Solved onlinevideoconrter pop ups

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

gallorgs

PCHF Member
PCHF Member
Jul 19, 2017
39
2
50
Hi Guys

All of a sudden im getting these pop ups for some reason
I have run MBAM & it found nothing
Can anyone help
cheers
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,140
496
PCHF Bunker
pchelpforum.net
Hey @gallorgs I've moved your thread to the Malware Removal area.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu.



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.


Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 

gallorgs

PCHF Member
PCHF Member
Jul 19, 2017
39
2
50
HI here's the c & P of the Additional log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.04.2019
Ran by Gallagher (24-04-2019 20:25:24)
Running from C:\Users\Gallagher\Downloads
Windows 10 Home Version 1803 17134.706 (X64) (2018-05-16 19:51:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2034169645-2416740140-1732510107-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2034169645-2416740140-1732510107-503 - Limited - Disabled)
Gallagher (S-1-5-21-2034169645-2416740140-1732510107-1001 - Administrator - Enabled) => C:\Users\Gallagher
Guest (S-1-5-21-2034169645-2416740140-1732510107-501 - Limited - Disabled) => C:\Users\Guest
Paul's Ipod (S-1-5-21-2034169645-2416740140-1732510107-1005 - Limited - Enabled) => C:\Users\Paul's Ipod
WDAGUtilityAccount (S-1-5-21-2034169645-2416740140-1732510107-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{B994CB81-2376-4BF3-9648-DA8736384B26}) (Version: 7.1 - Intel) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
AdGuard (HKLM-x32\...\{563cb78b-7933-497a-94cd-3d17707fabe1}) (Version: 6.4.1814.4903 - Adguard Software Ltd)
AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 6.4.1814.4903 - Adguard Software Ltd) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Amazon Amazon Music) (Version: 6.8.2.1537 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\Amazon Amazon Music) (Version: 6.8.2.1537 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 19.3.2369 - AVAST Software)
Avira (HKLM-x32\...\{10AE4FDC-32F9-4E56-8EE1-10629DD11C4E}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Backup and Sync from Google (HKLM\...\{F9EEDE46-6409-4ECC-8AB6-7062464987A4}) (Version: 3.43.4275.9540 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot (HKLM-x32\...\WTA-03a5e8eb-7a92-4e14-b1a0-cfbf9d994c7c) (Version: 3.0.2.59 - WildTangent) Hidden
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.5.0 - Canon Inc.)
Canon TS5000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS5000_series) (Version: 1.02 - Canon Inc.)
Canon TS5000 series On-screen Manual (HKLM-x32\...\Canon TS5000 series On-screen Manual) (Version: 1.1.0 - Canon Inc.)
Canon TS5000 series User Registration (HKLM-x32\...\Canon TS5000 series User Registration) (Version: - ‭Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2513 - CDBurnerXP)
Cloud Storage (HKLM-x32\...\{889B65D2-0A21-44E5-A1B0-B140C4C77567}) (Version: 4.9.2.86 - DSG Retail Limited)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crazy Chicken Soccer (HKLM-x32\...\WTA-30e07be8-3ccc-45aa-8d03-8c863755a740) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 16.4 - Illustrate)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 11 - Illustrate)
dBpoweramp m4a FDK (AAC) Encoder (HKLM-x32\...\dBpoweramp m4a FDK (AAC) Encoder) (Version: Release 2.1 (FDK v0.1.3) - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
Dropbox (HKLM-x32\...\Dropbox) (Version: 70.4.93 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FMSE17 (HKLM-x32\...\{0ce2c70e-07f6-470a-b89c-2df2674f5905}) (Version: 0.4.0.1 - AppCake Limited)
FMSE18 (HKLM\...\{2B4136BA-71FD-49F1-AFB9-3DBF9CF74AA5}) (Version: 1.9.0.0 - AppCake Limited) Hidden
FMSE18 (HKLM-x32\...\{bef072ab-52f6-425b-a27e-76b9c94cf78d}) (Version: 1.9.0.0 - AppCake Limited)
Free All-In-One Media Player (HKLM-x32\...\Free Media Player_is1) (Version: - Free Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Photos Backup (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.21 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.7.50.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
Intel Driver && Support Assistant (HKLM-x32\...\{31B742C7-F4F0-4B1D-A81A-7F1CF3513D7F}) (Version: 19.3.12.3 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6344 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.2.1002 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{0658ef25-2251-4c99-a9ec-dd54bf3da303}) (Version: 19.3.12.3 - Intel)
Intel® Driver & Support Assistant (HKLM-x32\...\{e6836a64-e94b-48d6-b294-1a0d5d124d90}) (Version: 19.3.12.3 - Intel)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iTunes (HKLM\...\{CAA61CDB-0E1E-4E7F-89E1-36FBCC3C0EFB}) (Version: 12.9.4.102 - Apple Inc.)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Laplink PCmover Professional (HKLM-x32\...\{C5FC0140-206A-4D19-873B-5C8EB114751F}) (Version: 11.00.1004.0 - Laplink Software, Inc.)
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-a9aa252b-23df-48e2-abf5-6705da048dec) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R18 - McAfee, Inc.)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.11425.20228 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2034169645-2416740140-1732510107-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071910297\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 6.35 - mIRC Co. Ltd.)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Thunderbird 52.5.2 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 52.5.2 (x86 en-GB)) (Version: 52.5.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-2e44bae0-68d2-4924-b550-249adc10b63f) (Version: 3.0.2.59 - WildTangent) Hidden
Radialpoint Dashboard Patch version 13.12.23.29994 (HKLM-x32\...\RadialpointDashboardPatch_is1) (Version: 13.12.23.29994 - ) Hidden
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-50c80ae6-92ac-4ca7-9ca1-f07d39b9f4d3) (Version: 2.2.0.97 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.61 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8549 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Runefall (HKLM-x32\...\WTA-cdf64de0-52ca-42d3-93c2-f52fd96af4cc) (Version: 3.0.2.126 - WildTangent) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shotcut (HKLM-x32\...\Shotcut) (Version: 18.11.18 - Meltytech, LLC)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Stamp ID3 Tag Editor (HKLM-x32\...\Stamp) (Version: 2.39 - NCH Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Knowhow Expert Support (HKLM-x32\...\{86C2DB2D-8148-4085-3B07-1A0E97F910F0}) (Version: 7.11.756 - LogMeIn, Inc.)
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Trinklit Supreme (HKLM-x32\...\WTA-e5e88212-b634-4f1f-810b-f626eba374f5) (Version: 2.2.0.98 - WildTangent) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.3 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-3) (Version: 1.0.33.0 - LunarG, Inc.)
WD SmartWare (HKLM\...\{23B47A34-0517-48DA-8B76-015DA8546893}) (Version: 1.5.1 - Western Digital)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.5.13 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Wondershare TidyMyMusic(Build 1.6.0.3) (HKLM-x32\...\Wondershare TidyMyMusic_is1) (Version: 1.6.0.3 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Gallagher\Dropbox [2018-09-24 18:47]
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
SSODL: EldosMountNotificator-cbfs6 - {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
ShellServiceObjects: No Name -> {37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} =>
ShellServiceObjects: No Name -> {6FDEDD65-AC51-43CA-B2D0-9EB5D1155D03} =>
ShellServiceObjects: No Name -> {7007ACCF-3202-11D1-AAD2-00805FC1270E} =>
ShellServiceObjects: No Name -> {A1607060-5D4C-467a-B711-2B59A6F25957} =>
ShellServiceObjects: Virtual Storage Mount Notification -> {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellServiceObjects-x32: No Name -> {37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} =>
ShellServiceObjects-x32: No Name -> {7007ACCF-3202-11D1-AAD2-00805FC1270E} =>
ShellServiceObjects-x32: No Name -> {A1607060-5D4C-467a-B711-2B59A6F25957} =>
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {EBDFE718-8CC7-4E50-8CD1-AF59DCAAF599} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {EBDFE718-8CC7-4E50-8CD1-AF59DCAAF599} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2011-05-30] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [LivedriveContextMenu] -> {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers1: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2011-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\WDContextMenuHandler.dll [2011-08-01] (Western Digital) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2011-05-30] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [LivedriveContextMenu] -> {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ContextMenuHandlers4: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2011-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\igfxDTCM.dll [2018-09-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2011-05-30] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers6: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2011-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\WDContextMenuHandler.dll [2011-08-01] (Western Digital) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Gallagher\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

ShortcutWithArgument: C:\Users\Gallagher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2019-01-16 10:52 - 2019-01-16 10:52 - 000378880 _____ () [File not signed] C:\Program Files (x86)\Cloud Storage\VSSHelper.dll
2010-11-02 09:33 - 2010-11-02 09:33 - 001083392 _____ () [File not signed] C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
2011-08-01 08:36 - 2011-08-01 08:36 - 000172544 _____ (Western Digital) [File not signed] C:\Program Files\Western Digital\WD SmartWare\Vista\Shadow.dll
2011-08-01 08:37 - 2011-08-01 08:37 - 000118784 _____ (Western Digital) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WDFMEIPC.dll
2011-08-01 08:45 - 2011-08-01 08:45 - 000447488 _____ (Western Digital) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WDContextMenuHandler.dll
2011-08-01 08:35 - 2011-08-01 08:35 - 000082944 _____ () [File not signed] C:\Program Files\Western Digital\WD SmartWare\WDCollections.dll
2019-01-16 10:51 - 2019-01-16 10:51 - 001469952 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Cloud Storage\SQLite.Interop.dll
2019-01-16 10:51 - 2019-01-16 10:51 - 000319488 _____ (/n software, Inc.) [File not signed] C:\Program Files (x86)\Cloud Storage\CBFS6Net.dll
2019-01-16 10:51 - 2019-01-16 10:51 - 001840640 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Cloud Storage\libeay32.DLL
2019-01-16 10:51 - 2019-01-16 10:51 - 000455168 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Cloud Storage\ssleay32.DLL
2019-04-10 22:38 - 2019-04-10 22:38 - 001567232 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\HPAudioSwitch\662704a646ce63c258b52936332d6e9a\HPAudioSwitch.ni.exe
2019-04-10 22:38 - 2019-04-10 22:38 - 000764928 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\6e894a8b3f7a2fb73befd5ecb660fdb6\log4net.ni.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 000129536 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\a292b3ddc0e8098daa795e3c75a7e7a0\Hardcodet.Wpf.TaskbarNotification.ni.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 001549312 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\cf9874a56c06ff299aa9df9e8012f2b1\NAudio.ni.dll
2019-04-10 22:35 - 2019-04-10 22:35 - 002227200 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\a3733af14fc80e01bdd68142a00a5e60\Newtonsoft.Json.ni.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 000141312 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\4085da30349ec03e484d056f89c6c53d\Interop.IWshRuntimeLibrary.ni.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-02-22 00:31 - 2019-03-22 21:14 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-22 00:31 - 2019-03-22 21:14 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-02-22 00:31 - 2019-03-22 21:14 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2018-04-20 23:47 - 2018-03-08 02:48 - 002286592 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Gallagher\AppData\Local\Amazon Music\QtCore4.dll
2018-04-20 23:47 - 2018-03-08 02:49 - 000808448 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Gallagher\AppData\Local\Amazon Music\QtNetwork4.dll
2018-04-20 23:47 - 2018-03-08 02:52 - 006324224 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Gallagher\AppData\Local\Amazon Music\QtGui4.dll
2018-06-22 02:43 - 2015-06-17 16:03 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2018-06-22 02:43 - 2015-06-17 16:00 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2018-06-22 02:43 - 2015-09-15 16:07 - 000318464 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2018-06-22 02:43 - 2015-05-26 09:44 - 000141312 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnwidsd.dll
2018-06-22 02:43 - 2015-09-01 18:11 - 000194560 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2017-11-01 21:58 - 2017-11-01 21:58 - 001141248 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Adguard\SQLite.Interop.dll
2017-03-15 18:08 - 2017-03-15 18:08 - 000732672 _____ () [File not signed] C:\Program Files (x86)\Adguard\brolib32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4703 more sites.

IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\100sexlinks.com -> 100sexlinks.com

There are 4703 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2017-03-18 22:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071900792\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071902415\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071910297\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071918405\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071921183\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Amazon Music => "C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvidmovies\CheckUpdate.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A495F363-3514-4182-B9CA-5EDD55A41A2B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2018 Editor\editor.exe (Sports Interactive) [File not signed]
FirewallRules: [{60B273C4-37E1-43BF-88D0-85767CE7130E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2018 Editor\editor.exe (Sports Interactive) [File not signed]
FirewallRules: [{2A3A2DB7-99FD-484F-BBB9-2F1C7E7129F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2018\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{3EE54C2A-A564-4E91-ADA9-084239ACE736}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2018\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{6E9B26BE-A3EE-43B9-8AD9-E2AA9D14ABD7}] => (Allow) LPort=13148
FirewallRules: [{94E41239-6E89-4218-B0CC-CC90FD404660}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (HP Inc. -> HP Inc.)
FirewallRules: [{F524BA67-C478-4FE2-9E98-060CE7977546}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{29EC6711-E389-4BD5-8BCB-68953FC8E302}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{605A3B0C-B8A7-4286-A286-929EF6291705}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{86F4062E-6D6D-441C-BA75-A435FD8EC2F8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EBE326A3-29EB-4E52-BA9F-D797F7FD13C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ABF34619-6FD0-42ED-AD65-C4B92813BBB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7148E911-192E-40C8-9A76-66BEAC906E9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{79C194BA-288E-437B-A4B1-17C929C983BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{76B4331B-3E58-4C44-B5B0-9AA605284949}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7C27272E-AEA2-447C-8F4D-F51EAC371F1C}] => (Allow) C:\Program Files (x86)\Laplink\PCmover\pcmservice.exe (Laplink Software Inc. -> Laplink Software, Inc.)
FirewallRules: [{E165A5D6-7666-413E-9878-8C12E0C36454}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{EF809E25-E4B3-4989-8058-879F3EE58EDF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
FirewallRules: [{DDB7E469-DE88-430E-BE79-BD7A9ADBF22D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe No File
FirewallRules: [{8E5E74CB-97B4-4981-9DE4-D2910EB79A99}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{2C78FDC4-D69C-4746-9C6D-2B9FABC59365}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{0F461E8A-A5B0-4BE1-8B54-89748D083890}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{B98CCA08-373B-481D-BAFC-C83DB8338512}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{1D169955-5346-4944-9F80-1FE0B44C8518}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{17096CEC-96D7-4449-AB50-75937F84FAA5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{50C07EEF-DC35-4EA0-88EF-DD2D5B11DC8C}C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [UDP Query User{132F0907-D320-4B55-9527-30985CE19CAA}C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [{92473D8C-29F2-4011-AEE4-97F9D7BD7865}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{AFE125A0-FB5F-4CB8-9FBC-96991A674F8C}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1635D79F-11B2-4339-9918-AF1BFBB10315}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BFC2259A-236C-4267-9E74-811836EF496A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7C14898F-1D62-4750-9695-AF0AD9CE89DB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4DFA9B72-3002-48DF-868C-B7072294C9ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9810F2B7-29F3-4D96-A2A9-CDA61F2B7A5F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F7F1B080-1804-4895-A92A-CC5CD6DD462D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4A445DC3-51D3-42D8-934C-2F79A5DD73CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{88C6728E-BD8D-4D06-ADBD-3C952DEFB426}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{135483ED-52B0-45DA-AE2F-5A1E033506FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{FC0C1E79-4FBD-4CF7-8696-270AB6EEE250}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)

==================== Restore Points =========================

18-04-2019 05:08:00 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2019 07:25:13 AM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it

Error: (04/24/2019 07:25:13 AM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthState.ini has been tampered with, resetting it

Error: (04/24/2019 07:25:13 AM) (Source: HP Active Health) (EventID: 80) (User: )
Description: -- SECURITY WARNING -- Unable to deserialize super secret file hashes. Will assume evil is afoot - all Validate() calls will return DOESNT_MATCH
at HP.ActiveHealth.Commons.Security.HashStore.LoadHashesFromFile()

Error: (04/24/2019 06:00:29 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {76455458-0d84-449f-ab59-dcbf7691d5b5}

Error: (04/23/2019 06:07:00 PM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it

Error: (04/23/2019 06:07:00 PM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthState.ini has been tampered with, resetting it

Error: (04/23/2019 06:07:00 PM) (Source: HP Active Health) (EventID: 80) (User: )
Description: -- SECURITY WARNING -- Unable to deserialize super secret file hashes. Will assume evil is afoot - all Validate() calls will return DOESNT_MATCH
at HP.ActiveHealth.Commons.Security.HashStore.LoadHashesFromFile()

Error: (04/22/2019 07:18:52 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.


