Solved Screen freeze within 2/3 minutes of Pc switched on.

[phillpower2]

Hello Derek,

Autoruns looks ok now but can I ask if you would mind one of our colleagues Mal taking a look at your comp, not for me to say for sure but beings as you may have been left unprotected the malnourished may want to make sure that things are as they should be

 

[caskin]

Hello Derek,

Autoruns looks ok now but can I ask if you would mind one of our colleagues Mal taking a look at your comp, not for me to say for sure but beings as you may have been left unprotected the malnourished may want to make sure that things are as they should be

Hi Phil NOt a problem,how do you want to go about it?:thumbsup:

 

[jmarket]

Let me tag @Malnutrition and @gus to assist you. In the meantime, go ahead and do the following for me.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu.

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please Copy and Paste the contents of these logs in your next post for review by our Security Team

 

[caskin]

Let me tag @Malnutrition and @gus to assist you. In the meantime, go ahead and do the following for me.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu.

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please Copy and Paste the contents of these logs in your next post for review by our Security Team

Copy/paste would not play,so have attempted to upload as file,hope this works and thanks for your work and asistance

Spoiler: FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by Delboy (administrator) on DELBOY-PC (02-08-2017 12:26:49)
Running from C:\Users\Delboy\Downloads
Loaded Profiles: Delboy (Available Profiles: Delboy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(© 2015 Microsoft Corporation) C:\Users\Delboy\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Canon Inc.) C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [335360 2012-08-08] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [ALU] => C:\Program Files\Acer\Acer Updater\ALU.exe [2419104 2016-06-06] (Acer Incorporated)
HKU\S-1-5-21-1185751014-4152620646-720881419-1000\...\Run: [BingSvc] => C:\Users\Delboy\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1185751014-4152620646-720881419-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{0050B548-63D8-4728-A5C1-B7FFC91EFAB9}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{87461323-90C4-4CD1-8B91-D88CA5117579}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1185751014-4152620646-720881419-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-1185751014-4152620646-720881419-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://bing.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1185751014-4152620646-720881419-1000 -> DefaultScope {93BCD679-4F15-480F-8D94-BAE116E88A03} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-1185751014-4152620646-720881419-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/launch.ocx
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: p6yzmj74.default
FF ProfilePath: C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Profiles\p6yzmj74.default [2017-08-02]
FF user.js: detected! => C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Profiles\p6yzmj74.default\user.js [2017-05-29]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\p6yzmj74.default -> Search Provided by Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\p6yzmj74.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\p6yzmj74.default -> Search Provided by Bing
FF Homepage: Mozilla\Firefox\Profiles\p6yzmj74.default -> hxxps://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-5d340a96
FF Keyword.URL: Mozilla\Firefox\Profiles\p6yzmj74.default -> user_pref("keyword.URL", true);
FF Extension: (True Key™ by Intel Security) - C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Profiles\p6yzmj74.default\Extensions\@true-key.xpi [2017-07-25]
FF Extension: (Bing Search) - C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Profiles\p6yzmj74.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-07-10]
FF SearchPlugin: C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Profiles\p6yzmj74.default\searchplugins\bing-.xml [2017-07-10]
FF SearchPlugin: C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Profiles\p6yzmj74.default\searchplugins\search provided by bing.xml [2017-07-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [pmagdleikobihfikldcpmgfjcppcddnf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pmagdleikobihfikldcpmgfjcppcddnf] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
R2 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-13] () [File not signed]
S4 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 avgTap; C:\Windows\System32\DRIVERS\avgTap.sys [54888 2016-12-09] (The OpenVPN Project)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-27] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-31] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-31] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-25] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-05-31] (Malwarebytes)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [626792 2000-01-01] (Realtek Semiconductor Corporation )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-02 12:18 - 2017-08-02 12:18 - 000000000 ____D C:\Users\Delboy\AppData\Local\{E4186705-B3D9-4D9D-807D-ED32683C256A}
2017-08-02 12:08 - 2017-08-02 12:08 - 000000000 ____D C:\Users\Delboy\AppData\Local\{679E915D-E8B0-4B82-9B95-38AB5016E56B}
2017-08-02 12:05 - 2017-08-02 12:05 - 000001138 _____ C:\Users\Delboy\Desktop\FRST64 - Shortcut.lnk
2017-08-02 11:59 - 2017-08-02 12:09 - 000037097 _____ C:\Users\Delboy\Downloads\Addition.txt
2017-08-02 11:58 - 2017-08-02 12:26 - 000013725 _____ C:\Users\Delboy\Downloads\FRST.txt
2017-08-02 11:55 - 2017-08-02 11:55 - 002381312 _____ (Farbar) C:\Users\Delboy\Downloads\FRST64(1).exe
2017-08-02 11:54 - 2017-08-02 12:26 - 000000000 ____D C:\FRST
2017-08-02 11:53 - 2017-08-02 11:53 - 002381312 _____ (Farbar) C:\Users\Delboy\Downloads\FRST64.exe
2017-08-02 11:51 - 2017-08-02 11:51 - 000000000 ____D C:\Users\Delboy\AppData\Local\{6C9B4358-8E19-4D5A-A741-7E2D4DDE8992}
2017-08-02 11:46 - 2017-08-02 11:46 - 000000000 ____D C:\Users\Delboy\AppData\Local\{BEB991C4-6CB0-4C24-8D10-EB17AD2D2483}
2017-08-02 11:23 - 2017-08-02 11:23 - 000000000 ____D C:\Users\Delboy\AppData\Local\{25373FAD-6009-447B-B1EF-8B29797C4DF9}
2017-08-01 20:02 - 2017-08-01 20:02 - 000000000 ____D C:\Users\Delboy\AppData\Local\{9DA37C6B-10FA-4B89-8E05-7B5E9284B253}
