onlinevideoconrter pop ups

And here’s the Additional Log
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-05.2019
Ran by Gallagher (04-05-2019 14:20:23)
Running from C:\Users\Gallagher\Desktop
Windows 10 Home Version 1803 17134.706 (X64) (2018-05-16 19:51:27)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-2034169645-2416740140-1732510107-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2034169645-2416740140-1732510107-503 - Limited - Disabled)
Gallagher (S-1-5-21-2034169645-2416740140-1732510107-1001 - Administrator - Enabled) => C:\Users\Gallagher
Guest (S-1-5-21-2034169645-2416740140-1732510107-501 - Limited - Disabled) => C:\Users\Guest
Paul’s Ipod (S-1-5-21-2034169645-2416740140-1732510107-1005 - Limited - Enabled) => C:\Users\Paul’s Ipod
WDAGUtilityAccount (S-1-5-21-2034169645-2416740140-1732510107-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM...{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
AdGuard (HKLM-x32...{563cb78b-7933-497a-94cd-3d17707fabe1}) (Version: 6.4.1814.4903 - Adguard Software Ltd)
AdGuard (HKLM-x32...{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 6.4.1814.4903 - Adguard Software Ltd) Hidden
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\Amazon Amazon Music) (Version: 6.8.2.1537 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\Amazon Amazon Music) (Version: 6.8.2.1537 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32...{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM...{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM...{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32...{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Internet Security (HKLM-x32...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Avira (HKLM-x32...{10AE4FDC-32F9-4E56-8EE1-10629DD11C4E}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Backup and Sync from Google (HKLM...{F9EEDE46-6409-4ECC-8AB6-7062464987A4}) (Version: 3.43.4275.9540 - Google, Inc.)
Bonjour (HKLM...{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot (HKLM-x32...\WTA-03a5e8eb-7a92-4e14-b1a0-cfbf9d994c7c) (Version: 3.0.2.59 - WildTangent) Hidden
Canon IJ Network Scanner Selector EX2 (HKLM-x32...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32...\CANONIJPLM100) (Version: 5.5.0 - Canon Inc.)
Canon TS5000 series MP Drivers (HKLM...{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS5000_series) (Version: 1.02 - Canon Inc.)
Canon TS5000 series On-screen Manual (HKLM-x32...\Canon TS5000 series On-screen Manual) (Version: 1.1.0 - Canon Inc.)
Canon TS5000 series User Registration (HKLM-x32...\Canon TS5000 series User Registration) (Version: - ‭Canon Inc.)
CCleaner (HKLM...\CCleaner) (Version: 5.41 - Piriform)
CDBurnerXP (HKLM...{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2513 - CDBurnerXP)
Cloud Storage (HKLM-x32...{889B65D2-0A21-44E5-A1B0-B140C4C77567}) (Version: 4.9.2.86 - DSG Retail Limited)
Compatibility Pack for the 2007 Office system (HKLM-x32...{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crazy Chicken Soccer (HKLM-x32...\WTA-30e07be8-3ccc-45aa-8d03-8c863755a740) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Power Media Player 14 (HKLM-x32...{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
dBpoweramp (HKLM-x32...\dBpoweramp) (Version: Release 16.4 - Illustrate)
dBpoweramp DSP Effects (HKLM-x32...\dBpoweramp DSP Effects) (Version: Release 11 - Illustrate)
dBpoweramp m4a FDK (AAC) Encoder (HKLM-x32...\dBpoweramp m4a FDK (AAC) Encoder) (Version: Release 2.1 (FDK v0.1.3) - Illustrate)
dBpoweramp Music Converter (HKLM-x32...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
Dropbox (HKLM-x32...\Dropbox) (Version: 71.4.108 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32...{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32...{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM...{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
ESET Online Scanner v3 (HKLM-x32...\ESET Online Scanner) (Version: - )
FMSE17 (HKLM-x32...{0ce2c70e-07f6-470a-b89c-2df2674f5905}) (Version: 0.4.0.1 - AppCake Limited)
FMSE18 (HKLM...{2B4136BA-71FD-49F1-AFB9-3DBF9CF74AA5}) (Version: 1.9.0.0 - AppCake Limited) Hidden
FMSE18 (HKLM-x32...{bef072ab-52f6-425b-a27e-76b9c94cf78d}) (Version: 1.9.0.0 - AppCake Limited)
Free All-In-One Media Player (HKLM-x32...\Free Media Player_is1) (Version: - Free Software Group)
Google Chrome (HKLM-x32...{F0A0318D-995B-3301-9540-6834C459040E}) (Version: 74.0.3729.108 - Google LLC)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Earth Plug-in (HKLM-x32...{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Photos Backup (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32...{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32...{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32...{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
HP Audio Switch (HKLM-x32...{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32...{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.)
HP Documentation (HKLM...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32...{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32...\HP JumpStart Apps) (Version: 7.0.21 - HP Inc.)
HP JumpStart Bridge (HKLM-x32...{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32...{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Orbit (HKLM-x32...{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Support Assistant (HKLM-x32...{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.7.50.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32...{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32...{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
iCloud (HKLM...{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
Intel Driver && Support Assistant (HKLM-x32...{1C86244D-6CBD-4067-BD27-1C263B7D5B35}) (Version: 19.4.18.9 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM-x32...{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM...{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel(R) Management Engine Components (HKLM...{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6344 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM...{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.2.1002 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32...{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32...{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32...{cdfa55ef-79fd-483d-9278-fb714b90b601}) (Version: 19.4.18.9 - Intel)