System errors:
=============
Error: (04/24/2019 05:21:51 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/23/2019 10:42:55 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/23/2019 10:42:19 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/23/2019 07:05:37 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (04/23/2019 06:54:28 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/22/2019 08:27:30 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/22/2019 05:13:47 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/22/2019 07:32:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service did not respond on starting.


Windows Defender:
===================================
Date: 2019-03-22 08:11:00.861
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7FD37310-0DE8-46A2-801B-B8A8FF4AEA17}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-14 18:15:54.346
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8C27B9DD-35D4-4B64-91BF-CE5312A1092C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-13 16:33:44.101
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C41AFB1C-3FE6-4F14-A45B-5F0607408F5E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-06 14:06:40.076
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3D529A5F-0266-444E-B767-280BB8FBD645}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-06 13:53:02.924
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {32B65213-932D-40A4-A982-9464F77E9CDF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-08 11:32:36.307
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.307
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.306
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.294
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.294
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2019-04-21 11:02:14.887
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-21 11:02:13.364
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-20 11:02:21.642
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-20 11:02:21.011
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-20 11:02:17.246
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-08 12:20:24.779
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Installer\MSI2EF2.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-06 11:05:51.914
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-06 11:05:51.653
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: AMI F.23 07/20/2017
Motherboard: HP 82DD
Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 73%
Total physical RAM: 8086.98 MB
Available physical RAM: 2153.79 MB
Total Virtual: 10646.98 MB
Available Virtual: 2256.62 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1849.77 GB) (Free:350.36 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.02 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Seagate Expansion Drive) (Fixed) (Total:1863 GB) (Free:137.77 GB) NTFS
Drive g: (SAMSUNG) (Fixed) (Total:1863.01 GB) (Free:312.29 GB) NTFS
Drive h: () (Removable) (Total:229.07 GB) (Free:64.91 GB) FAT32
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:403.91 GB) NTFS
Drive l: (My Passport) (Fixed) (Total:931.48 GB) (Free:108.58 GB) NTFS
Drive r: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:113.99 GB) NTFS

\\?\Volume{b7db7553-cc77-4e6c-ba8b-7cc988dc47a7}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.53 GB) NTFS
\\?\Volume{5e842068-d704-4118-bd2a-7a9804a720b8}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
\\?\Volume{8d169efb-0b92-11e8-9954-b052165221b6}\ (Cloud Storage Online drive) (Removable) (Total:1849.77 GB) (Free:350.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: BC5364AC)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 227E9BFA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 40B4CDDA)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 4.

========================================================
Disk: 5 (Size: 1863 GB) (Disk ID: 33572911)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Protective MBR) (Size: 229.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 

gallorgs

PCHF Member
PCHF Member
Jul 19, 2017
39
2
50
And here's the FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.04.2019
Ran by Gallagher (administrator) on DESKTOP-G3G6FFA (HP HP All-in-One 24-e0XX) (24-04-2019 20:21:54)
Running from C:\Users\Gallagher\Downloads
Loaded Profiles: Gallagher & Paul's Ipod & Administrator & Guest & (Available Profiles: Gallagher & Paul's Ipod & Administrator & Guest)
Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\igfxCUIService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\IntelCpHDCPSvc.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(Livedrive Internet LTD -> ) C:\Program Files (x86)\Cloud Storage\VSSService.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Laplink Software Inc. -> Laplink Software, Inc.) C:\Program Files (x86)\Laplink\PCmover\PcmService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
(Western Digital Technologies, Inc. -> WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital Technologies, Inc. -> Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\IntelCpHeciSvc.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ProtectedModuleHost.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_18_12\mcapexe.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\3.1.160.0\McCSPServiceHost.exe
(Western Digital Technologies, Inc. -> Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\igfxEM.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Gallagher\AppData\Local\Microsoft\OneDrive\OneDrive.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Amazon Services LLC -> Amazon Services LLC) C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Livedrive Internet LTD -> DSG Retail Limited) C:\Program Files (x86)\Cloud Storage\CloudStorage.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [318920 2019-03-07] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071900792\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071902415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Google Photos Backup] => C:\Users\Gallagher\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791704 2018-06-01] (Google Inc -> Google, Inc)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Google Update] => C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-27] (Google Inc -> Google LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3146016 2019-03-06] (Valve -> Valve Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Amazon Music Helper] => C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe [3052472 2018-11-14] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [CloudStorage] => C:\Program Files (x86)\Cloud Storage\CloudStorage.exe [4252088 2019-01-16] (Livedrive Internet LTD -> DSG Retail Limited)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5735784 2018-10-30] (Adguard Software Limited -> Adguard Software Ltd)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [149504 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\Run: [Google Photos Backup] => C:\Users\Gallagher\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791704 2018-06-01] (Google Inc -> Google, Inc)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\Run: [Google Update] => C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-27] (Google Inc -> Google LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3146016 2019-03-06] (Valve -> Valve Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\Run: [Amazon Music Helper] => C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe [3052472 2018-11-14] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\Run: [CloudStorage] => C:\Program Files (x86)\Cloud Storage\CloudStorage.exe [4252088 2019-01-16] (Livedrive Internet LTD -> DSG Retail Limited)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Gallagher\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Gallagher\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\RunOnce: [Uninstall 19.033.0218.0011\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gallagher\AppData\Local\Microsoft\OneDrive\19.033.0218.0011\amd64"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\RunOnce: [Uninstall 19.033.0218.0011] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gallagher\AppData\Local\Microsoft\OneDrive\19.033.0218.0011"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1716720 2019-04-03] (Google LLC -> Google Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE [179408 2019-04-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [149504 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Paul's Ipod\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Paul's Ipod\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\...\RunOnce: [Uninstall 18.111.0603.0006\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul's Ipod\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\...\RunOnce: [Uninstall 18.111.0603.0006] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul's Ipod\AppData\Local\Microsoft\OneDrive\18.111.0603.0006"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Packard Bell.scr [425984 2009-08-05] () [File not signed]
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071910297\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Paul's Ipod\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071910297\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Paul's Ipod\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071910297\...\RunOnce: [Uninstall 18.111.0603.0006\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul's Ipod\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071910297\...\RunOnce: [Uninstall 18.111.0603.0006] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Paul's Ipod\AppData\Local\Microsoft\OneDrive\18.111.0603.0006"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071910297\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Packard Bell.scr [425984 2009-08-05] () [File not signed]
HKU\S-1-5-21-2034169645-2416740140-1732510107-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Packard Bell.scr [425984 2009-08-05] () [File not signed]
HKU\S-1-5-21-2034169645-2416740140-1732510107-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071918405\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071918405\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Packard Bell.scr [425984 2009-08-05] () [File not signed]
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Packard Bell.scr [425984 2009-08-05] () [File not signed]
HKU\S-1-5-21-2034169645-2416740140-1732510107-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071921183\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071921183\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Packard Bell.scr [425984 2009-08-05] () [File not signed]
HKLM\...\Drivers32: [vidc.ffds] => C:\WINDOWS\system32\ff_vfw.dll [127488 2014-05-13] () [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM\...\Drivers32-x32: [msacm.ac3filter] => ac3filter.acm
HKLM\...\Drivers32-x32: [msacm.divxa32] => DivXa32.acm
HKLM\...\Drivers32-x32: [vidc.divx] => divx.dll
HKLM\...\Drivers32: [vidc.ffds] => C:\WINDOWS\SysWOW64\ff_vfw.dll [112640 2014-05-13] () [File not signed]
HKLM\...\Drivers32-x32: [vidc.lags] => lagarith.dll
HKLM\...\Drivers32-x32: [vidc.x264] => x264vfw.dll
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\SysWOW64\xvidvfw.dll [235520 2014-04-08] () [File not signed]
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-11] (Google LLC -> Google Inc.)
Startup: C:\Users\Gallagher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-03-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CFC626-B104-4C99-AA7A-F227C9EAA1EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-01-31] (HP Inc. -> HP Inc.)
Task: {03BF19C2-1380-4BC1-9198-279DA6265B86} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-07-28] (HP Inc. -> )
Task: {0D7073D3-6D8D-4B48-91BC-C3C92F77E2DE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1432200 2019-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {108A2B1D-7EC0-446E-9ED3-1936E8AC5544} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {119EE018-89B7-46E7-8B87-B3D3B59E6C97} - System32\Tasks\GoogleUpdateTaskMachineUA1d3f6474a8e6c77 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {14037553-DF96-472D-8540-BC38658B1D84} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4639280 2018-12-02] (McAfee, Inc. -> McAfee, Inc.)
Task: {150E10F3-36EC-429F-8952-F66CFBDC9D51} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2838920 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
Task: {1B9D74FD-9109-4D81-991A-F67B6BFFEFB1} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {20F69267-7ABE-4A02-9B08-45C9E2F94D55} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {223A5654-A3AF-4ED6-B9A7-456EA6B15421} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [219512 2018-12-24] (HP Inc. -> HP Inc.)
Task: {24B7AEFD-E733-42AF-9181-68AA3A75DE75} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {2878EE1A-9F63-4857-94CF-F7A99BA118D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280295809-455121606-167572049-1001UA => C:\Users\Paul Gallagher\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2A1F8DB2-BD6E-4EFE-9FC8-8D0EFCD29726} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2019-03-13] (Apple Inc. -> Apple Inc.)
Task: {2CAADB57-FCF9-4185-970A-6F6ECCFC124F} - System32\Tasks\{8D187D24-F468-4C08-BF52-2AAB072164C3} => C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe [9534752 2009-12-10] (VSO-SOFTWARE -> VSO Software SARL)
Task: {3682E9D5-B10B-4670-AF17-D724E5A9ACFB} - System32\Tasks\RtHDVBg_HP_VOICEMODE_FOR_SKYPE => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505840 2018-10-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {3A1DAF1C-38B6-4635-8232-4DFDCAA95F54} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [756672 2018-11-13] (McAfee, Inc. -> McAfee, Inc.)
Task: {3D6DFC6B-84E0-473F-8A50-ABF697C9F4B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {3ECEE8FF-002C-44B9-8119-3C9DC5827199} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-01-31] (HP Inc. -> HP Inc.)
Task: {43159D3D-A8BB-45EC-9B01-5BA0C0D38088} - System32\Tasks\dropboxupdatetaskmachineua => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4965B220-09BC-44A6-9939-C52E4C861810} - System32\Tasks\S-1-5-21-2034169645-2416740140-1732510107-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [132608 2018-12-08] (Microsoft Windows -> Microsoft Corporation)
Task: {56EC72DC-4780-4BFA-BA12-F3071637D3BB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112376 2019-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {596E5CBD-396B-48E9-950E-7538EE4DE563} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {68C994D2-6A70-41F5-9F42-0D0C8111E924} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [25907200 2019-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {73B329E2-ED6C-4A13-8C9E-8D000223B46D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279520 2018-10-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7494402D-DF3C-4B1D-9315-9FB2BD4D7EBC} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {79CE75FB-6AD8-43F0-826A-9AC356DF60A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {7AD014FF-ABCC-451E-8933-10C22405E7D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-03-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8219C8B0-A55E-42C4-8862-1015BF86644E} - System32\Tasks\dropboxupdatetaskmachinecore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {84309B20-4E20-4C60-9568-D1484A210FFD} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {86087E1A-1DCA-42BD-86CB-D71A204B8801} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-12-06] (HP Inc. -> HP Inc.)
Task: {8E732076-2606-4051-BC41-E508E6E1F307} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {98D02E12-72E5-48BC-AED2-192D3B2404AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {9E2C7F07-4F17-4D3D-BB09-6459A18DCA64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280295809-455121606-167572049-1001Core => C:\Users\Paul Gallagher\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9F525066-99B9-484D-A87E-A0799350F02B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112376 2019-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {AFBED28B-FD21-4C0F-9BA9-3E691EA31CF7} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {BC3EE4B0-4CCC-413C-8536-E9D7ED9CE947} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {BEDFCBDC-FED0-45B9-86F9-26EC39EA0A2D} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [1573720 2011-02-09] (IObit Information Technology -> IObit)
Task: {BF82513D-1156-412A-A555-18BA2387CD15} - System32\Tasks\HPCeeScheduleForGallagher => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99392 2016-05-12] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {BFF2A4B5-ECD6-4C35-9DC7-ABB9329E59C9} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f3e9deea135a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {BFF93412-606F-46AA-A357-941F222C8787} - System32\Tasks\{4CF3A701-D0F0-40E0-A50C-F3B14AB307E7} => C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe [9534752 2009-12-10] (VSO-SOFTWARE -> VSO Software SARL)
Task: {C02A7D6C-5AAF-4E06-97D0-08E9BBF3F929} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {C6F1DBA6-A04C-4F24-B21A-A023A718BCED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001Core => C:\Users\Gallagher\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-03-19] (Google Inc -> Google Inc.)
Task: {C70AF939-20AC-4185-BDD9-CDE9FEEB4759} - System32\Tasks\{5790830D-7930-48A1-B5A9-AEC364E27191} => C:\Program Files (x86)\TuneUpMedia\TuneUpApp.exe
Task: {CEB77C69-3774-4D6A-8B9B-0C3256149128} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {CEDA97DD-92B2-44D5-95E5-EF2121695384} - System32\Tasks\RtHDVBg_CTPreset => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505840 2018-10-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {CFE4205C-5676-41E8-915C-2450748D20C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {D4B85993-7EED-4365-9C0F-41C46E9CCA8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {D50DA741-A6E0-4AA8-A1DA-0F723AAD500B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D81CB086-8607-4269-8611-5261938DDB3E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {E304240D-E39C-40A0-8303-20354B94B221} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001UA => C:\Users\Gallagher\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-03-19] (Google Inc -> Google Inc.)
Task: {E4813B12-7364-4D40-90DA-3CB7B1C5797D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {EABF7734-26C1-4259-8A00-B23CC74D53A9} - System32\Tasks\GoogleUpdateTaskMachineCore1d3f6474a80e1b8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {EB23B918-2487-46A5-902C-5A42C25664F1} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe
Task: {EC5DD5EF-30EE-4DDD-BE0C-8BB0C98BB149} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {EDDA2F5D-DCE3-4299-A98C-FD50645AC5D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {EED166CC-0892-42A8-9A35-7F75256AF0D1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1432200 2019-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {F556EF9C-5E70-4D8A-8E3C-E7F60D01FFB2} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f3e9e0e2413c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {FA69E2EC-B89F-4757-ABEB-1C4EF9082600} - System32\Tasks\googleupdatetaskmachinecore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {FCA59E7D-750A-4365-9702-0B9CEEDCCCB7} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.207\DADUpdater.exe [4025080 2019-02-27] (McAfee, Inc. -> McAfee, Inc.)
Task: {FDFF12D4-3CCF-4973-9D78-861952F6A68A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe
Task: {FE000A8C-E095-4307-A289-25BF18295F5B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [25907200 2019-04-15] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForGallagher.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{861925f3-20f1-4285-b1d2-a80c1b85936b}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103116p04d5v1k5y45m1224q
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103116p04d5v1k5y45m1224q
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071910297\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103116p04d5v1k5y45m1224q
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071910297\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103116p04d5v1k5y45m1224q
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103116p04d5v1k5y45m1224q
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103116p04d5v1k5y45m1224q
HKU\S-1-5-21-2034169645-2416740140-1732510107-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071921183\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103116p04d5v1k5y45m1224q
HKU\S-1-5-21-2034169645-2416740140-1732510107-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071921183\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103116p04d5v1k5y45m1224q
SearchScopes: HKLM -> {7F309637-95ED-4CFC-A211-9481B3B19E72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {7F309637-95ED-4CFC-A211-9481B3B19E72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001 -> {7F309637-95ED-4CFC-A211-9481B3B19E72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001 -> {80870008-2605-42BD-B9B2-DBFB892FC5B3} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626 -> {7F309637-95ED-4CFC-A211-9481B3B19E72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626 -> {80870008-2605-42BD-B9B2-DBFB892FC5B3} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1005 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071910297 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071910297 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071918405 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc. -> HP Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc -> Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc. -> HP Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071918405 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-501 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071921183 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
DPF: HKLM {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://85.93.227.12/activex/AMC.cab
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} hxxps://user.ssl.eon.com/+CSCOL+/csvrloader32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: HKLM-x32 {96816368-C1E3-414D-A193-63C3CC921990} hxxp://lochalsh-isleofskye.remotemanager.co.uk/common/activex/MJPEGRender.ocx
DPF: HKLM-x32 {A3D93B25-4601-49D2-B3AF-F447C73D561F} hxxp://85.93.227.36/program/SonySncRz25View.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.marksandspencerpersonalised.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://85.221.20.19/activex/AMC.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F8FC1530-0608-11DF-2008-0800200C9A66} hxxps://user.ssl.eon.com/CACHE/sdesktop/install/binaries/instweb.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Skype Software Sarl -> Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Skype Software Sarl -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\mcsniepl64.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files (x86)\mcafee\msc\mcsniepl.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.)

