Hi Joe, Hirens.Boot CD deleted. MCPR downloaded, ran and reported Removal Complete. Frst fix ran log below:
Fix result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by Grant (24-01-2019 01:14:41) Run:1
Running from C:\Users\Grant\Desktop
Loaded Profiles: Grant (Available Profiles: Grant & DOM & olls & dads iphone)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\MountPoints2: {90e29f04-4047-11e1-a133-4c8093487898} - "E:\LaunchU3.exe" -a
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_42¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyE0CzztDzytAyEzzyBzzzyzzzzyC0DyEtN0D0Tzu0StCyByDyCtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtA0B0B0D0FtA0AtGtDzztC0DtG0C0FyDyDtGtCzzyEtBtG0FtB0AzyyD0F0B0AtBtAyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AzytAtAtAyD0CtG0AtAzytDtGyE0FyDtCtGzy0B0D0EtG0BzzzztCyByE0B0AtCtD0EyD2QtN0A0LzuyE%26cr%3D784819815%26a%3Dwbf_fs_16_42%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.view-search.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_6a16b5d3¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITwrQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFFdJ6k3wVI3vCIYvFE3vmoXvmk3vCk3vmk4JaYVvFE9GqYVNUI3wGYGwVM4Jmk3wVI9GqUNNos3wCIYwVA9JmoUwVA3vCITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IXwVQ4J6k4NVJdJCk3vmk9I6oXwVU9J6IWwVxdISIXNVJdISISvFE4IGYVwVU9I6oXNVQ3vmk4wVM4ICIXvmldISIYNVQ4IGQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVJdJCk4wVU9JCIYvFJdJ6ISNVU9JCk4wVI9I6oUNVA4ISIWwVw3vGYXNVJdICISNVQ3vmk3wVM4JmoUNVRdJCIWwVJdICoVNoU9GqYYNVc3wCoUQGR7B6RoN9J9NqVcMGN4MWZoNqAsQGMVvDIlC6MuNGAuMWAuyCMrQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D¶m2=NGB6LGF6NGx4Nd%3D%3D&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_6a16b5d3¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITwrQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFFdJ6k3wVI3vCIYvFE3vmoXvmk3vCk3vmk4JaYVvFE9GqYVNUI3wGYGwVM4Jmk3wVI9GqUNNos3wCIYwVA9JmoUwVA3vCITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IXwVQ4J6k4NVJdJCk3vmk9I6oXwVU9J6IWwVxdISIXNVJdISISvFE4IGYVwVU9I6oXNVQ3vmk4wVM4ICIXvmldISIYNVQ4IGQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVJdJCk4wVU9JCIYvFJdJ6ISNVU9JCk4wVI9I6oUNVA4ISIWwVw3vGYXNVJdICISNVQ3vmk3wVM4JmoUNVRdJCIWwVJdICoVNoU9GqYYNVc3wCoUQGR7B6RoN9J9NqVcMGN4MWZoNqAsQGMVvDIlC6MuNGAuMWAuyCMrQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D¶m2=NGB6LGF6NGx4Nd%3D%3D&p={searchTerms}
SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_42¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyE0CzztDzytAyEzzyBzzzyzzzzyC0DyEtN0D0Tzu0StCyByDyCtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtA0B0B0D0FtA0AtGtDzztC0DtG0C0FyDyDtGtCzzyEtBtG0FtB0AzyyD0F0B0AtBtAyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AzytAtAtAyD0CtG0AtAzytDtGyE0FyDtCtGzy0B0D0EtG0BzzzztCyByE0B0AtCtD0EyD2QtN0A0LzuyE%26cr%3D784819815%26a%3Dwbf_fs_16_42%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_6a16b5d3¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITwrQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFFdJ6k3wVI3vCIYvFE3vmoXvmk3vCk3vmk4JaYVvFE9GqYVNUI3wGYGwVM4Jmk3wVI9GqUNNos3wCIYwVA9JmoUwVA3vCITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IXwVQ4J6k4NVJdJCk3vmk9I6oXwVU9J6IWwVxdISIXNVJdISISvFE4IGYVwVU9I6oXNVQ3vmk4wVM4ICIXvmldISIYNVQ4IGQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVJdJCk4wVU9JCIYvFJdJ6ISNVU9JCk4wVI9I6oUNVA4ISIWwVw3vGYXNVJdICISNVQ3vmk3wVM4JmoUNVRdJCIWwVJdICoVNoU9GqYYNVc3wCoUQGR7B6RoN9J9NqVcMGN4MWZoNqAsQGMVvDIlC6MuNGAuMWAuyCMrQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D¶m2=NGB6LGF6NGx4Nd%3D%3D&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_6a16b5d3¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITwrQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFFdJ6k3wVI3vCIYvFE3vmoXvmk3vCk3vmk4JaYVvFE9GqYVNUI3wGYGwVM4Jmk3wVI9GqUNNos3wCIYwVA9JmoUwVA3vCITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IXwVQ4J6k4NVJdJCk3vmk9I6oXwVU9J6IWwVxdISIXNVJdISISvFE4IGYVwVU9I6oXNVQ3vmk4wVM4ICIXvmldISIYNVQ4IGQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVJdJCk4wVU9JCIYvFJdJ6ISNVU9JCk4wVI9I6oUNVA4ISIWwVw3vGYXNVJdICISNVQ3vmk3wVM4JmoUNVRdJCIWwVJdICoVNoU9GqYYNVc3wCoUQGR7B6RoN9J9NqVcMGN4MWZoNqAsQGMVvDIlC6MuNGAuMWAuyCMrQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D¶m2=NGB6LGF6NGx4Nd%3D%3D&p={searchTerms}
SearchScopes: HKLM-x32 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_42¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyE0CzztDzytAyEzzyBzzzyzzzzyC0DyEtN0D0Tzu0StCyByDyCtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtA0B0B0D0FtA0AtGtDzztC0DtG0C0FyDyDtGtCzzyEtBtG0FtB0AzyyD0F0B0AtBtAyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AzytAtAtAyD0CtG0AtAzytDtGyE0FyDtCtGzy0B0D0EtG0BzzzztCyByE0B0AtCtD0EyD2QtN0A0LzuyE%26cr%3D784819815%26a%3Dwbf_fs_16_42%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-98693253-3412605275-1652980643-1000 -> DefaultScope {1DC0DF95-488C-4AF5-8FC2-A0B29D29C6BA} URL = hxxp://
www.view-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-98693253-3412605275-1652980643-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_6a16b5d3¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITwrQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFFdJ6k3wVI3vCIYvFE3vmoXvmk3vCk3vmk4JaYVvFE9GqYVNUI3wGYGwVM4Jmk3wVI9GqUNNos3wCIYwVA9JmoUwVA3vCITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IXwVQ4J6k4NVJdJCk3vmk9I6oXwVU9J6IWwVxdISIXNVJdISISvFE4IGYVwVU9I6oXNVQ3vmk4wVM4ICIXvmldISIYNVQ4IGQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVJdJCk4wVU9JCIYvFJdJ6ISNVU9JCk4wVI9I6oUNVA4ISIWwVw3vGYXNVJdICISNVQ3vmk3wVM4JmoUNVRdJCIWwVJdICoVNoU9GqYYNVc3wCoUQGR7B6RoN9J9NqVcMGN4MWZoNqAsQGMVvDIlC6MuNGAuMWAuyCMrQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D¶m2=NGB6LGF6NGx4Nd%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-98693253-3412605275-1652980643-1000 -> {1DC0DF95-488C-4AF5-8FC2-A0B29D29C6BA} URL = hxxp://
www.view-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-98693253-3412605275-1652980643-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Edge HomeButtonPage: HKU\S-1-5-21-98693253-3412605275-1652980643-1000 -> hxxp://
www.view-search.com/
FF SearchPlugin: C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\09ux9407.default\searchplugins\yahoo! provided.xml [2018-12-06]
CHR HomePage: Default -> hxxp://
www.view-search.com/
CHR StartupUrls: Default -> "hxxp://
www.view-search.com/"
2019-01-20 22:35 - 2018-08-12 00:05 - 000000000 ____D C:\Program Files (x86)\PremierOpinion
2019-01-20 22:26 - 2014-12-29 14:44 - 000000000 ____D C:\Program Files (x86)\Yahoo!