Internet Explorer (Enable DEP) (HKLM...{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iTunes (HKLM...{CAA61CDB-0E1E-4E7F-89E1-36FBCC3C0EFB}) (Version: 12.9.4.102 - Apple Inc.)
Java 8 Update 211 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Laplink PCmover Professional (HKLM-x32...{C5FC0140-206A-4D19-873B-5C8EB114751F}) (Version: 11.00.1004.0 - Laplink Software, Inc.)
Magic Heroes: Save Our Park (HKLM-x32...\WTA-a9aa252b-23df-48e2-abf5-6705da048dec) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 3.7.1.2839 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Home and Student 2016 - en-us (HKLM...\HomeStudentRetail - en-us) (Version: 16.0.11425.20244 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32...{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU.DEFAULT...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2034169645-2416740140-1732510107-1005...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM...{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM...{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32...{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32...{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32...\mIRC) (Version: 6.35 - mIRC Co. Ltd.)
MobileMe Control Panel (HKLM...{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 66.0.3 (x86 en-US) (HKLM-x32...\Mozilla Firefox 66.0.3 (x86 en-US)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
Mozilla Thunderbird 52.5.2 (x86 en-GB) (HKLM-x32...\Mozilla Thunderbird 52.5.2 (x86 en-GB)) (Version: 52.5.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32...{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM...{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32...{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11425.20244 - Microsoft Corporation) Hidden
Polar Bowler 1st Frame (HKLM-x32...\WTA-2e44bae0-68d2-4924-b550-249adc10b63f) (Version: 3.0.2.59 - WildTangent) Hidden
Radialpoint Dashboard Patch version 13.12.23.29994 (HKLM-x32...\RadialpointDashboardPatch_is1) (Version: 13.12.23.29994 - ) Hidden
Ranch Rush 2 - Premium Edition (HKLM-x32...\WTA-50c80ae6-92ac-4ca7-9ca1-f07d39b9f4d3) (Version: 2.2.0.97 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32...{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.61 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32...{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8549 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32...{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Recuva (HKLM...\Recuva) (Version: 1.53 - Piriform)
Runefall (HKLM-x32...\WTA-cdf64de0-52ca-42d3-93c2-f52fd96af4cc) (Version: 3.0.2.126 - WildTangent) Hidden
Shop for HP Supplies (HKLM...\Shop for HP Supplies) (Version: 13.0 - HP)
Shotcut (HKLM-x32...\Shotcut) (Version: 18.11.18 - Meltytech, LLC)
Skype Click to Call (HKLM-x32...{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Stamp ID3 Tag Editor (HKLM-x32...\Stamp) (Version: 2.39 - NCH Software)
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Knowhow Expert Support (HKLM-x32...{86C2DB2D-8148-4085-3B07-1A0E97F910F0}) (Version: 7.11.756 - LogMeIn, Inc.)
Toolwiz Smart Defrag 2011 (HKLM-x32...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Trinklit Supreme (HKLM-x32...\WTA-e5e88212-b634-4f1f-810b-f626eba374f5) (Version: 2.2.0.98 - WildTangent) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.3 - Tweaking.com)
Unlocker 1.9.2 (HKLM...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM...{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32...{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
VLC media player (HKLM-x32...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM...\VulkanRT1.0.33.0-3) (Version: 1.0.33.0 - LunarG, Inc.)
WD SmartWare (HKLM...{23B47A34-0517-48DA-8B76-015DA8546893}) (Version: 1.5.1 - Western Digital)
WildTangent Games (HKLM-x32...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32...{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
Windows Live Mail (HKLM-x32...{D604900F-A275-416C-AF9D-CDEDF58B72DB}) (Version: - )
WinRAR 5.70 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.5.13 (HKLM-x32...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Wondershare TidyMyMusic(Build 1.6.0.3) (HKLM-x32...\Wondershare TidyMyMusic_is1) (Version: 1.6.0.3 - Wondershare Software)
Zemana AntiMalware (HKLM-x32...{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.664 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 → C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key → Intel)
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 → C:\Users\Gallagher\AppData\Local\Google\Update\1.3 .34.7\psuser_64.dll (Google Inc → Google LLC)
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID{E31EA727-12ED-4702-820C-4B6445F28E1A} → [Dropbox] => C:\Users\Gallagher\Dropbox [2018-09-24 18:47]
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 → C:\Users\Gallagher\AppData\Local\Google\Update\1.3 .34.7\psuser_64.dll (Google Inc → Google LLC)
SSODL: EldosMountNotificator-cbfs6 - {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation → /n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation → /n software, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification → {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation → /n software, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification → {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation → /n software, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] → {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] → {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] → {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] → {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] → {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] → {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC → Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC → Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC → Google)
ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. → AVAST Software)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] → {EBDFE718-8CC7-4E50-8CD1-AF59DCAAF599} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation → /n software, Inc.)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] → {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD → Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] → {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD → Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] → {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD → Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] → {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD → Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] → {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] → {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] → {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] → {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] → {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] → {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] → {EBDFE718-8CC7-4E50-8CD1-AF59DCAAF599} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation → /n software, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] → {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-05-01] (Zemana D.O.O. Sarajevo → )
ContextMenuHandlers1: [avast] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. → AVAST Software)
ContextMenuHandlers1: [DropboxExt] → {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] → {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC → Google)
ContextMenuHandlers1: [IObit Malware Fighter] → {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2011-05-30] (IObit Information Technology → IObit)
ContextMenuHandlers1: [LivedriveContextMenu] → {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD → Livedrive Internet Ltd)
ContextMenuHandlers1: [PfMenu] → {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2011-03-22] (IObit Information Technology → IObit)
ContextMenuHandlers1: [PhotoStreamsExt] → {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. → Apple Inc.)
ContextMenuHandlers1: [WDBackupMenuHandler] → {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\WDContextMenuHandler.dll [2011-08-01] (Western Digital) [File not signed]
ContextMenuHandlers1: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers3: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. → AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation → Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] → {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop → )
ContextMenuHandlers4: [DropboxExt] → {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] → {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC → Google)
ContextMenuHandlers4: [IObit Malware Fighter] → {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2011-05-30] (IObit Information Technology → IObit)
ContextMenuHandlers4: [LivedriveContextMenu] → {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD → Livedrive Internet Ltd)
ContextMenuHandlers4: [PfMenu] → {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2011-03-22] (IObit Information Technology → IObit)
ContextMenuHandlers4: [RecuvaShellExt] → {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd → Piriform Ltd)
ContextMenuHandlers4: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers5: [DropboxExt] → {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc → Dropbox, Inc.)
ContextMenuHandlers5: [igfxDTCM] → {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki1 29407.inf_amd64_f26f36ac54ce3076\igfxDTCM.dll [2018-09-27] (Microsoft Windows Hardware Compatibility Publisher → Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] → {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-05-01] (Zemana D.O.O. Sarajevo → )
ContextMenuHandlers6: [avast] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. → AVAST Software)
ContextMenuHandlers6: [IObit Malware Fighter] → {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2011-05-30] (IObit Information Technology → IObit)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation → Malwarebytes)
ContextMenuHandlers6: [PfMenu] → {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2011-03-22] (IObit Information Technology → IObit)
ContextMenuHandlers6: [RecuvaShellExt] → {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd → Piriform Ltd)
ContextMenuHandlers6: [UnlockerShellExtension] → {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop → )
ContextMenuHandlers6: [WDBackupMenuHandler] → {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\WDContextMenuHandler.dll [2011-08-01] (Western Digital) [File not signed]
ContextMenuHandlers6: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Gallagher\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Chrome Apps\Google Play Music.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2010-11-02 09:33 - 2010-11-02 09:33 - 001083392 _____ () [File not signed] C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
2019-01-16 10:52 - 2019-01-16 10:52 - 000378880 _____ () [File not signed] C:\Program Files (x86)\Cloud Storage\VSSHelper.dll
2011-08-01 08:36 - 2011-08-01 08:36 - 000172544 _____ (Western Digital) [File not signed] C:\Program Files\Western Digital\WD SmartWare\Vista\Shadow.dll
2011-08-01 08:37 - 2011-08-01 08:37 - 000118784 _____ (Western Digital) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WDFMEIPC.dll
2011-08-01 08:45 - 2011-08-01 08:45 - 000447488 _____ (Western Digital) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WDContextMenuHandler.dll
2011-08-01 08:35 - 2011-08-01 08:35 - 000082944 _____ () [File not signed] C:\Program Files\Western Digital\WD SmartWare\WDCollections.dll
2019-01-16 10:51 - 2019-01-16 10:51 - 001469952 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Cloud Storage\SQLite.Interop.dll