FireFox:
========
FF DefaultProfile: o9wgdi62.default-1401877949283
FF ProfilePath: C:\Users\Gallagher\AppData\Roaming\Mozilla\Firefox\Profiles\zjm2bkb8.default [2018-01-26]
FF ProfilePath: C:\Users\Gallagher\AppData\Roaming\Mozilla\Firefox\Profiles\o9wgdi62.default-1401877949283 [2019-04-24]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2019-03-21] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\program files\mcafee\msc\npmcsnffpl64.dll [2019-02-15] (McAfee, Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc -> Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\program files (x86)\mcafee\msc\npmcsnffpl.dll [2019-02-15] (McAfee, Inc. -> )
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-23] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626: @tools.google.com/Google Update;version=3 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626: @tools.google.com/Google Update;version=9 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bbc.co.uk/news/
CHR StartupUrls: Default -> "hxxp://www.bbc.co.uk/"
CHR Profile: C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default [2019-04-24]
CHR Extension: (Google Drive) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Adaware Ad Block) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmllgdnjnkbapbchnebiedipojhmnjej [2019-04-22]
CHR Extension: (Adobe Acrobat) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-03]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-27]
CHR Extension: (Google Play Music) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (360 Internet Protection) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2018-10-05]
CHR Extension: (Avast Online Security) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-04-23]
CHR Extension: (Audio Joiner) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihiafjkopgiakbmihgoieodihjcblfbk [2018-02-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-01-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-25]
CHR Profile: C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-22]
CHR Profile: C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-22]
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Gallagher\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2018-02-12]
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Gallagher\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2018-02-12]
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04222019071904626\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [136040 2018-10-30] (Adguard Software Limited -> Adguard Software Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6570352 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360440 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [371824 2019-03-23] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Skype Software Sarl -> Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Skype Software Sarl -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11082536 2019-04-16] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [25448 2019-03-19] (IDSA Production signing key -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [67944 2019-03-19] (IDSA Production signing key -> Intel)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-08-30] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-23] (WildTangent Inc -> WildTangent)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.)
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc. -> HP Inc.)
S2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16840 2019-03-07] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [391744 2017-07-11] (Canon Inc. -> )
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LivedriveVSSService; C:\Program Files (x86)\Cloud Storage\VSSService.exe [24504 2019-01-16] (Livedrive Internet LTD -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_12\McApExe.exe [745880 2019-01-23] (McAfee, Inc. -> McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2016-11-15] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\\McCSPServiceHost.exe [2158952 2018-12-17] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [371840 2019-01-15] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [604216 2019-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\windows\system32\mfevtps.exe [509728 2019-01-15] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1692552 2018-12-19] (McAfee, Inc. -> McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-08-18] (NVIDIA Corporation -> NVIDIA Corporation)
S4 OberonGameConsoleService; C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [44312 2009-08-29] (Oberon Media Inc. -> )
R2 PCmoverService; C:\Program Files (x86)\Laplink\PCmover\PcmService.exe [22160 2018-01-19] (Laplink Software Inc. -> Laplink Software, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1360384 2019-02-05] (McAfee, Inc. -> McAfee, Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268328 2018-10-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [317328 2011-08-01] (Western Digital Technologies, Inc. -> WDC)
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital Technologies, Inc. -> Western Digital )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital Technologies, Inc. -> Western Digital )
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [89560 2018-09-05] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205608 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [254408 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196304 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320904 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58168 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-02-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42496 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [169104 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [518784 2019-03-23] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88152 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034640 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [476264 2019-04-12] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [220632 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380160 2019-03-12] (AVAST Software s.r.o. -> AVAST Software)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-21] (EldoS Corporation -> /n software, Inc.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77384 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218408 2018-12-24] (McAfee, Inc. -> McAfee, Inc.)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1094000 2019-03-07] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-22] (Malwarebytes Corporation -> Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [511024 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [373808 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [86136 2019-01-22] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517168 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [981032 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [563728 2018-11-19] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109072 2018-11-19] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [117800 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254024 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-06-26] (PAIPTAC Driver -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-11-21] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2017-01-06] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [43008 2018-09-19] (Intel Corporation -> )
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2019-02-27] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-03-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-03-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-03-05] (Microsoft Windows -> Microsoft Corporation)
U1 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-24 20:20 - 2019-04-24 20:21 - 002429952 _____ (Farbar) C:\Users\Gallagher\Downloads\FRST64 (1).exe
2019-04-24 20:18 - 2019-04-24 20:18 - 000077214 _____ C:\Users\Gallagher\Downloads\Addition (5).txt
2019-04-24 20:17 - 2019-04-24 20:18 - 000000003 _____ C:\Users\Gallagher\Downloads\FRST (2).txt
2019-04-24 20:16 - 2019-04-24 20:17 - 000000003 _____ C:\Users\Gallagher\Downloads\Addition (4).txt
2019-04-24 20:15 - 2019-04-24 20:15 - 000077214 _____ C:\Users\Gallagher\Downloads\Addition (3).txt
2019-04-24 20:09 - 2019-04-24 20:14 - 000076658 _____ C:\Users\Gallagher\Downloads\Addition (2).txt
2019-04-24 17:48 - 2019-04-24 17:50 - 000076798 _____ C:\Users\Gallagher\Downloads\Addition (1).txt
2019-04-24 17:36 - 2019-04-24 17:47 - 000109685 _____ C:\Users\Gallagher\Downloads\FRST (1).txt
2019-04-23 19:37 - 2019-04-23 19:37 - 000077214 _____ C:\Users\Gallagher\Desktop\Addition.txt
2019-04-23 19:36 - 2019-04-23 19:36 - 000133809 _____ C:\Users\Gallagher\Desktop\FRST.txt
2019-04-23 19:26 - 2019-04-23 19:31 - 000077211 _____ C:\Users\Gallagher\Downloads\Addition.txt
2019-04-23 19:23 - 2019-04-24 20:24 - 000075215 _____ C:\Users\Gallagher\Downloads\FRST.txt
2019-04-23 19:22 - 2019-04-24 20:21 - 000000000 ____D C:\FRST
2019-04-23 19:21 - 2019-04-23 19:21 - 002436096 _____ (Farbar) C:\Users\Gallagher\Downloads\FRST64.exe
2019-04-22 19:20 - 2019-04-22 19:20 - 000000261 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2019-04-22 19:20 - 2019-04-22 19:20 - 000000261 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2019-04-22 19:20 - 2019-04-22 19:20 - 000000261 _____ C:\ProgramData\fontcacheev1.dat
2019-04-22 19:20 - 2019-04-22 19:20 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Adguard_Software_Ltd
2019-04-22 19:20 - 2018-09-05 08:54 - 000089560 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2019-04-22 19:19 - 2019-04-24 20:24 - 000000000 ____D C:\ProgramData\Adguard
2019-04-22 19:19 - 2019-04-22 19:21 - 000000000 ____D C:\Program Files (x86)\Adguard
2019-04-22 19:19 - 2019-04-22 19:19 - 000001009 _____ C:\Users\Public\Desktop\Adguard.lnk
2019-04-22 19:19 - 2019-04-22 19:19 - 000000000 ____D C:\Users\Gallagher\AppData\Roaming\Adguard Software Ltd
2019-04-22 19:19 - 2019-04-22 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2019-04-22 19:17 - 2019-04-22 19:17 - 000111496 _____ (Adguard Software Ltd) C:\Users\Gallagher\Downloads\adguardInstaller.exe
2019-04-22 18:45 - 2019-04-22 18:45 - 003927160 _____ (Google) C:\Users\Gallagher\Downloads\chrome_cleanup_tool.exe
2019-04-22 07:18 - 2019-04-22 07:18 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-22 07:18 - 2019-04-22 07:18 - 000000000 ___HD C:\ProgramData\temp
2019-04-21 22:32 - 2019-04-21 22:32 - 002043232 _____ (Oracle Corporation) C:\Users\Gallagher\Downloads\JavaSetup8u211.exe
2019-04-12 21:32 - 2019-04-12 21:32 - 000000000 ___HD C:\OneDriveTemp
2019-04-12 20:26 - 2019-04-12 20:26 - 014221344 _____ (Intel) C:\Users\Gallagher\Downloads\Intel Driver and Support Assistant Installer (5).exe
2019-04-12 19:34 - 2019-04-12 19:34 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-04-09 20:12 - 2019-04-02 13:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-09 20:12 - 2019-04-02 13:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-09 20:12 - 2019-04-02 13:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-09 20:12 - 2019-04-02 13:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-09 20:12 - 2019-04-02 13:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-09 20:12 - 2019-04-02 13:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-09 20:12 - 2019-04-02 13:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-09 20:12 - 2019-04-02 13:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-09 20:12 - 2019-04-02 13:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-09 20:12 - 2019-04-02 10:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-09 20:12 - 2019-04-02 10:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-09 20:12 - 2019-04-02 10:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-09 20:12 - 2019-04-02 10:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-09 20:12 - 2019-04-02 10:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-09 20:12 - 2019-04-02 09:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-09 20:12 - 2019-04-02 09:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-09 20:12 - 2019-04-02 09:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-09 20:12 - 2019-04-02 09:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-09 20:12 - 2019-04-02 09:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-09 20:12 - 2019-04-02 09:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-09 20:12 - 2019-04-02 09:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-09 20:12 - 2019-04-02 09:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-09 20:12 - 2019-04-02 09:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-09 20:12 - 2019-04-02 09:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-09 20:12 - 2019-04-02 09:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-09 20:12 - 2019-04-02 08:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-09 20:12 - 2019-04-02 08:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-09 20:12 - 2019-04-02 08:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-09 20:12 - 2019-04-02 08:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-09 20:12 - 2019-04-02 08:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-09 20:12 - 2019-04-02 08:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-09 20:12 - 2019-04-02 08:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-09 20:12 - 2019-04-02 08:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-09 20:12 - 2019-04-02 08:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-09 20:12 - 2019-04-02 08:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-09 20:12 - 2019-04-02 08:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-09 20:12 - 2019-04-02 06:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-09 20:12 - 2019-04-02 06:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-09 20:12 - 2019-04-02 06:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-09 20:12 - 2019-04-02 05:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-09 20:12 - 2019-04-02 05:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-09 20:12 - 2019-04-02 05:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-09 20:12 - 2019-04-02 05:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-09 20:12 - 2019-04-02 05:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-09 20:12 - 2019-03-14 15:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-09 20:12 - 2019-03-14 15:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-09 20:12 - 2019-03-14 15:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-09 20:12 - 2019-03-14 15:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-09 20:12 - 2019-03-14 14:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-09 20:12 - 2019-03-14 09:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-09 20:12 - 2019-03-14 09:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-09 20:12 - 2019-03-14 09:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-09 20:12 - 2019-03-14 09:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-09 20:12 - 2019-03-14 09:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-09 20:12 - 2019-03-14 09:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-09 20:12 - 2019-03-14 09:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-09 20:12 - 2019-03-14 09:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-09 20:12 - 2019-03-14 09:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-09 20:12 - 2019-03-14 09:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-09 20:12 - 2019-03-14 09:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-09 20:12 - 2019-03-14 09:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-09 20:12 - 2019-03-14 09:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-09 20:12 - 2019-03-14 09:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-09 20:12 - 2019-03-14 09:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-09 20:12 - 2019-03-14 09:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-09 20:12 - 2019-03-14 09:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-09 20:12 - 2019-03-14 09:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-09 20:12 - 2019-03-14 09:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-09 20:12 - 2019-03-14 09:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-09 20:12 - 2019-03-14 08:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-09 20:12 - 2019-03-14 08:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-09 20:12 - 2019-03-14 08:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-09 20:12 - 2019-03-14 08:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-09 20:12 - 2019-03-14 08:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-09 20:12 - 2019-03-14 08:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-09 20:12 - 2019-03-14 08:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-09 20:12 - 2019-03-14 08:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-09 20:12 - 2019-03-14 08:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-09 20:12 - 2019-03-14 08:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-09 20:12 - 2019-03-14 08:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-09 20:12 - 2019-03-14 08:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-09 20:12 - 2019-03-14 08:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-09 20:12 - 2019-03-14 08:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-09 20:12 - 2019-03-14 08:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-09 20:12 - 2019-03-14 08:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-09 20:12 - 2019-03-14 02:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-09 20:11 - 2019-04-02 13:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-09 20:11 - 2019-04-02 13:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-09 20:11 - 2019-04-02 13:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-09 20:11 - 2019-04-02 13:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-09 20:11 - 2019-04-02 13:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-09 20:11 - 2019-04-02 13:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-09 20:11 - 2019-04-02 13:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-09 20:11 - 2019-04-02 10:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-09 20:11 - 2019-04-02 10:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-09 20:11 - 2019-04-02 10:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-09 20:11 - 2019-04-02 10:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-09 20:11 - 2019-04-02 09:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-09 20:11 - 2019-04-02 09:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-09 20:11 - 2019-04-02 09:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-09 20:11 - 2019-04-02 09:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-09 20:11 - 2019-04-02 09:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-09 20:11 - 2019-04-02 09:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-09 20:11 - 2019-04-02 08:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-09 20:11 - 2019-04-02 08:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-09 20:11 - 2019-04-02 08:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-09 20:11 - 2019-04-02 08:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-09 20:11 - 2019-04-02 08:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-09 20:11 - 2019-04-02 08:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-09 20:11 - 2019-04-02 08:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-09 20:11 - 2019-04-02 07:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-09 20:11 - 2019-04-02 06:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-09 20:11 - 2019-04-02 06:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-09 20:11 - 2019-04-02 05:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-09 20:11 - 2019-04-02 05:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-09 20:11 - 2019-04-02 05:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-09 20:11 - 2019-04-02 05:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-09 20:11 - 2019-04-02 05:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-09 20:11 - 2019-04-02 05:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-09 20:11 - 2019-03-16 13:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-09 20:11 - 2019-03-16 10:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-09 20:11 - 2019-03-14 15:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-09 20:11 - 2019-03-14 15:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-09 20:11 - 2019-03-14 15:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-09 20:11 - 2019-03-14 15:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-09 20:11 - 2019-03-14 15:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-09 20:11 - 2019-03-14 15:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-09 20:11 - 2019-03-14 15:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-09 20:11 - 2019-03-14 15:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-09 20:11 - 2019-03-14 15:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-09 20:11 - 2019-03-14 14:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-09 20:11 - 2019-03-14 14:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-09 20:11 - 2019-03-14 14:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-09 20:11 - 2019-03-14 14:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-09 20:11 - 2019-03-14 14:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-09 20:11 - 2019-03-14 09:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-09 20:11 - 2019-03-14 09:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-09 20:11 - 2019-03-14 09:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-09 20:11 - 2019-03-14 09:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-09 20:11 - 2019-03-14 09:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-09 20:11 - 2019-03-14 09:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-09 20:11 - 2019-03-14 09:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-09 20:11 - 2019-03-14 09:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-09 20:11 - 2019-03-14 09:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-09 20:11 - 2019-03-14 09:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-09 20:11 - 2019-03-14 09:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-09 20:11 - 2019-03-14 09:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-09 20:11 - 2019-03-14 09:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-09 20:11 - 2019-03-14 09:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-09 20:11 - 2019-03-14 08:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-09 20:11 - 2019-03-14 08:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-09 20:11 - 2019-03-14 08:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-09 20:11 - 2019-03-14 08:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-09 20:11 - 2019-03-14 08:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-09 20:11 - 2019-03-14 08:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-09 20:11 - 2019-03-14 08:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-09 20:11 - 2019-03-14 08:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-09 20:11 - 2019-03-14 08:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-09 20:11 - 2019-03-14 08:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-09 20:11 - 2019-03-14 08:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-09 20:11 - 2019-03-14 08:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-09 20:11 - 2019-03-14 08:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-09 20:11 - 2019-03-14 08:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-08 17:44 - 2019-04-08 17:44 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-04-08 17:44 - 2019-04-08 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-04-08 17:44 - 2019-04-08 17:44 - 000000000 ____D C:\Program Files\iPod
2019-04-08 17:32 - 2019-04-08 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-04-08 12:20 - 2019-04-08 12:20 - 000002346 _____ C:\Users\Public\Desktop\Intel® Rapid Storage Technology.lnk
2019-04-08 12:19 - 2019-04-08 12:19 - 000000000 ____D C:\Program Files\Common Files\Intel
2019-03-28 11:51 - 2019-03-28 11:51 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Roaming\AVAST Software
2019-03-28 11:51 - 2019-03-28 11:51 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\CEF
2019-03-28 11:46 - 2019-03-28 11:46 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Roaming\Sun
2019-03-28 11:46 - 2019-03-28 11:46 - 000000000 ____D C:\Users\Paul's Ipod\AppData\LocalLow\Sun
2019-03-28 11:42 - 2019-03-28 11:42 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Roaming\Intel Corporation
2019-03-28 11:38 - 2019-03-28 11:39 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\Intel
2019-03-28 11:38 - 2019-03-28 11:39 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\Dropbox
2019-03-28 11:38 - 2019-03-28 11:38 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\mbamtray
2019-03-26 21:30 - 2019-03-26 21:30 - 000000000 ____D C:\Users\Gallagher\Intel
2019-03-26 21:30 - 2019-03-26 21:30 - 000000000 ____D C:\Users\Gallagher\Downloads\Intel Driver and Support Assistant
==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-24 20:18 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-24 20:02 - 2018-05-15 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-04-24 17:20 - 2018-05-16 20:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-23 21:22 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-23 21:22 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-23 19:05 - 2019-02-27 03:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-04-23 19:05 - 2018-11-19 13:56 - 000002368 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_HP_VOICEMODE_FOR_SKYPE
2019-04-23 19:05 - 2018-05-28 06:46 - 000003374 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d3f6474a8e6c77
2019-04-23 19:05 - 2018-05-28 06:46 - 000003150 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d3f6474a80e1b8
2019-04-23 19:05 - 2018-05-16 23:42 - 000003530 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001UA
2019-04-23 19:05 - 2018-05-16 23:42 - 000003262 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001Core
2019-04-23 19:05 - 2018-05-16 20:50 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-04-23 19:05 - 2018-05-16 20:50 - 000003460 _____ C:\WINDOWS\System32\Tasks\dropboxupdatetaskmachineua
2019-04-23 19:05 - 2018-05-16 20:50 - 000003236 _____ C:\WINDOWS\System32\Tasks\dropboxupdatetaskmachinecore
2019-04-23 19:05 - 2018-05-16 20:50 - 000003194 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-23 19:05 - 2018-05-16 20:50 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-04-23 19:05 - 2018-05-16 20:50 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-04-23 19:05 - 2018-05-16 20:50 - 000002970 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-04-23 19:05 - 2018-05-16 20:50 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2034169645-2416740140-1732510107-1005
2019-04-23 19:05 - 2018-05-16 20:50 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2034169645-2416740140-1732510107-1001
2019-04-23 19:05 - 2018-05-16 20:50 - 000002856 _____ C:\WINDOWS\System32\Tasks\HPJumpStartLaunch
2019-04-23 19:05 - 2018-05-16 20:50 - 000002826 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForGallagher
2019-04-23 19:05 - 2018-05-16 20:50 - 000002660 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2019-04-23 19:05 - 2018-05-16 20:50 - 000002646 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2019-04-23 19:05 - 2018-05-16 20:50 - 000002604 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-04-23 19:05 - 2018-05-16 20:50 - 000002502 _____ C:\WINDOWS\System32\Tasks\HPEA3JOBS
2019-04-23 19:05 - 2018-05-16 20:50 - 000002440 _____ C:\WINDOWS\System32\Tasks\HPAudioSwitch
2019-04-23 19:05 - 2018-05-16 20:50 - 000002300 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_CTPreset
2019-04-23 19:05 - 2018-05-16 20:50 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-04-23 19:05 - 2018-05-16 20:50 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-04-23 19:05 - 2018-03-22 05:44 - 000000946 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-04-23 19:05 - 2018-03-22 05:44 - 000000942 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-04-23 19:05 - 2018-01-21 12:06 - 000000380 _____ C:\WINDOWS\Tasks\HPCeeScheduleForGallagher.job
2019-04-23 03:11 - 2019-02-27 03:34 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-22 19:18 - 2017-10-26 11:58 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-22 18:47 - 2018-02-03 02:54 - 000000000 ____D C:\Users\Gallagher\AppData\Local\CrashDumps
2019-04-22 07:33 - 2018-01-28 22:13 - 000000000 ___RD C:\Users\Gallagher\iCloudDrive
2019-04-22 07:25 - 2018-05-16 20:28 - 000933368 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-22 07:25 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-22 07:23 - 2018-01-21 11:05 - 000000000 ___RD C:\Users\Gallagher\OneDrive
2019-04-22 07:22 - 2018-01-26 02:24 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-22 07:19 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-04-22 07:19 - 2018-01-21 11:01 - 000000000 __SHD C:\Users\Gallagher\IntelGraphicsProfiles
2019-04-22 07:18 - 2018-05-16 20:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-22 07:17 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-21 22:38 - 2018-01-26 02:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-04-21 22:38 - 2018-01-26 02:21 - 000000000 ____D C:\Program Files (x86)\Java
2019-04-21 22:34 - 2019-03-12 20:07 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-04-21 18:51 - 2017-10-26 12:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-04-17 09:10 - 2018-01-26 02:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-04-17 07:46 - 2018-06-22 02:39 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-04-12 21:32 - 2018-05-16 20:28 - 000002386 _____ C:\Users\Gallagher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-12 19:34 - 2019-02-27 03:36 - 000476264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-04-11 03:07 - 2015-02-06 03:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-11 03:07 - 2015-02-06 03:58 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-10 03:18 - 2018-09-24 18:47 - 000000000 ___RD C:\Users\Gallagher\Dropbox
2019-04-10 03:08 - 2018-05-16 20:24 - 000493320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-10 03:05 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-10 03:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-10 03:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-09 20:23 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-09 20:11 - 2018-01-21 12:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-09 20:01 - 2018-01-21 12:35 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-09 18:32 - 2015-12-03 18:28 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-09 14:30 - 2018-01-21 11:21 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Comms
2019-04-08 17:44 - 2018-01-24 00:51 - 000000000 ____D C:\Program Files\iTunes
2019-04-08 12:20 - 2019-02-12 00:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-04-08 12:19 - 2017-10-26 13:47 - 000000000 ____D C:\Program Files\Intel
2019-04-05 21:35 - 2017-10-26 12:04 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-04-05 10:33 - 2018-01-25 17:58 - 000000000 ____D C:\Users\Gallagher\AppData\LocalLow\Mozilla
2019-04-05 10:32 - 2018-06-22 02:51 - 000000000 ____D C:\Users\Gallagher\AppData\Roaming\Canon
2019-04-05 03:39 - 2018-01-21 12:42 - 000000000 ____D C:\Program Files\rempl
2019-04-04 16:35 - 2018-01-21 18:15 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Packages
2019-04-01 18:51 - 2018-11-14 18:44 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-01 18:51 - 2018-11-14 18:44 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-01 08:32 - 2018-07-23 17:24 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Roaming\hpqLog
2019-03-29 11:44 - 2018-05-16 20:28 - 000002392 _____ C:\Users\Paul's Ipod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-29 11:44 - 2018-03-23 00:50 - 000000000 ___RD C:\Users\Paul's Ipod\OneDrive
2019-03-28 19:19 - 2018-03-23 00:47 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\PlaceholderTileLogoFolder
2019-03-28 19:19 - 2018-03-23 00:45 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\Packages
2019-03-28 11:40 - 2018-03-23 00:45 - 000000000 __SHD C:\Users\Paul's Ipod\IntelGraphicsProfiles
2019-03-28 11:38 - 2018-03-23 00:45 - 000000000 ___RD C:\Users\Paul's Ipod\3D Objects
2019-03-28 11:38 - 2017-03-18 04:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-03-27 19:01 - 2018-01-26 03:20 - 000000000 ____D C:\Users\Gallagher\AppData\Roaming\dBpoweramp
2019-03-26 21:35 - 2018-02-14 07:44 - 000000000 ____D C:\Users\Gallagher\AppData\Local\ElevatedDiagnostics
2019-03-26 21:30 - 2018-05-16 20:28 - 000000000 ____D C:\Users\Gallagher
2019-03-26 06:23 - 2018-10-29 22:51 - 000000000 ____D C:\Users\Gallagher\Desktop\Photos

==================== Files in the root of some directories =======

2019-04-22 19:20 - 2019-04-22 19:20 - 000000261 _____ () C:\ProgramData\fontcacheev1.dat
2018-02-28 17:15 - 2018-10-19 02:48 - 000001041 _____ () C:\Users\Gallagher\AppData\Roaming\vso_ts_preview.xml
2018-02-15 01:46 - 2018-02-15 01:46 - 000000000 _____ () C:\Users\Gallagher\AppData\Roaming\wklnhst.dat
2018-01-21 11:02 - 2019-04-24 17:20 - 001950300 _____ () C:\Users\Gallagher\AppData\Local\BTServer.log

==================== Files in the root of some directories =======


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,140
496
PCHF Bunker
pchelpforum.net
While I lok at your logs, do the following for me.

We will need a log from AdwCleaner for further information.

Please go HERE and download AdwCleaner to your Desktop. Once downloaded right click the new icon and select Run as Administrator from the context menu to open the program. It will open at the Dashboard tab and no further changes to the program are necessary at this stage.

Click the Scan Now button.



Allow AdwCleaner to start scanning and depending on the amount of data on your PC it may take some time. At the conclusion of the scan any content considered unnecessary will be displayed in the Scan Results box. Ensure all items are selected for removal and click "Clean & Repair"



After selecting "Clean & Repair" another dialogue box may appear asking to restart now or later. If so choose "Clean & Restart Now"


Once the PC has restarted if AdwCleaner does not restart then open it again and click "Log Files" tab on the left. All log files will be listed. If you have used the program previously you may have several logs to select from so double click the most recent "Clean" log and it will open a notepad file on your Desktop.