C:\Windows\Tasks\{07E263ED-E4C4-5B46-6A52-6AC3845BD1E1}.job
C:\Windows\Tasks\{49134188-5EE5-F05F-8907-0AB97BC6DF53}.job
Task: {127CA620-FB89-4456-BFC5-8D9CDD987EDD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {385D28A3-1A0B-41A7-BA98-EEA2D0993D43} - \PCDEventLauncher -> No File <==== ATTENTION
Task: {43839AE1-8544-4F6E-9EB0-8DE42A8CA82E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {46FBA771-23F4-4532-8FDE-5C3930989247} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5D79D003-D6E3-4908-BDAA-EF33B546DE98} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {5F77A319-817F-4685-85F3-0810288E7E9B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {61405961-9F57-4C83-A02B-4240D86D1997} - System32\Tasks\{07E263ED-E4C4-5B46-6A52-6AC3845BD1E1} => C:\Users\Grant\AppData\Roaming\07E263ED-E4C4-5B46-6A52-6AC3845BD1E1\sync.exe [2013-05-05] () <==== ATTENTION
Task: {6484291D-D2C3-4748-A114-0DAA81F08038} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6A541D61-31FF-4D3D-92AE-3DF4A357EFD7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {83959535-1F40-4059-8837-A3163ED8FF81} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {88CD747C-7C7C-4DFD-BC3A-004171AE492C} - System32\Tasks\{49134188-5EE5-F05F-8907-0AB97BC6DF53} => C:\Users\Grant\AppData\Local\UpdateTask1\SyncTask.exe [2013-05-06] () <==== ATTENTION
Task: {B3356F73-132A-4B11-8AF7-11661F21C8BE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C9DF381D-E732-4362-8111-FB4F45146156} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CE2131E3-60B2-4B5E-8848-CF9CF083B075} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D12F44E5-D116-4983-869C-A3EB664CB2AE} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {DCEC2A55-19CC-4D77-AB8F-F4E5E5F9427F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E48F4110-1A3D-49C3-8031-7AA45828C6D6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E942D0E7-CF62-4A35-BAA1-9EEADD6D005A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FED53A12-2962-4D49-9015-EFCBDBD2C087} - System32\Tasks\Bing Search Engine disol => "wscript.exe" "C:\ProgramData\{569493F7-DCD6-1931-5A10-8773C0520CBD}\rice.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b35363934393346372d444344362d313933312d354131302d3837373343303532304342447d5c636f746f6661" "433a5c50726f6772616d446174615c7b35363934393346372d444344362d313933312d35 (the data entry has 82 more characters). <==== ATTENTION
Task: C:\WINDOWS\Tasks\{07E263ED-E4C4-5B46-6A52-6AC3845BD1E1}.job => C:\Users\Grant\AppData\Roaming\07E263~1\sync.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\{49134188-5EE5-F05F-8907-0AB97BC6DF53}.job => C:\Users\Grant\AppData\Local\UPDATE~1\SyncTask.exe <==== ATTENTION
FirewallRules: [TCP Query User{6AD896C0-2ADA-4E36-8752-99A7A853F6A4}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe (VoiceFive, Inc.)
FirewallRules: [UDP Query User{B8EE7D61-7637-4EBD-9A83-EF1163B28E84}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe (VoiceFive, Inc.)
*****************
Restore point was successfully created.
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90e29f04-4047-11e1-a133-4c8093487898} => removed successfully
HKLM\Software\Classes\CLSID\{90e29f04-4047-11e1-a133-4c8093487898} => not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{f79e5d1c-5148-469e-9f98-a11d8d7863f4} => removed successfully
HKLM\Software\Classes\CLSID\{f79e5d1c-5148-469e-9f98-a11d8d7863f4} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{f79e5d1c-5148-469e-9f98-a11d8d7863f4} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{f79e5d1c-5148-469e-9f98-a11d8d7863f4} => not found
"HKU\S-1-5-21-98693253-3412605275-1652980643-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1DC0DF95-488C-4AF5-8FC2-A0B29D29C6BA} => removed successfully
HKLM\Software\Classes\CLSID\{1DC0DF95-488C-4AF5-8FC2-A0B29D29C6BA} => not found
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} => removed successfully
HKLM\Software\Classes\CLSID\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => not found
"HKU\S-1-5-21-98693253-3412605275-1652980643-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage" => removed successfully
C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\09ux9407.default\searchplugins\yahoo! provided.xml => moved successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"C:\Program Files (x86)\PremierOpinion" => not found
C:\Program Files (x86)\Yahoo! => moved successfully
C:\Windows\Tasks\{07E263ED-E4C4-5B46-6A52-6AC3845BD1E1}.job => moved successfully
C:\Windows\Tasks\{49134188-5EE5-F05F-8907-0AB97BC6DF53}.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{127CA620-FB89-4456-BFC5-8D9CDD987EDD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{127CA620-FB89-4456-BFC5-8D9CDD987EDD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{385D28A3-1A0B-41A7-BA98-EEA2D0993D43}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{385D28A3-1A0B-41A7-BA98-EEA2D0993D43}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncher" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43839AE1-8544-4F6E-9EB0-8DE42A8CA82E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43839AE1-8544-4F6E-9EB0-8DE42A8CA82E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46FBA771-23F4-4532-8FDE-5C3930989247}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46FBA771-23F4-4532-8FDE-5C3930989247}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D79D003-D6E3-4908-BDAA-EF33B546DE98}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D79D003-D6E3-4908-BDAA-EF33B546DE98}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F77A319-817F-4685-85F3-0810288E7E9B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F77A319-817F-4685-85F3-0810288E7E9B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61405961-9F57-4C83-A02B-4240D86D1997}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61405961-9F57-4C83-A02B-4240D86D1997}" => removed successfully
