Screen freeze within 2/3 minutes of Pc switched on.

Only chiming in to offer you a nice free Zip tool…

7-Zip

You still have traces of AVG on the computer + you also have another AV installed in Bitdefender, one or both will be preventing MSE from either installing or running properly;

“avgsvc” “AVG Service” “AVG Technologies CZ, s.r.o.” “c:\program files (x86)\avg\framework\common\avgsvca.exe” “03/07/2017 12:20” “”

“ProductAgentService” “Bitdefender Product Agent Service description” “Bitdefender” “c:\program files\bitdefender agent\productagentservice.exe” “11/04/2017 09:40” “” (this just one of multiple entries in Autoruns)

Uninstall Tools for Bitdefender Products

You should also check your browser plug ins etc for any signs of AV related add ons that you are not aware of, let us know what you find please.

HI Phil Please bear with me as alot of this is getting out of my leauge.
I searched all program files in PC,both 32 and 64,all traces of AVG ,to my knowledge have now ALL have been removed.
I only installed bitdefender to give some antivirus defence whilst we were going through the process!Again to my knowledge all remnants of bit defender have now also been removed.(Have no anti virus defence in place at moment?)
After a thourough serach I cannot find any sign of either of them on my pC??Appreciate that doesnt necessarily mean there arent any??
Can you advise on next move as obviously I would love to get essentials in control (which I do not think has ever been the case!)
Thanks Derek

Hello Derek,
No problem, anything you are unsure of please ask and one of us will get back to you asap.
This has unfortunately only made things more difficult for you, you should never have more than one AV installed/running as they will conflict as they fight for reources which most often leaves you with no AV protecting your computer.
Post an updated Autoruns log for us and one of us will take a look.

Right have carried out full windows clean up and to my knowledge no spyware etc of any kind other than defender is active on my PC.
when I download auto runs I get about 6 folders,but hope this upload is what you require!! I dont appear to get the exe. option…if this hasnt done as required would you be good enough to give me school boy instructions!Cheers Derek
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n” “” “” “” “31/07/2017 17:25” “”