Please COPY and PASTE the contents of that file in your next post :)
 

gallorgs

PCHF Member
PCHF Member
Jul 19, 2017
39
2
50
Hi, Here's the Adwcleaner log
Cheers

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-23.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-25-2019
# Duration: 00:00:11
# OS: Windows 10 Home
# Cleaned: 11
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Gallagher\AppData\Local\slimware utilities inc
Deleted C:\Users\Public\Documents\Downloaded Installers

***** [ Files ] *****

Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Software\AppDataLow\Software\Smartbar
Deleted HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Software\AppDataLow\Software\Toolbar
Deleted HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Software\AppDataLow\Software\Yahoo\Companion
Deleted HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Software\AppDataLow\Software\Smartbar
Deleted HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Software\AppDataLow\Software\Toolbar
Deleted HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Software\AppDataLow\Software\Yahoo\Companion
Deleted HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Deleted HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2503 octets] - [10/02/2019 02:04:15]
AdwCleaner[C00].txt - [2399 octets] - [10/02/2019 02:04:46]
AdwCleaner[S01].txt - [2614 octets] - [25/04/2019 19:29:05]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,140
496
PCHF Bunker
pchelpforum.net
You have multiple AV's. You don't need more than 1.

You have Avira, McAfee, and Avast. I would advise removing McAfee and Avira and keeping Avast.

After doing so, please post fresh FRST logs
 

gallorgs

PCHF Member
PCHF Member
Jul 19, 2017
39
2
50
oh ok a bit strange, got rid of mcafee but couldnt find Avira???
Do you want me to redo the FRST again??
 

gallorgs

PCHF Member
PCHF Member
Jul 19, 2017
39
2
50
Ok here's the FRST log again

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.04.2019
Ran by Gallagher (administrator) on DESKTOP-G3G6FFA (HP HP All-in-One 24-e0XX) (26-04-2019 13:45:20)
Running from C:\Users\Gallagher\Downloads
Loaded Profiles: Gallagher (Available Profiles: Gallagher & Paul's Ipod & Administrator & Guest)
Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe
(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Amazon Services LLC -> Amazon Services LLC) C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\71.4.108\QtWebEngineProcess.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Laplink Software Inc. -> Laplink Software, Inc.) C:\Program Files (x86)\Laplink\PCmover\PcmService.exe
(Livedrive Internet LTD -> ) C:\Program Files (x86)\Cloud Storage\VSSService.exe
(Livedrive Internet LTD -> DSG Retail Limited) C:\Program Files (x86)\Cloud Storage\CloudStorage.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Gallagher\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Western Digital Technologies, Inc. -> WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital Technologies, Inc. -> Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Western Digital Technologies, Inc. -> Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [318920 2019-03-07] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5537088 2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Google Photos Backup] => C:\Users\Gallagher\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791704 2018-06-01] (Google Inc -> Google, Inc)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Google Update] => C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-27] (Google Inc -> Google LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-16] (Valve -> Valve Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Amazon Music Helper] => C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe [3052472 2018-11-14] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [CloudStorage] => C:\Program Files (x86)\Cloud Storage\CloudStorage.exe [4252088 2019-01-16] (Livedrive Internet LTD -> DSG Retail Limited)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5735784 2018-10-30] (Adguard Software Limited -> Adguard Software Ltd)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [149504 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.ffds] => C:\WINDOWS\system32\ff_vfw.dll [127488 2014-05-13] () [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM\...\Drivers32-x32: [msacm.ac3filter] => ac3filter.acm
HKLM\...\Drivers32-x32: [msacm.divxa32] => DivXa32.acm
HKLM\...\Drivers32-x32: [vidc.divx] => divx.dll
HKLM\...\Drivers32: [vidc.ffds] => C:\WINDOWS\SysWOW64\ff_vfw.dll [112640 2014-05-13] () [File not signed]
HKLM\...\Drivers32-x32: [vidc.lags] => lagarith.dll
HKLM\...\Drivers32-x32: [vidc.x264] => x264vfw.dll
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\SysWOW64\xvidvfw.dll [235520 2014-04-08] () [File not signed]
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-11] (Google LLC -> Google Inc.)
Startup: C:\Users\Gallagher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-03-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CFC626-B104-4C99-AA7A-F227C9EAA1EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {03BF19C2-1380-4BC1-9198-279DA6265B86} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-07-28] (HP Inc. -> )
Task: {0D7073D3-6D8D-4B48-91BC-C3C92F77E2DE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1432200 2019-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {108A2B1D-7EC0-446E-9ED3-1936E8AC5544} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {119EE018-89B7-46E7-8B87-B3D3B59E6C97} - System32\Tasks\GoogleUpdateTaskMachineUA1d3f6474a8e6c77 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {1B9D74FD-9109-4D81-991A-F67B6BFFEFB1} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {20F69267-7ABE-4A02-9B08-45C9E2F94D55} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {223A5654-A3AF-4ED6-B9A7-456EA6B15421} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [219512 2018-12-24] (HP Inc. -> HP Inc.)
Task: {24B7AEFD-E733-42AF-9181-68AA3A75DE75} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {2878EE1A-9F63-4857-94CF-F7A99BA118D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280295809-455121606-167572049-1001UA => C:\Users\Paul Gallagher\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2A1F8DB2-BD6E-4EFE-9FC8-8D0EFCD29726} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2019-03-13] (Apple Inc. -> Apple Inc.)
Task: {2CAADB57-FCF9-4185-970A-6F6ECCFC124F} - System32\Tasks\{8D187D24-F468-4C08-BF52-2AAB072164C3} => C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe [9534752 2009-12-10] (VSO-SOFTWARE -> VSO Software SARL)
Task: {3682E9D5-B10B-4670-AF17-D724E5A9ACFB} - System32\Tasks\RtHDVBg_HP_VOICEMODE_FOR_SKYPE => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505840 2018-10-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {3D6DFC6B-84E0-473F-8A50-ABF697C9F4B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {3ECEE8FF-002C-44B9-8119-3C9DC5827199} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {43159D3D-A8BB-45EC-9B01-5BA0C0D38088} - System32\Tasks\dropboxupdatetaskmachineua => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4965B220-09BC-44A6-9939-C52E4C861810} - System32\Tasks\S-1-5-21-2034169645-2416740140-1732510107-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [132608 2018-12-08] (Microsoft Windows -> Microsoft Corporation)
Task: {56EC72DC-4780-4BFA-BA12-F3071637D3BB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112376 2019-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {596E5CBD-396B-48E9-950E-7538EE4DE563} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {601D90C3-505D-440E-844A-145A79C78FB1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {68C994D2-6A70-41F5-9F42-0D0C8111E924} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [25907200 2019-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {73B329E2-ED6C-4A13-8C9E-8D000223B46D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279520 2018-10-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7494402D-DF3C-4B1D-9315-9FB2BD4D7EBC} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {79CE75FB-6AD8-43F0-826A-9AC356DF60A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {7AD014FF-ABCC-451E-8933-10C22405E7D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-03-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8219C8B0-A55E-42C4-8862-1015BF86644E} - System32\Tasks\dropboxupdatetaskmachinecore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {86087E1A-1DCA-42BD-86CB-D71A204B8801} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-12-06] (HP Inc. -> HP Inc.)
Task: {98D02E12-72E5-48BC-AED2-192D3B2404AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {9E2C7F07-4F17-4D3D-BB09-6459A18DCA64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280295809-455121606-167572049-1001Core => C:\Users\Paul Gallagher\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9F525066-99B9-484D-A87E-A0799350F02B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112376 2019-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {AFBED28B-FD21-4C0F-9BA9-3E691EA31CF7} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {BC3EE4B0-4CCC-413C-8536-E9D7ED9CE947} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {BEDFCBDC-FED0-45B9-86F9-26EC39EA0A2D} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [1573720 2011-02-09] (IObit Information Technology -> IObit)
Task: {BF82513D-1156-412A-A555-18BA2387CD15} - System32\Tasks\HPCeeScheduleForGallagher => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99392 2016-05-12] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {BFF2A4B5-ECD6-4C35-9DC7-ABB9329E59C9} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f3e9deea135a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {BFF93412-606F-46AA-A357-941F222C8787} - System32\Tasks\{4CF3A701-D0F0-40E0-A50C-F3B14AB307E7} => C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe [9534752 2009-12-10] (VSO-SOFTWARE -> VSO Software SARL)
Task: {C02A7D6C-5AAF-4E06-97D0-08E9BBF3F929} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {C6F1DBA6-A04C-4F24-B21A-A023A718BCED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001Core => C:\Users\Gallagher\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-03-19] (Google Inc -> Google Inc.)
Task: {C70AF939-20AC-4185-BDD9-CDE9FEEB4759} - System32\Tasks\{5790830D-7930-48A1-B5A9-AEC364E27191} => C:\Program Files (x86)\TuneUpMedia\TuneUpApp.exe
Task: {CEB77C69-3774-4D6A-8B9B-0C3256149128} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {CEDA97DD-92B2-44D5-95E5-EF2121695384} - System32\Tasks\RtHDVBg_CTPreset => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505840 2018-10-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {CFE4205C-5676-41E8-915C-2450748D20C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {D4B85993-7EED-4365-9C0F-41C46E9CCA8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {D50DA741-A6E0-4AA8-A1DA-0F723AAD500B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D81CB086-8607-4269-8611-5261938DDB3E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {E304240D-E39C-40A0-8303-20354B94B221} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001UA => C:\Users\Gallagher\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-03-19] (Google Inc -> Google Inc.)
Task: {E4813B12-7364-4D40-90DA-3CB7B1C5797D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {EABF7734-26C1-4259-8A00-B23CC74D53A9} - System32\Tasks\GoogleUpdateTaskMachineCore1d3f6474a80e1b8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {EB23B918-2487-46A5-902C-5A42C25664F1} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe
Task: {EC5DD5EF-30EE-4DDD-BE0C-8BB0C98BB149} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {EDDA2F5D-DCE3-4299-A98C-FD50645AC5D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {EED166CC-0892-42A8-9A35-7F75256AF0D1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1432200 2019-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {F556EF9C-5E70-4D8A-8E3C-E7F60D01FFB2} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f3e9e0e2413c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {FA69E2EC-B89F-4757-ABEB-1C4EF9082600} - System32\Tasks\googleupdatetaskmachinecore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {FDFF12D4-3CCF-4973-9D78-861952F6A68A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe
Task: {FE000A8C-E095-4307-A289-25BF18295F5B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [25907200 2019-04-15] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForGallagher.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{861925f3-20f1-4285-b1d2-a80c1b85936b}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {7F309637-95ED-4CFC-A211-9481B3B19E72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {7F309637-95ED-4CFC-A211-9481B3B19E72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001 -> {7F309637-95ED-4CFC-A211-9481B3B19E72} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001 -> {80870008-2605-42BD-B9B2-DBFB892FC5B3} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc. -> HP Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc -> Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc. -> HP Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
DPF: HKLM {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://85.93.227.12/activex/AMC.cab
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} hxxps://user.ssl.eon.com/+CSCOL+/csvrloader32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: HKLM-x32 {96816368-C1E3-414D-A193-63C3CC921990} hxxp://lochalsh-isleofskye.remotemanager.co.uk/common/activex/MJPEGRender.ocx
DPF: HKLM-x32 {A3D93B25-4601-49D2-B3AF-F447C73D561F} hxxp://85.93.227.36/program/SonySncRz25View.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.marksandspencerpersonalised.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://85.221.20.19/activex/AMC.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F8FC1530-0608-11DF-2008-0800200C9A66} hxxps://user.ssl.eon.com/CACHE/sdesktop/install/binaries/instweb.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Skype Software Sarl -> Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Skype Software Sarl -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: o9wgdi62.default-1401877949283
FF ProfilePath: C:\Users\Gallagher\AppData\Roaming\Mozilla\Firefox\Profiles\zjm2bkb8.default [2018-01-26]
FF ProfilePath: C:\Users\Gallagher\AppData\Roaming\Mozilla\Firefox\Profiles\o9wgdi62.default-1401877949283 [2019-04-26]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc -> Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-23] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bbc.co.uk/news/
CHR StartupUrls: Default -> "hxxp://www.bbc.co.uk/"
CHR Profile: C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default [2019-04-26]
CHR Extension: (Google Drive) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Adaware Ad Block) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmllgdnjnkbapbchnebiedipojhmnjej [2019-04-22]
CHR Extension: (Adobe Acrobat) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-03]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-27]
CHR Extension: (Google Play Music) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (360 Internet Protection) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2018-10-05]
CHR Extension: (Avast Online Security) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-04-23]
CHR Extension: (Audio Joiner) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihiafjkopgiakbmihgoieodihjcblfbk [2018-02-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-01-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-25]
CHR Profile: C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-22]
CHR Profile: C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-22]
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Gallagher\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2018-02-12]
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0115411556242566mcinstcleanup; C:\ProgramData\McInstTemp0115411556242566\mcinst.exe [939432 2018-12-16] (McAfee, Inc. -> McAfee, Inc.)
R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [136040 2018-10-30] (Adguard Software Limited -> Adguard Software Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [373416 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Skype Software Sarl -> Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Skype Software Sarl -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11082536 2019-04-16] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [25448 2019-03-19] (IDSA Production signing key -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [67944 2019-03-19] (IDSA Production signing key -> Intel)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-08-30] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-23] (WildTangent Inc -> WildTangent)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.)
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16840 2019-03-07] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [391744 2017-07-11] (Canon Inc. -> )
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LivedriveVSSService; C:\Program Files (x86)\Cloud Storage\VSSService.exe [24504 2019-01-16] (Livedrive Internet LTD -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-08-18] (NVIDIA Corporation -> NVIDIA Corporation)
S4 OberonGameConsoleService; C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [44312 2009-08-29] (Oberon Media Inc. -> )
R2 PCmoverService; C:\Program Files (x86)\Laplink\PCmover\PcmService.exe [22160 2018-01-19] (Laplink Software Inc. -> Laplink Software, Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268328 2018-10-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [317328 2011-08-01] (Western Digital Technologies, Inc. -> WDC)
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital Technologies, Inc. -> Western Digital )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital Technologies, Inc. -> Western Digital )
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
S3 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe" [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe" [X]
S3 mfevtp; "C:\windows\system32\mfevtps.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [89560 2018-09-05] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [254128 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320624 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-02-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [526376 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1031000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [476776 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [220640 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-21] (EldoS Corporation -> /n software, Inc.)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1094000 2019-03-07] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-25] (Malwarebytes Corporation -> Malwarebytes)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-06-26] (PAIPTAC Driver -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-11-21] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2017-01-06] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [43008 2018-09-19] (Intel Corporation -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-03-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-03-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-03-05] (Microsoft Windows -> Microsoft Corporation)
U1 aswbdisk; no ImagePath
S0 cfwids; system32\drivers\cfwids.sys [X]
R0 mfeaack; system32\drivers\mfeaack.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfeplk; system32\drivers\mfeplk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-26 13:45 - 2019-04-26 13:47 - 000055706 _____ C:\Users\Gallagher\Downloads\FRST.txt
2019-04-26 13:26 - 2019-04-26 13:26 - 000000000 ____D C:\Users\Gallagher\Downloads\FRST-OlderVersion
2019-04-26 02:36 - 2019-04-26 02:36 - 000000000 ____D C:\ProgramData\McInstTemp0115411556242566
2019-04-26 00:45 - 2019-04-26 00:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-04-25 19:33 - 2019-04-25 19:33 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-25 19:33 - 2019-04-25 19:33 - 000000000 ___HD C:\ProgramData\temp
2019-04-25 00:00 - 2019-04-25 00:00 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-04-23 19:22 - 2019-04-26 13:45 - 000000000 ____D C:\FRST
2019-04-23 19:21 - 2019-04-26 13:26 - 002429952 _____ (Farbar) C:\Users\Gallagher\Downloads\FRST64.exet
2019-04-23 13:13 - 2019-04-23 13:13 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-04-23 13:13 - 2019-04-23 13:13 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-04-23 13:13 - 2019-04-23 13:13 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-04-23 13:13 - 2019-04-23 13:13 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-04-22 19:20 - 2019-04-22 19:20 - 000000261 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2019-04-22 19:20 - 2019-04-22 19:20 - 000000261 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2019-04-22 19:20 - 2019-04-22 19:20 - 000000261 _____ C:\ProgramData\fontcacheev1.dat
2019-04-22 19:20 - 2019-04-22 19:20 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Adguard_Software_Ltd
2019-04-22 19:20 - 2018-09-05 08:54 - 000089560 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2019-04-22 19:19 - 2019-04-26 13:47 - 000000000 ____D C:\ProgramData\Adguard
2019-04-22 19:19 - 2019-04-25 19:37 - 000000000 ____D C:\Program Files (x86)\Adguard
2019-04-22 19:19 - 2019-04-22 19:19 - 000001009 _____ C:\Users\Public\Desktop\Adguard.lnk
2019-04-22 19:19 - 2019-04-22 19:19 - 000000000 ____D C:\Users\Gallagher\AppData\Roaming\Adguard Software Ltd
2019-04-22 19:19 - 2019-04-22 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2019-04-22 19:17 - 2019-04-22 19:17 - 000111496 _____ (Adguard Software Ltd) C:\Users\Gallagher\Downloads\adguardInstaller.exe
2019-04-22 18:45 - 2019-04-22 18:45 - 003927160 _____ (Google) C:\Users\Gallagher\Downloads\chrome_cleanup_tool.exe
2019-04-12 21:32 - 2019-04-12 21:32 - 000000000 ___HD C:\OneDriveTemp
2019-04-12 20:26 - 2019-04-12 20:26 - 014221344 _____ (Intel) C:\Users\Gallagher\Downloads\Intel Driver and Support Assistant Installer (5).exe
2019-04-12 19:34 - 2019-04-25 00:02 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-04-09 20:12 - 2019-04-02 13:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-09 20:12 - 2019-04-02 13:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-09 20:12 - 2019-04-02 13:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-09 20:12 - 2019-04-02 13:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-09 20:12 - 2019-04-02 13:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-09 20:12 - 2019-04-02 13:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-09 20:12 - 2019-04-02 13:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-09 20:12 - 2019-04-02 13:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-09 20:12 - 2019-04-02 13:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-09 20:12 - 2019-04-02 10:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-09 20:12 - 2019-04-02 10:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-09 20:12 - 2019-04-02 10:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-09 20:12 - 2019-04-02 10:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-09 20:12 - 2019-04-02 10:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-09 20:12 - 2019-04-02 09:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-09 20:12 - 2019-04-02 09:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-09 20:12 - 2019-04-02 09:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-09 20:12 - 2019-04-02 09:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-09 20:12 - 2019-04-02 09:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-09 20:12 - 2019-04-02 09:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-09 20:12 - 2019-04-02 09:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-09 20:12 - 2019-04-02 09:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-09 20:12 - 2019-04-02 09:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-09 20:12 - 2019-04-02 09:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-09 20:12 - 2019-04-02 09:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-09 20:12 - 2019-04-02 08:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-09 20:12 - 2019-04-02 08:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-09 20:12 - 2019-04-02 08:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-09 20:12 - 2019-04-02 08:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-09 20:12 - 2019-04-02 08:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-09 20:12 - 2019-04-02 08:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-09 20:12 - 2019-04-02 08:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-09 20:12 - 2019-04-02 08:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-09 20:12 - 2019-04-02 08:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-09 20:12 - 2019-04-02 08:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-09 20:12 - 2019-04-02 08:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-09 20:12 - 2019-04-02 06:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-09 20:12 - 2019-04-02 06:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-09 20:12 - 2019-04-02 06:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-09 20:12 - 2019-04-02 05:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-09 20:12 - 2019-04-02 05:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-09 20:12 - 2019-04-02 05:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-09 20:12 - 2019-04-02 05:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-09 20:12 - 2019-04-02 05:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-09 20:12 - 2019-03-14 15:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-09 20:12 - 2019-03-14 15:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-09 20:12 - 2019-03-14 15:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-09 20:12 - 2019-03-14 15:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-09 20:12 - 2019-03-14 14:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-09 20:12 - 2019-03-14 09:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-09 20:12 - 2019-03-14 09:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-09 20:12 - 2019-03-14 09:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-09 20:12 - 2019-03-14 09:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-09 20:12 - 2019-03-14 09:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-09 20:12 - 2019-03-14 09:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-09 20:12 - 2019-03-14 09:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-09 20:12 - 2019-03-14 09:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-09 20:12 - 2019-03-14 09:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-09 20:12 - 2019-03-14 09:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-09 20:12 - 2019-03-14 09:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-09 20:12 - 2019-03-14 09:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-09 20:12 - 2019-03-14 09:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-09 20:12 - 2019-03-14 09:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-09 20:12 - 2019-03-14 09:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-09 20:12 - 2019-03-14 09:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-09 20:12 - 2019-03-14 09:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-09 20:12 - 2019-03-14 09:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-09 20:12 - 2019-03-14 09:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-09 20:12 - 2019-03-14 09:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-09 20:12 - 2019-03-14 08:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-09 20:12 - 2019-03-14 08:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-09 20:12 - 2019-03-14 08:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-09 20:12 - 2019-03-14 08:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-09 20:12 - 2019-03-14 08:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-09 20:12 - 2019-03-14 08:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-09 20:12 - 2019-03-14 08:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-09 20:12 - 2019-03-14 08:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-09 20:12 - 2019-03-14 08:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-09 20:12 - 2019-03-14 08:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-09 20:12 - 2019-03-14 08:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-09 20:12 - 2019-03-14 08:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-09 20:12 - 2019-03-14 08:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-09 20:12 - 2019-03-14 08:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-09 20:12 - 2019-03-14 08:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-09 20:12 - 2019-03-14 08:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-09 20:12 - 2019-03-14 02:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-09 20:11 - 2019-04-02 13:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-09 20:11 - 2019-04-02 13:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-09 20:11 - 2019-04-02 13:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-09 20:11 - 2019-04-02 13:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-09 20:11 - 2019-04-02 13:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-09 20:11 - 2019-04-02 13:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-09 20:11 - 2019-04-02 13:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-09 20:11 - 2019-04-02 10:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-09 20:11 - 2019-04-02 10:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-09 20:11 - 2019-04-02 10:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-09 20:11 - 2019-04-02 10:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-09 20:11 - 2019-04-02 09:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-09 20:11 - 2019-04-02 09:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-09 20:11 - 2019-04-02 09:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-09 20:11 - 2019-04-02 09:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-09 20:11 - 2019-04-02 09:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-09 20:11 - 2019-04-02 09:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-09 20:11 - 2019-04-02 08:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-09 20:11 - 2019-04-02 08:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-09 20:11 - 2019-04-02 08:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-09 20:11 - 2019-04-02 08:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-09 20:11 - 2019-04-02 08:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-09 20:11 - 2019-04-02 08:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-09 20:11 - 2019-04-02 08:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-09 20:11 - 2019-04-02 07:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-09 20:11 - 2019-04-02 06:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-09 20:11 - 2019-04-02 06:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-09 20:11 - 2019-04-02 05:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-09 20:11 - 2019-04-02 05:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-09 20:11 - 2019-04-02 05:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-09 20:11 - 2019-04-02 05:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-09 20:11 - 2019-04-02 05:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-09 20:11 - 2019-04-02 05:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-09 20:11 - 2019-03-16 13:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-09 20:11 - 2019-03-16 10:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-09 20:11 - 2019-03-14 15:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-09 20:11 - 2019-03-14 15:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-09 20:11 - 2019-03-14 15:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-09 20:11 - 2019-03-14 15:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-09 20:11 - 2019-03-14 15:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-09 20:11 - 2019-03-14 15:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-09 20:11 - 2019-03-14 15:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-09 20:11 - 2019-03-14 15:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-09 20:11 - 2019-03-14 15:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-09 20:11 - 2019-03-14 14:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-09 20:11 - 2019-03-14 14:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-09 20:11 - 2019-03-14 14:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-09 20:11 - 2019-03-14 14:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-09 20:11 - 2019-03-14 14:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-09 20:11 - 2019-03-14 09:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-09 20:11 - 2019-03-14 09:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-09 20:11 - 2019-03-14 09:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-09 20:11 - 2019-03-14 09:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-09 20:11 - 2019-03-14 09:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-09 20:11 - 2019-03-14 09:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-09 20:11 - 2019-03-14 09:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-09 20:11 - 2019-03-14 09:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-09 20:11 - 2019-03-14 09:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-09 20:11 - 2019-03-14 09:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-09 20:11 - 2019-03-14 09:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-09 20:11 - 2019-03-14 09:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-09 20:11 - 2019-03-14 09:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-09 20:11 - 2019-03-14 09:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-09 20:11 - 2019-03-14 08:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-09 20:11 - 2019-03-14 08:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-09 20:11 - 2019-03-14 08:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-09 20:11 - 2019-03-14 08:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-09 20:11 - 2019-03-14 08:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-09 20:11 - 2019-03-14 08:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-09 20:11 - 2019-03-14 08:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-09 20:11 - 2019-03-14 08:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-09 20:11 - 2019-03-14 08:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-09 20:11 - 2019-03-14 08:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-09 20:11 - 2019-03-14 08:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-09 20:11 - 2019-03-14 08:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-09 20:11 - 2019-03-14 08:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-09 20:11 - 2019-03-14 08:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-08 17:44 - 2019-04-08 17:44 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-04-08 17:44 - 2019-04-08 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-04-08 17:44 - 2019-04-08 17:44 - 000000000 ____D C:\Program Files\iPod
2019-04-08 17:32 - 2019-04-08 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-04-08 12:20 - 2019-04-08 12:20 - 000002346 _____ C:\Users\Public\Desktop\Intel® Rapid Storage Technology.lnk
2019-04-08 12:19 - 2019-04-08 12:19 - 000000000 ____D C:\Program Files\Common Files\Intel
2019-04-05 10:33 - 2019-04-05 10:33 - 000523160 _____ C:\Users\Gallagher\Documents\IMG_20190405_0001.pdf
2019-04-05 10:32 - 2019-04-05 10:33 - 000000000 ___HD C:\ProgramData\CanonIJScan
2019-03-28 11:51 - 2019-03-28 11:51 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Roaming\AVAST Software
2019-03-28 11:51 - 2019-03-28 11:51 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\CEF
2019-03-28 11:46 - 2019-03-28 11:46 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Roaming\Sun
2019-03-28 11:46 - 2019-03-28 11:46 - 000000000 ____D C:\Users\Paul's Ipod\AppData\LocalLow\Sun
2019-03-28 11:42 - 2019-03-28 11:42 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Roaming\Intel Corporation
2019-03-28 11:38 - 2019-03-28 11:39 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\Intel
2019-03-28 11:38 - 2019-03-28 11:39 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\Dropbox
2019-03-28 11:38 - 2019-03-28 11:38 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\mbamtray