2019-01-16 10:51 - 2019-01-16 10:51 - 000319488 _____ (/n software, Inc.) [File not signed] C:\Program Files (x86)\Cloud Storage\CBFS6Net.dll
2019-01-16 10:51 - 2019-01-16 10:51 - 001840640 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Cloud Storage\libeay32.DLL
2019-01-16 10:51 - 2019-01-16 10:51 - 000455168 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Cloud Storage\ssleay32.DLL
2019-04-10 22:37 - 2019-04-10 22:37 - 000157184 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\HPJ umpStartBridge\ac9cebfb0f8ff29b76816e14584c2552\HP JumpStartBridge.ni.exe
2019-04-10 22:35 - 2019-04-10 22:35 - 000156672 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRI DGECommon\03746e2905bc776c4e2907eddf1e1487\BRIDGEC ommon.ni.dll
2019-04-10 22:36 - 2019-04-10 22:36 - 000131072 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Com monPortable\d4f8c7ddc1dc29dcd50d19da8dc13aac\Commo nPortable.ni.dll
2019-04-10 22:37 - 2019-04-10 22:37 - 000329728 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Cle anStartController\097d3cf28e0cc938fc39417c2308243d \CleanStartController.ni.dll
2019-04-10 22:36 - 2019-04-10 22:36 - 000116736 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Bri dgeExtension\2e1790b0179dd21afe5e402dde4c7071\Brid geExtension.ni.dll
2019-04-10 22:36 - 2019-04-10 22:36 - 000070656 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Nat iveInterop\51891c78864b78601f10bd0aa65c1c2a\Native Interop.ni.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-02-22 00:31 - 2019-03-22 21:14 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-22 00:31 - 2019-03-22 21:14 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2018-04-20 23:47 - 2018-03-08 02:52 - 006324224 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Gallagher\AppData\Local\Amazon Music\QtGui4.dll
2018-04-20 23:47 - 2018-03-08 02:49 - 000808448 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Gallagher\AppData\Local\Amazon Music\QtNetwork4.dll
2018-04-20 23:47 - 2018-03-08 02:48 - 002286592 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Gallagher\AppData\Local\Amazon Music\QtCore4.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 001567232 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\HPA udioSwitch\662704a646ce63c258b52936332d6e9a\HPAudi oSwitch.ni.exe
2019-04-10 22:38 - 2019-04-10 22:38 - 000764928 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log 4net\6e894a8b3f7a2fb73befd5ecb660fdb6\log4net.ni.d ll
2019-04-10 22:38 - 2019-04-10 22:38 - 000129536 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Har dcodet.W6cab32f3#\a292b3ddc0e8098daa795e3c75a7e7a0 \Hardcodet.Wpf.TaskbarNotification.ni.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 001549312 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAu dio\cf9874a56c06ff299aa9df9e8012f2b1\NAudio.ni.dll
2019-04-10 22:35 - 2019-04-10 22:35 - 002227200 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\New tonsoft.Json\a3733af14fc80e01bdd68142a00a5e60\Newt onsoft.Json.ni.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 000141312 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Int erop.IWs06dcaa36#\4085da30349ec03e484d056f89c6c53d \Interop.IWshRuntimeLibrary.ni.dll
2017-10-26 12:05 - 2017-10-26 12:05 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2017-10-26 12:05 - 2017-10-26 12:05 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2018-06-22 02:43 - 2015-06-17 16:03 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2018-06-22 02:43 - 2015-06-17 16:00 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2018-06-22 02:43 - 2015-09-15 16:07 - 000318464 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2018-06-22 02:43 - 2015-05-26 09:44 - 000141312 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnwidsd.dll
2018-06-22 02:43 - 2015-09-01 18:11 - 000194560 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2017-11-01 21:58 - 2017-11-01 21:58 - 001141248 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Adguard\SQLite.Interop.dll
2017-03-15 18:08 - 2017-03-15 18:08 - 000732672 _____ () [File not signed] C:\Program Files (x86)\Adguard\brolib32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MCODS => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ZAM.exe" /service => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McMPFSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MCODS => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ZAM.exe" /service => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\zam64.sys => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\zamguard64.sys => “”=“Driver”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\008i.com → 008i.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\008k.com → 008k.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\00hq.com → 00hq.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\0190-dialers.com → 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\01i.info → 01i.info
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\02pmnzy5eo29bfk4.com → 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\05p.com → 05p.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\07ic5do2myz3vzpk.com → 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\08nigbmwk43i01y6.com → 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\093qpeuqpmz6ebfa.com → 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\0calories.net → 0calories.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\0cj.net → 0cj.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\0scan.com → 0scan.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\1-britney-spears-nude.com → 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\1-domains-registrations.com → 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\1-se.com → 1-se.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\1001movie.com → 1001movie.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\1001night.biz → 1001night.biz
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\100gal.net → 100gal.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001...\100sexlinks.com → 100sexlinks.com