C:\WINDOWS\System32\Tasks\{07E263ED-E4C4-5B46-6A52-6AC3845BD1E1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{07E263ED-E4C4-5B46-6A52-6AC3845BD1E1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6484291D-D2C3-4748-A114-0DAA81F08038}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6484291D-D2C3-4748-A114-0DAA81F08038}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A541D61-31FF-4D3D-92AE-3DF4A357EFD7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A541D61-31FF-4D3D-92AE-3DF4A357EFD7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83959535-1F40-4059-8837-A3163ED8FF81}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83959535-1F40-4059-8837-A3163ED8FF81}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88CD747C-7C7C-4DFD-BC3A-004171AE492C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88CD747C-7C7C-4DFD-BC3A-004171AE492C}" => removed successfully
C:\WINDOWS\System32\Tasks\{49134188-5EE5-F05F-8907-0AB97BC6DF53} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{49134188-5EE5-F05F-8907-0AB97BC6DF53}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3356F73-132A-4B11-8AF7-11661F21C8BE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3356F73-132A-4B11-8AF7-11661F21C8BE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9DF381D-E732-4362-8111-FB4F45146156}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9DF381D-E732-4362-8111-FB4F45146156}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2131E3-60B2-4B5E-8848-CF9CF083B075}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2131E3-60B2-4B5E-8848-CF9CF083B075}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D12F44E5-D116-4983-869C-A3EB664CB2AE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D12F44E5-D116-4983-869C-A3EB664CB2AE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCEC2A55-19CC-4D77-AB8F-F4E5E5F9427F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCEC2A55-19CC-4D77-AB8F-F4E5E5F9427F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E48F4110-1A3D-49C3-8031-7AA45828C6D6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E48F4110-1A3D-49C3-8031-7AA45828C6D6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E942D0E7-CF62-4A35-BAA1-9EEADD6D005A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E942D0E7-CF62-4A35-BAA1-9EEADD6D005A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FED53A12-2962-4D49-9015-EFCBDBD2C087}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FED53A12-2962-4D49-9015-EFCBDBD2C087}" => removed successfully
C:\WINDOWS\System32\Tasks\Bing Search Engine disol => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bing Search Engine disol" => removed successfully
"C:\WINDOWS\Tasks\{07E263ED-E4C4-5B46-6A52-6AC3845BD1E1}.job" => not found
"C:\WINDOWS\Tasks\{49134188-5EE5-F05F-8907-0AB97BC6DF53}.job" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6AD896C0-2ADA-4E36-8752-99A7A853F6A4}C:\program files (x86)\premieropinion\pmropn.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B8EE7D61-7637-4EBD-9A83-EF1163B28E84}C:\program files (x86)\premieropinion\pmropn.exe" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 352602864 B
Java, Flash, Steam htmlcache => 29695 B
Windows/system/drivers => 122497769 B
Edge => 128295348 B
Chrome => 86182133 B
Firefox => 372785766 B
Opera => 27968745 B
Temp, IE cache, history, cookies, recent:
Default => 6148 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 6148 B
LocalService => 0 B
NetworkService => 60522 B
NetworkService => 0 B
Grant => 690199839 B
DOM => 237082 B
olls => 144375 B
dads iphone => 491653 B
RecycleBin => 12211530223 B
EmptyTemp: => 13 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 01:56:40 ====
ADW Cleaner ran log below:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2019-01-21.1 (Cloud)
# Support:
https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-24-2019
# Duration: 00:00:11
# OS: Windows 10 Home
# Cleaned: 50
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\AskPartnerNetwork
Deleted C:\Program Files (x86)\AskPartnerNetwork
Deleted C:\Users\Grant\AppData\Roaming\Yahoo!\Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Deleted C:\Program Files (x86)\Coupons
Deleted C:\ProgramData\apn
***** [ Files ] *****
Deleted C:\Users\Grant\Downloads\SysInfo.exe
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
Deleted HKCU\Software\csastats
Deleted HKCU\Software\Yahoo\YFriendsBar
Deleted HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted HKCU\Software\Yahoo\Companion
Deleted HKLM\Software\Wow6432Node\Yahoo\Companion
Deleted HKLM\Software\Wow6432Node\Classes\AppID\YMERemote.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Deleted HKLM\Software\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Deleted HKLM\Software\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Deleted HKLM\Software\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\
www.azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\search.azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\