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-26 13:33 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-26 13:23 - 2018-05-16 20:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-26 02:40 - 2018-05-16 20:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-04-26 02:40 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-26 02:40 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-26 02:40 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-04-26 02:37 - 2018-05-15 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-04-26 02:37 - 2017-10-26 13:58 - 000000000 ____D C:\ProgramData\McAfee
2019-04-26 02:35 - 2017-10-26 13:58 - 000000000 ____D C:\Program Files\Common Files\mcafee
2019-04-26 00:47 - 2018-09-24 18:47 - 000000000 ___RD C:\Users\Gallagher\Dropbox
2019-04-26 00:46 - 2017-10-26 12:04 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-04-25 23:47 - 2019-02-27 03:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-04-25 23:47 - 2018-11-19 13:56 - 000002368 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_HP_VOICEMODE_FOR_SKYPE
2019-04-25 23:47 - 2018-05-28 06:46 - 000003374 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d3f6474a8e6c77
2019-04-25 23:47 - 2018-05-28 06:46 - 000003150 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d3f6474a80e1b8
2019-04-25 23:47 - 2018-05-16 23:42 - 000003530 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001UA
2019-04-25 23:47 - 2018-05-16 23:42 - 000003262 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001Core
2019-04-25 23:47 - 2018-05-16 20:50 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-04-25 23:47 - 2018-05-16 20:50 - 000003460 _____ C:\WINDOWS\System32\Tasks\dropboxupdatetaskmachineua
2019-04-25 23:47 - 2018-05-16 20:50 - 000003236 _____ C:\WINDOWS\System32\Tasks\dropboxupdatetaskmachinecore
2019-04-25 23:47 - 2018-05-16 20:50 - 000003194 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-25 23:47 - 2018-05-16 20:50 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-04-25 23:47 - 2018-05-16 20:50 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-04-25 23:47 - 2018-05-16 20:50 - 000002970 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-04-25 23:47 - 2018-05-16 20:50 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2034169645-2416740140-1732510107-1005
2019-04-25 23:47 - 2018-05-16 20:50 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2034169645-2416740140-1732510107-1001
2019-04-25 23:47 - 2018-05-16 20:50 - 000002856 _____ C:\WINDOWS\System32\Tasks\HPJumpStartLaunch
2019-04-25 23:47 - 2018-05-16 20:50 - 000002826 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForGallagher
2019-04-25 23:47 - 2018-05-16 20:50 - 000002604 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-04-25 23:47 - 2018-05-16 20:50 - 000002502 _____ C:\WINDOWS\System32\Tasks\HPEA3JOBS
2019-04-25 23:47 - 2018-05-16 20:50 - 000002440 _____ C:\WINDOWS\System32\Tasks\HPAudioSwitch
2019-04-25 23:47 - 2018-05-16 20:50 - 000002300 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_CTPreset
2019-04-25 23:47 - 2018-05-16 20:50 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-04-25 23:47 - 2018-05-16 20:50 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-04-25 23:47 - 2018-03-22 05:44 - 000000946 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-04-25 23:47 - 2018-03-22 05:44 - 000000942 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-04-25 23:47 - 2018-01-21 12:06 - 000000380 _____ C:\WINDOWS\Tasks\HPCeeScheduleForGallagher.job
2019-04-25 19:52 - 2018-01-28 22:13 - 000000000 ___RD C:\Users\Gallagher\iCloudDrive
2019-04-25 19:47 - 2018-01-26 02:24 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-25 19:37 - 2018-01-21 11:05 - 000000000 ___RD C:\Users\Gallagher\OneDrive
2019-04-25 19:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-25 19:33 - 2018-01-21 11:01 - 000000000 __SHD C:\Users\Gallagher\IntelGraphicsProfiles
2019-04-25 19:32 - 2018-05-16 20:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-25 19:31 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-25 00:28 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-25 00:02 - 2019-02-27 03:37 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-04-25 00:02 - 2019-02-27 03:36 - 000476776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-04-25 00:02 - 2019-02-27 03:36 - 000385848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-04-25 00:00 - 2019-03-23 11:34 - 000526376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 001031000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000320624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000254128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000220640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000205400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000196000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000166848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000088160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-04-23 03:11 - 2019-02-27 03:34 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-22 19:18 - 2017-10-26 11:58 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-22 18:47 - 2018-02-03 02:54 - 000000000 ____D C:\Users\Gallagher\AppData\Local\CrashDumps
2019-04-22 07:25 - 2018-05-16 20:28 - 000933368 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-21 22:38 - 2018-01-26 02:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-04-21 22:38 - 2018-01-26 02:21 - 000000000 ____D C:\Program Files (x86)\Java
2019-04-21 22:34 - 2019-03-12 20:07 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-04-21 18:51 - 2017-10-26 12:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-04-17 09:10 - 2018-01-26 02:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-04-17 07:46 - 2018-06-22 02:39 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-04-12 21:32 - 2018-05-16 20:28 - 000002386 _____ C:\Users\Gallagher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-11 03:07 - 2015-02-06 03:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-11 03:07 - 2015-02-06 03:58 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-10 03:08 - 2018-05-16 20:24 - 000493320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-10 03:05 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-10 03:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-10 03:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-09 20:23 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-09 20:11 - 2018-01-21 12:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-09 20:01 - 2018-01-21 12:35 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-09 18:32 - 2015-12-03 18:28 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-09 14:30 - 2018-01-21 11:21 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Comms
2019-04-08 17:44 - 2018-01-24 00:51 - 000000000 ____D C:\Program Files\iTunes
2019-04-08 12:20 - 2019-02-12 00:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-04-08 12:19 - 2017-10-26 13:47 - 000000000 ____D C:\Program Files\Intel
2019-04-05 10:33 - 2018-01-25 17:58 - 000000000 ____D C:\Users\Gallagher\AppData\LocalLow\Mozilla
2019-04-05 10:32 - 2018-06-22 02:51 - 000000000 ____D C:\Users\Gallagher\AppData\Roaming\Canon
2019-04-05 03:39 - 2018-01-21 12:42 - 000000000 ____D C:\Program Files\rempl
2019-04-04 16:35 - 2018-01-21 18:15 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Packages
2019-04-01 18:51 - 2018-11-14 18:44 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-01 18:51 - 2018-11-14 18:44 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-01 08:32 - 2018-07-23 17:24 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Roaming\hpqLog
2019-03-29 11:44 - 2018-05-16 20:28 - 000002392 _____ C:\Users\Paul's Ipod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-29 11:44 - 2018-03-23 00:50 - 000000000 ___RD C:\Users\Paul's Ipod\OneDrive
2019-03-28 19:19 - 2018-03-23 00:47 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\PlaceholderTileLogoFolder
2019-03-28 19:19 - 2018-03-23 00:45 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\Packages
2019-03-28 11:40 - 2018-03-23 00:45 - 000000000 __SHD C:\Users\Paul's Ipod\IntelGraphicsProfiles
2019-03-28 11:38 - 2018-03-23 00:45 - 000000000 ___RD C:\Users\Paul's Ipod\3D Objects
2019-03-28 11:38 - 2017-03-18 04:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-03-27 19:01 - 2018-01-26 03:20 - 000000000 ____D C:\Users\Gallagher\AppData\Roaming\dBpoweramp

