HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\...\MountPoints2: {4131879e-c31e-11e8-903f-1c75080899c1} - E:\windows\AutoRun.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-09] (Google LLC -> Google Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_18_11&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyE0CtD0FyC0EtCtBtDtD0DyBzzyBtByBtN0D0Tzu0StBtByCyDtN1L2XzuyEtFtBtCtFtDtFtCtBtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0FyDtBzz0EyDyCtGtAyBtB0CtGtD0A0A0DtGtBtBzyyEtG0BtAtC0AyE0AtCzyyC0BzzyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE1TtCtB1QtC1TyBtG1R1R1PyDtGyEtA1P1QtG1S1Q1QtDtG1R1RyCtA1Ozzzy1RtB1P1Tzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtBtCtCyEzzzzyEtA%26cr%3D567869070%26a%3Dwbf_anvsft_18_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
CHR DefaultSearchURL: Default -> hxxps://ca.search.yahoo.com/search{google:pathWildcard}?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> ca.yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://ca.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
HKU\S-1-5-21-3326494740-2715231408-2236335189-1001\...\ChromeHTML: ->  <==== ATTENTION
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
MSCONFIG\startupreg: Chromium => "c:\users\dragonsgrl\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: