Solved onlinevideoconrter pop ups

[jmarket]

Go ahead and do the following for me.

Download ResetBrowser to your desktop.

Now close all open browsers. All browsers MUST be closed during this operation!

Right click and Run as Administrator

Click on Reset Chrome-- Allow completion.
Click on Reset Firefox-- Allow completion.
Click on Reset Internet Explorer-- Allow completion.

Now reboot your machine.

We need you to run Malwarebytes Anti-Malware (MBAM) to get a log. Please download the free version of Malwarebytes HERE

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear and after the install click the new desktop icon

to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

• If the dashboard is not already displayed select it.

• Then select Update to get the latest definition database.

• Next we need to change a scanning option, select Settings on the main menu

• Then Detection and Protection on the left.

• Then select Scan for rootkits in the detection options, as well as the other two options already checked.

Now return to Dashboard on the main menu and select Scan Now at the bottom of the screen.

• Allow Malwarebytes to scan your system. It may take some time depending on how much data loaded onto your hard drive. When the scan is finished any threats will be listed for action. Ensure all threats are selected, and click Remove Selected

A dialogue box may open and ask to restart the computer, if so select Yes

Once the computer restarts open Malwarebytes again and select History on the menu bar, Application logs, then click the scan just completed, then click Export, choose text file. Name the text file and select a location, preferably the desktop and close Malwarebytes.

Please copy and paste the contents of the text file in your next post

 

[gallorgs]

Hi there, heres the MBAM log

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/30/19
Scan Time: 2:29 PM
Log File: 00e46271-6b4c-11e9-903b-ace2d359f950.json
-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.10400
License: Free
-System Information-
OS: Windows 10 (Build 17134.706)
CPU: x64
File System: NTFS
User: DESKTOP-G3G6FFA\Gallagher
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 412040
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 27 min, 37 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)

(end)

 

[jmarket]

Did you run the ResetBrowser tool and instructions?

 

[gallorgs]

Yes & i rebooted as well

 

[jmarket]

We will need a log from Zemana, can you please download the free trial HERE. Save it to somewhere you can find, double click the downloaded file and start the installation. Accept the default install options and you can safely ignore any security warnings and allow Zemana to complete the install. Once completed click the new desktop icon

to open the program. If Zemana opens and informs of any available updates allow it to so. Next change Zemana's default from "Smart Scan" to Deep Scan as shown below.

Then click scan

When the scan is complete allow Zemana to Quarantine any infections found by clicking Next

Once the infections are quarantined a message box will indicate success, then click the logs icon as below.

Select the latest scan and choose Open Report from the upper menu. or simply double left click on the scan just run.

The log will open as a text file. Please Copy and Paste the contents of that file in your next post

After doing that, please let me know how things are and also post fresh FRST logs as well. We're getting there

 

[gallorgs]

Hi, here's the Zem ana log

Zemana AntiMalware 2.74.2.664 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2019/5/2
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
BIOS Mode : UEFI
CUID : 122C94BC7B83B75773CFBA
Scan Type : System Scan
Duration : 59m 30s
Scanned Objects : 397201
Detected Objects : 3
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Avast SafePrice | Comparison, deals, coupons
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\eofcbnmajmjmplflapaojjnihcjkigck
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - Avast SafePrice | Comparison, deals, coupons

Adaware Ad Block
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\cmllgdnjnkbapbchnebiedipojhmnjej
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - Adaware Ad Block

advinstanalytics
Status : Scanned
Object : NE->c:\users\gallagher\appdata\local\advinstanalytics
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA:Win32/Traffic Exchange.F!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)


Cleaning Result
-------------------------------------------------------
Cleaned : 3
Reported as safe : 0
Failed : 0

 

[jmarket]

You forgot fresh FRST logs.

How are things now?

 

[jmarket]

Do you have any updates for us @gallorgs?

 

[gallorgs]

Hi Sorry been a mad last couple of days at work etc

There hasnt been any more pop ups

I will attach the FRST log in a minute

cheers

 

[gallorgs]