==================== Files in the root of some directories =======

2019-04-22 19:20 - 2019-04-22 19:20 - 000000261 _____ () C:\ProgramData\fontcacheev1.dat
2018-02-28 17:15 - 2018-10-19 02:48 - 000001041 _____ () C:\Users\Gallagher\AppData\Roaming\vso_ts_preview.xml
2018-02-15 01:46 - 2018-02-15 01:46 - 000000000 _____ () C:\Users\Gallagher\AppData\Roaming\wklnhst.dat
2018-01-21 11:02 - 2019-04-26 13:23 - 001953636 _____ () C:\Users\Gallagher\AppData\Local\BTServer.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
 

gallorgs

PCHF Member
PCHF Member
Jul 19, 2017
39
2
50
And here's the Additinal Log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.04.2019
Ran by Gallagher (26-04-2019 13:48:21)
Running from C:\Users\Gallagher\Downloads
Windows 10 Home Version 1803 17134.706 (X64) (2018-05-16 19:51:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2034169645-2416740140-1732510107-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2034169645-2416740140-1732510107-503 - Limited - Disabled)
Gallagher (S-1-5-21-2034169645-2416740140-1732510107-1001 - Administrator - Enabled) => C:\Users\Gallagher
Guest (S-1-5-21-2034169645-2416740140-1732510107-501 - Limited - Disabled) => C:\Users\Guest
Paul's Ipod (S-1-5-21-2034169645-2416740140-1732510107-1005 - Limited - Enabled) => C:\Users\Paul's Ipod
WDAGUtilityAccount (S-1-5-21-2034169645-2416740140-1732510107-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{B994CB81-2376-4BF3-9648-DA8736384B26}) (Version: 7.1 - Intel) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
AdGuard (HKLM-x32\...\{563cb78b-7933-497a-94cd-3d17707fabe1}) (Version: 6.4.1814.4903 - Adguard Software Ltd)
AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 6.4.1814.4903 - Adguard Software Ltd) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Amazon Amazon Music) (Version: 6.8.2.1537 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Avira (HKLM-x32\...\{10AE4FDC-32F9-4E56-8EE1-10629DD11C4E}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Backup and Sync from Google (HKLM\...\{F9EEDE46-6409-4ECC-8AB6-7062464987A4}) (Version: 3.43.4275.9540 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot (HKLM-x32\...\WTA-03a5e8eb-7a92-4e14-b1a0-cfbf9d994c7c) (Version: 3.0.2.59 - WildTangent) Hidden
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.5.0 - Canon Inc.)
Canon TS5000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS5000_series) (Version: 1.02 - Canon Inc.)
Canon TS5000 series On-screen Manual (HKLM-x32\...\Canon TS5000 series On-screen Manual) (Version: 1.1.0 - Canon Inc.)
Canon TS5000 series User Registration (HKLM-x32\...\Canon TS5000 series User Registration) (Version: - ‭Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2513 - CDBurnerXP)
Cloud Storage (HKLM-x32\...\{889B65D2-0A21-44E5-A1B0-B140C4C77567}) (Version: 4.9.2.86 - DSG Retail Limited)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crazy Chicken Soccer (HKLM-x32\...\WTA-30e07be8-3ccc-45aa-8d03-8c863755a740) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 16.4 - Illustrate)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 11 - Illustrate)
dBpoweramp m4a FDK (AAC) Encoder (HKLM-x32\...\dBpoweramp m4a FDK (AAC) Encoder) (Version: Release 2.1 (FDK v0.1.3) - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
Dropbox (HKLM-x32\...\Dropbox) (Version: 71.4.108 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FMSE17 (HKLM-x32\...\{0ce2c70e-07f6-470a-b89c-2df2674f5905}) (Version: 0.4.0.1 - AppCake Limited)
FMSE18 (HKLM\...\{2B4136BA-71FD-49F1-AFB9-3DBF9CF74AA5}) (Version: 1.9.0.0 - AppCake Limited) Hidden
FMSE18 (HKLM-x32\...\{bef072ab-52f6-425b-a27e-76b9c94cf78d}) (Version: 1.9.0.0 - AppCake Limited)
Free All-In-One Media Player (HKLM-x32\...\Free Media Player_is1) (Version: - Free Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Photos Backup (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.21 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.7.50.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
Intel Driver && Support Assistant (HKLM-x32\...\{31B742C7-F4F0-4B1D-A81A-7F1CF3513D7F}) (Version: 19.3.12.3 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6344 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.2.1002 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{0658ef25-2251-4c99-a9ec-dd54bf3da303}) (Version: 19.3.12.3 - Intel)
Intel® Driver & Support Assistant (HKLM-x32\...\{e6836a64-e94b-48d6-b294-1a0d5d124d90}) (Version: 19.3.12.3 - Intel)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iTunes (HKLM\...\{CAA61CDB-0E1E-4E7F-89E1-36FBCC3C0EFB}) (Version: 12.9.4.102 - Apple Inc.)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Laplink PCmover Professional (HKLM-x32\...\{C5FC0140-206A-4D19-873B-5C8EB114751F}) (Version: 11.00.1004.0 - Laplink Software, Inc.)
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-a9aa252b-23df-48e2-abf5-6705da048dec) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.11425.20228 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 6.35 - mIRC Co. Ltd.)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Thunderbird 52.5.2 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 52.5.2 (x86 en-GB)) (Version: 52.5.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11425.20228 - Microsoft Corporation) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-2e44bae0-68d2-4924-b550-249adc10b63f) (Version: 3.0.2.59 - WildTangent) Hidden
Radialpoint Dashboard Patch version 13.12.23.29994 (HKLM-x32\...\RadialpointDashboardPatch_is1) (Version: 13.12.23.29994 - ) Hidden
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-50c80ae6-92ac-4ca7-9ca1-f07d39b9f4d3) (Version: 2.2.0.97 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.61 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8549 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Runefall (HKLM-x32\...\WTA-cdf64de0-52ca-42d3-93c2-f52fd96af4cc) (Version: 3.0.2.126 - WildTangent) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shotcut (HKLM-x32\...\Shotcut) (Version: 18.11.18 - Meltytech, LLC)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Stamp ID3 Tag Editor (HKLM-x32\...\Stamp) (Version: 2.39 - NCH Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Knowhow Expert Support (HKLM-x32\...\{86C2DB2D-8148-4085-3B07-1A0E97F910F0}) (Version: 7.11.756 - LogMeIn, Inc.)
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Trinklit Supreme (HKLM-x32\...\WTA-e5e88212-b634-4f1f-810b-f626eba374f5) (Version: 2.2.0.98 - WildTangent) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.3 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-3) (Version: 1.0.33.0 - LunarG, Inc.)
WD SmartWare (HKLM\...\{23B47A34-0517-48DA-8B76-015DA8546893}) (Version: 1.5.1 - Western Digital)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.5.13 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Wondershare TidyMyMusic(Build 1.6.0.3) (HKLM-x32\...\Wondershare TidyMyMusic_is1) (Version: 1.6.0.3 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Gallagher\Dropbox [2018-09-24 18:47]
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
SSODL: EldosMountNotificator-cbfs6 - {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
ShellServiceObjects: No Name -> {37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} =>
ShellServiceObjects: No Name -> {6FDEDD65-AC51-43CA-B2D0-9EB5D1155D03} =>
ShellServiceObjects: No Name -> {7007ACCF-3202-11D1-AAD2-00805FC1270E} =>
ShellServiceObjects: No Name -> {A1607060-5D4C-467a-B711-2B59A6F25957} =>
ShellServiceObjects: Virtual Storage Mount Notification -> {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellServiceObjects-x32: No Name -> {37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} =>
ShellServiceObjects-x32: No Name -> {7007ACCF-3202-11D1-AAD2-00805FC1270E} =>
ShellServiceObjects-x32: No Name -> {A1607060-5D4C-467a-B711-2B59A6F25957} =>
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {EBDFE718-8CC7-4E50-8CD1-AF59DCAAF599} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {EBDFE718-8CC7-4E50-8CD1-AF59DCAAF599} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2011-05-30] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [LivedriveContextMenu] -> {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ContextMenuHandlers1: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2011-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\WDContextMenuHandler.dll [2011-08-01] (Western Digital) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2011-05-30] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [LivedriveContextMenu] -> {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ContextMenuHandlers4: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2011-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\igfxDTCM.dll [2018-09-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2011-05-30] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2011-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\WDContextMenuHandler.dll [2011-08-01] (Western Digital) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Gallagher\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

