Screen freeze within 2/3 minutes of Pc switched on.

Think you are confusing folders and files? Its a new FILE we want, as per instructions, called fixlist.txt, and it has to be in the same location as FRST.

Try this way then.

Please left click on the attached Fixlist.txt file at the bottom of this post. On the dialogue box that opens click “Save File” and then “OK”

[MEDIA=imgur]vzol8OV[/MEDIA]

Select a location then save the file. IMPORTANT the fixlist.txt file must be in the same location as the FRST program otherwise the fix will not work.

[MEDIA=imgur]pjsQ8XB[/MEDIA]

To run the fix right click the FRST program icon and choose “Run as Administrator” then click on “Fix”

[MEDIA=imgur]cp0349X[/MEDIA]

Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the “Fixlist.txt” file you created will be renamed “Fixlog.txt”

Please COPY and PASTE the contents of this new file in your next post:slight_smile:

OK everything you have advised seems straight forward,I have FRST(64)on my desk top.I also saved fixlist.exe (from your reply) to desk top.I ran FRST as admin,clicked fix,same result unable to find fixlist.exe file..

On descktop I Checked properties of both FRST(64) and that of fixlist.exe file,FRST(64) was in downloads, where as fixlist.exe text file was in desktop/…so went to downloads where both FRST(64) and fixlist were in fact situated and properties of both confirmed this, thought I had cracked it,but again FRST(64) could not find fixlist??

Im not normally this stupid,so what is it Im missing???/

Hi caskin, for frst fix to work both the frst program and the fixlist.txt file must be in the same location (folder)

It is my fault I’m sorry, delete the fixlist.exe file I posted previously and try this one. This one doesn’t have a typo in the name.

NO blame placed,but relieved as I thought I was just not getting it.Anyway all OK now and log atached,look forward to hearing outcome and to see if we can get MSE installed Thanks Derek

Hi caskin, thank you for your fixlog

Can you please advise what version of Malwarebytes you had installed and if it was the free or paid for version? It doesn’t show in your list of installed programs but there’s bit of it we need to remove.

I did have FREE MALWAREBYTES installed,but when you requested removal of all antivirus/malware etc at the beginning of the chase,it was removed I used Revouninstaller, so again assummed all traces had been removed???

Unfortunately there are leftovers of Malwarebytes. Can you please reinstall the free version of Malwarebytes which you can use as a second opinion scanner when required.

A deal of stuff has been removed but can you please scan with ZHPdiag and lets see what’s left.

Please go HERE and click the

[MEDIA=imgur]fQO1SSi[/MEDIA] link (French for Download) and save it to your desktop.

Once saved to your desktop left click the new icon [MEDIA=imgur]Eu7NnVQ[/MEDIA] and choose “Run as administrator”

Accept any security warnings that may pop up.

Then select
[ol]
[li]Options[/li][li]Check all[/li][li]Validate[/li][li]Close[/li][/ol]
[MEDIA=imgur]693KFMT[/MEDIA]

Next select Scanner from the main interface.

[MEDIA=imgur]0DVeOof[/MEDIA]

Depending on the amount of data on your PC it may take a little time to complete. Once it finishes then click the Report tab as shown above and a notepad file will open with your report file.

Please COPY and PASTE the contents of the notepad file with your next post:slight_smile:

OK Freemalwarebytes reinstalled,placed in selective start so only available if required.
carried out scan as requested: log attached.

Hi caskin, hopefully getting to the pointy end here soon, ZHP has picked up some stuff we need to move. Please follow the instructions below.

Please go HERE and click the blue [MEDIA=imgur]fQO1SSi[/MEDIA] link (French for download) and save the file to your desktop.

Please note is it important to disable your antivirus before running this tool. If you are uncertain how to do this please ask?

Right click the desktop icon [MEDIA=imgur]h5QXsXi[/MEDIA] and choose “Run as Administrator”. You can safely ignore any security warnings when running this tool.

On the main interface select IMPORT

[MEDIA=imgur]I3yMa37[/MEDIA]

If a box appears similar to that below, click OK or just X out of it.

[MEDIA=imgur]v6smBPj[/MEDIA]

Copy the entire contents of the box below
Script Zhpfix
HKLM\SOFTWARE\Wow6432Node\ParetoLogic
HKLM\SOFTWARE\Wow6432Node\SlimWare Utilities Inc
HKCU\SOFTWARE\IM
HKCU\SOFTWARE\ParetoLogic
HKCU\SOFTWARE\SlimWare Utilities Inc
HKLM\SOFTWARE\Wow6432Node\AVG =>.AVG Software
HKLM\SOFTWARE\Wow6432Node\AVG Netherlands B.V =>.AVG Netherlands B.V
HKLM\SOFTWARE\Wow6432Node\AVG Netherlands BV =>.AVG Software
HKLM\SOFTWARE\Wow6432Node\AVG Tuneup =>.AVG Software
HKLM\SOFTWARE\Wow6432Node\AVG Web TuneUp =>.AVG Web TuneUp
HKCU\SOFTWARE\AVG =>.AVG Software
HKCU\SOFTWARE\AVG Netherlands BV =>.AVG Software
HKCU\SOFTWARE\AVG Web TuneUp =>.AVG Web TuneUp
O43 - CFD: 25/05/2017 - D – C:\ProgramData\AVG Netherlands B.V =>.AVG Netherlands B.V
O43 - CFD: 03/08/2017 - D – C:\Program Files (x86)\Common Files\AVG Secure Search =>.AVG Secure Search
O43 - CFD: 20/05/2017 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Avg =>.AVG Software
O69 - SBI: prefs.js [Delboy - p6yzmj74.default] user_pref(“browser.search.defaultenginename”, “Search Provided by Bing”);
O69 - SBI: prefs.js [Delboy - p6yzmj74.default] user_pref(“browser.search.selectedEngine”, “Search Provided by Bing”);
HKLM\SOFTWARE\Microsoft\Tracing\Reimage_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\Reimage_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Reimag ePackage_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Reimag ePackage_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Reimag eRepair[1]_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Reimag eRepair[1]_RASMANCS
[HKLM64\SOFTWARE\Microsoft\Tracing\Reimage_RASAPI32]
[HKLM64\SOFTWARE\Microsoft\Tracing\Reimage_RASMANCS]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Reimag ePackage_RASAPI32]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Reimag ePackage_RASMANCS]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Reimag eRepair[1]_RASAPI32]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Reimag eRepair[1]_RASMANCS]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\1916A2AF346D399F50313C393200F1414 0456616]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\2A83E9020591A55FC6DDAD3FB102794C5 2B24E70]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA02641 6EB2216]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C7 5DA39D6]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EA B71A4EB]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\3A850044D8A195CD401A680C012CB0A3B 5F8DC08]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F3 8777AF4]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\43D9BCB568E039D073A74A71D8511F747 6089CC3]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\471C949A8143DB5AD5CDF1C972864A250 4FA23C9]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC9 3EE7B74]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F 946E179]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29 CD4151A]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1 C52EAC6]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76 BDB77D0]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\6431723036FD26DEA502792FA59592249 3030F97]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD7 8375931]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\80962AE4D6C5B442894E95A13E4A699E0 7D694CF]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\86E817C81A5CA672FE000F36F878C1951 8D6F844]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D1 97730AB]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\9845A431D51959CAF225322B4A4FE9F22 3CE6D15]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\B533345D06F64516403C00DA03187D3BF EF59156]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\B86E791620F759F17B8D25E38CA8BE32E 7D5EAC2]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8 167478C]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\CEA586B2CE593EC7D939898337C578147 08AB2BE]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\D018B62DC518907247DF50925BB09ACF4 A5CB3AD]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\F8A54E03AADC5692B850496A4C4630FFE AA29D83]
[HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D 74DEE97]
EmptyPrefetch
ShortcutFix
Emptytemp
EmptyClsid