2017-08-01 19:39 - 2017-08-01 19:39 - 000000000 ____D C:\Users\Delboy\AppData\Local\{2835B770-1688-4DAF-A651-3E9D7B2B0758}
2017-08-01 18:23 - 2017-08-01 18:23 - 000000000 ____D C:\Users\Delboy\AppData\Local\{9A3D9B94-C9D9-4E27-98A7-7903C2B9AF72}
2017-07-31 21:14 - 2017-07-31 21:14 - 000000000 ____D C:\Users\Delboy\AppData\Local\{2E10E713-6677-4FBC-A706-9CC94E3B8131}
2017-07-31 21:10 - 2017-07-31 21:10 - 000000000 ____D C:\Users\Delboy\AppData\Local\{1A982458-CAD6-4BF3-B092-961C8ECFFC93}
2017-07-31 17:38 - 2017-07-31 17:38 - 000000000 ____D C:\Users\Delboy\AppData\Local\{3194A425-E9EA-4306-B121-5811F063C411}
2017-07-31 17:30 - 2017-07-31 17:30 - 000000000 ____D C:\Users\Delboy\AppData\Local\{68D785DE-1281-4A51-8D36-6AAED6ECEDAA}
2017-07-31 17:25 - 2017-07-31 17:25 - 000000000 ____D C:\Users\Delboy\AppData\Local\{216185A2-4001-4BEF-B4F0-33CB7A88392A}
2017-07-31 17:21 - 2017-07-31 17:22 - 000000000 ____D C:\Users\Delboy\AppData\Local\{4B1C20BB-B135-4E84-922C-5C0BA79C0E52}
2017-07-31 17:19 - 2017-07-31 17:19 - 000000000 ____D C:\WINSSLog
2017-07-31 17:14 - 2017-07-31 17:14 - 000000000 ____D C:\Users\Delboy\AppData\Local\{112A2F53-3E92-44B7-8932-98A087D45D28}
2017-07-31 17:07 - 2017-07-31 17:07 - 000000000 ____D C:\Users\Delboy\AppData\Local\{106A5179-D3AB-4277-8C48-48FD0ED18D1B}
2017-07-31 17:06 - 2017-07-31 17:06 - 000000000 ____D C:\Users\Delboy\AppData\Local\{BF88B225-500E-44C4-A8FC-DB91D5D96680}
2017-07-31 16:50 - 2017-07-31 16:50 - 000000000 ____D C:\Users\Delboy\AppData\Local\{B8C4F29B-29A1-4B5D-A80E-076F9D25BDA1}
2017-07-31 16:37 - 2017-07-31 16:37 - 000000000 ____D C:\Users\Delboy\AppData\Local\{7DA2CF1F-408B-4FD7-BB8E-645E39526E17}
2017-07-31 14:29 - 2017-07-31 16:58 - 000002558 _____ C:\FixitRegBackup.reg
2017-07-31 13:40 - 2017-07-31 13:40 - 000000000 ____D C:\Users\Delboy\AppData\Local\{D666946F-68D4-4BB3-9AEB-0B0C24BB3358}
2017-07-31 12:46 - 2017-07-31 12:46 - 000000000 ____D C:\Users\Delboy\AppData\Local\{903DCF83-5AA8-4563-B4CC-515E76A26D4D}
2017-07-31 12:14 - 2017-07-31 12:14 - 000000000 ____D C:\Users\Delboy\AppData\Local\{750D1B52-5E83-4E7D-ADD2-B253EC93A609}
2017-07-30 14:19 - 2017-07-30 14:19 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-07-30 13:34 - 2017-07-30 13:34 - 000000000 ____D C:\Users\Delboy\AppData\Local\{9C93C2BD-9048-4F47-92B8-CFCF2688B85B}
2017-07-30 13:10 - 2017-07-30 13:10 - 000000000 ____D C:\SUPERDelete
2017-07-30 13:08 - 2017-07-30 13:08 - 000270488 _____ C:\Windows\Minidump\073017-22760-01.dmp
2017-07-30 13:03 - 2017-07-30 13:08 - 000268188 _____ C:\Windows\ntbtlog.txt
2017-07-29 18:18 - 2017-07-29 18:18 - 000000000 ____D C:\Users\Delboy\AppData\Local\{5972C328-03E7-4782-87AC-4E6BA4DDBDF2}
2017-07-29 17:57 - 2017-07-29 17:57 - 000000000 ____D C:\Users\Delboy\AppData\Local\{4DC87589-6DAF-47F3-8B2C-7EB79FDF1653}
2017-07-29 17:54 - 2017-07-29 17:54 - 000000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2017-07-29 16:13 - 2017-07-30 13:04 - 000000000 ____D C:\Program Files (x86)\Free Window Registry Repair
2017-07-29 16:13 - 2017-07-29 16:13 - 000805841 _____ C:\Users\Delboy\Downloads\RegpairSetup.exe
2017-07-29 16:13 - 2017-07-29 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2017-07-29 16:07 - 2017-07-31 21:10 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\Windows Live Writer
2017-07-29 16:07 - 2017-07-29 16:07 - 000000000 ____D C:\Users\Delboy\AppData\Local\Windows Live Writer
2017-07-29 16:07 - 2017-07-29 16:07 - 000000000 ____D C:\Users\Delboy\AppData\Local\{33A013C0-6B2F-465A-B8B8-BE442E26F9B1}
2017-07-29 15:49 - 2017-07-29 15:49 - 000000000 ____D C:\Users\Delboy\AppData\Local\{B0BD47E4-1094-416E-9749-9450D6FFBD19}
2017-07-29 15:43 - 2017-07-29 15:43 - 000002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2017-07-29 15:43 - 2017-07-29 15:43 - 000001462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2017-07-29 15:43 - 2017-07-29 15:43 - 000001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2017-07-29 15:43 - 2017-07-29 15:43 - 000001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2017-07-29 15:43 - 2017-07-29 15:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-07-29 15:43 - 2017-07-29 15:43 - 000000000 ____D C:\Windows\en
2017-07-29 15:43 - 2017-07-29 15:43 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-07-29 15:42 - 2017-07-29 15:42 - 000000000 ____D C:\Program Files\Windows Live
2017-07-29 15:15 - 2017-07-30 14:32 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\ParetoLogic
2017-07-29 15:15 - 2017-07-30 13:10 - 000000000 ____D C:\ProgramData\ParetoLogic
2017-07-29 14:47 - 2017-07-29 14:47 - 012231000 _____ (Microsoft Corporation) C:\Users\Delboy\Downloads\mseinstall(1).exe
2017-07-29 14:02 - 2017-07-29 14:02 - 000030354 _____ C:\ProgramData\agent.uninstall.1501333334.bdinstall.bin
2017-07-29 13:50 - 2017-07-29 13:50 - 000000017 _____ C:\Users\Delboy\AppData\Local\resmon.resmoncfg
2017-07-28 19:58 - 2017-07-28 19:58 - 017816696 _____ (Bitberry Software ) C:\Users\Delboy\Downloads\ffvsetup.exe
2017-07-28 19:49 - 2017-07-29 11:52 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\BitTorrent
2017-07-27 19:57 - 2017-07-29 11:49 - 000000000 ____D C:\Users\Delboy\AppData\LocalLow\uTorrent
2017-07-27 19:40 - 2017-07-27 19:40 - 000291888 _____ C:\Windows\Minidump\072717-17347-01.dmp
2017-07-27 19:33 - 2017-07-27 19:33 - 000291936 _____ C:\Windows\Minidump\072717-17035-01.dmp
2017-07-26 16:07 - 2017-07-30 13:08 - 273363092 _____ C:\Windows\MEMORY.DMP
2017-07-26 16:07 - 2017-07-26 16:07 - 000280800 _____ C:\Windows\Minidump\072617-17784-01.dmp
2017-07-23 18:41 - 2017-07-23 18:41 - 000030963 _____ C:\ProgramData\agent.update.1500831703.bdinstall.bin
2017-07-23 18:28 - 2017-06-07 05:04 - 000950160 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2017-07-23 18:28 - 2017-05-26 09:49 - 000260512 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys
2017-07-23 18:28 - 2017-04-19 07:19 - 001612648 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2017-07-23 18:27 - 2017-07-23 18:27 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\QuickScan
2017-07-23 18:25 - 2017-07-23 18:25 - 000047033 _____ C:\ProgramData\agent.1500830750.bdinstall.bin
2017-07-23 18:05 - 2017-07-23 18:05 - 000000000 ____D C:\ProgramData\SecuritySuite
2017-07-23 18:02 - 2017-07-23 18:02 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\PCProtect
2017-07-23 13:00 - 2017-05-30 21:45 - 000565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-07-23 12:26 - 2017-07-31 17:25 - 000002150 _____ C:\Windows\epplauncher.mif
2017-07-22 16:47 - 2017-07-22 16:47 - 000000800 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-07-22 16:47 - 2017-07-22 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-07-22 16:47 - 2017-07-22 16:47 - 000000000 ____D C:\Program Files\Speccy
2017-07-20 19:31 - 2017-07-20 19:31 - 000000000 ____D C:\Users\Delboy\AppData\Local\AVG Netherlands BV
2017-07-17 15:11 - 2015-08-05 18:56 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-07-17 15:11 - 2015-08-05 18:06 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-07-16 16:24 - 2017-06-30 05:15 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-16 16:24 - 2017-06-30 04:32 - 000346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-16 16:24 - 2017-06-30 03:57 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-16 16:24 - 2017-06-30 03:57 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-16 16:24 - 2017-06-30 03:39 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-16 16:24 - 2017-06-30 03:38 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-16 16:24 - 2017-06-29 07:27 - 025734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-16 16:24 - 2017-06-29 07:02 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-16 16:24 - 2017-06-29 06:44 - 005975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-16 16:24 - 2017-06-29 06:43 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-16 16:24 - 2017-06-29 06:23 - 020270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-16 16:24 - 2017-06-29 06:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-16 16:24 - 2017-06-29 05:58 - 015253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-16 16:24 - 2017-06-29 05:53 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-16 16:24 - 2017-06-29 05:52 - 004549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-16 16:24 - 2017-06-29 05:43 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-16 16:24 - 2017-06-29 05:41 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-16 16:24 - 2017-06-29 05:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-16 16:24 - 2017-06-29 05:24 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-16 16:24 - 2017-06-22 15:58 - 003223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-16 16:24 - 2017-06-15 21:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-16 16:24 - 2017-06-12 23:54 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-16 16:24 - 2017-06-12 23:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-16 16:24 - 2017-06-12 23:49 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-16 16:24 - 2017-06-12 23:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-16 16:24 - 2017-06-12 23:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-16 16:24 - 2017-06-12 23:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-16 16:24 - 2017-06-12 23:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-16 16:24 - 2017-06-12 23:28 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-16 16:24 - 2017-06-12 23:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-16 16:24 - 2017-06-10 16:59 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-16 16:24 - 2017-06-10 16:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-16 16:24 - 2017-06-09 16:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-16 16:24 - 2017-06-06 16:30 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-16 16:24 - 2017-06-06 16:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-16 16:24 - 2017-05-30 05:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-16 16:24 - 2017-05-16 16:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-16 16:24 - 2017-05-03 16:34 - 000094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-16 16:24 - 2017-05-03 16:29 - 001206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-16 16:24 - 2017-05-03 14:05 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-16 16:24 - 2017-03-23 03:06 - 001691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-16 16:23 - 2017-06-30 03:57 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-16 16:23 - 2017-06-30 03:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-16 16:23 - 2017-06-30 03:40 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-16 16:23 - 2017-06-30 03:40 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-16 16:23 - 2017-06-30 03:39 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-16 16:23 - 2017-06-30 03:38 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-16 16:23 - 2017-06-30 03:38 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-16 16:23 - 2017-06-30 03:38 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-16 16:23 - 2017-06-30 03:38 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-16 16:23 - 2017-06-30 03:38 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-16 16:23 - 2017-06-30 03:38 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-16 16:23 - 2017-06-30 03:38 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-16 16:23 - 2017-06-30 03:27 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-16 16:23 - 2017-06-30 03:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-16 16:23 - 2017-06-30 03:26 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-16 16:23 - 2017-06-30 03:26 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-16 16:23 - 2017-06-29 07:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-16 16:23 - 2017-06-29 07:18 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-16 16:23 - 2017-06-29 07:04 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-16 16:23 - 2017-06-29 07:03 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-16 16:23 - 2017-06-29 07:03 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-16 16:23 - 2017-06-29 07:02 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-16 16:23 - 2017-06-29 07:02 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-16 16:23 - 2017-06-29 06:55 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-16 16:23 - 2017-06-29 06:54 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-16 16:23 - 2017-06-29 06:51 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-16 16:23 - 2017-06-29 06:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-16 16:23 - 2017-06-29 06:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-16 16:23 - 2017-06-29 06:50 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-16 16:23 - 2017-06-29 06:50 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-16 16:23 - 2017-06-29 06:39 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-16 16:23 - 2017-06-29 06:35 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-16 16:23 - 2017-06-29 06:31 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-16 16:23 - 2017-06-29 06:31 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-16 16:23 - 2017-06-29 06:30 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-16 16:23 - 2017-06-29 06:27 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-16 16:23 - 2017-06-29 06:26 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-16 16:23 - 2017-06-29 06:23 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-16 16:23 - 2017-06-29 06:23 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-16 16:23 - 2017-06-29 06:23 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-16 16:23 - 2017-06-29 06:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-16 16:23 - 2017-06-29 06:22 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-16 16:23 - 2017-06-29 06:22 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-16 16:23 - 2017-06-29 06:19 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-16 16:23 - 2017-06-29 06:17 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-16 16:23 - 2017-06-29 06:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-16 16:23 - 2017-06-29 06:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-16 16:23 - 2017-06-29 06:13 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-16 16:23 - 2017-06-29 06:13 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-16 16:23 - 2017-06-29 06:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-16 16:23 - 2017-06-29 06:11 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-16 16:23 - 2017-06-29 06:09 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-16 16:23 - 2017-06-29 06:09 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-16 16:23 - 2017-06-29 06:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-16 16:23 - 2017-06-29 06:07 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-16 16:23 - 2017-06-29 06:05 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-16 16:23 - 2017-06-29 06:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-16 16:23 - 2017-06-29 06:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-16 16:23 - 2017-06-29 06:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-16 16:23 - 2017-06-29 05:58 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-16 16:23 - 2017-06-29 05:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-16 16:23 - 2017-06-29 05:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-16 16:23 - 2017-06-29 05:54 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-16 16:23 - 2017-06-29 05:48 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-16 16:23 - 2017-06-29 05:47 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-16 16:23 - 2017-06-29 05:46 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-16 16:23 - 2017-06-29 05:46 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-16 16:23 - 2017-06-29 05:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-16 16:23 - 2017-06-29 05:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-16 16:23 - 2017-06-12 23:54 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-16 16:23 - 2017-06-12 23:54 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-16 16:23 - 2017-06-12 23:49 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-16 16:23 - 2017-06-12 23:49 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-16 16:23 - 2017-06-12 23:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-16 16:23 - 2017-06-12 23:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-16 16:23 - 2017-06-12 23:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-16 16:23 - 2017-06-12 23:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-16 16:23 - 2017-06-12 23:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-16 16:23 - 2017-06-12 23:29 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-16 16:23 - 2017-06-12 23:28 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-16 16:23 - 2017-06-12 23:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-16 16:23 - 2017-06-12 23:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-16 16:23 - 2017-06-12 23:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-16 16:23 - 2017-06-12 23:12 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-16 16:23 - 2017-06-12 23:12 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-16 16:23 - 2017-06-12 23:12 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-16 16:23 - 2017-06-12 23:11 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-16 16:23 - 2017-06-12 23:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-16 16:23 - 2017-06-12 23:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-16 16:23 - 2017-06-12 23:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-16 16:23 - 2017-06-12 23:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-16 16:23 - 2017-06-12 23:05 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-16 16:23 - 2017-05-30 05:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-16 16:23 - 2017-05-30 05:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-16 16:23 - 2017-05-21 05:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-16 16:23 - 2017-05-21 05:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-16 16:23 - 2017-05-16 16:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-16 16:23 - 2017-05-16 16:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-11 17:28 - 2017-07-11 17:28 - 000003584 _____ C:\Users\Delboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-11 17:25 - 2017-07-11 17:25 - 027323967 _____ (Acresso Software Inc.) C:\Users\Delboy\Downloads\rzdvdcreator.exe
2017-07-10 14:08 - 2017-07-10 14:08 - 000000000 ____D C:\Users\Delboy\AppData\Local\Apps\2.0
2017-07-10 12:19 - 2017-07-10 12:19 - 000001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-10 12:19 - 2017-07-10 12:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-10 12:19 - 2017-07-10 12:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-10 12:18 - 2017-07-10 12:18 - 000266144 _____ (Mozilla) C:\Users\Delboy\Downloads\Firefox Setup Stub 54.0.1.exe
2017-07-07 15:22 - 2017-07-07 15:22 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-07-06 15:19 - 2017-07-06 15:19 - 000000000 __RHD C:\MSOCache
2017-07-06 15:13 - 2017-07-17 15:26 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2017-07-06 15:13 - 2017-07-17 15:26 - 000000000 ____D C:\ProgramData\Virtualized Applications

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-02 12:25 - 2017-05-17 17:13 - 000000000 ____D C:\Users\Delboy\AppData\LocalLow\Mozilla
2017-08-02 11:34 - 2009-07-14 05:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-02 11:34 - 2009-07-14 05:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-02 11:20 - 2017-05-15 19:46 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-02 11:20 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-01 20:04 - 2017-05-16 19:30 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\SoftGrid Client
2017-07-31 15:00 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2017-07-31 12:16 - 2017-05-17 11:52 - 000000000 ____D C:\Users\Delboy\AppData\Local\Windows Live
2017-07-30 13:08 - 2017-05-23 22:07 - 000000000 ____D C:\Windows\Minidump
2017-07-29 15:43 - 2017-05-15 19:56 - 000000000 ____D C:\Program Files (x86)\Windows Live
2017-07-29 15:42 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-07-29 15:24 - 2017-06-19 16:42 - 000000000 ____D C:\Users\Delboy\AppData\Local\CrashDumps
2017-07-29 14:19 - 2017-05-20 16:59 - 000000000 ____D C:\ProgramData\Avg
2017-07-29 11:52 - 2017-06-22 16:16 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\uTorrent
2017-07-28 20:12 - 2017-06-22 19:41 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\vlc
2017-07-26 16:08 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-26 14:09 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-07-23 18:47 - 2017-05-17 17:51 - 000766610 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-23 18:47 - 2009-07-14 06:13 - 000766610 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-23 18:47 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-07-23 17:40 - 2017-06-03 14:52 - 000000000 ____D C:\Users\Delboy\AppData\Local\ElevatedDiagnostics
2017-07-23 16:08 - 2017-05-15 20:48 - 000000000 ____D C:\ProgramData\AVAST Software
2017-07-23 16:03 - 2017-06-08 13:12 - 000000000 ____D C:\Program Files (x86)\Google
2017-07-23 16:03 - 2017-05-15 20:52 - 000000000 ____D C:\Users\Delboy\AppData\Local\Google
2017-07-23 16:00 - 2017-05-17 12:58 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-07-22 12:06 - 2017-05-15 20:13 - 000000000 ____D C:\Users\Delboy
2017-07-20 20:05 - 2017-05-15 19:43 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-07-20 19:58 - 2017-06-21 12:59 - 000000000 ____D C:\Windows\system32\DAX2
2017-07-17 15:26 - 2017-05-16 19:30 - 000000000 ____D C:\Users\Delboy\AppData\Local\SoftGrid Client
2017-07-17 13:18 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-07-17 01:08 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\servicing
2017-07-16 18:35 - 2017-06-01 21:22 - 000268392 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-16 18:33 - 2017-05-17 21:45 - 000000000 ____D C:\Windows\system32\appraiser
2017-07-16 17:08 - 2017-05-15 21:26 - 000000000 ____D C:\Windows\system32\MRT
2017-07-16 17:05 - 2017-05-15 21:26 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-16 16:26 - 2017-06-23 19:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-11 17:32 - 2010-08-31 11:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-11 17:08 - 2017-06-03 16:51 - 000000000 ____D C:\Users\Delboy\Documents\New folder
2017-07-11 17:03 - 2017-05-16 12:58 - 000000000 ____D C:\Users\Delboy\AppData\Roaming\Nero
2017-07-11 12:37 - 2017-05-23 13:10 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-11 12:37 - 2017-05-23 13:10 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 12:37 - 2017-05-23 13:10 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 12:37 - 2017-05-23 13:10 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-11 12:37 - 2010-08-31 12:11 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-10 12:19 - 2017-05-17 17:13 - 000001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-06 20:17 - 2017-05-20 16:59 - 000000000 ____D C:\Users\Delboy\AppData\Local\Avg
2017-07-06 18:26 - 2017-06-03 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2017-07-06 18:26 - 2017-05-17 21:45 - 000000000 ___SD C:\Windows\system32\CompatTel
2017-07-06 18:26 - 2017-05-17 12:46 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-07-06 18:25 - 2017-05-17 12:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Files in the root of some directories =======

2017-07-29 15:15 - 2017-07-29 15:46 - 000000115 _____ () C:\Users\Delboy\AppData\Roaming\LogFile.txt
2017-07-11 17:28 - 2017-07-11 17:28 - 000003584 _____ () C:\Users\Delboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-31 12:15 - 2017-06-22 16:08 - 000023578 _____ () C:\Users\Delboy\AppData\Local\HWVendorDetection.log
2017-07-29 13:50 - 2017-07-29 13:50 - 000000017 _____ () C:\Users\Delboy\AppData\Local\resmon.resmoncfg
2017-07-23 18:25 - 2017-07-23 18:25 - 000047033 _____ () C:\ProgramData\agent.1500830750.bdinstall.bin
2017-07-29 14:02 - 2017-07-29 14:02 - 000030354 _____ () C:\ProgramData\agent.uninstall.1501333334.bdinstall.bin
2017-07-23 18:41 - 2017-07-23 18:41 - 000030963 _____ () C:\ProgramData\agent.update.1500831703.bdinstall.bin
2017-05-15 19:52 - 2017-05-15 19:54 - 000015545 _____ () C:\ProgramData\ArcadeDeluxe4.log
2017-05-25 17:16 - 2017-05-25 17:16 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2010-08-31 11:56 - 2010-03-02 23:59 - 000131984 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-01 19:07

==================== End of FRST.txt ============================

Spoiler: Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Delboy (02-08-2017 12:27:03)
Running from C:\Users\Delboy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2017-05-15 19:13:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1185751014-4152620646-720881419-500 - Administrator - Disabled)
Delboy (S-1-5-21-1185751014-4152620646-720881419-1000 - Administrator - Enabled) => C:\Users\Delboy
Guest (S-1-5-21-1185751014-4152620646-720881419-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1185751014-4152620646-720881419-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Arcade Deluxe (HKLM-x32\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.) Hidden
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.)
Acer Arcade Movie (HKLM-x32\...\{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}) (Version: 9.0.6629 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3503 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Advertising Center (HKLM-x32\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
ANT Drivers Installer x64 (HKLM\...\{CC7132C7-8532-4EA7-8E3F-53260C0BE168}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Brother MFL-Pro Suite DCP-197C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Canon Camera Access Library (HKLM-x32\...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM-x32\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.1.0.7 - )
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
CANON iMAGE GATEWAY Task (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.1.0.2 - )
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.4.1.3 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.2.0.13 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.3.0.11 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.0.3.17 - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.17.41 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.6.0.27 - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elevated Installer (HKLM-x32\...\{4694981D-8031-4526-90BE-E5F7FB80CBB8}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
eSobi v2 (HKLM-x32\...\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{A92D383B-FD85-4B9C-A5D9-3647C71E48A1}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{D52EDFA2-13A7-4765-8650-4AB30E6DB77F}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MediaShow Espresso (HKLM-x32\...\{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}) (Version: 5.5.1713_26701 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-GB)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
Nero 9 Essentials (HKLM-x32\...\{0506406d-6ba9-41e4-8a8e-8a6f28709256}) (Version: - Nero AG)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.101.714.2016 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{46710AEB-ACE9-4386-9DFB-8B65153BFA74}) (Version: 1.00.0168 - )
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
USB Enhanced Performance Keyboard (HKLM\...\{989DC5D9-A776-430D-9E16-D36E5B81CD86}) (Version: 2.0.1.9 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {115C1677-6A53-49C6-922D-CAC44A93D22B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {126D7747-5E63-4450-89AE-AA426416DD89} - System32\Tasks\{9B866CA1-A2E6-420F-974C-4318E5F96331} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2011-05-13] (Microsoft Corporation)
Task: {5262A46D-32DB-4097-805D-2A1DD16F5C56} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2016-06-08] (Acer Incorporated)
Task: {562D82D7-C576-4B42-A0BA-8FCEA33F62DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {6845992F-A4EC-4B76-86FC-DE973A21535B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {AFEC12D5-5FBA-4599-9138-FC2AA8A094AC} - System32\Tasks\SSBkgdUpdate => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Public\Desktop\Acer Accessory Store.lnk -> C:\Program Files\Acer Accessory Store\StartURL.exe () -> hxxp://store.acer-euro.com/gb?utm_source=Icon&utm_medium=Icon&utm_campaign=Acer%2BInternal

==================== Loaded Modules (Whitelisted) ==============

2017-05-15 21:24 - 2016-11-14 12:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-05-25 16:47 - 2016-11-14 13:30 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1185751014-4152620646-720881419-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Delboy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: MDS_Menu => "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Delboy\AppData\Roaming\uTorrent\updates\3.5.0_43916.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9694842F-3808-4B7B-A12C-C675B602A7AE}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{0C82AB09-6D06-4056-97C9-06EF1F0F55C2}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{16FDF126-24B0-47BF-A757-1FED018FB046}] => (Allow) svchost.exe
FirewallRules: [{3509532E-E3CD-4CE8-949D-CCF0D673993E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B198A84B-345C-4BC3-887F-5162DF65D87D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E88C47E5-01C2-4BC6-8929-BE7DE731AC50}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C6A57DF4-A4EF-413F-A25F-7D11B11044CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AAD66303-B9BB-4998-BC4E-9C9760FEC524}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C4E4E2CC-5FC0-4A5A-9109-F61EC0869D62}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D81DCE92-F061-44A6-A8C0-B16E9839F70A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{77EF097C-8BB7-41CF-BDC5-42E4C342A19B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8C0A0EB0-A4C6-41B0-9D47-6712EDC45370}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{91CA7837-0B0F-4F2D-9A7F-863E0BE08C38}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{97ADBBA9-6F8A-4715-ADE6-6DE20A47EE71}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AE0764B0-C29C-413D-89FB-6C8306DF1A74}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{58761677-7E1A-4DC0-9484-F15C620B7F28}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5C5D9470-92A4-4F0A-82F1-ECAD34811E39}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C391DC78-779E-4DE7-B33E-064501EF4F38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6FE44393-2DDC-4733-A232-794CB591B791}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FF048E2B-F738-468B-A765-D2AD2CA1622F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{14C02986-29CD-4BE6-A823-A90ACF8102CF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{C5FB0EA6-F5C8-4F32-9C32-1E406DA62D9D}C:\users\delboy\appdata\roaming\utorrent\updates\3.5.0_43916.exe] => (Allow) C:\users\delboy\appdata\roaming\utorrent\updates\3.5.0_43916.exe
FirewallRules: [UDP Query User{F66F7BFF-ED1A-4E69-A25E-953E33A4EE61}C:\users\delboy\appdata\roaming\utorrent\updates\3.5.0_43916.exe] => (Allow) C:\users\delboy\appdata\roaming\utorrent\updates\3.5.0_43916.exe
FirewallRules: [{4827C2B9-7EAC-4A7A-B915-28F137CE6109}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{95FBB107-F53D-41FD-9678-FBA62EFE5A92}] => (Allow) LPort=2869
FirewallRules: [{47F84E54-5E3A-4E79-91A9-21DFA65ED28D}] => (Allow) LPort=1900
FirewallRules: [{D06A0B13-A76D-4FE6-B900-DBD3F22A3DCF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