There are 4703 more sites.

IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\008i.com → 008i.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\008k.com → 008k.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\00hq.com → 00hq.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\0190-dialers.com → 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\01i.info → 01i.info
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\02pmnzy5eo29bfk4.com → 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\05p.com → 05p.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\07ic5do2myz3vzpk.com → 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\08nigbmwk43i01y6.com → 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\093qpeuqpmz6ebfa.com → 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\0calories.net → 0calories.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\0cj.net → 0cj.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\0scan.com → 0scan.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\1-britney-spears-nude.com → 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\1-domains-registrations.com → 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\1-se.com → 1-se.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\1001movie.com → 1001movie.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\1001night.biz → 1001night.biz
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\100gal.net → 100gal.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118...\100sexlinks.com → 100sexlinks.com

There are 4703 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2019-04-28 14:30 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPo werShell\v1.0;C:\ProgramData\Oracle\Java\javapath; C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\System32\WindowsPowerShell\v1.0;C: \Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143613868\Control Panel\Desktop\Wallpaper → C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143614181\Control Panel\Desktop\Wallpaper → C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Control Panel\Desktop\Wallpaper → C:\WINDOWS\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\Control Panel\Desktop\Wallpaper → C:\WINDOWS\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Control Panel\Desktop\Wallpaper → C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-500\Control Panel\Desktop\Wallpaper → C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Control Panel\Desktop\Wallpaper → C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Amazon Music => “C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe”
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
MSCONFIG\startupreg: iTunesHelper => “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvidmovies\CheckUpdate.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F3BC3112-E2FF-40D9-8624-7F53066266B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{14921336-7B79-4801-9518-8340921B287D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{4E7451F5-1242-4E63-B52E-4BBB72A59F49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{8B7F1595-851F-4F1A-BB7B-594181FF4316}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{713990D3-19CE-47DD-8FF4-84D57DE81685}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{639C9A39-B969-4C39-923E-C11DE17886D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{70A4CF8E-A670-49BD-A36D-6FF06715BA35}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{F16E6101-D1A2-42E0-83AE-70533C6400A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{421346D1-96B9-4484-9F01-25B4D1484F43}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{25C873BE-4B78-40C7-AE56-8E57525E8B2D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google Inc.)
FirewallRules: [{9AD4E580-4C4E-44DE-B174-494A658DDD16}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited → Adguard Software Ltd)