And paste it into the blank ZHP Fix interface screen, then click GO.

[MEDIA=imgur]CiyzY6j[/MEDIA]

Accept the cleaning process by clicking “Oui” (yes)



The cleanup will run and will again ask for permission to complete, again select “Oui”.

At the conclusion of cleaning a file notepad will open and be saved to your desktop. Please Copy and Paste the contents of this file in your next reply

Rapport de ZHPFix 2017.06.13.1 par Nicolas Coolman, Update du 13/06/2017
Fichier d’export Registre :
Run by Delboy at 09/08/2017 12:15:46
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (Canceled by user)

========== Registry keys ==========
REMOVES:³ HKLM\SOFTWARE\Wow6432Node\ParetoLogic
REMOVES:³ HKLM\SOFTWARE\Wow6432Node\SlimWare Utilities Inc
REMOVES: HKCU\SOFTWARE\IM
REMOVES: HKCU\SOFTWARE\ParetoLogic
REMOVES: HKCU\SOFTWARE\SlimWare Utilities Inc
REMOVES:³ HKLM\SOFTWARE\Wow6432Node\AVG

========== Summary ==========
6 : Registry keys

End of clean in 00mn 06s

========== Path to file report ==========
C:\Users\Delboy\AppData\Roaming\ZHP\ZHPFix[R1].txt - 09/08/2017 12:15:52 [711]

Rapport de ZHPFix 2017.06.13.1 par Nicolas Coolman, Update du 13/06/2017
Fichier d’export Registre :
Run by Delboy at 09/08/2017 12:25:55
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (Canceled by user)
Prefetcher emptied
Repair of browser shortcuts

========== Registry keys ==========
REMOVES: HKLM\SOFTWARE\Wow6432Node\ParetoLogic
REMOVES: HKLM\SOFTWARE\Wow6432Node\SlimWare Utilities Inc
REMOVES: HKLM\SOFTWARE\Wow6432Node\AVG
REMOVES: HKLM\SOFTWARE\Wow6432Node\AVG Netherlands B.V
REMOVES: HKLM\SOFTWARE\Wow6432Node\AVG Netherlands BV
REMOVES: HKLM\SOFTWARE\Wow6432Node\AVG Tuneup
REMOVES: HKLM\SOFTWARE\Wow6432Node\AVG Web TuneUp
REMOVES: HKCU\SOFTWARE\AVG
REMOVES: HKCU\SOFTWARE\AVG Netherlands BV
REMOVES: HKCU\SOFTWARE\AVG Web TuneUp
REMOVES:* HKLM\SOFTWARE\Microsoft\Tracing\Reimage_RASAPI32
REMOVES:* HKLM\SOFTWARE\Microsoft\Tracing\Reimage_RASMANCS
REMOVES: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Reimag ePackage_RASAPI32
REMOVES: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Reimag ePackage_RASMANCS
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\1916A2AF346D399F50313C393200F1414 0456616
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\2A83E9020591A55FC6DDAD3FB102794C5 2B24E70
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA02641 6EB2216
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C7 5DA39D6
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EA B71A4EB
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\3A850044D8A195CD401A680C012CB0A3B 5F8DC08
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F3 8777AF4
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\43D9BCB568E039D073A74A71D8511F747 6089CC3
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\471C949A8143DB5AD5CDF1C972864A250 4FA23C9
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC9 3EE7B74
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F 946E179
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29 CD4151A
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1 C52EAC6
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76 BDB77D0
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\6431723036FD26DEA502792FA59592249 3030F97
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD7 8375931
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\80962AE4D6C5B442894E95A13E4A699E0 7D694CF
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\86E817C81A5CA672FE000F36F878C1951 8D6F844
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D1 97730AB
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\9845A431D51959CAF225322B4A4FE9F22 3CE6D15
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\B533345D06F64516403C00DA03187D3BF EF59156
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\B86E791620F759F17B8D25E38CA8BE32E 7D5EAC2
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8 167478C
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\CEA586B2CE593EC7D939898337C578147 08AB2BE
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\D018B62DC518907247DF50925BB09ACF4 A5CB3AD
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\F8A54E03AADC5692B850496A4C4630FFE AA29D83
REMOVES: HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D 74DEE97

========== Preferences browser ==========
REMOVES Mozilla Pref: user_pref(“browser.search.defaultenginename”, “Search Provided by Bing”);
REMOVES Mozilla Pref: user_pref(“browser.search.selectedEngine”, “Search Provided by Bing”);