www.azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\search.azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{f79e5d1c-5148-469e-9f98-a11d8d7863f4}
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
Deleted HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\gallery-grabber.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\gallery-grabber.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com
***** [ Chromium (and derivatives) ] *****
Deleted Search Manager
Deleted Search Manager
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [7932 octets] - [24/01/2019 22:11:16]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.01.2019
Ran by Grant (administrator) on GRANT-PC (24-01-2019 22:34:18)
Running from C:\Users\Grant\Desktop
Loaded Profiles: Grant (Available Profiles: Grant & DOM & olls & dads iphone)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Telefónica) C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\NisSrv.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Grant\AppData\Local\Google\Chrome\User Data\SwReporter\37.187.200.3\software_reporter_tool.exe
(Google) C:\Users\Grant\AppData\Local\Google\Chrome\User Data\SwReporter\37.187.200.3\software_reporter_tool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Grant\AppData\Local\Google\Chrome\User Data\SwReporter\37.187.200.3\software_reporter_tool.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2750488 2015-05-15] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-11-26] (Apple Inc.)
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Run: [Chromium] => c:\users\grant\appdata\local\chromium\application\chrome.exe [828416 2017-01-25] (The Chromium Authors)
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Run: [Screenpresso] => C:\Users\Grant\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe [13416512 2018-06-21] (Learnpulse)
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Run: [GoogleChromeAutoLaunch_8F6DD9B4870666331B33C8C79D3CA7EE] => C:\Users\Grant\AppData\Local\Chromium\Application\chrome.exe [828416 2017-01-25] (The Chromium Authors)
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Run: [Dashlane] => "C:\Users\Grant\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-22] (Apple Inc.)
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1587680 2018-12-12] (Google Inc.)
HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-12] (Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-12-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5F62D821-BF4A-4F8A-9056-6DDB6AD5AB2C}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{b46508e4-a841-4acc-aa3b-fc104ba1cc05}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EA6D2417-1472-4B8F-BC9F-84D99D16DB14}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{f74b3f49-10da-4bbc-8de9-ef1e8d596cbd}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-11-23] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-17] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-30] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/AUW/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 09ux9407.default
FF ProfilePath: C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\09ux9407.default [2019-01-24]
FF Extension: (Google Code Correction) - C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\09ux9407.default\features\{a50d5cdc-97ed-4db7-bd26-449a434f3ee1}\google-code-correction@mozilla.org.xpi [2018-12-03] [Legacy]
FF Extension: (Telemetry coverage) - C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\09ux9407.default\features\{a50d5cdc-97ed-4db7-bd26-449a434f3ee1}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-12-03] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-29] [Legacy] [not signed]
FF HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-98693253-3412605275-1652980643-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Grant\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife, LLP)
Chrome:
=======
CHR DefaultProfile: Default
CHR NewTab: Default -> Active:"chrome-extension://pilplloabdedfmialnfchjomjmpjcoej/index.html"
CHR Profile: C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default [2019-01-24]
CHR Extension: (YouTube) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-30]
CHR Extension: (Google Search) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-19]
CHR Extension: (Google Maps) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfoelejpajdgdjldhnpaobkadhhhlmha [2018-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Search Manager) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2019-01-24]
CHR Extension: (Gmail) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-05]
CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-98693253-3412605275-1652980643-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-98693253-3412605275-1652980643-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522536 2018-12-10] (Microsoft Corporation)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-24] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-24] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
S3 huawei_wwanecm; C:\WINDOWS\System32\DRIVERS\ew_juwwanecm.sys [223744 2011-12-02] (Huawei Technologies Co., Ltd.)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; c:\program files\dell support center\pcdsrvc_x64.pkms [25072 2012-02-01] (PC-Doctor, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [44184 2012-07-20] (STMicroelectronics)
R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [34424 2016-08-19] (Texas Instruments, Inc.)