ShortcutWithArgument: C:\Users\Gallagher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2019-01-16 10:52 - 2019-01-16 10:52 - 000378880 _____ () [File not signed] C:\Program Files (x86)\Cloud Storage\VSSHelper.dll
2010-11-02 09:33 - 2010-11-02 09:33 - 001083392 _____ () [File not signed] C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
2011-08-01 08:36 - 2011-08-01 08:36 - 000172544 _____ (Western Digital) [File not signed] C:\Program Files\Western Digital\WD SmartWare\Vista\Shadow.dll
2011-08-01 08:37 - 2011-08-01 08:37 - 000118784 _____ (Western Digital) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WDFMEIPC.dll
2011-08-01 08:45 - 2011-08-01 08:45 - 000447488 _____ (Western Digital) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WDContextMenuHandler.dll
2011-08-01 08:35 - 2011-08-01 08:35 - 000082944 _____ () [File not signed] C:\Program Files\Western Digital\WD SmartWare\WDCollections.dll
2019-01-16 10:51 - 2019-01-16 10:51 - 001469952 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Cloud Storage\SQLite.Interop.dll
2019-01-16 10:51 - 2019-01-16 10:51 - 000319488 _____ (/n software, Inc.) [File not signed] C:\Program Files (x86)\Cloud Storage\CBFS6Net.dll
2017-11-01 21:58 - 2017-11-01 21:58 - 001141248 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Adguard\SQLite.Interop.dll
2017-03-15 18:08 - 2017-03-15 18:08 - 000732672 _____ () [File not signed] C:\Program Files (x86)\Adguard\brolib32.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-02-22 00:31 - 2019-03-22 21:14 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-22 00:31 - 2019-03-22 21:14 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 001567232 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\HPAudioSwitch\662704a646ce63c258b52936332d6e9a\HPAudioSwitch.ni.exe
2019-04-10 22:38 - 2019-04-10 22:38 - 000764928 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\6e894a8b3f7a2fb73befd5ecb660fdb6\log4net.ni.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 000129536 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\a292b3ddc0e8098daa795e3c75a7e7a0\Hardcodet.Wpf.TaskbarNotification.ni.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 001549312 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\cf9874a56c06ff299aa9df9e8012f2b1\NAudio.ni.dll
2019-04-10 22:35 - 2019-04-10 22:35 - 002227200 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\a3733af14fc80e01bdd68142a00a5e60\Newtonsoft.Json.ni.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 000141312 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\4085da30349ec03e484d056f89c6c53d\Interop.IWshRuntimeLibrary.ni.dll
2018-04-20 23:47 - 2018-03-08 02:49 - 000808448 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Gallagher\AppData\Local\Amazon Music\QtNetwork4.dll
2018-04-20 23:47 - 2018-03-08 02:48 - 002286592 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Gallagher\AppData\Local\Amazon Music\QtCore4.dll
2018-04-20 23:47 - 2018-03-08 02:52 - 006324224 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Gallagher\AppData\Local\Amazon Music\QtGui4.dll
2017-10-26 12:05 - 2017-10-26 12:05 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2017-10-26 12:05 - 2017-10-26 12:05 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2018-06-22 02:43 - 2015-06-17 16:03 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2018-06-22 02:43 - 2015-06-17 16:00 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2018-06-22 02:43 - 2015-09-15 16:07 - 000318464 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2018-06-22 02:43 - 2015-05-26 09:44 - 000141312 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnwidsd.dll
2018-06-22 02:43 - 2015-09-01 18:11 - 000194560 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2019-04-10 22:37 - 2019-04-10 22:37 - 000157184 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\HPJumpStartBridge\ac9cebfb0f8ff29b76816e14584c2552\HPJumpStartBridge.ni.exe
2019-04-10 22:35 - 2019-04-10 22:35 - 000156672 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\03746e2905bc776c4e2907eddf1e1487\BRIDGECommon.ni.dll
2019-04-10 22:36 - 2019-04-10 22:36 - 000131072 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\d4f8c7ddc1dc29dcd50d19da8dc13aac\CommonPortable.ni.dll
2019-04-10 22:37 - 2019-04-10 22:37 - 000329728 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\097d3cf28e0cc938fc39417c2308243d\CleanStartController.ni.dll
2019-04-10 22:36 - 2019-04-10 22:36 - 000116736 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\2e1790b0179dd21afe5e402dde4c7071\BridgeExtension.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4703 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2017-03-18 22:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Amazon Music => "C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvidmovies\CheckUpdate.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A495F363-3514-4182-B9CA-5EDD55A41A2B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2018 Editor\editor.exe (Sports Interactive) [File not signed]
FirewallRules: [{60B273C4-37E1-43BF-88D0-85767CE7130E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2018 Editor\editor.exe (Sports Interactive) [File not signed]
FirewallRules: [{2A3A2DB7-99FD-484F-BBB9-2F1C7E7129F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2018\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{3EE54C2A-A564-4E91-ADA9-084239ACE736}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2018\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{6E9B26BE-A3EE-43B9-8AD9-E2AA9D14ABD7}] => (Allow) LPort=13148
FirewallRules: [{94E41239-6E89-4218-B0CC-CC90FD404660}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (HP Inc. -> HP Inc.)
FirewallRules: [{F524BA67-C478-4FE2-9E98-060CE7977546}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{29EC6711-E389-4BD5-8BCB-68953FC8E302}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{605A3B0C-B8A7-4286-A286-929EF6291705}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{86F4062E-6D6D-441C-BA75-A435FD8EC2F8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EBE326A3-29EB-4E52-BA9F-D797F7FD13C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ABF34619-6FD0-42ED-AD65-C4B92813BBB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7148E911-192E-40C8-9A76-66BEAC906E9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{79C194BA-288E-437B-A4B1-17C929C983BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{76B4331B-3E58-4C44-B5B0-9AA605284949}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7C27272E-AEA2-447C-8F4D-F51EAC371F1C}] => (Allow) C:\Program Files (x86)\Laplink\PCmover\pcmservice.exe (Laplink Software Inc. -> Laplink Software, Inc.)
FirewallRules: [{E165A5D6-7666-413E-9878-8C12E0C36454}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{EF809E25-E4B3-4989-8058-879F3EE58EDF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
FirewallRules: [{DDB7E469-DE88-430E-BE79-BD7A9ADBF22D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe No File
FirewallRules: [{8E5E74CB-97B4-4981-9DE4-D2910EB79A99}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{0F461E8A-A5B0-4BE1-8B54-89748D083890}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{B98CCA08-373B-481D-BAFC-C83DB8338512}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{1D169955-5346-4944-9F80-1FE0B44C8518}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{17096CEC-96D7-4449-AB50-75937F84FAA5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{50C07EEF-DC35-4EA0-88EF-DD2D5B11DC8C}C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [UDP Query User{132F0907-D320-4B55-9527-30985CE19CAA}C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [{AFE125A0-FB5F-4CB8-9FBC-96991A674F8C}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1635D79F-11B2-4339-9918-AF1BFBB10315}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BFC2259A-236C-4267-9E74-811836EF496A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7C14898F-1D62-4750-9695-AF0AD9CE89DB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4DFA9B72-3002-48DF-868C-B7072294C9ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9810F2B7-29F3-4D96-A2A9-CDA61F2B7A5F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F7F1B080-1804-4895-A92A-CC5CD6DD462D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4A445DC3-51D3-42D8-934C-2F79A5DD73CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{88C6728E-BD8D-4D06-ADBD-3C952DEFB426}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{135483ED-52B0-45DA-AE2F-5A1E033506FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{FC0C1E79-4FBD-4CF7-8696-270AB6EEE250}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)
FirewallRules: [{70060FC8-59BF-415B-A035-B863D74E390B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

18-04-2019 05:08:00 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/26/2019 12:45:42 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (04/26/2019 12:45:42 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (04/25/2019 07:41:25 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (7540,G,0) An attempt to open the file "C:\Users\Gallagher\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/25/2019 07:37:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2d8564d9-130d-4c78-abed-bd16d37cf675}

Error: (04/25/2019 06:23:19 PM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it

Error: (04/25/2019 06:23:19 PM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthState.ini has been tampered with, resetting it

Error: (04/25/2019 06:23:19 PM) (Source: HP Active Health) (EventID: 80) (User: )
Description: -- SECURITY WARNING -- Unable to deserialize super secret file hashes. Will assume evil is afoot - all Validate() calls will return DOESNT_MATCH
at HP.ActiveHealth.Commons.Security.HashStore.LoadHashesFromFile()

Error: (04/25/2019 06:00:10 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {76455458-0d84-449f-ab59-dcbf7691d5b5}


System errors:
=============
Error: (04/25/2019 08:31:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WpnUserService_6c226 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/25/2019 08:23:28 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/25/2019 07:46:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/25/2019 07:46:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (04/25/2019 07:46:44 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/25/2019 07:44:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service did not respond on starting.

Error: (04/25/2019 07:40:29 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/25/2019 07:35:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the BTDevManager service.


Windows Defender:
===================================
Date: 2019-03-22 08:11:00.861
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7FD37310-0DE8-46A2-801B-B8A8FF4AEA17}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-14 18:15:54.346
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8C27B9DD-35D4-4B64-91BF-CE5312A1092C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-13 16:33:44.101
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C41AFB1C-3FE6-4F14-A45B-5F0607408F5E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-06 14:06:40.076
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3D529A5F-0266-444E-B767-280BB8FBD645}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-06 13:53:02.924
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {32B65213-932D-40A4-A982-9464F77E9CDF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-08 11:32:36.307
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.307
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.306
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.294
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.294
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2019-04-21 11:02:14.887
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-21 11:02:13.364
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-20 11:02:21.642
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-20 11:02:21.011
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-20 11:02:17.246
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-08 12:20:24.779
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Installer\MSI2EF2.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-06 11:05:51.914
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-06 11:05:51.653
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: AMI F.23 07/20/2017
Motherboard: HP 82DD
Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 65%
Total physical RAM: 8086.98 MB
Available physical RAM: 2784.71 MB
Total Virtual: 10646.98 MB
Available Virtual: 3751.03 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1849.77 GB) (Free:350.53 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.02 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Seagate Expansion Drive) (Fixed) (Total:1863 GB) (Free:138.56 GB) NTFS
Drive g: (SAMSUNG) (Fixed) (Total:1863.01 GB) (Free:312.29 GB) NTFS
Drive h: () (Removable) (Total:229.07 GB) (Free:64.91 GB) FAT32
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:406.99 GB) NTFS
Drive l: (My Passport) (Fixed) (Total:931.48 GB) (Free:105.26 GB) NTFS
Drive r: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:135.33 GB) NTFS

\\?\Volume{b7db7553-cc77-4e6c-ba8b-7cc988dc47a7}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.53 GB) NTFS
\\?\Volume{5e842068-d704-4118-bd2a-7a9804a720b8}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
\\?\Volume{8d169efb-0b92-11e8-9954-b052165221b6}\ (Cloud Storage Online drive) (Removable) (Total:1849.77 GB) (Free:350.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 227E9BFA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 40B4CDDA)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 4.

========================================================
Disk: 5 (Size: 1863 GB) (Disk ID: 33572911)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Protective MBR) (Size: 229.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,140
496
PCHF Bunker
pchelpforum.net
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

gallorgs

PCHF Member
PCHF Member
Jul 19, 2017
39
2
50
Hello, here's the fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.04.2019
Ran by Gallagher (28-04-2019 14:29:01) Run:1
Running from C:\Users\Gallagher\Desktop
Loaded Profiles: Gallagher & Paul's Ipod & Administrator & Guest (Available Profiles: Gallagher & Paul's Ipod & Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellServiceObjects: No Name -> {37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} =>
ShellServiceObjects: No Name -> {6FDEDD65-AC51-43CA-B2D0-9EB5D1155D03} =>
ShellServiceObjects: No Name -> {7007ACCF-3202-11D1-AAD2-00805FC1270E} =>
ShellServiceObjects: No Name -> {A1607060-5D4C-467a-B711-2B59A6F25957} =>
ShellServiceObjects-x32: No Name -> {37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} =>
ShellServiceObjects-x32: No Name -> {7007ACCF-3202-11D1-AAD2-00805FC1270E} =>
ShellServiceObjects-x32: No Name -> {A1607060-5D4C-467a-B711-2B59A6F25957} =>
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Shortcut: C:\Users\Gallagher\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
FirewallRules: [{6E9B26BE-A3EE-43B9-8AD9-E2AA9D14ABD7}] => (Allow) LPort=13148
FirewallRules: [{EF809E25-E4B3-4989-8058-879F3EE58EDF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
FirewallRules: [{DDB7E469-DE88-430E-BE79-BD7A9ADBF22D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe No File
FirewallRules: [{0F461E8A-A5B0-4BE1-8B54-89748D083890}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [TCP Query User{50C07EEF-DC35-4EA0-88EF-DD2D5B11DC8C}C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [UDP Query User{132F0907-D320-4B55-9527-30985CE19CAA}C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://85.221.20.19/activex/AMC.cab
DPF: HKLM-x32 {A3D93B25-4601-49D2-B3AF-F447C73D561F} hxxp://85.93.227.36/program/SonySncRz25View.cab
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD} => removed successfully
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} => removed successfully
HKLM\Software\Classes\CLSID\{37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{6FDEDD65-AC51-43CA-B2D0-9EB5D1155D03} => removed successfully
HKLM\Software\Classes\CLSID\{6FDEDD65-AC51-43CA-B2D0-9EB5D1155D03} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{7007ACCF-3202-11D1-AAD2-00805FC1270E} => removed successfully
HKLM\Software\Classes\CLSID\{7007ACCF-3202-11D1-AAD2-00805FC1270E} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{A1607060-5D4C-467a-B711-2B59A6F25957} => removed successfully
HKLM\Software\Classes\CLSID\{A1607060-5D4C-467a-B711-2B59A6F25957} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{37F63FBF-F39D-4E28-867D-0B3D9ED30FBB} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{7007ACCF-3202-11D1-AAD2-00805FC1270E} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{7007ACCF-3202-11D1-AAD2-00805FC1270E} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{A1607060-5D4C-467a-B711-2B59A6F25957} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{A1607060-5D4C-467a-B711-2B59A6F25957} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate => removed successfully
HKLM\Software\Classes\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Users\Gallagher\Favorites\NCH Software Download Site.lnk => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E9B26BE-A3EE-43B9-8AD9-E2AA9D14ABD7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF809E25-E4B3-4989-8058-879F3EE58EDF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDB7E469-DE88-430E-BE79-BD7A9ADBF22D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F461E8A-A5B0-4BE1-8B54-89748D083890}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{50C07EEF-DC35-4EA0-88EF-DD2D5B11DC8C}C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{132F0907-D320-4B55-9527-30985CE19CAA}C:\users\gallagher\appdata\local\amazon music\amazon music helper.exe" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{DE625294-70E6-45ED-B895-CFFA13AEB044} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{A3D93B25-4601-49D2-B3AF-F447C73D561F} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A3D93B25-4601-49D2-B3AF-F447C73D561F} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

The following helper DLL cannot be loaded: NAPMONTR.DLL.
Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state On =========

The following helper DLL cannot be loaded: NAPMONTR.DLL.
Ok.


========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-2034169645-2416740140-1732510107-500\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2034169645-2416740140-1732510107-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2034169645-2416740140-1732510107-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2034169645-2416740140-1732510107-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2034169645-2416740140-1732510107-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========

The following helper DLL cannot be loaded: NAPMONTR.DLL.

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

The following helper DLL cannot be loaded: NAPMONTR.DLL.
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 1 while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 1:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter WiFi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d903:7c0e:516d:139%9
Default Gateway . . . . . . . . . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 1 while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 1:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter WiFi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d903:7c0e:516d:139%9
IPv4 Address. . . . . . . . . . . : 192.168.0.48
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= netsh int ipv4 reset =========

The following helper DLL cannot be loaded: NAPMONTR.DLL.
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

The following helper DLL cannot be loaded: NAPMONTR.DLL.
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 143911120 B
Java, Flash, Steam htmlcache => 58159986 B
Windows/system/drivers => 4620938 B
Edge => 5633297 B
Chrome => 337541357 B
Firefox => 15462775 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 5429567 B
systemprofile32 => 0 B
LocalService => 121740 B
LocalService => 0 B
NetworkService => 101800 B
NetworkService => 0 B
Gallagher => 41992247 B
Paul's Ipod => 80969825 B
Administrator => 0 B
Guest => 0 B

RecycleBin => 17376183 B
EmptyTemp: => 688.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:33:28 ====
 

gallorgs

PCHF Member
PCHF Member
Jul 19, 2017
39
2
50
Ok just got another pop up about 5 mins ago, but i will monitor it today & let you know later if that's OK?
 
Status
Not open for further replies.