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-05.2019
Ran by Gallagher (administrator) on DESKTOP-G3G6FFA (HP HP All-in-One 24-e0XX) (04-05-2019 14:16:22)
Running from C:\Users\Gallagher\Desktop
Loaded Profiles: Gallagher & Paul's Ipod & Administrator & Guest (Available Profiles: Gallagher & Paul's Ipod & Administrator & Guest)
Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1903.21.0_x64__8wekyb3d8bbwe\Calculator.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe
(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Amazon Services LLC -> Amazon Services LLC) C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\71.4.108\QtWebEngineProcess.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Laplink Software Inc. -> Laplink Software, Inc.) C:\Program Files (x86)\Laplink\PCmover\PcmService.exe
(Livedrive Internet LTD -> ) C:\Program Files (x86)\Cloud Storage\VSSService.exe
(Livedrive Internet LTD -> DSG Retail Limited) C:\Program Files (x86)\Cloud Storage\CloudStorage.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Gallagher\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Western Digital Technologies, Inc. -> WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital Technologies, Inc. -> Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Western Digital Technologies, Inc. -> Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Zemana D.O.O. Sarajevo -> Copyright 2018.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Zemana D.O.O. Sarajevo -> Copyright 2018.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [318920 2019-03-07] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5537088 2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143613868\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143614181\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Google Photos Backup] => C:\Users\Gallagher\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791704 2018-06-01] (Google Inc -> Google, Inc)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Google Update] => C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-27] (Google Inc -> Google LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-16] (Valve -> Valve Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Amazon Music Helper] => C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe [3052472 2018-11-14] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [CloudStorage] => C:\Program Files (x86)\Cloud Storage\CloudStorage.exe [4252088 2019-01-16] (Livedrive Internet LTD -> DSG Retail Limited)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5735784 2018-10-30] (Adguard Software Limited -> Adguard Software Ltd)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [149504 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\Run: [Google Photos Backup] => C:\Users\Gallagher\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791704 2018-06-01] (Google Inc -> Google, Inc)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\Run: [Google Update] => C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-27] (Google Inc -> Google LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-16] (Valve -> Valve Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\Run: [Amazon Music Helper] => C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe [3052472 2018-11-14] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\Run: [CloudStorage] => C:\Program Files (x86)\Cloud Storage\CloudStorage.exe [4252088 2019-01-16] (Livedrive Internet LTD -> DSG Retail Limited)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5735784 2018-10-30] (Adguard Software Limited -> Adguard Software Ltd)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [149504 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Paul's Ipod\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Paul's Ipod\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Packard Bell.scr [425984 2009-08-05] () [File not signed]
HKU\S-1-5-21-2034169645-2416740140-1732510107-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Packard Bell.scr [425984 2009-08-05] () [File not signed]
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Packard Bell.scr [425984 2009-08-05] () [File not signed]
HKLM\...\Drivers32: [vidc.ffds] => C:\WINDOWS\system32\ff_vfw.dll [127488 2014-05-13] () [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM\...\Drivers32-x32: [msacm.ac3filter] => ac3filter.acm
HKLM\...\Drivers32-x32: [msacm.divxa32] => DivXa32.acm
HKLM\...\Drivers32-x32: [vidc.divx] => divx.dll
HKLM\...\Drivers32: [vidc.ffds] => C:\WINDOWS\SysWOW64\ff_vfw.dll [112640 2014-05-13] () [File not signed]
HKLM\...\Drivers32-x32: [vidc.lags] => lagarith.dll
HKLM\...\Drivers32-x32: [vidc.x264] => x264vfw.dll
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\SysWOW64\xvidvfw.dll [235520 2014-04-08] () [File not signed]
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-03] (Google LLC -> Google Inc.)
Startup: C:\Users\Gallagher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-03-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CFC626-B104-4C99-AA7A-F227C9EAA1EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {03BF19C2-1380-4BC1-9198-279DA6265B86} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-07-28] (HP Inc. -> )
Task: {065533B2-78CA-41CA-8B3C-8A7A7B5B649D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112160 2019-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {0781FCB3-B8A0-4EF9-B53B-80FAF7943FD3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112160 2019-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {108A2B1D-7EC0-446E-9ED3-1936E8AC5544} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {119EE018-89B7-46E7-8B87-B3D3B59E6C97} - System32\Tasks\GoogleUpdateTaskMachineUA1d3f6474a8e6c77 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {1B9D74FD-9109-4D81-991A-F67B6BFFEFB1} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {20F69267-7ABE-4A02-9B08-45C9E2F94D55} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {21189011-3F15-467D-B86E-3283CCF4EB05} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1432200 2019-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {223A5654-A3AF-4ED6-B9A7-456EA6B15421} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [219512 2018-12-24] (HP Inc. -> HP Inc.)
Task: {22BE3B25-364A-4DFA-A64F-A6F391278663} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [25906688 2019-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {2878EE1A-9F63-4857-94CF-F7A99BA118D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280295809-455121606-167572049-1001UA => C:\Users\Paul Gallagher\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2A1F8DB2-BD6E-4EFE-9FC8-8D0EFCD29726} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2019-03-13] (Apple Inc. -> Apple Inc.)
Task: {2CAADB57-FCF9-4185-970A-6F6ECCFC124F} - System32\Tasks\{8D187D24-F468-4C08-BF52-2AAB072164C3} => C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe [9534752 2009-12-10] (VSO-SOFTWARE -> VSO Software SARL)
Task: {3682E9D5-B10B-4670-AF17-D724E5A9ACFB} - System32\Tasks\RtHDVBg_HP_VOICEMODE_FOR_SKYPE => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505840 2018-10-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {3D6DFC6B-84E0-473F-8A50-ABF697C9F4B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {3ECEE8FF-002C-44B9-8119-3C9DC5827199} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)
Task: {43159D3D-A8BB-45EC-9B01-5BA0C0D38088} - System32\Tasks\dropboxupdatetaskmachineua => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4965B220-09BC-44A6-9939-C52E4C861810} - System32\Tasks\S-1-5-21-2034169645-2416740140-1732510107-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [132608 2018-12-08] (Microsoft Windows -> Microsoft Corporation)
Task: {596E5CBD-396B-48E9-950E-7538EE4DE563} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {601D90C3-505D-440E-844A-145A79C78FB1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {66A0CEBF-ADFD-47D0-AAAC-6BE4033E127D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1432200 2019-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {73B329E2-ED6C-4A13-8C9E-8D000223B46D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279520 2018-10-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7494402D-DF3C-4B1D-9315-9FB2BD4D7EBC} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {79CE75FB-6AD8-43F0-826A-9AC356DF60A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {7AD014FF-ABCC-451E-8933-10C22405E7D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-03-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {7ED6EA18-A62D-49C7-899D-4ECF20CBA49C} - System32\Tasks\HPCeeScheduleForGallagher => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99392 2016-05-12] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {8219C8B0-A55E-42C4-8862-1015BF86644E} - System32\Tasks\dropboxupdatetaskmachinecore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {822751D8-F241-4A68-9C4F-6E9C402352F9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [25906688 2019-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {86087E1A-1DCA-42BD-86CB-D71A204B8801} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-12-06] (HP Inc. -> HP Inc.)
Task: {98D02E12-72E5-48BC-AED2-192D3B2404AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {9E2C7F07-4F17-4D3D-BB09-6459A18DCA64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280295809-455121606-167572049-1001Core => C:\Users\Paul Gallagher\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {AFBED28B-FD21-4C0F-9BA9-3E691EA31CF7} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {BC3EE4B0-4CCC-413C-8536-E9D7ED9CE947} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {BEDFCBDC-FED0-45B9-86F9-26EC39EA0A2D} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [1573720 2011-02-09] (IObit Information Technology -> IObit)
Task: {BFF2A4B5-ECD6-4C35-9DC7-ABB9329E59C9} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f3e9deea135a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {BFF93412-606F-46AA-A357-941F222C8787} - System32\Tasks\{4CF3A701-D0F0-40E0-A50C-F3B14AB307E7} => C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe [9534752 2009-12-10] (VSO-SOFTWARE -> VSO Software SARL)
Task: {C02A7D6C-5AAF-4E06-97D0-08E9BBF3F929} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {C6F1DBA6-A04C-4F24-B21A-A023A718BCED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001Core => C:\Users\Gallagher\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-03-19] (Google Inc -> Google Inc.)