R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [39032 2016-08-19] (Texas Instruments, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-11] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46488 2019-01-24] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343032 2019-01-24] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-24] (Microsoft Corporation)
U3 aspnet_state; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-24 22:34 - 2019-01-24 22:38 - 000024313 _____ C:\Users\Grant\Desktop\FRST.txt
2019-01-24 22:01 - 2019-01-24 22:12 - 000000000 ____D C:\AdwCleaner
2019-01-24 21:59 - 2019-01-24 22:00 - 007320272 _____ (Malwarebytes) C:\Users\Grant\Desktop\adwcleaner_7.2.6.0.exe
2019-01-24 01:14 - 2019-01-24 01:56 - 000024536 _____ C:\Users\Grant\Desktop\Fixlog.txt
2019-01-24 00:29 - 2019-01-24 00:30 - 010598624 _____ (McAfee, Inc.) C:\Users\Grant\Downloads\MCPR.exe
2019-01-23 17:43 - 2019-01-23 18:03 - 000000000 ____D C:\Users\Grant\Documents\2019_01_23
2019-01-20 22:48 - 2019-01-20 22:48 - 000000000 ____D C:\Users\Grant\Desktop\FRST-OlderVersion
2019-01-15 16:07 - 2019-01-15 16:07 - 000062823 _____ C:\Users\Grant\Downloads\Addition (1).txt
2019-01-14 00:55 - 2019-01-14 00:56 - 000000000 ____D C:\Users\Grant\Desktop\RC
2019-01-13 21:09 - 2019-01-13 21:09 - 000116237 _____ C:\Users\Grant\Desktop\New - Booting and running very slowly _ Tech Support Guy.html
2019-01-13 17:39 - 2019-01-13 17:39 - 023249476 _____ C:\Users\Grant\Downloads\IMG_0343 (1).xcf
2019-01-13 17:39 - 2019-01-13 17:39 - 000001477 _____ C:\Users\Grant\AppData\Local\recently-used.xbel
2019-01-13 16:49 - 2019-01-13 16:49 - 000000000 ____D C:\Users\Grant\AppData\Roaming\Google
2019-01-13 16:10 - 2019-01-13 16:23 - 000062823 _____ C:\Users\Grant\Downloads\Addition.txt
2019-01-13 15:59 - 2019-01-13 16:23 - 000055392 _____ C:\Users\Grant\Downloads\FRST.txt
2019-01-13 15:56 - 2019-01-24 22:34 - 000000000 ____D C:\FRST
2019-01-13 15:52 - 2019-01-20 22:48 - 002428416 _____ (Farbar) C:\Users\Grant\Desktop\FRST64.exe
2019-01-13 15:22 - 2019-01-13 15:22 - 000000000 ____D C:\Users\Grant\AppData\Local\Avg
2019-01-13 15:22 - 2019-01-13 15:21 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe
2019-01-13 15:15 - 2019-01-13 15:15 - 012068408 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Grant\Downloads\avgclear.exe
2019-01-09 19:41 - 2018-09-20 04:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-01-08 18:47 - 2019-01-01 07:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-08 18:47 - 2019-01-01 06:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-08 18:47 - 2019-01-01 06:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-08 18:47 - 2019-01-01 06:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-08 18:46 - 2019-01-01 13:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-08 18:46 - 2019-01-01 13:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-08 18:46 - 2019-01-01 13:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-08 18:46 - 2019-01-01 07:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-08 18:46 - 2019-01-01 07:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-08 18:46 - 2019-01-01 07:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-08 18:46 - 2019-01-01 07:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-08 18:46 - 2019-01-01 07:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-08 18:46 - 2019-01-01 07:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-08 18:46 - 2019-01-01 07:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-08 18:46 - 2019-01-01 07:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-08 18:46 - 2019-01-01 07:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-08 18:46 - 2019-01-01 07:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-08 18:46 - 2019-01-01 07:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-08 18:46 - 2019-01-01 06:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-08 18:46 - 2019-01-01 06:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-08 18:46 - 2019-01-01 06:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-08 18:46 - 2019-01-01 06:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-08 18:46 - 2019-01-01 06:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-08 18:46 - 2019-01-01 06:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-08 18:46 - 2019-01-01 06:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-08 18:46 - 2019-01-01 06:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-08 18:46 - 2019-01-01 06:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-08 18:46 - 2019-01-01 06:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-08 18:46 - 2019-01-01 06:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-08 18:46 - 2019-01-01 06:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-08 18:46 - 2019-01-01 06:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-08 18:46 - 2019-01-01 06:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-08 18:46 - 2019-01-01 06:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-08 18:46 - 2019-01-01 06:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-08 18:46 - 2019-01-01 06:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-08 18:46 - 2019-01-01 06:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-08 18:46 - 2019-01-01 06:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-08 