• “ALU” “Updater Client” “Acer Incorporated” “c:\program files\acer\acer updater\alu.exe” “06/06/2016 12:51” “”
• “Enhanced Performance Keyboard” “Skd881x Daemon” “LITE-ON TECHNOLOGY CORP.” “c:\program files\lenovo\usb enhanced performance keyboard\skdaemon.exe” “08/08/2012 22:49” “”
• “NvBackend” “NVIDIA Backend” “NVIDIA Corporation” “c:\program files (x86)\nvidia corporation\update core\nvbackend.exe” “14/06/2016 11:39” “”
• “ShadowPlay” “NVIDIA Capture Server Proxy” “NVIDIA Corporation” “c:\windows\system32\nvspcap64.dll” “18/10/2016 09:41” “”
  “HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curre ntVersion\Run” “” “” “” “29/07/2017 17:47” “”
  X “EgisTecPMMUpdate” “PMM Update Application” “Egis Technology Inc.” “c:\program files (x86)\egistec ips\pmmupdate.exe” “10/03/2010 15:03” “”
  X “EgisUpdate” “EgisUpdate Release Application” “Egis Technology Inc.” “c:\program files (x86)\egistec ips\egisupdate.exe” “10/03/2010 15:04” “”
  “HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components” “” “” “” “08/06/2017 13:14” “”
• “Google Chrome” “” “” “File not found: C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Inst aller\chrmstp.exe” “” “”
  X “Google Chrome” “” “” “File not found: C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Inst aller\chrmstp.exe” “” “”
  “HKLM\Software\Classes\Directory\Background\ShellE x\ContextMenuHandlers” “” “” “” “26/05/2017 16:50” “”
• “NvCplDesktopContext” “NVIDIA Display Shell Extension” “NVIDIA Corporation” “c:\windows\system32\nvshext.dll” “14/11/2016 12:00” “”
  “HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers” “” “” “” “26/05/2017 16:51” “”
  X “egisPSDP” “PSD DragDrop Protection” “Egis Technology Inc.” “c:\program files (x86)\egistec mywinlocker\x64\psdprotect.dll” “26/05/2010 12:34” “”
  “HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers” “” “” “” “26/05/2017 16:51” “”
  X “egisPSDP” “PSD DragDrop Protection” “Egis Technology Inc.” “c:\program files (x86)\egistec mywinlocker\x86\psdprotect.dll” “26/05/2010 12:30” “”
  “HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions” “” “” “” “29/07/2017 15:43” “”
  X “ieSpell” “” “” “File not found: C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM” “” “”
  X “ieSpell Options” “” “” “File not found: C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM” “” “”
  “Task Scheduler” “” “” “” “” “”
• “\Adobe Acrobat Update Task” “Adobe Reader and Acrobat Manager” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe” “25/04/2017 17:07” “”
• “\Microsoft\Windows\NetTrace\GatherNetworkInfo” “” “” “c:\windows\system32\gathernetworkinfo.vbs” “10/06/2009 21:36” “”
• “\Microsoft\Windows\SideShow\GadgetManager” “” “” “c:\windows\syswow64\auxiliarydisplayservices.dll” “” “”
• “\SSBkgdUpdate” “SSBkgdUpdate” “Nuance Communications, Inc.” “c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe” “04/10/2006 14:49” “”
• “\UALU notificatin” “ALURecover” “Acer Incorporated” “c:\program files\acer\acer updater\ualu.exe” “06/02/2012 03:32” “”
  “HKLM\System\CurrentControlSet\Services” “” “” “” “31/07/2017 17:25” “”
• “AdobeARMservice” “Adobe Acrobat Updater keeps your Adobe software up to date.” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe” “25/04/2017 17:07” “”
• “AdobeFlashPlayerUpdateSvc” “This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.” “Adobe Systems Incorporated” “c:\windows\syswow64\macromed\flash\flashplayerupd ateservice.exe” “23/06/2017 18:49” “”
• “CCALib8” “Canon Camera Access Library 8” “Canon Inc.” “c:\program files (x86)\canon\cal\calmain.exe” “30/09/2005 11:22” “”
• “defragsvc” “Provides Disk Defragmentation Capabilities.” “” “c:\windows\syswow64\defragsvc.dll” “” “”
• “Dnscache” “The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer’s name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.” “” “c:\windows\syswow64\dnsrslvr.dll” “” “”
• “Garmin Core Update Service” “Keeps the software and content on your Garmin devices and the Garmin software on your PC up to date.” “Garmin Ltd or its subsidiaries” “c:\program files (x86)\garmin\core update service\garmin.cartography.mapupdate.coreservice.e xe” “28/01/2015 15:25” “”
• “GfExperienceService” “NVIDIA GeForce Experience Service” “NVIDIA Corporation” “c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe” “18/10/2016 09:33” “”
• “GREGService” “Global Registration Service” “Acer Incorporated” “c:\program files (x86)\acer\registration\gregsvc.exe” “12/11/2009 10:18” “”
• “Live Updater Service” “Updater Service” “Acer Incorporated” “c:\program files\acer\acer updater\updaterservice.exe” “03/04/2012 06:49” “”
• “MozillaMaintenance” “The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.” “Mozilla Foundation” “c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe” “28/06/2017 16:57” “”
• “MWLService” “MyWinLocker Service” “Egis Technology Inc.” “c:\program files (x86)\egistec mywinlocker\x86\mwlservice.exe” “26/05/2010 12:31” “”
• “Nero BackItUp Scheduler 4.0” “Nero BackItUp Scheduler 4.0 is responsible to control all jobs created using Nero BackItUp. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP.” “Nero AG” “c:\program files (x86)\common files\nero\nero backitup 4\nbservice.exe” “19/08/2009 15:07” “”
• “NisSrv” “Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols” “” “File not found: C:\Program Files\Microsoft Security Client\NisSrv.exe” “” “”
• “NvNetworkService” “NVIDIA Network Service” “NVIDIA Corporation” “c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe” “22/12/2015 22:46” “”
• “NvStreamNetworkSvc” “Network Service for SHIELD Streaming” “NVIDIA Corporation” “c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe ” “21/09/2016 09:17” “”
• “NvStreamSvc” “Service for SHIELD Streaming” “NVIDIA Corporation” “c:\program files\nvidia corporation\nvstreamsrv\nvstreamservice.exe” “21/09/2016 09:14” “”
• “nvsvc” “Provides system and desktop level support to the NVIDIA display driver” “NVIDIA Corporation” “c:\windows\system32\nvvsvc.exe” “14/11/2016 12:00” “”
  X “RichVideo” “RichVideo Module” “” “c:\program files (x86)\cyberlink\shared files\richvideo.exe” “30/05/2008 07:46” “”
• “Stereo Service” “Provides system support for NVIDIA Stereoscopic 3D driver” “NVIDIA Corporation” “c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe” “14/11/2016 10:42” “”
• “THREADORDER” “Provides ordered execution for a group of threads within a specific period of time.” “” “c:\windows\syswow64\mmcss.dll” “” “”
  X “Updater Service” “Updater Service” “Acer Incorporated” “c:\program files\acer\acer updater\updaterservice.exe” “03/04/2012 06:49” “”
  X “USBS3S4Detection” “USB S3S4 Detection” “” “c:\oem\usbdection\usbs3s4detection.exe” “09/12/2009 10:19” “”
• “VaultSvc” “Provides secure storage and retrieval of credentials to users, applications and security service packages.” “” “c:\windows\syswow64\lsass.exe” “” “”
  “HKLM\System\CurrentControlSet\Services” “” “” “” “31/07/2017 17:25” “”
• “adp94xx” “Adaptec Windows SAS/SATA Storport Driver” “Adaptec, Inc.” “c:\windows\system32\drivers\adp94xx.sys” “06/12/2008 00:54” “”
• “adpahci” “Adaptec Windows SATA Storport Driver” “Adaptec, Inc.” “c:\windows\system32\drivers\adpahci.sys” “01/05/2007 18:30” “”
• “adpu320” “Adaptec StorPort Ultra320 SCSI Driver (X64)” “Adaptec, Inc.” “c:\windows\system32\drivers\adpu320.sys” “28/02/2007 01:04” “”
• “aliide” “ALi mini IDE Driver” “Acer Laboratories Inc.” “c:\windows\system32\drivers\aliide.sys” “14/07/2009 00:19” “”
• “amdsata” “AHCI 1.2 Device Driver” “Advanced Micro Devices” “c:\windows\system32\drivers\amdsata.sys” “19/03/2010 01:45” “”
• “amdsbs” “AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform” “AMD Technologies Inc.” “c:\windows\system32\drivers\amdsbs.sys” “20/03/2009 19:36” “”
• “amdxata” “Storage Filter Driver” “Advanced Micro Devices” “c:\windows\system32\drivers\amdxata.sys” “19/03/2010 17:18” “”
• “AppID” “Identifies an application and enforces software restriction policies.” “” “c:\windows\syswow64\drivers\appid.sys” “” “”
• “arc” “Adaptec RAID Storport Driver” “Adaptec, Inc.” “c:\windows\system32\drivers\arc.sys” “24/05/2007 22:27” “”
• “arcsas” “Adaptec SAS RAID WS03 Driver” “Adaptec, Inc.” “c:\windows\system32\drivers\arcsas.sys” “14/01/2009 20:27” “”
• “avgTap” “TAP-Windows Virtual Network Driver” “The OpenVPN Project” “c:\windows\system32\drivers\avgtap.sys” “09/12/2016 13:36” “”
• “b06bdrv” “Broadcom NetXtreme II GigE VBD” “Broadcom Corporation” “c:\windows\system32\drivers\bxvbda.sys” “13/02/2009 23:18” “”
• “b57nd60a” “Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.” “Broadcom Corporation” “c:\windows\system32\drivers\b57nd60a.sys” “26/04/2009 12:14” “”
• “BrFiltLo” “Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver” “Brother Industries, Ltd.” “c:\windows\system32\drivers\brfiltlo.sys” “07/08/2006 02:51” “”
• “BrFiltUp” “Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver” “Brother Industries, Ltd.” “c:\windows\system32\drivers\brfiltup.sys” “07/08/2006 02:51” “”
• “Brserid” “Brotehr Serial I/F Driver (WDM)” “Brother Industries Ltd.” “c:\windows\system32\drivers\brserid.sys” “07/08/2006 02:51” “”
• “BrSerWdm” “Brother Serial driver (WDM version)” “Brother Industries Ltd.” “c:\windows\system32\drivers\brserwdm.sys” “07/08/2006 02:51” “”
• “BrUsbMdm” "Brother USB MDM Driver " “Brother Industries Ltd.” “c:\windows\system32\drivers\brusbmdm.sys” “07/08/2006 02:51” “”
• “BrUsbSer” “Brother USB Serial Driver” “Brother Industries Ltd.” “c:\windows\system32\drivers\brusbser.sys” “09/08/2006 13:11” “”
• “cmdide” “CMD PCI IDE Bus Driver” “CMD Technology, Inc.” “c:\windows\system32\drivers\cmdide.sys” “14/07/2009 00:19” “”
• “drmkaud” “” “” “c:\windows\syswow64\drivers\drmkaud.sys” “” “”
• “ebdrv” “Broadcom NetXtreme II 10 GigE VBD” “Broadcom Corporation” “c:\windows\system32\drivers\evbda.sys” “31/12/2008 17:29” “”
• “elxstor” “Storport Miniport Driver for LightPulse HBAs” “Emulex” “c:\windows\system32\drivers\elxstor.sys” “03/02/2009 23:52” “”
• “ESProtectionDriver” “” “” “c:\windows\system32\drivers\mbae64.sys” “29/04/2016 11:10” “”
• “hcw85cir” “Hauppauge WinTV 885 Consumer IR Driver for eHome” “Hauppauge Computer Works, Inc.” “c:\windows\system32\drivers\hcw85cir.sys” “11/05/2009 09:26” “”
• “HpSAMD” “Smart Array SAS/SATA Controller Media Driver” “Hewlett-Packard Company” “c:\windows\system32\drivers\hpsamd.sys” “20/04/2010 19:32” “”
• “iaStor” “” “” “c:\windows\syswow64\drivers\iastor.sys” “” “”
• “iaStorV” “Intel Matrix Storage Manager driver - x64” “Intel Corporation” “c:\windows\system32\drivers\iastorv.sys” “11/06/2010 01:46” “”
• “iirsp” “Intel/ICP Raid Storport Driver” “Intel Corp./ICP vortex GmbH” “c:\windows\system32\drivers\iirsp.sys” “13/12/2005 22:47” “”
• “IntcAzAudAddService” “” “” “File not found: system32\drivers\RTKVHD64.sys” “” “”
• “LSI_FC” “LSI Fusion-MPT FC Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_fc.sys” “09/12/2008 23:46” “”
• “LSI_SAS” “” “” “c:\windows\syswow64\drivers\lsi_sas.sys” “” “”
• “LSI_SAS2” “LSI SAS Gen2 Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_sas2.sys” “19/05/2009 01:31” “”
• “LSI_SCSI” “LSI Fusion-MPT SCSI Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_scsi.sys” “16/04/2009 23:13” “”
• “MBAMChameleon” “Malwarebytes Chameleon” “Malwarebytes” “c:\windows\system32\drivers\mbamchameleon.sys” “17/04/2017 22:51” “”
• “MBAMFarflt” “Malwarebytes Anti-Ransomware Protection” “Malwarebytes” “c:\windows\system32\drivers\farflt.sys” “24/03/2017 16:34” “”
• “MBAMProtection” “Malwarebytes Real-Time Protection” “Malwarebytes” “c:\windows\system32\drivers\mbam.sys” “28/09/2016 16:45” “”
• “MBAMSwissArmy” “Malwarebytes SwissArmy” “Malwarebytes” “c:\windows\system32\drivers\mbamswissarmy.sys” “18/05/2017 19:34” “”
• “MBAMWebProtection” “Malwarebytes Web Protection” “Malwarebytes” “c:\windows\system32\drivers\mwac.sys” “19/04/2017 16:38” “”
• “megasas” “MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64” “LSI Corporation” “c:\windows\system32\drivers\megasas.sys” “19/05/2009 02:09” “”
• “MegaSR” “LSI MegaRAID Software RAID Driver” “LSI Corporation, Inc.” “c:\windows\system32\drivers\megasr.sys” “19/05/2009 02:25” “”
• “monitor” “” “” “c:\windows\syswow64\drivers\monitor.sys” “” “”
• “MSPQM” “” “” “c:\windows\syswow64\drivers\mspqm.sys” “” “”
• “mwlPSDFilter” “mwlPSDFilter Filter Driver” “Egis Technology Inc.” “c:\windows\system32\drivers\mwlpsdfilter.sys” “02/06/2009 11:07” “”
• “mwlPSDNServ” “mwlPSDNServ Driver” “Egis Technology Inc.” “c:\windows\system32\drivers\mwlpsdnserv.sys” “02/06/2009 11:07” “”
• “mwlPSDVDisk” “mwlPSDVdisk Driver” “” “c:\windows\syswow64\drivers\mwlpsdvdisk.sys” “” “”
• “nfrd960” “IBM ServeRAID Controller Driver” “IBM Corporation” “c:\windows\system32\drivers\nfrd960.sys” “06/06/2006 22:11” “”
• “NVHDA” “NVIDIA HDMI Audio Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvhda64v.sys” “28/11/2013 14:38” “”
• “nvlddmkm” "NVIDIA Windows Kernel Mode Driver, Version 342.01 " “NVIDIA Corporation” “c:\windows\system32\drivers\nvlddmkm.sys” “14/11/2016 10:42” “”
• “nvraid” “NVIDIA® nForce™ RAID Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvraid.sys” “19/03/2010 21:59” “”
• “nvstor” “NVIDIA® nForce™ Sata Performance Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvstor.sys” “19/03/2010 21:45” “”
• “NvStreamKms” “Nvidia Streaming Kernel Service” “NVIDIA Corporation” “c:\program files\nvidia corporation\nvstreamsrv\nvstreamkms.sys” “18/10/2016 19:33” “”
• “nvvad_WaveExtensible” “NVIDIA Virtual Audio Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvvad64v.sys” “01/07/2016 14:12” “”
• “pci” “” “” “c:\windows\syswow64\drivers\pci.sys” “” “”
• “ql2300” “QLogic Fibre Channel Stor Miniport Driver” “QLogic Corporation” “c:\windows\system32\drivers\ql2300.sys” “23/01/2009 00:05” “”
• “ql40xx” “QLogic iSCSI Storport Miniport Driver” “QLogic Corporation” “c:\windows\system32\drivers\ql40xx.sys” “19/05/2009 02:18” “”
• “RTL8167” "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " “c:\windows\system32\drivers\rt64win7.sys” “14/07/2016 09:45” “”
• “rtl819xpn64” “Realtek RTL819xP NDIS Driverr” "Realtek Semiconductor Corporation " “c:\windows\system32\drivers\rtl819xp.sys” “06/01/2011 03:20” “”
• “sbp2port” “” “” “c:\windows\syswow64\drivers\sbp2port.sys” “” “”
• “SiSRaid2” “SiS RAID Stor Miniport Driver” “Silicon Integrated Systems Corp.” “c:\windows\system32\drivers\sisraid2.sys” “24/09/2008 19:28” “”
• “SiSRaid4” “SiS AHCI Stor-Miniport Driver” “Silicon Integrated Systems” “c:\windows\system32\drivers\sisraid4.sys” “01/10/2008 22:56” “”
• “Smb” “Microsoft NetbiosSmb Device Driver” “” “c:\windows\syswow64\drivers\smb.sys” “” “”
• “srv” “Enables connectivity from Windows XP and earlier clients” “” “c:\windows\syswow64\drivers\srv.sys” “” “”
• “stexstor” "Promise SuperTrak EX Series Driver for Windows " “Promise Technology” “c:\windows\system32\drivers\stexstor.sys” “18/02/2009 00:03” “”
• “SWDUMon” “Driver Update Installer Monitor” “” “File not found: system32\DRIVERS\SWDUMon.sys” “” “”
• “TDPIPE” “” “” “c:\windows\syswow64\drivers\tdpipe.sys” “” “”
• “usbhub” “” “” “c:\windows\syswow64\drivers\usbhub.sys” “” “”
• “vga” “” “” “c:\windows\syswow64\drivers\vgapnp.sys” “” “”
• “viaide” “VIA Generic PCI IDE Bus Driver” “VIA Technologies, Inc.” “c:\windows\system32\drivers\viaide.sys” “14/07/2009 00:19” “”
• “vsmraid” “VIA RAID DRIVER FOR AMD-X86-64” “VIA Technologies Inc.,Ltd” “c:\windows\system32\drivers\vsmraid.sys” “31/01/2009 02:18” “”
• “Wdf01000” “” “” “c:\windows\syswow64\drivers\wdf01000.sys” “” “”
• “WfpLwf” “WFP Lightweight Filter” “” “c:\windows\syswow64\drivers\wfplwf.sys” “” “”
• “WudfPf” “” “” “c:\windows\syswow64\drivers\wudfpf.sys” “” “”
  “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers” “” “” “” “14/07/2009 05:53” “”
• “Adobe Type Manager” “Windows NT OpenType/Type 1 Font Driver” “Adobe Systems Incorporated” “c:\windows\system32\atmfd.dll” “12/05/2017 18:50” “”
  “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32” “” “” “” “20/07/2017 20:02” “”
• “msacm.l3acm” “MPEG Layer-3 Audio Codec for MSACM” “Fraunhofer Institut Integrierte Schaltungen IIS” “c:\windows\system32\l3codeca.acm” “14/07/2009 02:28” “”
  “HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32” “” “” “” “22/07/2017 12:24” “”
• “msacm.l3acm” “MPEG Audio Layer-3 Codec for MSACM” “Fraunhofer Institut Integrierte Schaltungen IIS” “c:\windows\syswow64\l3codecp.acm” “14/07/2009 02:06” “”
• “vidc.cvid” “Cinepak® Codec” “Radius Inc.” “c:\windows\syswow64\iccvid.dll” “20/11/2010 12:59” “”
  “HKLM\Software\Wow6432Node\Classes\CLSID{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance” “” “” “” “29/07/2017 15:43” “”
• “{0C65D86E-07B1-4484-A371-4125BAA9FB6A}” “CLAuTS.ax” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clauts.ax” “23/06/2007 04:28” “”
• “{1F8C152D-FDB9-412B-A20E-05DBDEAE338C}” “CyberLink DVD Navigation Filter” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\arcade movie\navfilter\clnavx.ax” “25/05/2010 04:15” “”
• “{2E0D81A0-6BB1-40CC-8835-94A4C1C9529E}” “CyberLink MPEG Splitter” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clsplter.ax” “11/06/2009 12:12” “”
• “{4007D201-8CD2-4E13-8695-E30748DB4EB5}” “CyberLink Line21 Decoder Filter” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\arcade movie\videofilter\clline21.ax” “10/06/2009 13:16” “”
• “{519824BC-AE89-4D98-B604-1108CF060C34}” “CanonActualDataLengthSetter” “Canon Inc.” “c:\program files (x86)\canon\zoombrowser ex\program\canonactualdatalengthsetter.ax” “20/05/2005 08:51” “”
• “{5427B90F-5D16-42C9-8168-F818E4163F7F}” “CLAudSpa.ax” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\arcade movie\audiofilter\claudspa.ax” “09/11/2009 11:02” “”
• “{56893046-F317-47BA-A899-F7DEC4749DEA}” “CanonResizer” “Canon Inc.” “c:\program files (x86)\canon\zoombrowser ex\program\canonresizer.ax” “06/04/2005 00:58” “”
• “{61F89AFA-79D1-4333-933E-40BAF939153B}” “CLEvr” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clevr.dll” “17/05/2007 13:33” “”
• “{62EE8561-01F8-4CEE-B79F-3E4BF8AD4EFA}” “WMV/WMA Demux” “CyberLink” “c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clwmfdemux.ax” “01/08/2007 09:32” “”
• “{6F333D6E-65FB-427B-9620-84CAE58B4DE0}” “CLAuTS.ax” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\arcade movie\audiofilter\clauts.ax” “03/12/2009 14:14” “”
• “{80EB04F4-67C1-4738-B16B-98EA2CD19151}” “CyberLink Audio Effect Filter” “CyberLink Corporation” “c:\program files (x86)\acer arcade deluxe\arcade movie\audiofilter\claudfx.ax” “25/05/2009 04:31” “”
• “{92F83C67-7BE6-4CF1-94D1-D39851E6CD13}” “Canon G.726 Decoder” “Canon Inc.” “c:\program files (x86)\canon\g726decoder\canong726decoder.ax” “28/01/2005 05:18” “”
• “{9F22B503-2196-44B2-84FC-DE54201D3115}” “CyberLink Audio Wizard Filter” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\arcade movie\audiofilter\claudwizard.ax” “14/08/2009 14:26” “”
• “{A0DF7B81-AF40-43C5-81DD-D79174944FE7}” “Motion-JPEG Decoder Filter” “Canon Inc.” “c:\program files (x86)\canon\zoombrowser ex\program\canonmjpegdecoder.ax” “08/11/2005 02:13” “”
• “{AC5FC253-8D38-4C9D-8E4C-64C2A6D51201}” “Canon Text Source Filter” “Canon Inc.” “c:\program files (x86)\canon\zoombrowser ex\program\canontextsourcefilter.ax” “24/08/2005 02:50” “”
• “{B938F585-40AB-46C2-BE9C-DD452C2EA54B}” “CLStream” “CyberLink” “c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clstream(multilib).ax” “16/01/2009 07:39” “”
• “{B98B8A6A-D8CC-4FA6-A9B9-A2E040201C0B}” “MPEG-2 Dempltiplexer” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\cldemuxer.ax” “24/01/2008 10:54” “”
• “{BAB712B7-85C4-4727-B57A-7DFA45EE6105}” “CLStream” “CyberLink” “c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clstream(pushmode).ax” “03/08/2009 13:39” “”
• “{C1768843-6357-4395-A55A-ABEF4CDF8323}” “CLSubTitle.ax” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\arcade movie\videofilter\clsubtitle.ax” “04/12/2009 11:16” “”
• “{C3F47B9F-1F8A-47F8-BA5D-7B74135258B2}” “CyberLink Audio Decoder Filter” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\arcade movie\audiofilter\claud.ax” “20/04/2010 09:26” “”
• “{D1B0F70F-8CCB-4DB3-9ECF-424391849F98}” “Cyberlink Tzan Filter” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\arcade movie\videofilter\cltzan.ax” “07/04/2010 03:10” “”
• “{D8B55EE6-6735-467F-9F7B-31975790C4EE}” “Cyberlink Streaming Source Filter(Scramble)” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clstream.ax” “07/05/2009 14:10” “”
• “{E84574D2-CCC9-4368-ADF1-91B1EEAEB90C}” “Motion-JPEG Encoder Filter” “Canon Inc.” “c:\program files (x86)\canon\zoombrowser ex\program\canonmjpegencoder.ax” “23/06/2005 00:53” “”
• “{EA975E9C-B100-45C8-9EDE-69E0391E1AED}” “CyberLink Video/SP Filter” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\clvsd.ax” “23/02/2009 14:36” “”
• “{EB41C30F-8D0E-435E-8279-B9668AEFCFB1}” “CyberLink Video/SP Filter” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\arcade movie\videofilter\clvsd.ax” “30/03/2010 09:37” “”
• “{EE5A8795-82D8-4D82-A946-21F6EABE2C44}” “CyberLink Audio Decoder Filter” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\claud61.ax” “29/10/2008 07:47” “”
• “{F1F2ACE9-7263-48F2-8A5D-79D7F99A4B0F}” “CLAudSpa.ax” “CyberLink Corp.” “c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\claudspa.ax” “24/09/2004 12:08” “”
• “{FEFDE650-9F37-4D7A-86DC-88AF05E51B87}” “Canon Utilities Support Library” “Canon Inc.” “c:\program files (x86)\canon\camerawindow\camerawindowmc\pswavdes.a x” “13/01/2005 03:08” “”
  “HKCU\Control Panel\Desktop\Scrnsave.exe” “” “” “” “31/07/2017 17:20” “”
• “C:\Windows\System32\Acer.scr” “Screen Saver” “” “c:\windows\system32\acer.scr” “29/07/2010 09:30” “”

Hello Derek,

Autoruns looks ok now but can I ask if you would mind one of our colleagues Mal taking a look at your comp, not for me to say for sure but beings as you may have been left unprotected the malnourished may want to make sure that things are as they should be (y)

Hi Phil NOt a problem,how do you want to go about it?

Let me tag @Malnutrition and @gus to assist you. In the meantime, go ahead and do the following for me.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu.



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.


Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select “Scan”



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team

Copy/paste would not play,so have attempted to upload as file,hope this works and thanks for your work and asistance
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by Delboy (administrator) on DELBOY-PC (02-08-2017 12:26:49)
Running from C:\Users\Delboy\Downloads
Loaded Profiles: Delboy (Available Profiles: Delboy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\as pnet_state.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(© 2015 Microsoft Corporation) C:\Users\Delboy\AppData\Local\Microsoft\BingSvc\Bi ngSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Canon Inc.) C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM...\Run: [ShadowPlay] => “C:\Windows\system32\rundll32.exe” C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSyst emStart
HKLM...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [335360 2012-08-08] (LITE-ON TECHNOLOGY CORP.)
HKLM...\Run: [ALU] => C:\Program Files\Acer\Acer Updater\ALU.exe [2419104 2016-06-06] (Acer Incorporated)
HKU\S-1-5-21-1185751014-4152620646-720881419-1000...\Run: [BingSvc] => C:\Users\Delboy\AppData\Local\Microsoft\BingSvc\Bi ngSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1185751014-4152620646-720881419-1000\Control Panel\Desktop\SCRNSAVE.EXE → C:\Windows\System32\Acer.scr [456224 2010-07-29] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip..\Interfaces{0050B548-63D8-4728-A5C1-B7FFC91EFAB9}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip..\Interfaces{87461323-90C4-4CD1-8B91-D88CA5117579}: [DhcpNameServer] 194.168.4.100 194.168.8.100
[HEADING=1]Internet Explorer:[/HEADING]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1185751014-4152620646-720881419-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-1185751014-4152620646-720881419-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://bing.com/
SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1185751014-4152620646-720881419-1000 → DefaultScope {93BCD679-4F15-480F-8D94-BAE116E88A03} URL =
BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-1185751014-4152620646-720881419-1000 → No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/launch.ocx
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: p6yzmj74.default
FF ProfilePath: C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Pr ofiles\p6yzmj74.default [2017-08-02]
FF user.js: detected! => C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Pr ofiles\p6yzmj74.default\user.js [2017-05-29]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\p6yzmj74.default → Search Provided by Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\p6yzmj74.default → Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\p6yzmj74.default → Search Provided by Bing
FF Homepage: Mozilla\Firefox\Profiles\p6yzmj74.default → hxxps://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-5d340a96
FF Keyword.URL: Mozilla\Firefox\Profiles\p6yzmj74.default → user_pref(“keyword.URL”, true);
FF Extension: (True Key™ by Intel Security) - C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Pr ofiles\p6yzmj74.default\Extensions@true-key.xpi [2017-07-25]
FF Extension: (Bing Search) - C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Pr ofiles\p6yzmj74.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-07-10]
FF SearchPlugin: C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Pr ofiles\p6yzmj74.default\searchplugins\bing-.xml [2017-07-10]
FF SearchPlugin: C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Pr ofiles\p6yzmj74.default\searchplugins\search provided by bing.xml [2017-07-24]
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_ 137.dll [2017-07-11] ()
FF Plugin: @garmin.com/GpsControl → C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE → disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_ 137.dll [2017-07-11] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin → C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\npsitesafety.dll [No File]
FF Plugin-x32: @garmin.com/GpsControl → C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @microsoft.com/GENUINE → disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR HKLM...\Chrome\Extension: [pmagdleikobihfikldcpmgfjcppcddnf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32...\Chrome\Extension: [pmagdleikobihfikldcpmgfjcppcddnf] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
R2 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-13] () [File not signed]
S4 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 NisSrv; “C:\Program Files\Microsoft Security Client\NisSrv.exe”

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 avgTap; C:\Windows\System32\DRIVERS\avgTap.sys [54888 2016-12-09] (The OpenVPN Project)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-27] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-31] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-31] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-25] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-05-31] (Malwarebytes)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [626792 2000-01-01] (Realtek Semiconductor Corporation )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-02 12:18 - 2017-08-02 12:18 - 000000000 ____D C:\Users\Delboy\AppData\Local{E4186705-B3D9-4D9D-807D-ED32683C256A}
2017-08-02 12:08 - 2017-08-02 12:08 - 000000000 ____D C:\Users\Delboy\AppData\Local{679E915D-E8B0-4B82-9B95-38AB5016E56B}
2017-08-02 12:05 - 2017-08-02 12:05 - 000001138 _____ C:\Users\Delboy\Desktop\FRST64 - Shortcut.lnk
2017-08-02 11:59 - 2017-08-02 12:09 - 000037097 _____ C:\Users\Delboy\Downloads\Addition.txt
2017-08-02 11:58 - 2017-08-02 12:26 - 000013725 _____ C:\Users\Delboy\Downloads\FRST.txt
2017-08-02 11:55 - 2017-08-02 11:55 - 002381312 _____ (Farbar) C:\Users\Delboy\Downloads\FRST64(1).exe
2017-08-02 11:54 - 2017-08-02 12:26 - 000000000 ____D C:\FRST
2017-08-02 11:53 - 2017-08-02 11:53 - 002381312 _____ (Farbar) C:\Users\Delboy\Downloads\FRST64.exe
2017-08-02 11:51 - 2017-08-02 11:51 - 000000000 ____D C:\Users\Delboy\AppData\Local{6C9B4358-8E19-4D5A-A741-7E2D4DDE8992}
2017-08-02 11:46 - 2017-08-02 11:46 - 000000000 ____D C:\Users\Delboy\AppData\Local{BEB991C4-6CB0-4C24-8D10-EB17AD2D2483}
2017-08-02 11:23 - 2017-08-02 11:23 - 000000000 ____D C:\Users\Delboy\AppData\Local{25373FAD-6009-447B-B1EF-8B29797C4DF9}
2017-08-01 20:02 - 2017-08-01 20:02 - 000000000 ____D C:\Users\Delboy\AppData\Local{9DA37C6B-10FA-4B89-8E05-7B5E9284B253}
2017-08-01 19:39 - 2017-08-01 19:39 - 000000000 ____D C:\Users\Delboy\AppData\Local{2835B770-1688-4DAF-A651-3E9D7B2B0758}
2017-08-01 18:23 - 2017-08-01 18:23 - 000000000 ____D C:\Users\Delboy\AppData\Local{9A3D9B94-C9D9-4E27-98A7-7903C2B9AF72}
2017-07-31 21:14 - 2017-07-31 21:14 - 000000000 ____D C:\Users\Delboy\AppData\Local{2E10E713-6677-4FBC-A706-9CC94E3B8131}
2017-07-31 21:10 - 2017-07-31 21:10 - 000000000 ____D C:\Users\Delboy\AppData\Local{1A982458-CAD6-4BF3-B092-961C8ECFFC93}
2017-07-31 17:38 - 2017-07-31 17:38 - 000000000 ____D C:\Users\Delboy\AppData\Local{3194A425-E9EA-4306-B121-5811F063C411}
2017-07-31 17:30 - 2017-07-31 17:30 - 000000000 ____D C:\Users\Delboy\AppData\Local{68D785DE-1281-4A51-8D36-6AAED6ECEDAA}
2017-07-31 17:25 - 2017-07-31 17:25 - 000000000 ____D C:\Users\Delboy\AppData\Local{216185A2-4001-4BEF-B4F0-33CB7A88392A}
2017-07-31 17:21 - 2017-07-31 17:22 - 000000000 ____D C:\Users\Delboy\AppData\Local{4B1C20BB-B135-4E84-922C-5C0BA79C0E52}
2017-07-31 17:19 - 2017-07-31 17:19 - 000000000 ____D C:\WINSSLog
2017-07-31 17:14 - 2017-07-31 17:14 - 000000000 ____D C:\Users\Delboy\AppData\Local{112A2F53-3E92-44B7-8932-98A087D45D28}
2017-07-31 17:07 - 2017-07-31 17:07 - 000000000 ____D C:\Users\Delboy\AppData\Local{106A5179-D3AB-4277-8C48-48FD0ED18D1B}
2017-07-31 17:06 - 2017-07-31 17:06 - 000000000 ____D C:\Users\Delboy\AppData\Local{BF88B225-500E-44C4-A8FC-DB91D5D96680}
2017-07-31 16:50 - 2017-07-31 16:50 - 000000000 ____D C:\Users\Delboy\AppData\Local{B8C4F29B-29A1-4B5D-A80E-076F9D25BDA1}
2017-07-31 16:37 - 2017-07-31 16:37 - 000000000 ____D C:\Users\Delboy\AppData\Local{7DA2CF1F-408B-4FD7-BB8E-645E39526E17}
2017-07-31 14:29 - 2017-07-31 16:58 - 000002558 _____ C:\FixitRegBackup.reg
2017-07-31 13:40 - 2017-07-31 13:40 - 000000000 ____D C:\Users\Delboy\AppData\Local{D666946F-68D4-4BB3-9AEB-0B0C24BB3358}
2017-07-31 12:46 - 2017-07-31 12:46 - 000000000 ____D C:\Users\Delboy\AppData\Local{903DCF83-5AA8-4563-B4CC-515E76A26D4D}
2017-07-31 12:14 - 2017-07-31 12:14 - 000000000 ____D C:\Users\Delboy\AppData\Local{750D1B52-5E83-4E7D-ADD2-B253EC93A609}
2017-07-30 14:19 - 2017-07-30 14:19 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-07-30 13:34 - 2017-07-30 13:34 - 000000000 ____D C:\Users\Delboy\AppData\Local{9C93C2BD-9048-4F47-92B8-CFCF2688B85B}
2017-07-30 13:10 - 2017-07-30 13:10 - 000000000 ____D C:\SUPERDelete
2017-07-30 13:08 - 2017-07-30 13:08 - 000270488 _____ C:\Windows\Minidump\073017-22760-01.dmp
2017-07-30 13:03 - 2017-07-30 13:08 - 000268188 _____ C:\Windows\ntbtlog.txt
2017-07-29 18:18 - 2017-07-29 18:18 - 000000000 ____D C:\Users\Delboy\AppData\Local{5972C328-03E7-4782-87AC-4E6BA4DDBDF2}
2017-07-29 17:57 - 2017-07-29 17:57 - 000000000 ____D C:\Users\Delboy\AppData\Local{4DC87589-6DAF-47F3-8B2C-7EB79FDF1653}
2017-07-29 17:54 - 2017-07-29 17:54 - 000000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2017-07-29 16:13 - 2017-07-30 13:04 - 000000000 ____D C:\Program Files (x86)\Free Window Registry Repair
2017-07-29 16:13 - 2017-07-29 16:13 - 000805841 _____ C:\Users\Delboy\Downloads\RegpairSetup.exe
2017-07-29 16:13 - 2017-07-29 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2017-07-29 16:07 - 2017-07-31 21:10 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\Windows Live Writer
2017-07-29 16:07 - 2017-07-29 16:07 - 000000000 ____D C:\Users\Delboy\AppData\Local\Windows Live Writer
2017-07-29 16:07 - 2017-07-29 16:07 - 000000000 ____D C:\Users\Delboy\AppData\Local{33A013C0-6B2F-465A-B8B8-BE442E26F9B1}
2017-07-29 15:49 - 2017-07-29 15:49 - 000000000 ____D C:\Users\Delboy\AppData\Local{B0BD47E4-1094-416E-9749-9450D6FFBD19}
2017-07-29 15:43 - 2017-07-29 15:43 - 000002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2017-07-29 15:43 - 2017-07-29 15:43 - 000001462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2017-07-29 15:43 - 2017-07-29 15:43 - 000001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2017-07-29 15:43 - 2017-07-29 15:43 - 000001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2017-07-29 15:43 - 2017-07-29 15:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-07-29 15:43 - 2017-07-29 15:43 - 000000000 ____D C:\Windows\en
2017-07-29 15:43 - 2017-07-29 15:43 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-07-29 15:42 - 2017-07-29 15:42 - 000000000 ____D C:\Program Files\Windows Live
2017-07-29 15:15 - 2017-07-30 14:32 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\ParetoLogic
2017-07-29 15:15 - 2017-07-30 13:10 - 000000000 ____D C:\ProgramData\ParetoLogic
2017-07-29 14:47 - 2017-07-29 14:47 - 012231000 _____ (Microsoft Corporation) C:\Users\Delboy\Downloads\mseinstall(1).exe
2017-07-29 14:02 - 2017-07-29 14:02 - 000030354 _____ C:\ProgramData\agent.uninstall.1501333334.bdinstal l.bin
2017-07-29 13:50 - 2017-07-29 13:50 - 000000017 _____ C:\Users\Delboy\AppData\Local\resmon.resmoncfg
2017-07-28 19:58 - 2017-07-28 19:58 - 017816696 _____ (Bitberry Software ) C:\Users\Delboy\Downloads\ffvsetup.exe
2017-07-28 19:49 - 2017-07-29 11:52 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\BitTorrent
2017-07-27 19:57 - 2017-07-29 11:49 - 000000000 ____D C:\Users\Delboy\AppData\LocalLow\uTorrent
2017-07-27 19:40 - 2017-07-27 19:40 - 000291888 _____ C:\Windows\Minidump\072717-17347-01.dmp
2017-07-27 19:33 - 2017-07-27 19:33 - 000291936 _____ C:\Windows\Minidump\072717-17035-01.dmp
2017-07-26 16:07 - 2017-07-30 13:08 - 273363092 _____ C:\Windows\MEMORY.DMP
2017-07-26 16:07 - 2017-07-26 16:07 - 000280800 _____ C:\Windows\Minidump\072617-17784-01.dmp
2017-07-23 18:41 - 2017-07-23 18:41 - 000030963 _____ C:\ProgramData\agent.update.1500831703.bdinstall.b in
2017-07-23 18:28 - 2017-06-07 05:04 - 000950160 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2017-07-23 18:28 - 2017-05-26 09:49 - 000260512 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys
2017-07-23 18:28 - 2017-04-19 07:19 - 001612648 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2017-07-23 18:27 - 2017-07-23 18:27 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\QuickScan
2017-07-23 18:25 - 2017-07-23 18:25 - 000047033 _____ C:\ProgramData\agent.1500830750.bdinstall.bin
2017-07-23 18:05 - 2017-07-23 18:05 - 000000000 ____D C:\ProgramData\SecuritySuite
2017-07-23 18:02 - 2017-07-23 18:02 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\PCProtect
2017-07-23 13:00 - 2017-05-30 21:45 - 000565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-07-23 12:26 - 2017-07-31 17:25 - 000002150 _____ C:\Windows\epplauncher.mif
2017-07-22 16:47 - 2017-07-22 16:47 - 000000800 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-07-22 16:47 - 2017-07-22 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-07-22 16:47 - 2017-07-22 16:47 - 000000000 ____D C:\Program Files\Speccy
2017-07-20 19:31 - 2017-07-20 19:31 - 000000000 ____D C:\Users\Delboy\AppData\Local\AVG Netherlands BV
2017-07-17 15:11 - 2015-08-05 18:56 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-07-17 15:11 - 2015-08-05 18:06 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-07-16 16:24 - 2017-06-30 05:15 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-16 16:24 - 2017-06-30 04:32 - 000346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-16 16:24 - 2017-06-30 03:57 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-16 16:24 - 2017-06-30 03:57 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-16 16:24 - 2017-06-30 03:39 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-16 16:24 - 2017-06-30 03:38 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-16 16:24 - 2017-06-29 07:27 - 025734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-16 16:24 - 2017-06-29 07:02 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-16 16:24 - 2017-06-29 06:44 - 005975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-16 16:24 - 2017-06-29 06:43 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-16 16:24 - 2017-06-29 06:23 - 020270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-16 16:24 - 2017-06-29 06:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-16 16:24 - 2017-06-29 05:58 - 015253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-16 16:24 - 2017-06-29 05:53 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-16 16:24 - 2017-06-29 05:52 - 004549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-16 16:24 - 2017-06-29 05:43 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-16 16:24 - 2017-06-29 05:41 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-16 16:24 - 2017-06-29 05:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-16 16:24 - 2017-06-29 05:24 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-16 16:24 - 2017-06-22 15:58 - 003223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-16 16:24 - 2017-06-15 21:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-16 16:24 - 2017-06-12 23:54 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-16 16:24 - 2017-06-12 23:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-16 16:24 - 2017-06-12 23:49 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-16 16:24 - 2017-06-12 23:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-16 16:24 - 2017-06-12 23:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-16 16:24 - 2017-06-12 23:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-16 16:24 - 2017-06-12 23:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-16 16:24 - 2017-06-12 23:28 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-16 16:24 - 2017-06-12 23:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-16 16:24 - 2017-06-10 16:59 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-16 16:24 - 2017-06-10 16:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-16 16:24 - 2017-06-09 16:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-16 16:24 - 2017-06-06 16:30 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-16 16:24 - 2017-06-06 16:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-16 16:24 - 2017-05-30 05:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-16 16:24 - 2017-05-16 16:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-16 16:24 - 2017-05-03 16:34 - 000094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-16 16:24 - 2017-05-03 16:29 - 001206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-16 16:24 - 2017-03-23 03:06 - 001691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-16 16:23 - 2017-06-30 03:57 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-16 16:23 - 2017-06-30 03:40 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-16 16:23 - 2017-06-30 03:40 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-16 16:23 - 2017-06-30 03:39 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-16 16:23 - 2017-06-30 03:38 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-16 16:23 - 2017-06-30 03:38 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-16 16:23 - 2017-06-30 03:38 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-16 16:23 - 2017-06-30 03:38 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-16 16:23 - 2017-06-30 03:38 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-16 16:23 - 2017-06-30 03:38 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-16 16:23 - 2017-06-30 03:38 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-16 16:23 - 2017-06-30 03:27 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-16 16:23 - 2017-06-30 03:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-16 16:23 - 2017-06-30 03:26 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-16 16:23 - 2017-06-30 03:26 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-16 16:23 - 2017-06-29 07:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-16 16:23 - 2017-06-29 07:18 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-16 16:23 - 2017-06-29 07:04 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-16 16:23 - 2017-06-29 07:03 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-16 16:23 - 2017-06-29 07:03 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-16 16:23 - 2017-06-29 07:02 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-16 16:23 - 2017-06-29 07:02 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-16 16:23 - 2017-06-29 06:55 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-16 16:23 - 2017-06-29 06:54 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-16 16:23 - 2017-06-29 06:51 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-16 16:23 - 2017-06-29 06:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-16 16:23 - 2017-06-29 06:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-16 16:23 - 2017-06-29 06:50 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-16 16:23 - 2017-06-29 06:50 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-16 16:23 - 2017-06-29 06:39 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-16 16:23 - 2017-06-29 06:35 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-16 16:23 - 2017-06-29 06:31 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-16 16:23 - 2017-06-29 06:31 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-16 16:23 - 2017-06-29 06:30 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-16 16:23 - 2017-06-29 06:27 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-16 16:23 - 2017-06-29 06:26 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-16 16:23 - 2017-06-29 06:23 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-16 16:23 - 2017-06-29 06:23 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-16 16:23 - 2017-06-29 06:23 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-16 16:23 - 2017-06-29 06:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-16 16:23 - 2017-06-29 06:22 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-16 16:23 - 2017-06-29 06:22 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-16 16:23 - 2017-06-29 06:19 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-16 16:23 - 2017-06-29 06:17 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-16 16:23 - 2017-06-29 06:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-16 16:23 - 2017-06-29 06:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-16 16:23 - 2017-06-29 06:13 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-16 16:23 - 2017-06-29 06:13 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-16 16:23 - 2017-06-29 06:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-16 16:23 - 2017-06-29 06:11 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-16 16:23 - 2017-06-29 06:09 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-16 16:23 - 2017-06-29 06:09 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-16 16:23 - 2017-06-29 06:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-16 16:23 - 2017-06-29 06:07 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-16 16:23 - 2017-06-29 06:05 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-16 16:23 - 2017-06-29 06:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-16 16:23 - 2017-06-29 06:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-16 16:23 - 2017-06-29 06:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-16 16:23 - 2017-06-29 05:58 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-16 16:23 - 2017-06-29 05:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-16 16:23 - 2017-06-29 05:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-16 16:23 - 2017-06-29 05:54 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-16 16:23 - 2017-06-29 05:48 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-16 16:23 - 2017-06-29 05:47 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-16 16:23 - 2017-06-29 05:46 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-16 16:23 - 2017-06-29 05:46 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-16 16:23 - 2017-06-29 05:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-16 16:23 - 2017-06-29 05:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-16 16:23 - 2017-06-12 23:54 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-16 16:23 - 2017-06-12 23:54 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-16 16:23 - 2017-06-12 23:49 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-16 16:23 - 2017-06-12 23:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-16 16:23 - 2017-06-12 23:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-16 16:23 - 2017-06-12 23:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-16 16:23 - 2017-06-12 23:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-16 16:23 - 2017-06-12 23:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-16 16:23 - 2017-06-12 23:29 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-16 16:23 - 2017-06-12 23:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-16 16:23 - 2017-06-12 23:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-16 16:23 - 2017-06-12 23:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-16 16:23 - 2017-06-12 23:12 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-16 16:23 - 2017-06-12 23:12 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-16 16:23 - 2017-06-12 23:12 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-16 16:23 - 2017-06-12 23:11 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-16 16:23 - 2017-06-12 23:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-16 16:23 - 2017-06-12 23:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-16 16:23 - 2017-06-12 23:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-16 16:23 - 2017-06-12 23:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-16 16:23 - 2017-06-12 23:05 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-16 16:23 - 2017-05-30 05:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-16 16:23 - 2017-05-30 05:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-16 16:23 - 2017-05-21 05:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-16 16:23 - 2017-05-21 05:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-16 16:23 - 2017-05-16 16:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-16 16:23 - 2017-05-16 16:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-11 17:28 - 2017-07-11 17:28 - 000003584 _____ C:\Users\Delboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-11 17:25 - 2017-07-11 17:25 - 027323967 _____ (Acresso Software Inc.) C:\Users\Delboy\Downloads\rzdvdcreator.exe
2017-07-10 14:08 - 2017-07-10 14:08 - 000000000 ____D C:\Users\Delboy\AppData\Local\Apps\2.0
2017-07-10 12:19 - 2017-07-10 12:19 - 000001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-10 12:19 - 2017-07-10 12:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-10 12:19 - 2017-07-10 12:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-10 12:18 - 2017-07-10 12:18 - 000266144 _____ (Mozilla) C:\Users\Delboy\Downloads\Firefox Setup Stub 54.0.1.exe
2017-07-07 15:22 - 2017-07-07 15:22 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-07-06 15:19 - 2017-07-06 15:19 - 000000000 __RHD C:\MSOCache
2017-07-06 15:13 - 2017-07-17 15:26 - 000000000 ____D C:\Users\Delboy\AppData\Roaming{90140011-0066-0409-0000-0000000FF1CE}
2017-07-06 15:13 - 2017-07-17 15:26 - 000000000 ____D C:\ProgramData\Virtualized Applications

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-02 12:25 - 2017-05-17 17:13 - 000000000 ____D C:\Users\Delboy\AppData\LocalLow\Mozilla
2017-08-02 11:34 - 2009-07-14 05:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-02 11:34 - 2009-07-14 05:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-02 11:20 - 2017-05-15 19:46 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-02 11:20 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-01 20:04 - 2017-05-16 19:30 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\SoftGrid Client
2017-07-31 15:00 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2017-07-31 12:16 - 2017-05-17 11:52 - 000000000 ____D C:\Users\Delboy\AppData\Local\Windows Live
2017-07-30 13:08 - 2017-05-23 22:07 - 000000000 ____D C:\Windows\Minidump
2017-07-29 15:43 - 2017-05-15 19:56 - 000000000 ____D C:\Program Files (x86)\Windows Live
2017-07-29 15:42 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-07-29 15:24 - 2017-06-19 16:42 - 000000000 ____D C:\Users\Delboy\AppData\Local\CrashDumps
2017-07-29 14:19 - 2017-05-20 16:59 - 000000000 ____D C:\ProgramData\Avg
2017-07-29 11:52 - 2017-06-22 16:16 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\uTorrent
2017-07-28 20:12 - 2017-06-22 19:41 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\vlc
2017-07-26 16:08 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-26 14:09 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-07-23 18:47 - 2017-05-17 17:51 - 000766610 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-23 18:47 - 2009-07-14 06:13 - 000766610 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-23 18:47 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-07-23 17:40 - 2017-06-03 14:52 - 000000000 ____D C:\Users\Delboy\AppData\Local\ElevatedDiagnostics
2017-07-23 16:08 - 2017-05-15 20:48 - 000000000 ____D C:\ProgramData\AVAST Software
2017-07-23 16:03 - 2017-06-08 13:12 - 000000000 ____D C:\Program Files (x86)\Google
2017-07-23 16:03 - 2017-05-15 20:52 - 000000000 ____D C:\Users\Delboy\AppData\Local\Google
2017-07-23 16:00 - 2017-05-17 12:58 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-07-22 12:06 - 2017-05-15 20:13 - 000000000 ____D C:\Users\Delboy
2017-07-20 20:05 - 2017-05-15 19:43 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-07-20 19:58 - 2017-06-21 12:59 - 000000000 ____D C:\Windows\system32\DAX2
2017-07-17 15:26 - 2017-05-16 19:30 - 000000000 ____D C:\Users\Delboy\AppData\Local\SoftGrid Client
2017-07-17 13:18 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-07-17 01:08 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\servicing
2017-07-16 18:35 - 2017-06-01 21:22 - 000268392 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-16 18:33 - 2017-05-17 21:45 - 000000000 ____D C:\Windows\system32\appraiser
2017-07-16 17:08 - 2017-05-15 21:26 - 000000000 ____D C:\Windows\system32\MRT
2017-07-16 17:05 - 2017-05-15 21:26 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-16 16:26 - 2017-06-23 19:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-11 17:32 - 2010-08-31 11:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-11 17:08 - 2017-06-03 16:51 - 000000000 ____D C:\Users\Delboy\Documents\New folder
2017-07-11 17:03 - 2017-05-16 12:58 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\Nero
2017-07-11 12:37 - 2017-05-23 13:10 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-11 12:37 - 2017-05-23 13:10 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 12:37 - 2017-05-23 13:10 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 12:37 - 2017-05-23 13:10 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-11 12:37 - 2010-08-31 12:11 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-10 12:19 - 2017-05-17 17:13 - 000001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-06 20:17 - 2017-05-20 16:59 - 000000000 ____D C:\Users\Delboy\AppData\Local\Avg
2017-07-06 18:26 - 2017-06-03 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2017-07-06 18:26 - 2017-05-17 21:45 - 000000000 ___SD C:\Windows\system32\CompatTel
2017-07-06 18:26 - 2017-05-17 12:46 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-07-06 18:25 - 2017-05-17 12:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Files in the root of some directories =======

2017-07-29 15:15 - 2017-07-29 15:46 - 000000115 _____ () C:\Users\Delboy\AppData\Roaming\LogFile.txt
2017-07-11 17:28 - 2017-07-11 17:28 - 000003584 _____ () C:\Users\Delboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-31 12:15 - 2017-06-22 16:08 - 000023578 _____ () C:\Users\Delboy\AppData\Local\HWVendorDetection.lo g
2017-07-29 13:50 - 2017-07-29 13:50 - 000000017 _____ () C:\Users\Delboy\AppData\Local\resmon.resmoncfg
2017-07-23 18:25 - 2017-07-23 18:25 - 000047033 _____ () C:\ProgramData\agent.1500830750.bdinstall.bin
2017-07-29 14:02 - 2017-07-29 14:02 - 000030354 _____ () C:\ProgramData\agent.uninstall.1501333334.bdinstal l.bin
2017-07-23 18:41 - 2017-07-23 18:41 - 000030963 _____ () C:\ProgramData\agent.update.1500831703.bdinstall.b in
2017-05-15 19:52 - 2017-05-15 19:54 - 000015545 _____ () C:\ProgramData\ArcadeDeluxe4.log
2017-05-25 17:16 - 2017-05-25 17:16 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2010-08-31 11:56 - 2010-03-02 23:59 - 000131984 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-01 19:07

==================== End of FRST.txt ============================
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Delboy (02-08-2017 12:27:03)
Running from C:\Users\Delboy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2017-05-15 19:13:39)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-1185751014-4152620646-720881419-500 - Administrator - Disabled)
Delboy (S-1-5-21-1185751014-4152620646-720881419-1000 - Administrator - Enabled) => C:\Users\Delboy
Guest (S-1-5-21-1185751014-4152620646-720881419-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1185751014-4152620646-720881419-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Arcade Deluxe (HKLM-x32...{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.) Hidden
Acer Arcade Deluxe (HKLM-x32...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.)
Acer Arcade Movie (HKLM-x32...{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}) (Version: 9.0.6629 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32...{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32...{58F4D244-314F-4D26-B5EF-C28AB32E22CB}is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32...\Acer Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Acer Updater (HKLM-x32...{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3503 - Acer Incorporated)
Acrobat.com (HKLM-x32...{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Advertising Center (HKLM-x32...{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
Airport Mania First Flight (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)
Amazonia (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
ANT Drivers Installer x64 (HKLM...{CC7132C7-8532-4EA7-8E3F-53260C0BE168}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Belarc Advisor 8.5c (HKLM-x32...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Brother MFL-Pro Suite DCP-197C (HKLM-x32...{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Cake Mania (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Canon Camera Access Library (HKLM-x32...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM-x32...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM-x32...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32...\CameraWindowMC) (Version: 6.1.0.7 - )
Canon G.726 WMP-Decoder (HKLM-x32...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
CANON iMAGE GATEWAY Task (HKLM-x32...\CANON iMAGE GATEWAY Task) (Version: 1.1.0.2 - )
Canon Internet Library for ZoomBrowser EX (HKLM-x32...\Canon Internet Library for ZoomBrowser EX) (Version: 1.4.1.3 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32...\MovieEditTask) (Version: 2.2.0.13 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32...\RAW Image Task) (Version: 2.3.0.11 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Utilities EOS Utility (HKLM-x32...\EOS Utility) (Version: 1.0.3.17 - )
Canon Utilities PhotoStitch (HKLM-x32...\PhotoStitch) (Version: 3.1.17.41 - )
Canon Utilities ZoomBrowser EX (HKLM-x32...\ZoomBrowser EX) (Version: 5.6.0.27 - )
D3DX10 (HKLM-x32...{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eBay Worldwide (HKLM-x32...{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elevated Installer (HKLM-x32...{4694981D-8031-4526-90BE-E5F7FB80CBB8}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
eSobi v2 (HKLM-x32...{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) Hidden
eSobi v2 (HKLM-x32...\InstallShield{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
Farm Frenzy 2 (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Galapago (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Garmin Communicator Plugin (HKLM-x32...{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM...{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32...{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32...{A92D383B-FD85-4B9C-A5D9-3647C71E48A1}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32...{D52EDFA2-13A7-4765-8650-4AB30E6DB77F}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (HKLM-x32...{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Hotkey Utility (HKLM-x32...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ieSpell (HKLM-x32...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
ImagXpress (HKLM-x32...{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Junk Mail filter update (HKLM-x32...{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MediaShow Espresso (HKLM-x32...{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}) (Version: 5.5.1713_26701 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4.6.1 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32...{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32...{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32...{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-GB) (HKLM-x32...\Mozilla Firefox 54.0.1 (x86 en-GB)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32...{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32...{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32...{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32...{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
Nero 9 Essentials (HKLM-x32...{0506406d-6ba9-41e4-8a8e-8a6f28709256}) (Version: - Nero AG)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.01 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PaperPort Image Printer 64-bit (HKLM...{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Poker Pop (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.101.714.2016 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32...{46710AEB-ACE9-4386-9DFB-8B65153BFA74}) (Version: 1.00.0168 - )
Revo Uninstaller 2.0.3 (HKLM...{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
ScanSoft PaperPort 11 (HKLM-x32...{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
SHIELD Streaming (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Shredder (HKLM...{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32...{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Speccy (HKLM...\Speccy) (Version: 1.31 - Piriform)
Spin & Win (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
USB Enhanced Performance Keyboard (HKLM...{989DC5D9-A776-430D-9E16-D36E5B81CD86}) (Version: 2.0.1.9 - Lenovo)
VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.6 - VideoLAN)
Welcome Center (HKLM-x32...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Sync (HKLM-x32...{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
ShellIconOverlayIdentifiers: [00avg] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
ContextMenuHandlers1: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => → No File
ContextMenuHandlers2: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => → No File
ContextMenuHandlers4: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => → No File
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {115C1677-6A53-49C6-922D-CAC44A93D22B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {126D7747-5E63-4450-89AE-AA426416DD89} - System32\Tasks{9B866CA1-A2E6-420F-974C-4318E5F96331} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2011-05-13] (Microsoft Corporation)
Task: {5262A46D-32DB-4097-805D-2A1DD16F5C56} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2016-06-08] (Acer Incorporated)
Task: {562D82D7-C576-4B42-A0BA-8FCEA33F62DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {6845992F-A4EC-4B76-86FC-DE973A21535B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {AFEC12D5-5FBA-4599-9138-FC2AA8A094AC} - System32\Tasks\SSBkgdUpdate => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Acer Accessory Store.lnk → C:\Program Files\Acer Accessory Store\StartURL.exe () → hxxp://store.acer-euro.com/gb?utm_source=Icon&utm_medium=Icon&utm_campaign=Ac er%2BInternal

==================== Loaded Modules (Whitelisted) ==============

2017-05-15 21:24 - 2016-11-14 12:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.d ll
2017-05-25 16:47 - 2016-11-14 13:30 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardP lugin.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1185751014-4152620646-720881419-1000\Control Panel\Desktop\Wallpaper → C:\Users\Delboy\AppData\Roaming\Microsoft\Windows\ Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: ArcadeMovieService => “C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe”
MSCONFIG\startupreg: AvgUi => “C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe” /lps=fmw
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: GarminExpressTrayApp => “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: IndexSearch => “C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe”
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: MDS_Menu => “C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso” UpdateWithCreateOnce “Software\CyberLink\MediaShow Espresso\5.6”
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: NvBackend => “C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe”
MSCONFIG\startupreg: PaperPort PTD => “C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe”
MSCONFIG\startupreg: SuiteTray => “C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe”
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: uTorrent => “C:\Users\Delboy\AppData\Roaming\uTorrent\updates\ 3.5.0_43916.exe” /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9694842F-3808-4B7B-A12C-C675B602A7AE}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{0C82AB09-6D06-4056-97C9-06EF1F0F55C2}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{16FDF126-24B0-47BF-A757-1FED018FB046}] => (Allow) svchost.exe
FirewallRules: [{3509532E-E3CD-4CE8-949D-CCF0D673993E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B198A84B-345C-4BC3-887F-5162DF65D87D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E88C47E5-01C2-4BC6-8929-BE7DE731AC50}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C6A57DF4-A4EF-413F-A25F-7D11B11044CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AAD66303-B9BB-4998-BC4E-9C9760FEC524}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C4E4E2CC-5FC0-4A5A-9109-F61EC0869D62}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D81DCE92-F061-44A6-A8C0-B16E9839F70A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{77EF097C-8BB7-41CF-BDC5-42E4C342A19B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8C0A0EB0-A4C6-41B0-9D47-6712EDC45370}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{91CA7837-0B0F-4F2D-9A7F-863E0BE08C38}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{97ADBBA9-6F8A-4715-ADE6-6DE20A47EE71}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{AE0764B0-C29C-413D-89FB-6C8306DF1A74}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{58761677-7E1A-4DC0-9484-F15C620B7F28}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{5C5D9470-92A4-4F0A-82F1-ECAD34811E39}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{C391DC78-779E-4DE7-B33E-064501EF4F38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6FE44393-2DDC-4733-A232-794CB591B791}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FF048E2B-F738-468B-A765-D2AD2CA1622F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{14C02986-29CD-4BE6-A823-A90ACF8102CF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{C5FB0EA6-F5C8-4F32-9C32-1E406DA62D9D}C:\users\delboy\appdata\roaming\utorr ent\updates\3.5.0_43916.exe] => (Allow) C:\users\delboy\appdata\roaming\utorrent\updates\3 .5.0_43916.exe
FirewallRules: [UDP Query User{F66F7BFF-ED1A-4E69-A25E-953E33A4EE61}C:\users\delboy\appdata\roaming\utorr ent\updates\3.5.0_43916.exe] => (Allow) C:\users\delboy\appdata\roaming\utorrent\updates\3 .5.0_43916.exe
FirewallRules: [{4827C2B9-7EAC-4A7A-B915-28F137CE6109}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{95FBB107-F53D-41FD-9678-FBA62EFE5A92}] => (Allow) LPort=2869
FirewallRules: [{47F84E54-5E3A-4E79-91A9-21DFA65ED28D}] => (Allow) LPort=1900
FirewallRules: [{D06A0B13-A76D-4FE6-B900-DBD3F22A3DCF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

==================== Restore Points =========================

29-07-2017 13:17:50 Revo Uninstaller’s restore point - µTorrent
29-07-2017 13:19:02 Revo Uninstaller’s restore point - µTorrent
29-07-2017 14:00:04 Revo Uninstaller’s restore point - Bitdefender Agent
29-07-2017 14:00:38 Revo Uninstaller’s restore point - Bitdefender Antivirus Free
29-07-2017 14:02:08 Revo Uninstaller’s restore point - Bitdefender Agent
29-07-2017 15:40:54 CheckIfInstallerIsBusy
29-07-2017 15:41:05 Windows Live Essentials
29-07-2017 15:41:22 Installed DirectX
29-07-2017 15:41:35 Installed DirectX
29-07-2017 15:42:05 WLSetup
29-07-2017 16:26:33 Made by Regsofts
29-07-2017 16:28:23 Made by Regsofts
29-07-2017 16:30:12 Made by Regsofts
31-07-2017 14:29:07 Installed Microsoft Fix it 50692
31-07-2017 16:42:47 Revo Uninstaller’s restore point - CCleaner
31-07-2017 16:43:39 Revo Uninstaller’s restore point - Malwarebytes version 3.1.2.1733
31-07-2017 16:44:42 Revo Uninstaller’s restore point - SUPERAntiSpyware
31-07-2017 16:45:48 Revo Uninstaller’s restore point - MSXML 4.0 SP2 (KB954430)
31-07-2017 16:58:33 Installed Microsoft Fix it 50692
01-08-2017 18:27:15 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (07/31/2017 05:25:23 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Delboy-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/31/2017 04:58:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (07/31/2017 04:45:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (07/31/2017 04:42:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {96329254-25ff-4ea6-adab-d45f6ca2aaf1}

Error: (07/31/2017 02:44:36 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Delboy-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/31/2017 02:33:58 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Delboy-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/30/2017 01:33:31 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Click-2-Run package registration failure.

Error: (07/30/2017 01:33:31 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=DF0}
The Application Virtualization Client could not connect to stream URL ’ http://c2r.microsoft.com/ConsumerC2R....7187.5000.sft ’ (rc 16D1160A-0000E028, original rc 16D1160A-0000E028).

Error: (07/30/2017 01:33:04 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (07/30/2017 01:09:21 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: Event-ID 0
[HEADING=1]System errors:[/HEADING]
Error: (07/31/2017 04:29:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/31/2017 02:36:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/31/2017 12:12:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
MpFilter

Error: (07/31/2017 12:11:51 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604 = Writeable NCs prevent this DC from demoting..10.209.0%%834 = Writeable NCs prevent this DC from demoting.%%8580 = Writeable NCs prevent this DC from demoting.x80070057The parameter is incorrect. 3

Error: (07/30/2017 02:38:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
MpFilter

Error: (07/30/2017 02:37:58 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604 = Writeable NCs prevent this DC from demoting..10.209.0%%834 = Writeable NCs prevent this DC from demoting.%%8580 = Writeable NCs prevent this DC from demoting.x80070057The parameter is incorrect. 3

Error: (07/30/2017 02:35:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
MpFilter

Error: (07/30/2017 02:35:39 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604 = Writeable NCs prevent this DC from demoting..10.209.0%%834 = Writeable NCs prevent this DC from demoting.%%8580 = Writeable NCs prevent this DC from demoting.x80070057The parameter is incorrect. 3

Error: (07/30/2017 02:28:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
MpFilter

Error: (07/30/2017 02:28:01 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604 = Writeable NCs prevent this DC from demoting..10.209.0%%834 = Writeable NCs prevent this DC from demoting.%%8580 = Writeable NCs prevent this DC from demoting.x80070057The parameter is incorrect. 3
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2017-05-25 16:35:53.372
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:35:53.276
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:34:13.128
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:34:13.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:33:40.671
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:33:40.598
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:33:07.452
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:33:07.371
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:32:28.062
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:32:27.993
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 39%
Total physical RAM: 3063.07 MB
Available physical RAM: 1852.57 MB
Total Virtual: 6124.33 MB
Available Virtual: 4826.97 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:290.45 GB) (Free:242.55 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.62 GB) (Free:286.91 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E61AB66B)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hello caskin, thank you for your logs, whilst I review them please scan your PC with Junkware Removal Tool, the instructions follow.

Your machine shows evidence of Utorrent and Bittorrent, these P2P programs have been notorious for allowing malware to infiltrate PCs and cause all sorts of problems. Much has been written about the dangers of P2P and we strongly recommend you avoid these programs at all costs. We also recommend you remove these programs and associated files. It’s your call but if you choose not to we will have to insist you at least not use them whilst your computer is being cleaned.

You should also install a reputable antivirus on your PC, there are a number of excellent free offerings available including
Avast HERE
Avira HERE
360 Total Security HERE

We now need to run Junkware Removal Tool (JRT) on your computer, please go HERE and download it to your DESKTOP.
Before running JRT ensure your antivirus, and any other security software is disabled, if you are unsure how to do this please ask. Also close browsers and other applications before running this tool.
Should you receive any User Account Control (UAC) alert warning when starting JRT you can safely allow it.

Right click the JRT desktop icon [MEDIA=imgur]fam7djI[/MEDIA] and select “run as administrator” from the menu, for XP users just double click the icon. JRT will open with a simple interface, and ask to press any keyboard key to continue. Please do so.

[MEDIA=imgur]B7AebVQ[/MEDIA]

Depending on the amount of data on your computer JRT may take some time to complete the scan. When JRT finishes a .txt file will be saved and displayed on your desktop, please COPY and PASTE the contents of this file in your next post:slight_smile:

Apologies over P2P programmes,have to say did use for a short period but was again under impression all remnants of U2 and bit torrent had been removed???/NO chance of being used again as no longer interested..assume any P2P “files” left over will be cleared with Junk removal tool.?
I used to run Avast but removed it for the checks you asked earlier when trying to instal MSE? So if OK will reinstall after carrying out junk removal programme?
To my knowledge only “security” programmes running are UAC and Win 7 Defender???/ Do I need to disablle before using JRT these if so how please?

Took a chance that no Av was running and have uploaded JRT txt file…can you advise if OK?Thanks,or another run of JRT required?

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Delboy (Administrator) on 03/08/2017 at 13:56:03.43
Scan was completed on 03/08/2017 at 13:57:00.21
End of JRT log

Since uploading JRT log have installed 360 total security.Avast once agin would NOT install,but 360 appears on the face of it to be more up market?

Hi caskin, you did run JRT correctly thank you, and it’s good you now have a resident AntiVirus in place:thumbsup:

Please follow the instructions below and run the FRST fix.

Please left click a blank spot on your desktop, select “New” on the opening menu, then select “Text Document” from the sub menu.

[MEDIA=imgur]EsERhns[/MEDIA]

A new file will be created on your desktop called “New Text Document. txt” Right click this new file and choose “Rename” from the menu. Rename the file “fixlist.txt”

[MEDIA=imgur]UDzLIk3[/MEDIA]

Now go to the Quote box in this post and copy the contents of it to your clipboard. Open your new fixlist.txt file by double left clicking on it and paste the copied quote box contents into the file and save it.
Start
CreateRestorepoint:
CloseProcesses:
HKU\S-1-5-21-1185751014-4152620646-720881419-1000...\Run: [BingSvc] => C:\Users\Delboy\AppData\Local\Microsoft\BingSvc\Bi ngSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKLM...\Run: [ALU] => C:\Program Files\Acer\Acer Updater\ALU.exe [2419104 2016-06-06] (Acer Incorporated)SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1185751014-4152620646-720881419-1000 → DefaultScope {93BCD679-4F15-480F-8D94-BAE116E88A03} URL =
Toolbar: HKU\S-1-5-21-1185751014-4152620646-720881419-1000 → No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/launch.ocx
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-27] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-31] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-31] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-25] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-05-31] (Malwarebytes)
FF Plugin-x32: @microsoft.com/GENUINE → disabled [No File]
ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
ShellIconOverlayIdentifiers: [00avg] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
ContextMenuHandlers1: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => → No File
ContextMenuHandlers2: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => → No File
ContextMenuHandlers4: [EPP] → {09A47860-11B0-4DA5-AFA5-26D86198A780} => → No File
Task: {5262A46D-32DB-4097-805D-2A1DD16F5C56} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2016-06-08] (Acer Incorporated)
Task: {562D82D7-C576-4B42-A0BA-8FCEA33F62DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {6845992F-A4EC-4B76-86FC-DE973A21535B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {AFEC12D5-5FBA-4599-9138-FC2AA8A094AC} - System32\Tasks\SSBkgdUpdate => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”
MSCONFIG\startupreg: AvgUi => “C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe” /lps=fmw
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: uTorrent => “C:\Users\Delboy\AppData\Roaming\uTorrent\updates\ 3.5.0_43916.exe” /MINIMIZED
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
FirewallRules: [{8C0A0EB0-A4C6-41B0-9D47-6712EDC45370}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{91CA7837-0B0F-4F2D-9A7F-863E0BE08C38}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{97ADBBA9-6F8A-4715-ADE6-6DE20A47EE71}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{AE0764B0-C29C-413D-89FB-6C8306DF1A74}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{58761677-7E1A-4DC0-9484-F15C620B7F28}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [{5C5D9470-92A4-4F0A-82F1-ECAD34811E39}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent. exe
FirewallRules: [TCP Query User{C5FB0EA6-F5C8-4F32-9C32-1E406DA62D9D}C:\users\delboy\appdata\roaming\utorr ent\updates\3.5.0_43916.exe] => (Allow) C:\users\delboy\appdata\roaming\utorrent\updates\3 .5.0_43916.exe
FirewallRules: [UDP Query User{F66F7BFF-ED1A-4E69-A25E-953E33A4EE61}C:\users\delboy\appdata\roaming\utorr ent\updates\3.5.0_43916.exe] => (Allow) C:\users\delboy\appdata\roaming\utorrent\updates\3 .5.0_43916.exe
FirewallRules: [{95FBB107-F53D-41FD-9678-FBA62EFE5A92}] => (Allow) LPort=2869
FirewallRules: [{47F84E54-5E3A-4E79-91A9-21DFA65ED28D}] => (Allow) LPort=1900
C:\Users\Delboy\AppData\Local\Microsoft\BingSvc\Bi ngSvc.exe
C:\Users\Delboy\AppData\Roaming\BitTorrent
C:\Users\Delboy\AppData\LocalLow\uTorrent
C:\Users\Delboy\AppData\Roaming\uTorrent
C:\Users\Delboy\AppData\Local\Avg
C:\Windows\system32\drivers\mbae64.sys
C:\Windows\system32\drivers\MBAMChameleon.sys
C:\Windows\system32\drivers\farflt.sys
C:\Windows\system32\drivers\mbam.sys
C:\Windows\System32\drivers\MBAMSwissArmy.sys
C:\Windows\system32\drivers\mwac.sys
C:\Program Files\SUPERAntiSpyware
C:\Program Files (x86)\AVG
C:\PROGRAM FILES\MALWAREBYTES
C:\ProgramData\Avg
C:\Program Files (x86)\Free Window Registry Repair
C:\ProgramData\SecuritySuite
C:\Users\Delboy\AppData\Local\AVG Netherlands BV
C:\Windows\system32\Drivers\atc.sys
C:\Windows\system32\Drivers\edrsensor.sys
C:\Windows\system32\Drivers\avc3.sys
C:\Users\Delboy\AppData\Roaming\PCProtect
C:\Users\Delboy\AppData\Roaming\ParetoLogic
C:\ProgramData\ParetoLogic
C:\ProgramData\AVAST Software
C:\SUPERDelete
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
CMD: netsh advfirewall set all ptofiles state on
Hosts:
Emptytemp:
Reboot:
End

To run the fix right click the FRST icon and choose “Run as Administrator” then click on “Fix”

Please note for the fix to work the Fixlist.txt file and FRST program will have to be in the same location.

[MEDIA=imgur]cp0349X[/MEDIA]

Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the “Fixlist.txt” you created will be renamed “Fixlog.txt”

Please COPY and PASTE the contents of this new file in your next post:slight_smile:

Please note this fixlist was made for this users machine only and the use of it on another machine may render the operating system permanently damaged.

Slight snag…opened new folder as requested and renamed as fixlist.txt.
however apparently Win 7 does not have the old ME style clip board,and is not readily available?
In an attempt to get around this I pasted contents into note pad,and then into new fixlst.txt folder
I placed FRST program in the fixlist.exe folder which held pasted contents from your quote,…but unable to get programme to run…what am I doing wrong now???Thanks for patience.