Task: {C70AF939-20AC-4185-BDD9-CDE9FEEB4759} - System32\Tasks\{5790830D-7930-48A1-B5A9-AEC364E27191} => C:\Program Files (x86)\TuneUpMedia\TuneUpApp.exe
Task: {CEB77C69-3774-4D6A-8B9B-0C3256149128} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {CEDA97DD-92B2-44D5-95E5-EF2121695384} - System32\Tasks\RtHDVBg_CTPreset => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505840 2018-10-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {CFE4205C-5676-41E8-915C-2450748D20C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {D4B85993-7EED-4365-9C0F-41C46E9CCA8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {D50DA741-A6E0-4AA8-A1DA-0F723AAD500B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D81CB086-8607-4269-8611-5261938DDB3E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {E304240D-E39C-40A0-8303-20354B94B221} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001UA => C:\Users\Gallagher\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-03-19] (Google Inc -> Google Inc.)
Task: {E4813B12-7364-4D40-90DA-3CB7B1C5797D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {EABF7734-26C1-4259-8A00-B23CC74D53A9} - System32\Tasks\GoogleUpdateTaskMachineCore1d3f6474a80e1b8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {EB23B918-2487-46A5-902C-5A42C25664F1} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe
Task: {EC5DD5EF-30EE-4DDD-BE0C-8BB0C98BB149} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {EDDA2F5D-DCE3-4299-A98C-FD50645AC5D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {F556EF9C-5E70-4D8A-8E3C-E7F60D01FFB2} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f3e9e0e2413c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {FA69E2EC-B89F-4757-ABEB-1C4EF9082600} - System32\Tasks\googleupdatetaskmachinecore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-29] (Google Inc -> Google Inc.)
Task: {FDFF12D4-3CCF-4973-9D78-861952F6A68A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForGallagher.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{861925f3-20f1-4285-b1d2-a80c1b85936b}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103116p04d5v1k5y45m1224q
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103116p04d5v1k5y45m1224q
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103116p04d5v1k5y45m1224q
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3730&r=173608103116p04d5v1k5y45m1224q
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118 -> {80870008-2605-42BD-B9B2-DBFB892FC5B3} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1005 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2034169645-2416740140-1732510107-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc. -> HP Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2034169645-2416740140-1732510107-501 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc -> Google Inc.)
DPF: HKLM {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://85.93.227.12/activex/AMC.cab
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} hxxps://user.ssl.eon.com/+CSCOL+/csvrloader32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: HKLM-x32 {96816368-C1E3-414D-A193-63C3CC921990} hxxp://lochalsh-isleofskye.remotemanager.co.uk/common/activex/MJPEGRender.ocx
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.marksandspencerpersonalised.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F8FC1530-0608-11DF-2008-0800200C9A66} hxxps://user.ssl.eon.com/CACHE/sdesktop/install/binaries/instweb.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Skype Software Sarl -> Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Skype Software Sarl -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: o9wgdi62.default-1401877949283
FF ProfilePath: C:\Users\Gallagher\AppData\Roaming\Mozilla\Firefox\Profiles\o9wgdi62.default-1401877949283 [not found] <==== ATTENTION
FF ProfilePath: C:\Users\Gallagher\AppData\Roaming\Mozilla\Firefox\Profiles\zjm2bkb8.default [2019-04-30]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Gallagher\AppData\Roaming\Mozilla\Firefox\Profiles\zjm2bkb8.default\Extensions\sp@avast.com.xpi [2019-02-27]
FF Extension: (Avast Online Security) - C:\Users\Gallagher\AppData\Roaming\Mozilla\Firefox\Profiles\zjm2bkb8.default\Extensions\wrc@avast.com.xpi [2019-02-27]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc -> Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-23] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118: @tools.google.com/Google Update;version=3 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118: @tools.google.com/Google Update;version=9 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.bbc.co.uk/news/
CHR StartupUrls: Default -> "hxxp://www.bbc.co.uk/"
CHR Profile: C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default [2019-05-04]
CHR Extension: (Slides) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-30]
CHR Extension: (Docs) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-30]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2019-05-03]
CHR Extension: (YouTube) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-30]
CHR Extension: (Google Play Music) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2019-04-30]
CHR Extension: (Sheets) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-30]
CHR Extension: (Google Docs Offline) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-30]
CHR Extension: (360 Internet Protection) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2019-04-30]
CHR Extension: (Avast Online Security) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-04-30]
CHR Extension: (Audio Joiner) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihiafjkopgiakbmihgoieodihjcblfbk [2019-04-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-30]
CHR Extension: (Gmail) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-30]
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Gallagher\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2018-02-12]
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Gallagher\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2018-02-12]
CHR HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [136040 2018-10-30] (Adguard Software Limited -> Adguard Software Ltd) <==== ATTENTION
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.) <==== ATTENTION
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software) <==== ATTENTION
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-04-25] (AVAST Software s.r.o. -> AVAST Software) <==== ATTENTION
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [373416 2019-04-25] (AVAST Software s.r.o. -> AVAST Software) <==== ATTENTION
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-04-25] (AVAST Software s.r.o. -> AVAST Software) <==== ATTENTION
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) <==== ATTENTION
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Skype Software Sarl -> Microsoft Corporation) <==== ATTENTION
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Skype Software Sarl -> Microsoft Corporation) <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11084584 2019-04-19] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc -> Dropbox, Inc.) <==== ATTENTION
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-23] (Dropbox, Inc -> Dropbox, Inc.) <==== ATTENTION
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [26472 2019-05-02] (IDSA Production signing key -> Intel) <==== ATTENTION
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [72552 2019-05-02] (IDSA Production signing key -> Intel) <==== ATTENTION
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-08-30] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed] <==== ATTENTION
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-23] (WildTangent Inc -> WildTangent) <==== ATTENTION
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.) <==== ATTENTION
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc. -> HP Inc.) <==== ATTENTION
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc. -> HP Inc.) <==== ATTENTION
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP) <==== ATTENTION
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] <==== ATTENTION
R3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.) <==== ATTENTION
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.) <==== ATTENTION
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16840 2019-03-07] (Intel(R) Rapid Storage Technology -> Intel Corporation) <==== ATTENTION
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [391744 2017-07-11] (Canon Inc. -> ) <==== ATTENTION
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation) <==== ATTENTION
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation) <==== ATTENTION
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation) <==== ATTENTION
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) <==== ATTENTION
R2 LivedriveVSSService; C:\Program Files (x86)\Cloud Storage\VSSService.exe [24504 2019-01-16] (Livedrive Internet LTD -> ) <==== ATTENTION
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) <==== ATTENTION
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-08-18] (NVIDIA Corporation -> NVIDIA Corporation) <==== ATTENTION
S4 OberonGameConsoleService; C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [44312 2009-08-29] (Oberon Media Inc. -> ) <==== ATTENTION
R2 PCmoverService; C:\Program Files (x86)\Laplink\PCmover\PcmService.exe [22160 2018-01-19] (Laplink Software Inc. -> Laplink Software, Inc.) <==== ATTENTION
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268328 2018-10-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor) <==== ATTENTION
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [317328 2011-08-01] (Western Digital Technologies, Inc. -> WDC) <==== ATTENTION
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital Technologies, Inc. -> Western Digital ) <==== ATTENTION
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital Technologies, Inc. -> Western Digital ) <==== ATTENTION