========== Folders ==========
REMOVES: C:\Users\Delboy\AppData\Local{157F183A-FB4F-4C49-9D6D-2172F417C77C}
REMOVES: C:\Users\Delboy\AppData\Local{203D0009-B444-42D2-B2CE-4B03D9B9CC86}
REMOVES: C:\Users\Delboy\AppData\Local{2FC6B012-650D-4764-82A6-3F6F8EFF1B08}
REMOVES: C:\Users\Delboy\AppData\Local{38CD9BF7-2C53-4BB5-9F2B-6FD9B357DE6B}
REMOVES: C:\Users\Delboy\AppData\Local{3C26C7A1-A5D6-4AB0-B38B-152BC99D7BBE}
REMOVES: C:\Users\Delboy\AppData\Local{4435235F-9A9B-46FB-B578-F9A3D7E906A5}
REMOVES: C:\Users\Delboy\AppData\Local{46B69F81-58DF-40D8-B26C-CCE58A547756}
REMOVES: C:\Users\Delboy\AppData\Local{481E2647-1968-4F8C-956A-FE2DFC8491BD}
REMOVES: C:\Users\Delboy\AppData\Local{50B47879-0AA3-4281-A576-C7114CBD6EF9}
REMOVES: C:\Users\Delboy\AppData\Local{564C3748-C32D-4A27-920A-AD814BE14188}
REMOVES: C:\Users\Delboy\AppData\Local{5B564F63-EC12-4986-9956-53EFBB108F04}
REMOVES: C:\Users\Delboy\AppData\Local{690241A8-6B2F-46F3-BA04-45CA59C8A51A}
REMOVES: C:\Users\Delboy\AppData\Local{828FF571-096F-44CF-B5E1-238621FE07F1}
REMOVES: C:\Users\Delboy\AppData\Local{986210D7-5B7D-4524-BFB2-50729FCAD4B6}
REMOVES: C:\Users\Delboy\AppData\Local{AA7B774A-9F07-47B6-8267-8D0D44075BDA}
REMOVES: C:\Users\Delboy\AppData\Local{B17264C5-D8BC-4EB9-B88A-2D281FB1420C}
REMOVES: C:\Users\Delboy\AppData\Local{B7D4B6D5-E219-4944-A2E7-5F16D8481AFF}
REMOVES: C:\Users\Delboy\AppData\Local{BA8D4D59-0575-49E6-A97D-72986EF31174}
REMOVES: C:\Users\Delboy\AppData\Local{C024BEAB-7F02-45BD-B8D6-4A56D7371E16}
REMOVES: C:\Users\Delboy\AppData\Local{C9533385-5B82-4D82-96EF-2979C488E83D}
REMOVES: C:\Users\Delboy\AppData\Local{D273A761-14DB-4353-B67F-7D3F93D65307}
REMOVES: C:\Users\Delboy\AppData\Local{DB5657FF-35BA-4E67-9F8E-C152EAE093C8}
REMOVES: C:\Users\Delboy\AppData\Local{E1A31572-9A1D-443E-9ED8-855F2FD20422}
REMOVES: C:\Users\Delboy\AppData\Local{E5B8214A-00F5-49D1-8F07-A66DE9A67743}
REMOVES: C:\Users\Delboy\AppData\Local{EB2EF882-FD74-483E-BDE5-2E0678CBE51D}
REMOVES: C:\Users\Delboy\AppData\Local{EF858009-791D-4A76-9D37-5463F7D097A9}
REMOVES: C:\Users\Delboy\AppData\Local{F383059D-95F6-4EF1-A15D-BB9C47DAEE95}

========== Files ==========
Deletes temporary Windows (41) (12,987,661 octets)

========== Other ==========
NON-TREATY [HKLM64\SOFTWARE\Microsoft\Tracing\Reimage_RASAPI32]
NON-TREATY [HKLM64\SOFTWARE\Microsoft\Tracing\Reimage_RASMANCS]

========== Summary ==========
41 : Registry keys
27 : Folders
1 : Files
2 : Preferences browser
2 : Other

End of clean in 00mn 53s

========== Path to file report ==========
C:\Users\Delboy\AppData\Roaming\ZHP\ZHPFix[R1].txt - 09/08/2017 11:15:52 [791]
C:\Users\Delboy\AppData\Roaming\ZHP\ZHPFix[R2].txt - 09/08/2017 12:26:05 [7216]

Hi caskin, Can you tell me if your PC is still crashing please?

For a final look before we clean up can you supply another FRST and addition logs please. The instructions are in post 23 of this thread. Please COPY AND PASTE the logs

Up until this moment the Pc had been totally stable with no porblems whatsoever,how ever when I accessed your page a friendly blue screen appeared,this disappeared t and Pc restarted on its own! Log attached I hope as required,

Hi caskin. Please COPY and PASTE, NOT ATTACH both the frst and addition logs.

Since reinstalling Freemalwarebytes,have started getting blue screens and my first freeze since we started??
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2017
Ran by Delboy (administrator) on DELBOY-PC (10-08-2017 20:30:26)
Running from C:\Users\Delboy\Documents
Loaded Profiles: Delboy (Available Profiles: Delboy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\as pnet_state.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Canon Inc.) C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [335360 2012-08-08] (LITE-ON TECHNOLOGY CORP.)
HKLM-x32...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [2154592 2017-07-31] (QIHU 360 SOFTWARE CO. LIMITED)
HKU\S-1-5-21-1185751014-4152620646-720881419-1000\Control Panel\Desktop\SCRNSAVE.EXE → C:\Windows\System32\Acer.scr [456224 2010-07-29] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip..\Interfaces{0050B548-63D8-4728-A5C1-B7FFC91EFAB9}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip..\Interfaces{87461323-90C4-4CD1-8B91-D88CA5117579}: [DhcpNameServer] 194.168.4.100 194.168.8.100
[HEADING=1]Internet Explorer:[/HEADING]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1185751014-4152620646-720881419-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-1185751014-4152620646-720881419-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://bing.com/
SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1185751014-4152620646-720881419-1000 → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: SafeMon Class → {B69F34DD-F0F9-42DC-9EDD-957187DA688D} → C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2017-07-26] (Qihu 360 Software Co., Ltd.)
BHO-x32: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: SafeMon Class → {B69F34DD-F0F9-42DC-9EDD-957187DA688D} → C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2017-07-26] (Qihu 360 Software Co., Ltd.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: p6yzmj74.default
FF ProfilePath: C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Pr ofiles\p6yzmj74.default [2017-08-10]
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\p6yzmj74.default → Bing
FF Homepage: Mozilla\Firefox\Profiles\p6yzmj74.default → hxxp://www.bing.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\p6yzmj74.default → user_pref(“keyword.URL”, true);
FF Extension: (True Key™ by Intel Security) - C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Pr ofiles\p6yzmj74.default\Extensions@true-key.xpi [2017-07-25]
FF Extension: (Bing Search) - C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Pr ofiles\p6yzmj74.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-07-10]
FF Extension: (Default Manager) - C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Pr ofiles\p6yzmj74.default\Extensions\DefaultManager@ Microsoft [2017-08-05] [not signed]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Pr ofiles\p6yzmj74.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2017-08-04]
FF SearchPlugin: C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Pr ofiles\p6yzmj74.default\searchplugins\bing-.xml [2017-07-10]
FF SearchPlugin: C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Pr ofiles\p6yzmj74.default\searchplugins\search provided by bing.xml [2017-07-24]
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_ 137.dll [2017-07-11] ()
FF Plugin: @garmin.com/GpsControl → C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE → disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_ 137.dll [2017-07-11] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin → C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\npsitesafety.dll [No File]
FF Plugin-x32: @garmin.com/GpsControl → C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR HKLM...\Chrome\Extension: [pmagdleikobihfikldcpmgfjcppcddnf] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
S3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
R2 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [929888 2017-07-26] (QIHU 360 SOFTWARE CO. LIMITED)
S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-13] () [File not signed]
S4 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 NisSrv; “C:\Program Files\Microsoft Security Client\NisSrv.exe”