==================== Restore Points =========================

27-04-2019 09:32:53 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (05/03/2019 08:51:47 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (05/03/2019 03:30:55 PM) (Source: HP Active Health) (EventID: 88) (User: )
Description: – SECURITY WARNING – ActiveHealthProperties.ini has been tampered with, resetting it

Error: (05/03/2019 03:30:55 PM) (Source: HP Active Health) (EventID: 88) (User: )
Description: – SECURITY WARNING – ActiveHealthState.ini has been tampered with, resetting it

Error: (05/03/2019 03:30:55 PM) (Source: HP Active Health) (EventID: 80) (User: )
Description: – SECURITY WARNING – Unable to deserialize super secret file hashes. Will assume evil is afoot - all Validate() calls will return DOESNT_MATCH
at HP.ActiveHealth.Commons.Security.HashStore.LoadHas hesFromFile()

Error: (05/03/2019 02:54:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (05/03/2019 02:53:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DSAServiceHelper.exe, version: 19.4.18.9, time stamp: 0x5c9114b5
Faulting module name: KERNELBASE.dll, version: 10.0.17134.556, time stamp: 0xb9f4a0f1
Exception code: 0xe0434352
Fault offset: 0x000000000003a388
Faulting process ID: 0x8ff0
Faulting application start time: 0x01d501b7967b16ef
Faulting application path: C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAServiceHelper.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: d600a956-93e8-491e-ad6c-20d4c0dfc6c0
Faulting package full name:
Faulting package-relative application ID:

Error: (05/03/2019 02:53:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DSAServiceHelper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ServiceModel.CommunicationObjectFaultedExce ption
at System.ServiceModel.Channels.CommunicationObject.C lose(System.TimeSpan)
at System.ServiceModel.Channels.ServiceChannelFactory .OnClose(System.TimeSpan)
at System.ServiceModel.Channels.ServiceChannelFactory +TypedServiceChannelFactory`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnClose(System.TimeSpan)
at System.ServiceModel.Channels.CommunicationObject.C lose(System.TimeSpan)
at System.ServiceModel.ChannelFactory.OnClose(System. TimeSpan)
at System.ServiceModel.Channels.CommunicationObject.C lose(System.TimeSpan)
at DSAServiceHelper.Program.Main(System.String)

Error: (05/02/2019 08:27:27 AM) (Source: HP Active Health) (EventID: 88) (User: )
Description: – SECURITY WARNING – ActiveHealthProperties.ini has been tampered with, resetting it
[HEADING=1]System errors:[/HEADING]
Error: (05/04/2019 01:41:44 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/04/2019 01:36:40 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/04/2019 01:36:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/04/2019 02:15:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Push Notifications User Service_cb6c010 service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/03/2019 11:47:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Push Notifications User Service_cb6c010 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/03/2019 11:47:03 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Push Notifications User Service_cb6c010 service, but this action failed with the following error:
An instance of the service is already running.

Error: (05/03/2019 11:46:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Push Notifications User Service_cb6c010 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/03/2019 12:47:39 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
[HEADING=1]Windows Defender:[/HEADING]
Date: 2019-03-22 08:11:00.861
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7FD37310-0DE8-46A2-801B-B8A8FF4AEA17}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-14 18:15:54.346
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8C27B9DD-35D4-4B64-91BF-CE5312A1092C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-13 16:33:44.101
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C41AFB1C-3FE6-4F14-A45B-5F0607408F5E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-06 14:06:40.076
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3D529A5F-0266-444E-B767-280BB8FBD645}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-06 13:53:02.924
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {32B65213-932D-40A4-A982-9464F77E9CDF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-08 11:32:36.307
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.307
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.306
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.294
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.294
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2019-05-04 13:36:29.410
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_ broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRd r6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-05-04 13:36:25.505
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeB roker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRd r6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-05-02 21:02:24.225
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeB roker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRd r6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-05-01 21:02:23.458
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeB roker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRd r6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-30 21:02:22.799
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_ broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRd r6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-30 21:02:22.130
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeB roker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRd r6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-29 21:02:21.587
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_ broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRd r6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-29 21:02:20.537
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeB roker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRd r6.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: AMI F.23 07/20/2017
Motherboard: HP 82DD
Processor: Intel(R) Core™ i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 79%
Total physical RAM: 8086.98 MB
Available physical RAM: 1620.16 MB
Total Virtual: 13505.03 MB
Available Virtual: 2064.55 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1849.77 GB) (Free:344.22 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.02 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Seagate Expansion Drive) (Fixed) (Total:1863 GB) (Free:114.12 GB) NTFS
Drive g: (SAMSUNG) (Fixed) (Total:1863.01 GB) (Free:312.29 GB) NTFS
Drive h: () (Removable) (Total:229.07 GB) (Free:64.91 GB) FAT32
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:406.99 GB) NTFS
Drive l: (My Passport) (Fixed) (Total:931.48 GB) (Free:99.84 GB) NTFS
Drive r: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:116.38 GB) NTFS