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-03-05] (Microsoft Corporation -> Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.) <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [89560 2018-09-05] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [254128 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320624 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-02-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [526376 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1031000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [476776 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [220640 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-21] (EldoS Corporation -> /n software, Inc.)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1094000 2019-03-07] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-28] (Malwarebytes Corporation -> Malwarebytes)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-06-26] (PAIPTAC Driver -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-11-21] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2017-01-06] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [43008 2018-09-19] (Intel Corporation -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-03-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-03-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-03-05] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2019-05-01] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-05-01] (Zemana Ltd. -> Zemana Ltd.)
U1 aswbdisk; no ImagePath
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-04 14:16 - 2019-05-04 14:18 - 000063798 _____ C:\Users\Gallagher\Desktop\FRST.txt
2019-05-04 14:16 - 2019-05-04 14:16 - 000000000 ____D C:\Users\Gallagher\Desktop\FRST-OlderVersion
2019-05-03 20:52 - 2019-05-03 20:52 - 000001009 _____ C:\Users\Public\Desktop\Adguard.lnk
2019-05-03 20:52 - 2019-05-03 20:52 - 000000000 ____D C:\Users\Gallagher\AppData\Roaming\Adguard Software Ltd
2019-05-03 20:52 - 2019-05-03 20:52 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Adguard_Software_Ltd
2019-05-03 20:52 - 2019-05-03 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2019-05-03 20:52 - 2019-05-03 20:52 - 000000000 ____D C:\Program Files (x86)\Adguard
2019-05-03 20:51 - 2019-05-03 20:51 - 000111496 _____ (Adguard Software Ltd) C:\Users\Gallagher\Downloads\adguardInstaller (2).exe
2019-05-03 20:51 - 2019-05-03 20:51 - 000111496 _____ (Adguard Software Ltd) C:\Users\Gallagher\Downloads\adguardInstaller (1).exe
2019-05-03 13:44 - 2019-05-03 13:44 - 001273688 _____ C:\Users\Gallagher\Documents\IMG_20190503_0002.pdf
2019-05-03 13:43 - 2019-05-03 13:43 - 001272266 _____ C:\Users\Gallagher\Documents\IMG_20190503_0001.pdf
2019-05-02 04:57 - 2019-05-02 04:57 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Roaming\Windows Live Writer
2019-05-02 04:57 - 2019-05-02 04:57 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\Windows Live Writer
2019-05-02 04:29 - 2019-05-02 04:29 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\Zemana
2019-05-02 01:11 - 2019-05-02 01:11 - 012946608 _____ (Zemana Ltd. ) C:\Users\Gallagher\Downloads\Zemana.AntiMalware.Setup (1).exe
2019-05-01 20:22 - 2019-05-04 14:18 - 000802954 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-05-01 20:22 - 2019-05-04 14:16 - 006536067 _____ C:\WINDOWS\ZAM.krnl.trace
2019-05-01 20:22 - 2019-05-01 20:22 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2019-05-01 20:22 - 2019-05-01 20:22 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2019-05-01 20:22 - 2019-05-01 20:22 - 000001228 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2019-05-01 20:22 - 2019-05-01 20:22 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Zemana
2019-05-01 20:22 - 2019-05-01 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2019-05-01 20:22 - 2019-05-01 20:22 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2019-05-01 20:20 - 2019-05-01 20:20 - 012946608 _____ (Zemana Ltd. ) C:\Users\Gallagher\Downloads\Zemana.AntiMalware.Setup.exe
2019-04-30 19:31 - 2019-05-03 01:06 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-30 19:31 - 2019-05-03 01:06 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-30 14:17 - 2019-04-30 14:17 - 000000000 ___HD C:\OneDriveTemp
2019-04-30 14:03 - 2019-04-30 14:03 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-04-30 14:03 - 2019-04-30 14:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-04-30 13:51 - 2019-04-30 13:51 - 000000000 ____D C:\ProgramData\Mozilla
2019-04-30 13:47 - 2019-04-30 13:47 - 001622528 _____ C:\Users\Gallagher\Desktop\ResetBrowser.exe
2019-04-30 13:40 - 2019-04-30 13:40 - 001622528 _____ C:\Users\Gallagher\Downloads\ResetBrowser.exe
2019-04-28 14:35 - 2019-04-28 14:35 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-28 14:35 - 2019-04-28 14:35 - 000000000 ___HD C:\ProgramData\temp
2019-04-28 14:28 - 2019-05-04 14:16 - 002430464 _____ (Farbar) C:\Users\Gallagher\Desktop\FRST64.exe
2019-04-28 04:37 - 2019-04-28 04:37 - 000019690 _____
2019-04-26 13:48 - 2019-04-26 13:53 - 000069185 _____ C:\Users\Gallagher\Downloads\Addition.txt
2019-04-26 13:45 - 2019-04-26 13:53 - 000112309 _____ C:\Users\Gallagher\Downloads\FRST.txt
2019-04-26 13:26 - 2019-04-28 14:26 - 000000000 ____D C:\Users\Gallagher\Downloads\FRST-OlderVersion
2019-04-26 02:36 - 2019-04-28 14:40 - 000000000 ____D C:\ProgramData\McInstTemp0115411556242566
2019-04-26 00:45 - 2019-04-26 00:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-04-25 00:00 - 2019-04-25 00:00 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-04-23 19:22 - 2019-05-04 14:16 - 000000000 ____D C:\FRST
2019-04-23 19:21 - 2019-04-28 14:26 - 002429952 _____ (Farbar) C:\Users\Gallagher\Downloads\FRST64.exe
2019-04-23 13:13 - 2019-04-23 13:13 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-04-23 13:13 - 2019-04-23 13:13 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-04-23 13:13 - 2019-04-23 13:13 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-04-23 13:13 - 2019-04-23 13:13 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-04-22 19:20 - 2019-05-03 20:52 - 000000262 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2019-04-22 19:20 - 2019-05-03 20:52 - 000000262 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2019-04-22 19:20 - 2019-05-03 20:52 - 000000262 _____ C:\ProgramData\fontcacheev1.dat
2019-04-22 19:20 - 2018-09-05 08:54 - 000089560 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2019-04-22 19:19 - 2019-05-04 14:18 - 000000000 ____D C:\ProgramData\Adguard
2019-04-22 19:17 - 2019-04-22 19:17 - 000111496 _____ (Adguard Software Ltd) C:\Users\Gallagher\Downloads\adguardInstaller.exe
2019-04-22 18:45 - 2019-04-22 18:45 - 003927160 _____ (Google) C:\Users\Gallagher\Downloads\chrome_cleanup_tool.exe
2019-04-21 22:32 - 2019-04-21 22:32 - 002043232 _____ (Oracle Corporation) C:\Users\Gallagher\Downloads\JavaSetup8u211.exe
2019-04-12 20:26 - 2019-04-12 20:26 - 014221344 _____ (Intel) C:\Users\Gallagher\Downloads\Intel Driver and Support Assistant Installer (5).exe
2019-04-12 19:34 - 2019-04-25 00:02 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-04-09 20:12 - 2019-04-02 13:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-09 20:12 - 2019-04-02 13:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-09 20:12 - 2019-04-02 13:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-09 20:12 - 2019-04-02 13:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-09 20:12 - 2019-04-02 13:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-09 20:12 - 2019-04-02 13:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-09 20:12 - 2019-04-02 13:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-09 20:12 - 2019-04-02 13:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-09 20:12 - 2019-04-02 13:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-09 20:12 - 2019-04-02 10:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-09 20:12 - 2019-04-02 10:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-09 20:12 - 2019-04-02 10:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-09 20:12 - 2019-04-02 10:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-09 20:12 - 2019-04-02 10:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-09 20:12 - 2019-04-02 09:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-09 20:12 - 2019-04-02 09:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-09 20:12 - 2019-04-02 09:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-09 20:12 - 2019-04-02 09:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-09 20:12 - 2019-04-02 09:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-09 20:12 - 2019-04-02 09:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-09 20:12 - 2019-04-02 09:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-09 20:12 - 2019-04-02 09:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-09 20:12 - 2019-04-02 09:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-09 20:12 - 2019-04-02 09:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-09 20:12 - 2019-04-02 09:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-09 20:12 - 2019-04-02 08:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-09 20:12 - 2019-04-02 08:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-09 20:12 - 2019-04-02 08:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-09 20:12 - 2019-04-02 08:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-09 20:12 - 2019-04-02 08:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-09 20:12 - 2019-04-02 08:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-09 20:12 - 2019-04-02 08:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-09 20:12 - 2019-04-02 08:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-09 20:12 - 2019-04-02 08:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-09 20:12 - 2019-04-02 08:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-09 20:12 - 2019-04-02 08:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-09 20:12 - 2019-04-02 06:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-09 20:12 - 2019-04-02 06:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-09 20:12 - 2019-04-02 06:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-09 20:12 - 2019-04-02 05:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-09 20:12 - 2019-04-02 05:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-09 20:12 - 2019-04-02 05:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-09 20:12 - 2019-04-02 05:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-09 20:12 - 2019-04-02 05:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-09 20:12 - 2019-03-14 15:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-09 20:12 - 2019-03-14 15:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-09 20:12 - 2019-03-14 15:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-09 