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 360AvFlt; C:\Windows\SysWOW64\drivers\360AvFlt.sys [86248 2017-07-26] (360.cn)
S3 avgTap; C:\Windows\System32\DRIVERS\avgTap.sys [54888 2016-12-09] (The OpenVPN Project)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-27] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-31] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-31] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-25] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-05-31] (Malwarebytes)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [626792 2000-01-01] (Realtek Semiconductor Corporation )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-10 19:53 - 2017-08-10 19:53 - 000033959 _____ C:\Users\Delboy\Documents\Addition.txt
2017-08-10 19:52 - 2017-08-10 20:30 - 000013384 _____ C:\Users\Delboy\Documents\FRST.txt
2017-08-10 19:51 - 2017-08-10 19:51 - 000000000 ____D C:\Users\Delboy\Documents\FRST-OlderVersion
2017-08-10 19:47 - 2017-08-10 19:47 - 000000000 ____D C:\Users\Delboy\AppData\Local{F1A82A9F-E0C0-4C51-8C71-F623A31D08D2}
2017-08-10 19:46 - 2017-08-10 19:46 - 439433724 _____ C:\Windows\MEMORY.DMP
2017-08-10 19:46 - 2017-08-10 19:46 - 000291176 _____ C:\Windows\Minidump\081017-19500-01.dmp
2017-08-10 19:43 - 2017-08-10 19:43 - 000000000 ____D C:\Users\Delboy\AppData\Local{A688414F-22EE-4B81-BFFA-7217EDF53F2A}
2017-08-09 18:42 - 2017-08-09 18:42 - 000000000 ____D C:\Users\Delboy\AppData\Local{060D7797-B7A8-4F46-80A6-110ACBDA4F71}
2017-08-09 18:41 - 2017-08-09 18:41 - 000058488 _____ C:\Users\Delboy\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-09 18:38 - 2017-08-09 18:38 - 000268392 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-09 12:26 - 2017-08-09 12:26 - 000000000 ____D C:\Users\Delboy\AppData\Local{9ECEFCB0-F516-40DC-9FEF-0C8CDDDA1184}
2017-08-09 12:21 - 2017-08-09 12:21 - 003061760 _____ (Nicolas Coolman) C:\Users\Delboy\Downloads\ZHPFix(2).exe
2017-08-09 11:53 - 2017-08-09 11:53 - 003061760 _____ (Nicolas Coolman) C:\Users\Delboy\Downloads\ZHPFix(1).exe
2017-08-09 11:49 - 2017-08-09 11:49 - 000000000 ____D C:\Users\Delboy\Downloads\Quarantine
2017-08-09 11:48 - 2017-08-09 11:48 - 003061760 _____ (Nicolas Coolman) C:\Users\Delboy\Downloads\ZHPFix.exe
2017-08-09 11:36 - 2017-07-29 15:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-09 11:36 - 2017-07-21 15:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-09 11:36 - 2017-07-21 15:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-09 11:36 - 2017-07-15 19:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-09 11:36 - 2017-07-15 18:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-09 11:36 - 2017-07-14 16:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-09 11:36 - 2017-07-14 16:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-09 11:36 - 2017-07-14 16:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-09 11:36 - 2017-07-14 16:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-09 11:36 - 2017-07-14 16:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-09 11:36 - 2017-07-14 16:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-09 11:36 - 2017-07-14 16:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-09 11:36 - 2017-07-14 15:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-09 11:36 - 2017-07-14 15:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-09 11:36 - 2017-07-14 15:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-09 11:36 - 2017-07-14 07:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-09 11:36 - 2017-07-14 07:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-09 11:36 - 2017-07-14 07:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-09 11:36 - 2017-07-14 07:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-09 11:36 - 2017-07-14 07:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-09 11:36 - 2017-07-14 06:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-09 11:36 - 2017-07-14 06:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-09 11:36 - 2017-07-14 06:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-09 11:36 - 2017-07-14 06:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-09 11:36 - 2017-07-14 05:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-09 11:36 - 2017-07-14 05:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-09 11:36 - 2017-07-14 05:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-09 11:36 - 2017-07-14 03:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-09 11:36 - 2017-07-14 03:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-09 11:36 - 2017-07-14 03:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-09 11:36 - 2017-07-14 03:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-09 11:36 - 2017-07-14 02:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-09 11:36 - 2017-07-14 02:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-09 11:36 - 2017-07-08 16:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-09 11:36 - 2017-07-08 16:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-09 11:36 - 2017-07-07 16:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-09 11:36 - 2017-07-07 16:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-09 11:36 - 2017-07-07 16:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-09 11:36 - 2017-07-07 16:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-09 11:36 - 2017-07-07 16:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-09 11:36 - 2017-07-07 16:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-09 11:36 - 2017-07-07 16:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-09 11:36 - 2017-07-07 16:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-09 11:36 - 2017-07-07 16:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-09 11:36 - 2017-07-07 16:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-09 11:36 - 2017-07-07 16:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-09 11:36 - 2017-07-07 16:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-09 11:36 - 2017-07-07 16:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-09 11:36 - 2017-07-07 16:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-09 11:36 - 2017-07-01 14:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-09 11:36 - 2017-07-01 14:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-09 11:36 - 2017-07-01 14:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-09 11:36 - 2017-07-01 14:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-09 11:36 - 2017-07-01 14:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-09 11:36 - 2017-07-01 14:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-09 11:36 - 2017-07-01 14:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-09 11:36 - 2017-07-01 14:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-09 11:36 - 2017-07-01 14:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-09 11:36 - 2017-07-01 14:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-09 11:36 - 2017-07-01 14:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-09 11:36 - 2017-07-01 14:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-09 11:35 - 2017-07-21 15:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-09 11:35 - 2017-07-21 15:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-09 11:35 - 2017-07-14 16:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-09 11:35 - 2017-07-14 16:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-09 11:35 - 2017-07-14 16:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-09 11:35 - 2017-07-14 16:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-09 11:35 - 2017-07-14 16:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-09 11:35 - 2017-07-14 16:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-09 11:35 - 2017-07-14 16:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-09 11:35 - 2017-07-14 16:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-09 11:35 - 2017-07-14 16:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-09 11:35 - 2017-07-14 16:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-09 11:35 - 2017-07-14 16:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-09 11:35 - 2017-07-14 16:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-09 11:35 - 2017-07-14 16:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-09 11:35 - 2017-07-14 16:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-09 11:35 - 2017-07-14 16:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-09 11:35 - 2017-07-14 16:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-09 11:35 - 2017-07-14 16:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-09 11:35 - 2017-07-14 16:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-09 11:35 - 2017-07-14 16:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-09 11:35 - 2017-07-14 16:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-09 11:35 - 2017-07-14 15:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-09 11:35 - 2017-07-14 15:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-09 11:35 - 2017-07-14 08:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-09 11:35 - 2017-07-14 08:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-09 11:35 - 2017-07-14 07:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-09 11:35 - 2017-07-14 07:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-09 11:35 - 2017-07-14 07:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-09 11:35 - 2017-07-14 07:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-09 11:35 - 2017-07-14 07:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-09 11:35 - 2017-07-14 07:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-09 11:35 - 2017-07-14 07:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-09 11:35 - 2017-07-14 07:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-09 11:35 - 2017-07-14 07:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-09 11:35 - 2017-07-14 07:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-09 11:35 - 2017-07-14 07:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-09 11:35 - 2017-07-14 06:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-09 11:35 - 2017-07-14 06:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-09 11:35 - 2017-07-14 06:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-09 11:35 - 2017-07-14 06:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-09 11:35 - 2017-07-14 06:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-09 11:35 - 2017-07-14 06:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-09 11:35 - 2017-07-14 06:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-09 11:35 - 2017-07-14 06:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-09 11:35 - 2017-07-14 06:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-09 11:35 - 2017-07-14 04:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-09 11:35 - 2017-07-14 04:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-09 11:35 - 2017-07-14 03:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-09 11:35 - 2017-07-14 03:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-09 11:35 - 2017-07-14 03:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-09 11:35 - 2017-07-14 03:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-09 11:35 - 2017-07-14 03:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-09 11:35 - 2017-07-14 03:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-09 11:35 - 2017-07-14 03:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-09 11:35 - 2017-07-14 03:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-09 11:35 - 2017-07-14 03:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-09 11:35 - 2017-07-14 03:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-09 11:35 - 2017-07-14 03:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-09 11:35 - 2017-07-14 03:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-09 11:35 - 2017-07-14 03:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-09 11:35 - 2017-07-14 03:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-09 11:35 - 2017-07-14 03:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-09 11:35 - 2017-07-14 03:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-09 11:35 - 2017-07-14 03:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-09 11:35 - 2017-07-14 03:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-09 11:35 - 2017-07-14 03:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-09 11:35 - 2017-07-14 03:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-09 11:35 - 2017-07-14 03:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-09 11:35 - 2017-07-14 03:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-09 11:35 - 2017-07-14 03:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-09 11:35 - 2017-07-14 02:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-09 11:35 - 2017-07-07 16:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 16:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-09 11:35 - 2017-07-07 16:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-09 11:35 - 2017-07-07 16:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-09 11:35 - 2017-07-07 16:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-09 11:35 - 2017-07-07 15:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-09 11:35 - 2017-07-07 15:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-09 11:35 - 2017-07-07 15:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-09 11:35 - 2017-07-07 15:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-09 11:35 - 2017-07-07 15:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-09 11:35 - 2017-07-07 15:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-09 11:35 - 2017-07-07 15:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-09 11:35 - 2017-07-07 15:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-09 11:35 - 2017-07-07 15:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-09 11:35 - 2017-07-07 15:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-09 11:35 - 2017-07-07 15:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-09 11:35 - 2017-07-07 15:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-09 11:35 - 2017-07-07 15:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-09 11:35 - 2017-07-07 15:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 15:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 15:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 11:35 - 2017-07-07 15:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-08 12:33 - 2017-08-09 12:26 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\ZHP
2017-08-08 12:33 - 2017-08-08 12:37 - 000000000 ____D C:\Users\Delboy\AppData\Local\ZHP
2017-08-08 12:33 - 2017-08-08 12:33 - 002806656 _____ C:\Users\Delboy\Downloads\ZHPDiag3.exe
2017-08-08 12:33 - 2017-08-08 12:33 - 000000826 _____ C:\Users\Delboy\Desktop\ZHPDiag.lnk
2017-08-08 12:22 - 2017-08-08 12:22 - 000001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-08 12:22 - 2017-08-08 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-08 12:22 - 2017-08-08 12:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-08 12:22 - 2017-08-08 12:22 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-08 12:21 - 2017-08-08 12:21 - 064025992 _____ (Malwarebytes ) C:\Users\Delboy\Downloads\mb3-setup-35891.35891-3.1.2.1733-1.0.139-1.0.2060.exe
2017-08-06 17:09 - 2017-08-06 17:11 - 000021246 _____ C:\Users\Delboy\Downloads\Fixlog.txt
2017-08-05 14:40 - 2017-08-05 14:40 - 000000206 _____ C:\Users\Delboy\Desktop\eBay.URL
2017-08-05 12:02 - 2017-08-10 19:51 - 002381824 _____ (Farbar) C:\Users\Delboy\Documents\FRST64.exe
2017-08-03 14:25 - 2017-08-03 14:30 - 000000000 ____D C:\Users\Delboy\AppData\Local\Opera Software
2017-08-03 14:25 - 2017-08-03 14:25 - 000000000 ____D C:\Users\Delboy\Downloads\TS Recommended Apps
2017-08-03 14:25 - 2017-08-03 14:25 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\Opera Software
2017-08-03 14:22 - 2017-08-03 14:22 - 000000000 ____D C:\ProgramData\360Quarant
2017-08-03 14:21 - 2017-08-03 14:21 - 000000000 ____D C:\Windows\Tasks\360Disabled
2017-08-03 14:20 - 2017-08-10 19:57 - 000000000 ____D C:\Users\Delboy\AppData\LocalLow\360WD
2017-08-03 14:20 - 2017-08-04 11:11 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\360safe
2017-08-03 14:20 - 2017-08-03 14:21 - 000000000 ____D C:\ProgramData\360safe
2017-08-03 14:20 - 2017-08-03 14:20 - 000001153 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2017-08-03 14:20 - 2017-08-03 14:20 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\360TotalSecurity
2017-08-03 14:20 - 2017-08-03 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2017-08-03 14:20 - 2017-08-03 14:20 - 000000000 ____D C:\ProgramData\360TotalSecurity
2017-08-03 14:20 - 2017-07-26 11:36 - 000086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2017-08-03 14:19 - 2017-08-03 14:19 - 072408680 _____ C:\Users\Delboy\Downloads\360TS_Setup_9.2.0.1090.e xe
2017-08-03 14:19 - 2017-08-03 14:19 - 000000000 ____D C:\Program Files (x86)\360
2017-08-03 14:08 - 2017-08-03 14:08 - 000000039 _____ C:\Windows\SysWOW64\Stats.ini
2017-08-03 14:05 - 2017-08-03 14:05 - 006948656 _____ (AVAST Software) C:\Users\Delboy\Downloads\avast_free_antivirus_set up_online.exe
2017-08-03 14:05 - 2017-08-03 14:05 - 000000000 ____D C:\Program Files\AVAST Software
2017-08-03 13:52 - 2017-08-03 13:52 - 001790024 _____ (Malwarebytes) C:\Users\Delboy\Downloads\JRT.exe
2017-08-03 13:27 - 2017-08-03 13:27 - 000000000 _____ C:\Users\Delboy\Documents\Nuance Image Printer Writer Port
2017-08-02 11:55 - 2017-08-06 17:09 - 002381312 _____ (Farbar) C:\Users\Delboy\Downloads\FRST64(1).exe
2017-08-02 11:54 - 2017-08-10 20:30 - 000000000 ____D C:\FRST
2017-07-31 17:19 - 2017-07-31 17:19 - 000000000 ____D C:\WINSSLog
2017-07-31 14:29 - 2017-07-31 16:58 - 000002558 _____ C:\FixitRegBackup.reg
2017-07-30 14:19 - 2017-07-30 14:19 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-07-30 13:03 - 2017-07-30 13:08 - 000268188 _____ C:\Windows\ntbtlog.txt
2017-07-29 17:54 - 2017-07-29 17:54 - 000000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2017-07-29 16:13 - 2017-07-29 16:13 - 000805841 _____ C:\Users\Delboy\Downloads\RegpairSetup.exe
2017-07-29 16:07 - 2017-08-07 12:43 - 000000000 ____D C:\Users\Delboy\AppData\Local\Windows Live Writer
2017-07-29 16:07 - 2017-07-31 21:10 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\Windows Live Writer
2017-07-29 15:43 - 2017-07-29 15:43 - 000002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2017-07-29 15:43 - 2017-07-29 15:43 - 000001462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2017-07-29 15:43 - 2017-07-29 15:43 - 000001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2017-07-29 15:43 - 2017-07-29 15:43 - 000001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2017-07-29 15:43 - 2017-07-29 15:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-07-29 15:43 - 2017-07-29 15:43 - 000000000 ____D C:\Windows\en
2017-07-29 15:43 - 2017-07-29 15:43 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-07-29 15:42 - 2017-07-29 15:42 - 000000000 ____D C:\Program Files\Windows Live
2017-07-29 14:47 - 2017-07-29 14:47 - 012231000 _____ (Microsoft Corporation) C:\Users\Delboy\Downloads\mseinstall(1).exe
2017-07-29 14:02 - 2017-07-29 14:02 - 000030354 _____ C:\ProgramData\agent.uninstall.1501333334.bdinstal l.bin
2017-07-29 13:50 - 2017-07-29 13:50 - 000000017 _____ C:\Users\Delboy\AppData\Local\resmon.resmoncfg
2017-07-28 19:58 - 2017-07-28 19:58 - 017816696 _____ (Bitberry Software ) C:\Users\Delboy\Downloads\ffvsetup.exe
2017-07-23 18:41 - 2017-07-23 18:41 - 000030963 _____ C:\ProgramData\agent.update.1500831703.bdinstall.b in
2017-07-23 18:27 - 2017-07-23 18:27 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\QuickScan
2017-07-23 18:25 - 2017-07-23 18:25 - 000047033 _____ C:\ProgramData\agent.1500830750.bdinstall.bin
2017-07-23 13:00 - 2017-05-30 21:45 - 000565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-07-23 12:26 - 2017-07-31 17:25 - 000002150 _____ C:\Windows\epplauncher.mif
2017-07-22 16:47 - 2017-07-22 16:47 - 000000800 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-07-22 16:47 - 2017-07-22 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-07-22 16:47 - 2017-07-22 16:47 - 000000000 ____D C:\Program Files\Speccy
2017-07-17 15:11 - 2015-08-05 18:56 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-07-17 15:11 - 2015-08-05 18:06 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-07-16 16:24 - 2017-06-15 21:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-16 16:24 - 2017-06-12 23:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-16 16:24 - 2017-06-12 23:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-16 16:24 - 2017-06-12 23:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-16 16:24 - 2017-06-12 23:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-16 16:24 - 2017-06-12 23:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-16 16:24 - 2017-06-12 23:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-16 16:24 - 2017-06-10 16:59 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-16 16:24 - 2017-06-10 16:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-16 16:24 - 2017-06-09 16:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-16 16:24 - 2017-06-06 16:30 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-16 16:24 - 2017-06-06 16:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-16 16:24 - 2017-05-30 05:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-16 16:24 - 2017-05-16 16:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-16 16:24 - 2017-05-03 16:34 - 000094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-16 16:24 - 2017-05-03 16:29 - 001206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-16 16:24 - 2017-03-23 03:06 - 001691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-16 16:23 - 2017-06-12 23:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-16 16:23 - 2017-06-12 23:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-16 16:23 - 2017-06-12 23:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-16 16:23 - 2017-06-12 23:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-16 16:23 - 2017-06-12 23:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-16 16:23 - 2017-06-12 23:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-16 16:23 - 2017-06-12 23:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-16 16:23 - 2017-05-30 05:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-16 16:23 - 2017-05-30 05:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-16 16:23 - 2017-05-21 05:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-16 16:23 - 2017-05-21 05:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-16 16:23 - 2017-05-16 16:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-16 16:23 - 2017-05-16 16:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-11 17:28 - 2017-07-11 17:28 - 000003584 _____ C:\Users\Delboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-11 17:25 - 2017-07-11 17:25 - 027323967 _____ (Acresso Software Inc.) C:\Users\Delboy\Downloads\rzdvdcreator.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-10 20:29 - 2017-05-17 17:13 - 000000000 ____D C:\Users\Delboy\AppData\LocalLow\Mozilla
2017-08-10 19:54 - 2009-07-14 05:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-10 19:54 - 2009-07-14 05:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-10 19:46 - 2017-05-23 22:07 - 000000000 ____D C:\Windows\Minidump
2017-08-10 19:46 - 2017-05-15 19:46 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-10 19:46 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-09 18:44 - 2009-07-14 06:13 - 000782744 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-09 18:44 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-08-09 18:42 - 2017-05-17 11:52 - 000000000 ____D C:\Users\Delboy\AppData\Local\Windows Live
2017-08-09 12:34 - 2017-05-15 21:26 - 000000000 ____D C:\Windows\system32\MRT
2017-08-09 12:33 - 2017-05-15 21:26 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-03 14:31 - 2017-05-16 14:51 - 000000000 ____D C:\Program Files (x86)\MSXML 4.0
2017-08-03 14:28 - 2017-06-19 16:42 - 000000000 ____D C:\Users\Delboy\AppData\Local\CrashDumps
2017-08-03 14:28 - 2017-05-18 14:15 - 000003558 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-08-03 14:17 - 2017-06-08 13:12 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-03 14:17 - 2017-05-15 20:52 - 000000000 ____D C:\Users\Delboy\AppData\Local\Google
2017-08-03 14:13 - 2017-05-17 12:58 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-08-03 13:27 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-08-01 20:04 - 2017-05-16 19:30 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\SoftGrid Client
2017-07-31 15:00 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2017-07-29 15:43 - 2017-05-15 19:56 - 000000000 ____D C:\Program Files (x86)\Windows Live
2017-07-29 15:42 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-07-28 20:12 - 2017-06-22 19:41 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\vlc
2017-07-26 16:08 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-23 18:47 - 2017-05-17 17:51 - 000766610 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-23 17:40 - 2017-06-03 14:52 - 000000000 ____D C:\Users\Delboy\AppData\Local\ElevatedDiagnostics
2017-07-22 12:06 - 2017-05-15 20:13 - 000000000 ____D C:\Users\Delboy
2017-07-20 20:05 - 2017-05-15 19:43 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-07-20 19:58 - 2017-06-21 12:59 - 000000000 ____D C:\Windows\system32\DAX2
2017-07-17 15:26 - 2017-07-06 15:13 - 000000000 ____D C:\Users\Delboy\AppData\Roaming{90140011-0066-0409-0000-0000000FF1CE}
2017-07-17 15:26 - 2017-07-06 15:13 - 000000000 ____D C:\ProgramData\Virtualized Applications
2017-07-17 15:26 - 2017-05-16 19:30 - 000000000 ____D C:\Users\Delboy\AppData\Local\SoftGrid Client
2017-07-17 13:18 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-07-17 01:08 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\servicing
2017-07-16 18:33 - 2017-05-17 21:45 - 000000000 ____D C:\Windows\system32\appraiser
2017-07-16 16:26 - 2017-06-23 19:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-11 17:32 - 2010-08-31 11:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-11 17:08 - 2017-06-03 16:51 - 000000000 ____D C:\Users\Delboy\Documents\New folder
2017-07-11 17:03 - 2017-05-16 12:58 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\Nero
2017-07-11 12:37 - 2017-05-23 13:10 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-11 12:37 - 2017-05-23 13:10 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 12:37 - 2017-05-23 13:10 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-11 12:37 - 2010-08-31 12:11 - 000000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2017-07-29 15:15 - 2017-07-29 15:46 - 000000115 _____ () C:\Users\Delboy\AppData\Roaming\LogFile.txt
2017-07-11 17:28 - 2017-07-11 17:28 - 000003584 _____ () C:\Users\Delboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-31 12:15 - 2017-06-22 16:08 - 000023578 _____ () C:\Users\Delboy\AppData\Local\HWVendorDetection.lo g
2017-07-29 13:50 - 2017-07-29 13:50 - 000000017 _____ () C:\Users\Delboy\AppData\Local\resmon.resmoncfg
2017-07-23 18:25 - 2017-07-23 18:25 - 000047033 _____ () C:\ProgramData\agent.1500830750.bdinstall.bin
2017-07-29 14:02 - 2017-07-29 14:02 - 000030354 _____ () C:\ProgramData\agent.uninstall.1501333334.bdinstal l.bin
2017-07-23 18:41 - 2017-07-23 18:41 - 000030963 _____ () C:\ProgramData\agent.update.1500831703.bdinstall.b in
2017-05-15 19:52 - 2017-05-15 19:54 - 000015545 _____ () C:\ProgramData\ArcadeDeluxe4.log
2017-05-25 17:16 - 2017-05-25 17:16 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2010-08-31 11:56 - 2010-03-02 23:59 - 000131984 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-04 19:22
[HEADING=1]==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2017
Ran by Delboy (10-08-2017 20:30:40)
Running from C:\Users\Delboy\Documents
Windows 7 Home Premium Service Pack 1 (X64) (2017-05-15 19:13:39)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-1185751014-4152620646-720881419-500 - Administrator - Disabled)
Delboy (S-1-5-21-1185751014-4152620646-720881419-1000 - Administrator - Enabled) => C:\Users\Delboy
Guest (S-1-5-21-1185751014-4152620646-720881419-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1185751014-4152620646-720881419-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1185751014-4152620646-720881419-1000...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
360 Total Security (HKLM-x32...\360TotalSecurity) (Version: 9.2.0.1090 - 360 Security Center)
Acer Arcade Deluxe (HKLM-x32...{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.) Hidden
Acer Arcade Deluxe (HKLM-x32...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.)
Acer Arcade Movie (HKLM-x32...{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}) (Version: 9.0.6629 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32...{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32...{58F4D244-314F-4D26-B5EF-C28AB32E22CB}is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32...\Acer Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Acer Updater (HKLM-x32...{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3503 - Acer Incorporated)
Acrobat.com (HKLM-x32...{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Advertising Center (HKLM-x32...{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
Airport Mania First Flight (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)
Amazonia (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
ANT Drivers Installer x64 (HKLM...{CC7132C7-8532-4EA7-8E3F-53260C0BE168}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Belarc Advisor 8.5c (HKLM-x32...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Brother MFL-Pro Suite DCP-197C (HKLM-x32...{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Cake Mania (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Canon Camera Access Library (HKLM-x32...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM-x32...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM-x32...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32...\CameraWindowMC) (Version: 6.1.0.7 - )
Canon G.726 WMP-Decoder (HKLM-x32...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
CANON iMAGE GATEWAY Task (HKLM-x32...\CANON iMAGE GATEWAY Task) (Version: 1.1.0.2 - )
Canon Internet Library for ZoomBrowser EX (HKLM-x32...\Canon Internet Library for ZoomBrowser EX) (Version: 1.4.1.3 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32...\MovieEditTask) (Version: 2.2.0.13 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32...\RAW Image Task) (Version: 2.3.0.11 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Utilities EOS Utility (HKLM-x32...\EOS Utility) (Version: 1.0.3.17 - )
Canon Utilities PhotoStitch (HKLM-x32...\PhotoStitch) (Version: 3.1.17.41 - )
Canon Utilities ZoomBrowser EX (HKLM-x32...\ZoomBrowser EX) (Version: 5.6.0.27 - )
D3DX10 (HKLM-x32...{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eBay Worldwide (HKLM-x32...{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elevated Installer (HKLM-x32...{4694981D-8031-4526-90BE-E5F7FB80CBB8}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
eSobi v2 (HKLM-x32...{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) Hidden
eSobi v2 (HKLM-x32...\InstallShield{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
Farm Frenzy 2 (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Galapago (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Garmin Communicator Plugin (HKLM-x32...{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM...{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32...{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32...{A92D383B-FD85-4B9C-A5D9-3647C71E48A1}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32...{D52EDFA2-13A7-4765-8650-4AB30E6DB77F}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (HKLM-x32...{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Hotkey Utility (HKLM-x32...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ieSpell (HKLM-x32...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
ImagXpress (HKLM-x32...{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Junk Mail filter update (HKLM-x32...{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.1.2.1733 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}is1) (Version: 3.1.2.1733 - Malwarebytes)
MediaShow Espresso (HKLM-x32...{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}) (Version: 5.5.1713_26701 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4.6.1 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32...{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32...{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32...{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-GB) (HKLM-x32...\Mozilla Firefox 54.0.1 (x86 en-GB)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32...{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32...{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32...{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32...{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32...{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32...\InstallShield{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
Nero 9 Essentials (HKLM-x32...{0506406d-6ba9-41e4-8a8e-8a6f28709256}) (Version: - Nero AG)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.01 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PaperPort Image Printer 64-bit (HKLM...{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Poker Pop (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.101.714.2016 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32...{46710AEB-ACE9-4386-9DFB-8B65153BFA74}) (Version: 1.00.0168 - )
Revo Uninstaller 2.0.3 (HKLM...{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
ScanSoft PaperPort 11 (HKLM-x32...{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
SHIELD Streaming (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Shredder (HKLM...{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32...{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Speccy (HKLM...\Speccy) (Version: 1.31 - Piriform)
Spin & Win (HKLM-x32...{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
USB Enhanced Performance Keyboard (HKLM...{989DC5D9-A776-430D-9E16-D36E5B81CD86}) (Version: 2.0.1.9 - Lenovo)
VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.6 - VideoLAN)
Welcome Center (HKLM-x32...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Sync (HKLM-x32...{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [SD360] → {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2017-07-26] ()
ContextMenuHandlers4: [SD360] → {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2017-07-26] ()
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [SD360] → {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2017-07-26] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C4741B8-7188-41E4-B99C-1552459D6EF3} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {126D7747-5E63-4450-89AE-AA426416DD89} - System32\Tasks{9B866CA1-A2E6-420F-974C-4318E5F96331} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2011-05-13] (Microsoft Corporation)
Task: {72C52707-58E7-4FC0-9877-80DF94DA2DD0} - \UALU notificatin → No File <==== ATTENTION
Task: {75894266-7812-4A8E-80F0-BE25282FF3BB} - \Adobe Acrobat Update Task → No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Acer Accessory Store.lnk → C:\Program Files\Acer Accessory Store\StartURL.exe () → hxxp://store.acer-euro.com/gb?utm_source=Icon&utm_medium=Icon&utm_campaign=Ac er%2BInternal

==================== Loaded Modules (Whitelisted) ==============

2017-05-15 21:24 - 2016-11-14 12:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-08-03 14:20 - 2017-07-26 11:36 - 000791136 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardP lugin.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.d ll
2017-05-25 16:47 - 2016-11-14 13:30 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-08-03 14:20 - 2017-07-26 11:36 - 000099240 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-08-03 14:20 - 2017-07-26 11:36 - 000499296 _____ () C:\Program Files (x86)\360\Total Security\safemon\wdui2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-08-06 17:10 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1185751014-4152620646-720881419-1000\Control Panel\Desktop\Wallpaper → C:\Users\Delboy\AppData\Roaming\Microsoft\Windows\ Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: ArcadeMovieService => “C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe”
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: GarminExpressTrayApp => “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: IndexSearch => “C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe”
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: MDS_Menu => “C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso” UpdateWithCreateOnce “Software\CyberLink\MediaShow Espresso\5.6”
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: NvBackend => “C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe”
MSCONFIG\startupreg: PaperPort PTD => “C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe”
MSCONFIG\startupreg: SuiteTray => “C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe”

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{14813494-72DE-429B-AF6D-425BAFAD3CCA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{05137F78-C6E0-43A8-BD6A-EB7AE6A99A80}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{0946A475-450E-40DC-81A1-6C33344360F1}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{17CA1B1F-6527-4B19-A4E4-E1EB1C1914DF}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Restore Points =========================

03-08-2017 13:56:06 JRT Pre-Junkware Removal
03-08-2017 14:15:50 Revo Uninstaller’s restore point - µTorrent
03-08-2017 14:17:24 Revo Uninstaller’s restore point - Google Chrome
03-08-2017 14:30:18 Revo Uninstaller’s restore point - Opera Stable 46.0.2597.57
06-08-2017 17:09:32 Restore Point Created by FRST
09-08-2017 12:32:44 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (08/06/2017 05:09:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {35ec5e51-fae3-4c7c-85c5-4c00e7d9689b}

Error: (08/03/2017 05:28:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.1.0.14, time stamp: 0x433d11f9
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0xc0000005
Fault offset: 0x00009966
Faulting process id: 0x774
Faulting application start time: 0x01d30c69dcbad9fe
Faulting application path: C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
Faulting module path: C:\Windows\syswow64\msvcrt.dll
Report Id: d43f8716-7868-11e7-a1ba-4487fcf95f6e

Error: (08/03/2017 02:30:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/03/2017 02:30:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/03/2017 02:30:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswVmm.

System Error:
The system cannot find the file specified.
.

Error: (08/03/2017 02:30:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.
.

Error: (08/03/2017 02:30:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

System Error:
The system cannot find the file specified.
.

Error: (08/03/2017 02:30:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswRvrt.

System Error:
The system cannot find the file specified.
.

Error: (08/03/2017 02:30:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswRdr.

System Error:
The system cannot find the file specified.
.

Error: (08/03/2017 02:30:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.

System Error:
The system cannot find the file specified.
.
[HEADING=1]System errors:[/HEADING]
Error: (08/10/2017 07:46:31 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000967, 0x0000000000000006, 0x0000000000000000, 0xfffff8800f3e1881). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081017-19500-01.

Error: (08/10/2017 07:46:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 19:45:00 on ‎10/‎08/‎2017 was unexpected.

Error: (08/06/2017 05:09:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).

Error: (08/06/2017 05:09:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/06/2017 05:09:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/06/2017 05:09:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Network Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/06/2017 05:09:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).

Error: (08/06/2017 05:09:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).

Error: (08/06/2017 05:09:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/06/2017 05:09:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2017-05-25 16:35:53.372
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:35:53.276
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:34:13.128
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:34:13.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:33:40.671
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:33:40.598
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:33:07.452
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:33:07.371
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:32:28.062
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:32:27.993
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 34%
Total physical RAM: 3063.07 MB
Available physical RAM: 1993.01 MB
Total Virtual: 6124.33 MB
Available Virtual: 4731.97 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:290.45 GB) (Free:243.05 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.62 GB) (Free:286.91 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E61AB66B)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

NOte:Utorrent has been on my system for soem time,inactive but unable to remove even using revouninstaller!