\?\Volume{b7db7553-cc77-4e6c-ba8b-7cc988dc47a7}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.53 GB) NTFS
\?\Volume{5e842068-d704-4118-bd2a-7a9804a720b8}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
\?\Volume{8d169efb-0b92-11e8-9954-b052165221b6}\ (Cloud Storage Online drive) (Removable) (Total:1849.77 GB) (Free:344.22 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 1 (Size: 1863 GB) (Disk ID: 40B4CDDA)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

================================================== ======
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

================================================== ======
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 227E9BFA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 4.

================================================== ======
Disk: 5 (Size: 1863 GB) (Disk ID: 33572911)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

================================================== ======
Disk: 6 (Protective MBR) (Size: 229.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

No more popups?

nope seems all ok now

Please go HERE and download Delfix Save it to your desktop.

Right click the new Delfix desktop icon and then click “run as administrator”

Place a tick in the following checkboxes

[ol][li]Remove disinfection tools[/li][li]Create registry backup[/li][li]Purge system restore[/li][/ol]

Then select “Run”


Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop. A copy of this file will be also located as C:\Delfix.txt.

Please post a copy of this file in your next post

HI Jmarket
Have you found something else on my logs???

I have not. That’s why I posted the above instructions for you

Hello, here’s the delfix log
[HEADING=1]DelFix v1.013 - Logfile created 08/05/2019 at 19:34:00[/HEADING]
[HEADING=1]Updated 17/04/2016 by Xplode[/HEADING]
[HEADING=1]Username : Gallagher - DESKTOP-G3G6FFA[/HEADING]
[HEADING=1]Operating System : Windows 10 Home (64 bits)[/HEADING]
~ Removing disinfection tools …

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Gallagher\Downloads\FRST-OlderVersion
Deleted : C:\Users\Gallagher\Desktop\FRST-OlderVersion
Deleted : C:\Users\Gallagher\Desktop\Addition.txt
Deleted : C:\Users\Gallagher\Desktop\FRST.txt
Deleted : C:\Users\Gallagher\Desktop\FRST64.exe
Deleted : C:\Users\Gallagher\Downloads\Addition.txt
Deleted : C:\Users\Gallagher\Downloads\adwcleaner_7.2.7.0.ex e
Deleted : C:\Users\Gallagher\Downloads\FRST.txt
Deleted : C:\Users\Gallagher\Downloads\FRST64.exe
Deleted : C:\Users\Gallagher\Downloads\JRT.exe
Deleted : C:\Users\Gallagher\Downloads\JRT_exe
Deleted : C:\Users\Gallagher\Downloads\MiniToolBox (1).exe
Deleted : C:\Users\Gallagher\Downloads\MiniToolBox (2).exe
Deleted : C:\Users\Gallagher\Downloads\MiniToolBox.exe
Deleted : C:\Users\Gallagher\Downloads\Unhide Folders & Files (1).pdf
Deleted : C:\Users\Gallagher\Downloads\Unhide Folders & Files.pdf
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware

~ Creating registry backup … OK

~ Cleaning system restore …

Deleted : RP #72 [Scheduled Checkpoint | 05/06/2019 11:36:01]

New restore point created !

########## - EOF - ##########

If there’s no more popups I will mark this as solved

Cheers Jmarket (y)