20:12 - 2019-03-14 15:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-09 20:12 - 2019-03-14 14:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-09 20:12 - 2019-03-14 09:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-09 20:12 - 2019-03-14 09:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-09 20:12 - 2019-03-14 09:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-09 20:12 - 2019-03-14 09:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-09 20:12 - 2019-03-14 09:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-09 20:12 - 2019-03-14 09:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-09 20:12 - 2019-03-14 09:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-09 20:12 - 2019-03-14 09:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-09 20:12 - 2019-03-14 09:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-09 20:12 - 2019-03-14 09:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-09 20:12 - 2019-03-14 09:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-09 20:12 - 2019-03-14 09:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-09 20:12 - 2019-03-14 09:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-09 20:12 - 2019-03-14 09:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-09 20:12 - 2019-03-14 09:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-09 20:12 - 2019-03-14 09:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-09 20:12 - 2019-03-14 09:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-09 20:12 - 2019-03-14 09:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-09 20:12 - 2019-03-14 09:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-09 20:12 - 2019-03-14 09:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-09 20:12 - 2019-03-14 09:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-09 20:12 - 2019-03-14 08:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-09 20:12 - 2019-03-14 08:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-09 20:12 - 2019-03-14 08:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-09 20:12 - 2019-03-14 08:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-09 20:12 - 2019-03-14 08:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-09 20:12 - 2019-03-14 08:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-09 20:12 - 2019-03-14 08:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-09 20:12 - 2019-03-14 08:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-09 20:12 - 2019-03-14 08:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-09 20:12 - 2019-03-14 08:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-09 20:12 - 2019-03-14 08:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-09 20:12 - 2019-03-14 08:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-09 20:12 - 2019-03-14 08:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-09 20:12 - 2019-03-14 08:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-09 20:12 - 2019-03-14 08:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-09 20:12 - 2019-03-14 08:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-09 20:12 - 2019-03-14 08:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-09 20:12 - 2019-03-14 02:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-09 20:11 - 2019-04-02 13:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-09 20:11 - 2019-04-02 13:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-09 20:11 - 2019-04-02 13:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-09 20:11 - 2019-04-02 13:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-09 20:11 - 2019-04-02 13:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-09 20:11 - 2019-04-02 13:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-09 20:11 - 2019-04-02 13:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-09 20:11 - 2019-04-02 10:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-09 20:11 - 2019-04-02 10:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-09 20:11 - 2019-04-02 10:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-09 20:11 - 2019-04-02 10:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-09 20:11 - 2019-04-02 09:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-09 20:11 - 2019-04-02 09:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-09 20:11 - 2019-04-02 09:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-09 20:11 - 2019-04-02 09:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-09 20:11 - 2019-04-02 09:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-09 20:11 - 2019-04-02 09:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-09 20:11 - 2019-04-02 08:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-09 20:11 - 2019-04-02 08:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-09 20:11 - 2019-04-02 08:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-09 20:11 - 2019-04-02 08:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-09 20:11 - 2019-04-02 08:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-09 20:11 - 2019-04-02 08:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-09 20:11 - 2019-04-02 08:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-09 20:11 - 2019-04-02 07:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-09 20:11 - 2019-04-02 06:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-09 20:11 - 2019-04-02 06:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-09 20:11 - 2019-04-02 05:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-09 20:11 - 2019-04-02 05:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-09 20:11 - 2019-04-02 05:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-09 20:11 - 2019-04-02 05:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-09 20:11 - 2019-04-02 05:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-09 20:11 - 2019-04-02 05:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-09 20:11 - 2019-03-16 13:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-09 20:11 - 2019-03-16 10:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-09 20:11 - 2019-03-14 15:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-09 20:11 - 2019-03-14 15:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-09 20:11 - 2019-03-14 15:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-09 20:11 - 2019-03-14 15:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-09 20:11 - 2019-03-14 15:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-09 20:11 - 2019-03-14 15:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-09 20:11 - 2019-03-14 15:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-09 20:11 - 2019-03-14 15:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-09 20:11 - 2019-03-14 15:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-09 20:11 - 2019-03-14 14:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-09 20:11 - 2019-03-14 14:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-09 20:11 - 2019-03-14 14:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-09 20:11 - 2019-03-14 14:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-09 20:11 - 2019-03-14 14:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-09 20:11 - 2019-03-14 09:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-09 20:11 - 2019-03-14 09:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-09 20:11 - 2019-03-14 09:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-09 20:11 - 2019-03-14 09:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-09 20:11 - 2019-03-14 09:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-09 20:11 - 2019-03-14 09:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-09 20:11 - 2019-03-14 09:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-09 20:11 - 2019-03-14 09:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-09 20:11 - 2019-03-14 09:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-09 20:11 - 2019-03-14 09:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-09 20:11 - 2019-03-14 09:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-09 20:11 - 2019-03-14 09:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-09 20:11 - 2019-03-14 09:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-09 20:11 - 2019-03-14 09:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-09 20:11 - 2019-03-14 09:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-09 20:11 - 2019-03-14 09:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-09 20:11 - 2019-03-14 09:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-09 20:11 - 2019-03-14 08:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-09 20:11 - 2019-03-14 08:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-09 20:11 - 2019-03-14 08:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-09 20:11 - 2019-03-14 08:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-09 20:11 - 2019-03-14 08:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-09 20:11 - 2019-03-14 08:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-09 20:11 - 2019-03-14 08:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-09 20:11 - 2019-03-14 08:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-09 20:11 - 2019-03-14 08:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-09 20:11 - 2019-03-14 08:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-09 20:11 - 2019-03-14 08:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-09 20:11 - 2019-03-14 08:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-09 20:11 - 2019-03-14 08:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-09 20:11 - 2019-03-14 08:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-09 20:11 - 2019-03-14 08:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-09 20:11 - 2019-03-14 08:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-09 20:11 - 2019-03-14 08:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-09 20:11 - 2019-03-14 02:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-08 17:44 - 2019-04-08 17:44 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-04-08 17:44 - 2019-04-08 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-04-08 17:44 - 2019-04-08 17:44 - 000000000 ____D C:\Program Files\iPod
2019-04-08 17:32 - 2019-04-08 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-04-08 12:20 - 2019-04-08 12:20 - 000002346 _____ C:\Users\Public\Desktop\Intel® Rapid Storage Technology.lnk
2019-04-08 12:19 - 2019-04-08 12:19 - 000000000 ____D C:\Program Files\Common Files\Intel
2019-04-05 10:32 - 2019-04-05 10:33 - 000000000 ___HD C:\ProgramData\CanonIJScan

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-04 14:18 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-04 13:41 - 2019-02-27 03:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-05-04 13:41 - 2018-11-19 13:56 - 000002368 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_HP_VOICEMODE_FOR_SKYPE
2019-05-04 13:41 - 2018-05-28 06:46 - 000003374 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d3f6474a8e6c77
2019-05-04 13:41 - 2018-05-28 06:46 - 000003150 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d3f6474a80e1b8
2019-05-04 13:41 - 2018-05-16 23:42 - 000003530 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001UA
2019-05-04 13:41 - 2018-05-16 23:42 - 000003262 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034169645-2416740140-1732510107-1001Core
2019-05-04 13:41 - 2018-05-16 20:50 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-05-04 13:41 - 2018-05-16 20:50 - 000003460 _____ C:\WINDOWS\System32\Tasks\dropboxupdatetaskmachineua
2019-05-04 13:41 - 2018-05-16 20:50 - 000003236 _____ C:\WINDOWS\System32\Tasks\dropboxupdatetaskmachinecore
2019-05-04 13:41 - 2018-05-16 20:50 - 000003194 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-04 13:41 - 2018-05-16 20:50 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-05-04 13:41 - 2018-05-16 20:50 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-05-04 13:41 - 2018-05-16 20:50 - 000002970 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-05-04 13:41 - 2018-05-16 20:50 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2034169645-2416740140-1732510107-1005
2019-05-04 13:41 - 2018-05-16 20:50 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2034169645-2416740140-1732510107-1001
2019-05-04 13:41 - 2018-05-16 20:50 - 000002856 _____ C:\WINDOWS\System32\Tasks\HPJumpStartLaunch
2019-05-04 13:41 - 2018-05-16 20:50 - 000002826 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForGallagher
2019-05-04 13:41 - 2018-05-16 20:50 - 000002604 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-05-04 13:41 - 2018-05-16 20:50 - 000002502 _____ C:\WINDOWS\System32\Tasks\HPEA3JOBS
2019-05-04 13:41 - 2018-05-16 20:50 - 000002440 _____ C:\WINDOWS\System32\Tasks\HPAudioSwitch
2019-05-04 13:41 - 2018-05-16 20:50 - 000002300 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_CTPreset
2019-05-04 13:41 - 2018-05-16 20:50 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-05-04 13:41 - 2018-05-16 20:50 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-05-04 13:41 - 2018-03-22 05:44 - 000000946 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-05-04 13:41 - 2018-03-22 05:44 - 000000942 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-05-04 13:41 - 2018-01-21 12:06 - 000000380 _____ C:\WINDOWS\Tasks\HPCeeScheduleForGallagher.job
2019-05-04 13:34 - 2018-05-16 20:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-04 02:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-03 20:51 - 2017-10-26 11:58 - 000000000 ____D C:\ProgramData\Package Cache
2019-05-03 14:54 - 2018-02-03 02:54 - 000000000 ____D C:\Users\Gallagher\AppData\Local\CrashDumps
2019-05-03 14:53 - 2019-02-12 00:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-05-03 14:53 - 2017-10-26 13:49 - 000000000 ____D C:\Program Files (x86)\Intel
2019-05-03 13:47 - 2018-01-25 17:58 - 000000000 ____D C:\Users\Gallagher\AppData\LocalLow\Mozilla
2019-05-03 13:43 - 2018-06-22 02:39 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-05-03 13:43 - 2018-01-25 17:58 - 000000000 ____D C:\Users\Gallagher\AppData\Roaming\Mozilla
2019-05-03 00:54 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-03 00:46 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-05-02 17:45 - 2018-01-21 18:15 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Packages
2019-05-02 04:58 - 2010-10-20 03:59 - 000001365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2019-05-02 04:31 - 2018-03-23 00:45 - 000000000 ____D C:\Users\Paul's Ipod\AppData\Local\Packages
2019-05-02 04:30 - 2018-05-16 20:28 - 000002392 _____ C:\Users\Paul's Ipod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-02 04:30 - 2018-03-23 00:50 - 000000000 ___RD C:\Users\Paul's Ipod\OneDrive
2019-05-02 04:28 - 2018-03-23 00:45 - 000000000 __SHD C:\Users\Paul's Ipod\IntelGraphicsProfiles
2019-05-02 04:28 - 2013-03-18 04:22 - 000002343 _____ C:\Users\Paul's Ipod\Desktop\Google Chrome.lnk
2019-05-01 23:58 - 2018-05-16 20:28 - 000000000 ____D C:\Users\Gallagher
2019-05-01 22:35 - 2018-02-14 07:44 - 000000000 ____D C:\Users\Gallagher\AppData\Local\ElevatedDiagnostics
2019-04-30 19:31 - 2018-01-26 02:19 - 000000000 ____D C:\Program Files (x86)\Google
2019-04-30 14:29 - 2018-01-28 22:13 - 000000000 ___RD C:\Users\Gallagher\iCloudDrive
2019-04-30 14:17 - 2018-01-21 11:05 - 000000000 ___RD C:\Users\Gallagher\OneDrive
2019-04-30 14:16 - 2018-01-26 02:24 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-30 14:15 - 2018-01-21 11:01 - 000000000 __SHD C:\Users\Gallagher\IntelGraphicsProfiles
2019-04-30 14:03 - 2018-01-25 17:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-28 14:37 - 2017-10-26 13:58 - 000000000 ____D C:\Program Files\Common Files\mcafee
2019-04-28 14:35 - 2018-05-16 20:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-28 14:34 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-28 14:32 - 2018-05-04 16:05 - 000000000 ____D C:\Users\Gallagher\AppData\LocalLow\Temp
2019-04-27 20:21 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-27 20:20 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-04-27 02:18 - 2017-10-26 12:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-04-26 02:40 - 2018-05-16 20:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-04-26 02:40 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-26 02:40 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-04-26 02:37 - 2018-05-15 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-04-26 00:47 - 2018-09-24 18:47 - 000000000 ___RD C:\Users\Gallagher\Dropbox
2019-04-26 00:46 - 2017-10-26 12:04 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-04-25 00:02 - 2019-02-27 03:37 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-04-25 00:02 - 2019-02-27 03:36 - 000476776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-04-25 00:02 - 2019-02-27 03:36 - 000385848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-04-25 00:00 - 2019-03-23 11:34 - 000526376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 001031000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000320624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000254128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000220640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000205400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000196000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000166848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000088160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-04-25 00:00 - 2019-02-27 03:36 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-04-23 03:11 - 2019-02-27 03:34 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-22 07:25 - 2018-05-16 20:28 - 000933368 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-21 22:38 - 2018-01-26 02:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-04-21 22:38 - 2018-01-26 02:21 - 000000000 ____D C:\Program Files (x86)\Java
2019-04-21 22:34 - 2019-03-12 20:07 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-04-17 09:10 - 2018-01-26 02:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-04-12 21:32 - 2018-05-16 20:28 - 000002386 _____ C:\Users\Gallagher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-10 03:08 - 2018-05-16 20:24 - 000493320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-10 03:05 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-10 03:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-10 03:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-09 20:23 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-09 20:11 - 2018-01-21 12:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-09 20:01 - 2018-01-21 12:35 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-09 18:32 - 2015-12-03 18:28 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-09 14:30 - 2018-01-21 11:21 - 000000000 ____D C:\Users\Gallagher\AppData\Local\Comms
2019-04-08 17:44 - 2018-01-24 00:51 - 000000000 ____D C:\Program Files\iTunes
2019-04-08 12:19 - 2017-10-26 13:47 - 000000000 ____D C:\Program Files\Intel
2019-04-05 10:32 - 2018-06-22 02:51 - 000000000 ____D C:\Users\Gallagher\AppData\Roaming\Canon
2019-04-05 03:39 - 2018-01-21 12:42 - 000000000 ____D C:\Program Files\rempl

