - 2018-10-19 02:48 - 000001041 _____ () C:\Users\Gallagher\AppData\Roaming\vso_ts_preview. xml
2018-02-15 01:46 - 2018-02-15 01:46 - 000000000 _____ () C:\Users\Gallagher\AppData\Roaming\wklnhst.dat
2018-01-21 11:02 - 2019-05-04 13:35 - 001971723 _____ () C:\Users\Gallagher\AppData\Local\BTServer.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================