18:46 - 2019-01-01 06:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-08 18:46 - 2019-01-01 06:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-08 18:46 - 2019-01-01 06:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-08 18:46 - 2019-01-01 06:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-08 18:46 - 2019-01-01 06:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-08 18:46 - 2019-01-01 06:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-08 18:46 - 2019-01-01 06:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-08 18:46 - 2019-01-01 06:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-08 18:46 - 2019-01-01 06:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-08 18:46 - 2019-01-01 06:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-08 18:46 - 2019-01-01 06:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-08 18:46 - 2019-01-01 06:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-08 18:46 - 2018-12-19 04:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-08 18:45 - 2019-01-01 13:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-08 18:45 - 2019-01-01 13:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-08 18:45 - 2019-01-01 13:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-08 18:45 - 2019-01-01 13:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-08 18:45 - 2019-01-01 13:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-08 18:45 - 2019-01-01 13:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-08 18:45 - 2019-01-01 13:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-08 18:45 - 2019-01-01 07:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-08 18:45 - 2019-01-01 07:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-08 18:45 - 2019-01-01 07:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-08 18:45 - 2019-01-01 07:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-08 18:45 - 2019-01-01 07:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-08 18:45 - 2019-01-01 07:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-08 18:45 - 2019-01-01 07:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-08 18:45 - 2019-01-01 07:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-08 18:45 - 2019-01-01 06:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-08 18:45 - 2019-01-01 06:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-08 18:45 - 2019-01-01 06:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-08 18:45 - 2019-01-01 06:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-08 18:45 - 2019-01-01 06:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-08 18:45 - 2019-01-01 06:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-08 18:45 - 2019-01-01 06:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-08 18:45 - 2019-01-01 06:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-08 18:45 - 2019-01-01 06:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-08 18:45 - 2019-01-01 06:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-08 18:45 - 2019-01-01 06:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-08 18:45 - 2019-01-01 06:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-08 18:45 - 2019-01-01 06:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-08 18:45 - 2019-01-01 06:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-08 18:45 - 2019-01-01 06:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-08 18:45 - 2019-01-01 06:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-08 18:45 - 2019-01-01 06:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-08 18:45 - 2019-01-01 06:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-08 18:45 - 2019-01-01 06:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-08 18:45 - 2019-01-01 06:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-08 18:45 - 2019-01-01 06:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-08 18:45 - 2019-01-01 05:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-02 15:53 - 2019-01-02 15:53 - 000760763 _____ C:\Users\Grant\Downloads\Wireless Comfort Desktop 5000 (1).pdf
2019-01-02 15:52 - 2019-01-02 15:52 - 002754747 _____ C:\Users\Grant\Downloads\Microsoft Product Guide.pdf
2018-12-31 19:39 - 2018-12-31 19:41 - 000000000 ____D C:\Users\Grant\Downloads\Taranis
2018-12-29 17:44 - 2018-12-29 17:46 - 000000217 _____ C:\Users\Grant\Documents\Hirens.BootCD.iso
2018-12-29 16:42 - 2018-12-29 16:42 - 000001496 _____ C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows_Password_Key_Standard_trial.lnk
2018-12-29 16:40 - 2018-12-29 16:40 - 003671096 _____ C:\Users\Grant\Downloads\Windows_Password_Key_Standard_trial.exe
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-24 22:40 - 2018-04-11 23:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-24 22:19 - 2011-12-09 23:07 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2019-01-24 22:18 - 2016-10-15 03:43 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2019-01-24 22:18 - 2016-10-15 03:43 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2019-01-24 22:14 - 2018-08-08 00:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-24 22:13 - 2018-04-11 21:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-01-24 22:12 - 2018-08-07 23:05 - 000000000 ____D C:\Users\Grant
2019-01-24 22:12 - 2014-12-29 14:44 - 000000000 ____D C:\Users\Grant\AppData\Roaming\Yahoo!
2019-01-24 22:02 - 2018-08-08 00:02 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F69BA124-9BF0-43B9-8FCE-4B12EF065F50}
2019-01-24 21:48 - 2018-08-07 22:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-24 15:54 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-24 02:10 - 2016-10-23 00:05 - 000000008 __RSH C:\ProgramData\ntuser.pol
2019-01-24 01:47 - 2014-02-04 17:32 - 000000000 ____D C:\Users\Grant\AppData\LocalLow\Temp
2019-01-24 01:17 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-01-24 01:17 - 2009-07-14 03:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-01-24 01:09 - 2018-08-08 00:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-01-24 01:05 - 2016-11-04 00:05 - 000000224 _____ C:\Users\Grant\AppData\Roaming\WB.CFG
2019-01-24 00:41 - 2018-04-11 23:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-24 00:10 - 2018-04-11 23:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-23 23:29 - 2016-12-03 04:29 - 000000000 ____D C:\ProgramData\{569493F7-DCD6-1931-5A10-8773C0520CBD}
2019-01-21 22:12 - 2018-01-13 14:09 - 000000000 ____D C:\Program Files\rempl
2019-01-21 15:46 - 2018-08-07 23:04 - 000881386 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-20 22:40 - 2018-08-08 00:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\filog
2019-01-18 14:05 - 2016-10-23 00:05 - 000000000 ____D C:\ProgramData\{B13C745F-3B7E-FE99-BDB8-60DB27FAEB15}
2019-01-17 22:17 - 2013-11-19 03:36 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-17 22:17 - 2011-12-09 23:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-16 01:18 - 2013-11-22 03:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-01-14 16:13 - 2018-02-20 03:32 - 000000000 ____D C:\Users\Grant\AppData\Local\Packages
2019-01-14 04:07 - 2016-10-24 13:46 - 000000000 ____D C:\Users\Grant\AppData\Roaming\Audacity
2019-01-13 17:39 - 2016-12-05 19:02 - 000000000 ____D C:\Users\Grant\AppData\Local\gtk-2.0
2019-01-13 17:39 - 2016-12-05 18:51 - 000000000 ____D C:\Users\Grant\.gimp-2.8
2019-01-13 15:20 - 2018-02-19 15:07 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-01-13 15:08 - 2014-11-02 12:34 - 000000000 ____D C:\Users\Grant\AppData\Roaming\Roxio Burn
2019-01-12 23:09 - 2018-04-11 23:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-01-12 22:58 - 2018-04-11 21:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-01-12 22:58 - 2010-11-21 03:27 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-01-11 20:55 - 2018-04-11 23:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-10 22:05 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-01-10 13:32 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-10 13:32 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-08 19:22 - 2013-11-19 03:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-08 19:09 - 2012-02-12 20:52 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-02 19:41 - 2018-11-23 17:32 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-02 19:41 - 2018-11-23 17:32 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-12-29 19:55 - 2016-09-20 18:41 - 000000753 _____ C:\Users\Grant\AppData\Roaming\burnaware.ini
==================== Files in the root of some directories =======
2017-10-23 12:57 - 2017-10-23 12:57 - 000037073 _____ () C:\Program Files (x86)\uninstal.log
2016-09-20 18:41 - 2018-12-29 19:55 - 000000753 _____ () C:\Users\Grant\AppData\Roaming\burnaware.ini
2016-12-03 04:29 - 2016-12-03 04:29 - 000419328 _____ () C:\Users\Grant\AppData\Roaming\Setup16267.exe
2016-11-04 00:05 - 2019-01-24 01:05 - 000000224 _____ () C:\Users\Grant\AppData\Roaming\WB.CFG
2017-12-18 00:05 - 2017-12-18 00:05 - 000000068 _____ () C:\Users\Grant\AppData\Local\2k5n8qbwh2
2017-12-16 13:05 - 2017-12-18 16:30 - 000000068 _____ () C:\Users\Grant\AppData\Local\oPkLgHcDYt
2015-03-02 21:45 - 2015-03-02 21:45 - 000001549 _____ () C:\Users\Grant\AppData\Local\PDLSetup.20150302.214552.txt
2019-01-13 17:39 - 2019-01-13 17:39 - 000001477 _____ () C:\Users\Grant\AppData\Local\recently-used.xbel
2018-12-18 00:52 - 2018-12-18 00:52 - 000007597 _____ () C:\Users\Grant\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-08-07 22:56
==================== End of FRST.txt ============================
As you see I have had to post these logs separately. No questions at this time but many thanks again for your time and effort,