==================== Files in the root of some directories =======

2019-04-22 19:20 - 2019-05-03 20:52 - 000000262 _____ () C:\ProgramData\fontcacheev1.dat
2018-02-28 17:15 - 2018-10-19 02:48 - 000001041 _____ () C:\Users\Gallagher\AppData\Roaming\vso_ts_preview.xml
2018-02-15 01:46 - 2018-02-15 01:46 - 000000000 _____ () C:\Users\Gallagher\AppData\Roaming\wklnhst.dat
2018-01-21 11:02 - 2019-05-04 13:35 - 001971723 _____ () C:\Users\Gallagher\AppData\Local\BTServer.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

 

[gallorgs]

And here's the Additional Log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-05.2019
Ran by Gallagher (04-05-2019 14:20:23)
Running from C:\Users\Gallagher\Desktop
Windows 10 Home Version 1803 17134.706 (X64) (2018-05-16 19:51:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2034169645-2416740140-1732510107-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2034169645-2416740140-1732510107-503 - Limited - Disabled)
Gallagher (S-1-5-21-2034169645-2416740140-1732510107-1001 - Administrator - Enabled) => C:\Users\Gallagher
Guest (S-1-5-21-2034169645-2416740140-1732510107-501 - Limited - Disabled) => C:\Users\Guest
Paul's Ipod (S-1-5-21-2034169645-2416740140-1732510107-1005 - Limited - Enabled) => C:\Users\Paul's Ipod
WDAGUtilityAccount (S-1-5-21-2034169645-2416740140-1732510107-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
AdGuard (HKLM-x32\...\{563cb78b-7933-497a-94cd-3d17707fabe1}) (Version: 6.4.1814.4903 - Adguard Software Ltd)
AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 6.4.1814.4903 - Adguard Software Ltd) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Amazon Amazon Music) (Version: 6.8.2.1537 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\Amazon Amazon Music) (Version: 6.8.2.1537 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Avira (HKLM-x32\...\{10AE4FDC-32F9-4E56-8EE1-10629DD11C4E}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Backup and Sync from Google (HKLM\...\{F9EEDE46-6409-4ECC-8AB6-7062464987A4}) (Version: 3.43.4275.9540 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot (HKLM-x32\...\WTA-03a5e8eb-7a92-4e14-b1a0-cfbf9d994c7c) (Version: 3.0.2.59 - WildTangent) Hidden
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.5.0 - Canon Inc.)
Canon TS5000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS5000_series) (Version: 1.02 - Canon Inc.)
Canon TS5000 series On-screen Manual (HKLM-x32\...\Canon TS5000 series On-screen Manual) (Version: 1.1.0 - Canon Inc.)
Canon TS5000 series User Registration (HKLM-x32\...\Canon TS5000 series User Registration) (Version: - ‭Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2513 - CDBurnerXP)
Cloud Storage (HKLM-x32\...\{889B65D2-0A21-44E5-A1B0-B140C4C77567}) (Version: 4.9.2.86 - DSG Retail Limited)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crazy Chicken Soccer (HKLM-x32\...\WTA-30e07be8-3ccc-45aa-8d03-8c863755a740) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 16.4 - Illustrate)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 11 - Illustrate)
dBpoweramp m4a FDK (AAC) Encoder (HKLM-x32\...\dBpoweramp m4a FDK (AAC) Encoder) (Version: Release 2.1 (FDK v0.1.3) - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
Dropbox (HKLM-x32\...\Dropbox) (Version: 71.4.108 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FMSE17 (HKLM-x32\...\{0ce2c70e-07f6-470a-b89c-2df2674f5905}) (Version: 0.4.0.1 - AppCake Limited)
FMSE18 (HKLM\...\{2B4136BA-71FD-49F1-AFB9-3DBF9CF74AA5}) (Version: 1.9.0.0 - AppCake Limited) Hidden
FMSE18 (HKLM-x32\...\{bef072ab-52f6-425b-a27e-76b9c94cf78d}) (Version: 1.9.0.0 - AppCake Limited)
Free All-In-One Media Player (HKLM-x32\...\Free Media Player_is1) (Version: - Free Software Group)
Google Chrome (HKLM-x32\...\{F0A0318D-995B-3301-9540-6834C459040E}) (Version: 74.0.3729.108 - Google LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Photos Backup (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.21 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.7.50.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.10.49.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
Intel Driver && Support Assistant (HKLM-x32\...\{1C86244D-6CBD-4067-BD27-1C263B7D5B35}) (Version: 19.4.18.9 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6344 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.2.1002 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{cdfa55ef-79fd-483d-9278-fb714b90b601}) (Version: 19.4.18.9 - Intel)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iTunes (HKLM\...\{CAA61CDB-0E1E-4E7F-89E1-36FBCC3C0EFB}) (Version: 12.9.4.102 - Apple Inc.)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Laplink PCmover Professional (HKLM-x32\...\{C5FC0140-206A-4D19-873B-5C8EB114751F}) (Version: 11.00.1004.0 - Laplink Software, Inc.)
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-a9aa252b-23df-48e2-abf5-6705da048dec) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.11425.20244 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 6.35 - mIRC Co. Ltd.)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 66.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 66.0.3 (x86 en-US)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
Mozilla Thunderbird 52.5.2 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 52.5.2 (x86 en-GB)) (Version: 52.5.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11425.20244 - Microsoft Corporation) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-2e44bae0-68d2-4924-b550-249adc10b63f) (Version: 3.0.2.59 - WildTangent) Hidden
Radialpoint Dashboard Patch version 13.12.23.29994 (HKLM-x32\...\RadialpointDashboardPatch_is1) (Version: 13.12.23.29994 - ) Hidden
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-50c80ae6-92ac-4ca7-9ca1-f07d39b9f4d3) (Version: 2.2.0.97 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.61 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8549 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Runefall (HKLM-x32\...\WTA-cdf64de0-52ca-42d3-93c2-f52fd96af4cc) (Version: 3.0.2.126 - WildTangent) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Shotcut (HKLM-x32\...\Shotcut) (Version: 18.11.18 - Meltytech, LLC)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Stamp ID3 Tag Editor (HKLM-x32\...\Stamp) (Version: 2.39 - NCH Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Knowhow Expert Support (HKLM-x32\...\{86C2DB2D-8148-4085-3B07-1A0E97F910F0}) (Version: 7.11.756 - LogMeIn, Inc.)
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Trinklit Supreme (HKLM-x32\...\WTA-e5e88212-b634-4f1f-810b-f626eba374f5) (Version: 2.2.0.98 - WildTangent) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.3 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-3) (Version: 1.0.33.0 - LunarG, Inc.)
WD SmartWare (HKLM\...\{23B47A34-0517-48DA-8B76-015DA8546893}) (Version: 1.5.1 - Western Digital)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
Windows Live Mail (HKLM-x32\...\{D604900F-A275-416C-AF9D-CDEDF58B72DB}) (Version: - )
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.5.13 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Wondershare TidyMyMusic(Build 1.6.0.3) (HKLM-x32\...\Wondershare TidyMyMusic_is1) (Version: 1.6.0.3 - Wondershare Software)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.664 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Gallagher\Dropbox [2018-09-24 18:47]
CustomCLSID: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gallagher\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
SSODL: EldosMountNotificator-cbfs6 - {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {B9D4FF12-B2DB-4AC1-958B-E720B149B04B} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {EBDFE718-8CC7-4E50-8CD1-AF59DCAAF599} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {EBDFE718-8CC7-4E50-8CD1-AF59DCAAF599} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-05-01] (Zemana D.O.O. Sarajevo -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2011-05-30] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [LivedriveContextMenu] -> {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ContextMenuHandlers1: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2011-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\WDContextMenuHandler.dll [2011-08-01] (Western Digital) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2011-05-30] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [LivedriveContextMenu] -> {FE586301-FDF9-40F4-AD3A-9DB11C40FF27} => C:\Program Files (x86)\Cloud Storage\Extensions.dll [2019-01-16] (Livedrive Internet LTD -> Livedrive Internet Ltd)
ContextMenuHandlers4: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2011-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki129407.inf_amd64_f26f36ac54ce3076\igfxDTCM.dll [2018-09-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-05-01] (Zemana D.O.O. Sarajevo -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2011-05-30] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2011-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\WDContextMenuHandler.dll [2011-08-01] (Western Digital) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Gallagher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2010-11-02 09:33 - 2010-11-02 09:33 - 001083392 _____ () [File not signed] C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
2019-01-16 10:52 - 2019-01-16 10:52 - 000378880 _____ () [File not signed] C:\Program Files (x86)\Cloud Storage\VSSHelper.dll
2011-08-01 08:36 - 2011-08-01 08:36 - 000172544 _____ (Western Digital) [File not signed] C:\Program Files\Western Digital\WD SmartWare\Vista\Shadow.dll
2011-08-01 08:37 - 2011-08-01 08:37 - 000118784 _____ (Western Digital) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WDFMEIPC.dll
2011-08-01 08:45 - 2011-08-01 08:45 - 000447488 _____ (Western Digital) [File not signed] C:\Program Files\Western Digital\WD SmartWare\WDContextMenuHandler.dll
2011-08-01 08:35 - 2011-08-01 08:35 - 000082944 _____ () [File not signed] C:\Program Files\Western Digital\WD SmartWare\WDCollections.dll
2019-01-16 10:51 - 2019-01-16 10:51 - 001469952 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Cloud Storage\SQLite.Interop.dll
2019-01-16 10:51 - 2019-01-16 10:51 - 000319488 _____ (/n software, Inc.) [File not signed] C:\Program Files (x86)\Cloud Storage\CBFS6Net.dll
2019-01-16 10:51 - 2019-01-16 10:51 - 001840640 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Cloud Storage\libeay32.DLL
2019-01-16 10:51 - 2019-01-16 10:51 - 000455168 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Cloud Storage\ssleay32.DLL
2019-04-10 22:37 - 2019-04-10 22:37 - 000157184 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\HPJumpStartBridge\ac9cebfb0f8ff29b76816e14584c2552\HPJumpStartBridge.ni.exe
2019-04-10 22:35 - 2019-04-10 22:35 - 000156672 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\03746e2905bc776c4e2907eddf1e1487\BRIDGECommon.ni.dll
2019-04-10 22:36 - 2019-04-10 22:36 - 000131072 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\d4f8c7ddc1dc29dcd50d19da8dc13aac\CommonPortable.ni.dll
2019-04-10 22:37 - 2019-04-10 22:37 - 000329728 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\097d3cf28e0cc938fc39417c2308243d\CleanStartController.ni.dll
2019-04-10 22:36 - 2019-04-10 22:36 - 000116736 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\2e1790b0179dd21afe5e402dde4c7071\BridgeExtension.ni.dll
2019-04-10 22:36 - 2019-04-10 22:36 - 000070656 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NativeInterop\51891c78864b78601f10bd0aa65c1c2a\NativeInterop.ni.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-02-22 00:31 - 2019-03-22 21:14 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-22 00:31 - 2019-03-22 21:14 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-02-21 01:17 - 2019-03-22 21:14 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-22 21:14 - 2019-03-22 21:14 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2018-04-20 23:47 - 2018-03-08 02:52 - 006324224 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Gallagher\AppData\Local\Amazon Music\QtGui4.dll
2018-04-20 23:47 - 2018-03-08 02:49 - 000808448 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Gallagher\AppData\Local\Amazon Music\QtNetwork4.dll
2018-04-20 23:47 - 2018-03-08 02:48 - 002286592 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Gallagher\AppData\Local\Amazon Music\QtCore4.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 001567232 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\HPAudioSwitch\662704a646ce63c258b52936332d6e9a\HPAudioSwitch.ni.exe
2019-04-10 22:38 - 2019-04-10 22:38 - 000764928 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\6e894a8b3f7a2fb73befd5ecb660fdb6\log4net.ni.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 000129536 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\a292b3ddc0e8098daa795e3c75a7e7a0\Hardcodet.Wpf.TaskbarNotification.ni.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 001549312 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\cf9874a56c06ff299aa9df9e8012f2b1\NAudio.ni.dll
2019-04-10 22:35 - 2019-04-10 22:35 - 002227200 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\a3733af14fc80e01bdd68142a00a5e60\Newtonsoft.Json.ni.dll
2019-04-10 22:38 - 2019-04-10 22:38 - 000141312 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\4085da30349ec03e484d056f89c6c53d\Interop.IWshRuntimeLibrary.ni.dll
2017-10-26 12:05 - 2017-10-26 12:05 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2017-10-26 12:05 - 2017-10-26 12:05 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2018-06-22 02:43 - 2015-06-17 16:03 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2018-06-22 02:43 - 2015-06-17 16:00 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2018-06-22 02:43 - 2015-09-15 16:07 - 000318464 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2018-06-22 02:43 - 2015-05-26 09:44 - 000141312 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnwidsd.dll
2018-06-22 02:43 - 2015-09-01 18:11 - 000194560 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2017-11-01 21:58 - 2017-11-01 21:58 - 001141248 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Adguard\SQLite.Interop.dll
2017-03-15 18:08 - 2017-03-15 18:08 - 000732672 _____ () [File not signed] C:\Program Files (x86)\Adguard\brolib32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4703 more sites.

IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\...\100sexlinks.com -> 100sexlinks.com

There are 4703 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2019-04-28 14:30 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143613868\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143614181\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282019143615118\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2034169645-2416740140-1732510107-501\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Amazon Music => "C:\Users\Gallagher\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvidmovies\CheckUpdate.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F3BC3112-E2FF-40D9-8624-7F53066266B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{14921336-7B79-4801-9518-8340921B287D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4E7451F5-1242-4E63-B52E-4BBB72A59F49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8B7F1595-851F-4F1A-BB7B-594181FF4316}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{713990D3-19CE-47DD-8FF4-84D57DE81685}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{639C9A39-B969-4C39-923E-C11DE17886D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{70A4CF8E-A670-49BD-A36D-6FF06715BA35}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F16E6101-D1A2-42E0-83AE-70533C6400A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{421346D1-96B9-4484-9F01-25B4D1484F43}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{25C873BE-4B78-40C7-AE56-8E57525E8B2D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{9AD4E580-4C4E-44DE-B174-494A658DDD16}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)

==================== Restore Points =========================

27-04-2019 09:32:53 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2019 08:51:47 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (05/03/2019 03:30:55 PM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it

Error: (05/03/2019 03:30:55 PM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthState.ini has been tampered with, resetting it

Error: (05/03/2019 03:30:55 PM) (Source: HP Active Health) (EventID: 80) (User: )
Description: -- SECURITY WARNING -- Unable to deserialize super secret file hashes. Will assume evil is afoot - all Validate() calls will return DOESNT_MATCH
at HP.ActiveHealth.Commons.Security.HashStore.LoadHashesFromFile()

Error: (05/03/2019 02:54:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (05/03/2019 02:53:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DSAServiceHelper.exe, version: 19.4.18.9, time stamp: 0x5c9114b5
Faulting module name: KERNELBASE.dll, version: 10.0.17134.556, time stamp: 0xb9f4a0f1
Exception code: 0xe0434352
Fault offset: 0x000000000003a388
Faulting process ID: 0x8ff0
Faulting application start time: 0x01d501b7967b16ef
Faulting application path: C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAServiceHelper.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: d600a956-93e8-491e-ad6c-20d4c0dfc6c0
Faulting package full name:
Faulting package-relative application ID:

Error: (05/03/2019 02:53:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DSAServiceHelper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ServiceModel.CommunicationObjectFaultedException
at System.ServiceModel.Channels.CommunicationObject.Close(System.TimeSpan)
at System.ServiceModel.Channels.ServiceChannelFactory.OnClose(System.TimeSpan)
at System.ServiceModel.Channels.ServiceChannelFactory+TypedServiceChannelFactory`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].OnClose(System.TimeSpan)
at System.ServiceModel.Channels.CommunicationObject.Close(System.TimeSpan)
at System.ServiceModel.ChannelFactory.OnClose(System.TimeSpan)
at System.ServiceModel.Channels.CommunicationObject.Close(System.TimeSpan)
at DSAServiceHelper.Program.Main(System.String[])

Error: (05/02/2019 08:27:27 AM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it


System errors:
=============
Error: (05/04/2019 01:41:44 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/04/2019 01:36:40 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/04/2019 01:36:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/04/2019 02:15:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Push Notifications User Service_cb6c010 service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/03/2019 11:47:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Push Notifications User Service_cb6c010 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/03/2019 11:47:03 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Push Notifications User Service_cb6c010 service, but this action failed with the following error:
An instance of the service is already running.

Error: (05/03/2019 11:46:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Push Notifications User Service_cb6c010 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/03/2019 12:47:39 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-G3G6FFA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-G3G6FFA\Gallagher SID (S-1-5-21-2034169645-2416740140-1732510107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-03-22 08:11:00.861
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7FD37310-0DE8-46A2-801B-B8A8FF4AEA17}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-14 18:15:54.346
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8C27B9DD-35D4-4B64-91BF-CE5312A1092C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-13 16:33:44.101
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C41AFB1C-3FE6-4F14-A45B-5F0607408F5E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-06 14:06:40.076
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3D529A5F-0266-444E-B767-280BB8FBD645}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-06 13:53:02.924
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {32B65213-932D-40A4-A982-9464F77E9CDF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-08 11:32:36.307
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.307
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.306
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.294
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-04-08 11:32:36.294
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.66.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2019-05-04 13:36:29.410
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-05-04 13:36:25.505
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-05-02 21:02:24.225
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-05-01 21:02:23.458
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-30 21:02:22.799
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-30 21:02:22.130
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-29 21:02:21.587
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-29 21:02:20.537
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: AMI F.23 07/20/2017
Motherboard: HP 82DD
Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 79%
Total physical RAM: 8086.98 MB
Available physical RAM: 1620.16 MB
Total Virtual: 13505.03 MB
Available Virtual: 2064.55 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1849.77 GB) (Free:344.22 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.02 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Seagate Expansion Drive) (Fixed) (Total:1863 GB) (Free:114.12 GB) NTFS
Drive g: (SAMSUNG) (Fixed) (Total:1863.01 GB) (Free:312.29 GB) NTFS
Drive h: () (Removable) (Total:229.07 GB) (Free:64.91 GB) FAT32
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:406.99 GB) NTFS
Drive l: (My Passport) (Fixed) (Total:931.48 GB) (Free:99.84 GB) NTFS
Drive r: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:116.38 GB) NTFS

\\?\Volume{b7db7553-cc77-4e6c-ba8b-7cc988dc47a7}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.53 GB) NTFS
\\?\Volume{5e842068-d704-4118-bd2a-7a9804a720b8}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
\\?\Volume{8d169efb-0b92-11e8-9954-b052165221b6}\ (Cloud Storage Online drive) (Removable) (Total:1849.77 GB) (Free:344.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 40B4CDDA)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 227E9BFA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 4.

========================================================
Disk: 5 (Size: 1863 GB) (Disk ID: 33572911)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Protective MBR) (Size: 229.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

[jmarket]

No more popups?

 

[gallorgs]

nope seems all ok now

 

[jmarket]

Please go HERE and download Delfix Save it to your desktop.

Right click the new Delfix desktop icon and then click "run as administrator"

Place a tick in the following checkboxes

1. Remove disinfection tools
2. Create registry backup
3. Purge system restore

Then select "Run"

Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop. A copy of this file will be also located as C:\Delfix.txt.

Please post a copy of this file in your next post

 

[gallorgs]

HI Jmarket
Have you found something else on my logs????

 

[jmarket]

I have not. That's why I posted the above instructions for you

 

[gallorgs]

Hello, here's the delfix log

# DelFix v1.013 - Logfile created 08/05/2019 at 19:34:00
# Updated 17/04/2016 by Xplode
# Username : Gallagher - DESKTOP-G3G6FFA
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Gallagher\Downloads\FRST-OlderVersion
Deleted : C:\Users\Gallagher\Desktop\FRST-OlderVersion
Deleted : C:\Users\Gallagher\Desktop\Addition.txt
Deleted : C:\Users\Gallagher\Desktop\FRST.txt
Deleted : C:\Users\Gallagher\Desktop\FRST64.exe
Deleted : C:\Users\Gallagher\Downloads\Addition.txt
Deleted : C:\Users\Gallagher\Downloads\adwcleaner_7.2.7.0.exe
Deleted : C:\Users\Gallagher\Downloads\FRST.txt
Deleted : C:\Users\Gallagher\Downloads\FRST64.exe
Deleted : C:\Users\Gallagher\Downloads\JRT.exe
Deleted : C:\Users\Gallagher\Downloads\JRT_exe
Deleted : C:\Users\Gallagher\Downloads\MiniToolBox (1).exe
Deleted : C:\Users\Gallagher\Downloads\MiniToolBox (2).exe
Deleted : C:\Users\Gallagher\Downloads\MiniToolBox.exe
Deleted : C:\Users\Gallagher\Downloads\Unhide Folders & Files (1).pdf
Deleted : C:\Users\Gallagher\Downloads\Unhide Folders & Files.pdf
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #72 [Scheduled Checkpoint | 05/06/2019 11:36:01]

New restore point created !

########## - EOF - ##########

 

[jmarket]

If there's no more popups I will mark this as solved

 

[gallorgs]

Cheers Jmarket