==================== Restore Points =========================

29-07-2017 13:17:50 Revo Uninstaller's restore point - µTorrent
29-07-2017 13:19:02 Revo Uninstaller's restore point - µTorrent
29-07-2017 14:00:04 Revo Uninstaller's restore point - Bitdefender Agent
29-07-2017 14:00:38 Revo Uninstaller's restore point - Bitdefender Antivirus Free
29-07-2017 14:02:08 Revo Uninstaller's restore point - Bitdefender Agent
29-07-2017 15:40:54 CheckIfInstallerIsBusy
29-07-2017 15:41:05 Windows Live Essentials
29-07-2017 15:41:22 Installed DirectX
29-07-2017 15:41:35 Installed DirectX
29-07-2017 15:42:05 WLSetup
29-07-2017 16:26:33 Made by Regsofts
29-07-2017 16:28:23 Made by Regsofts
29-07-2017 16:30:12 Made by Regsofts
31-07-2017 14:29:07 Installed Microsoft Fix it 50692
31-07-2017 16:42:47 Revo Uninstaller's restore point - CCleaner
31-07-2017 16:43:39 Revo Uninstaller's restore point - Malwarebytes version 3.1.2.1733
31-07-2017 16:44:42 Revo Uninstaller's restore point - SUPERAntiSpyware
31-07-2017 16:45:48 Revo Uninstaller's restore point - MSXML 4.0 SP2 (KB954430)
31-07-2017 16:58:33 Installed Microsoft Fix it 50692
01-08-2017 18:27:15 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2017 05:25:23 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Delboy-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/31/2017 04:58:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (07/31/2017 04:45:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (07/31/2017 04:42:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {96329254-25ff-4ea6-adab-d45f6ca2aaf1}

Error: (07/31/2017 02:44:36 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Delboy-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/31/2017 02:33:58 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Delboy-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/30/2017 01:33:31 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Click-2-Run package registration failure.

Error: (07/30/2017 01:33:31 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=DF0}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7187.5000.sft' (rc 16D1160A-0000E028, original rc 16D1160A-0000E028).

Error: (07/30/2017 01:33:04 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (07/30/2017 01:09:21 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (07/31/2017 04:29:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/31/2017 02:36:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/31/2017 12:12:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
MpFilter

Error: (07/31/2017 12:11:51 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604 = Writeable NCs prevent this DC from demoting..10.209.0%%834 = Writeable NCs prevent this DC from demoting.%%8580 = Writeable NCs prevent this DC from demoting.x80070057The parameter is incorrect. 3

Error: (07/30/2017 02:38:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
MpFilter

Error: (07/30/2017 02:37:58 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604 = Writeable NCs prevent this DC from demoting..10.209.0%%834 = Writeable NCs prevent this DC from demoting.%%8580 = Writeable NCs prevent this DC from demoting.x80070057The parameter is incorrect. 3

Error: (07/30/2017 02:35:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
MpFilter

Error: (07/30/2017 02:35:39 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604 = Writeable NCs prevent this DC from demoting..10.209.0%%834 = Writeable NCs prevent this DC from demoting.%%8580 = Writeable NCs prevent this DC from demoting.x80070057The parameter is incorrect. 3

Error: (07/30/2017 02:28:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
MpFilter

Error: (07/30/2017 02:28:01 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604 = Writeable NCs prevent this DC from demoting..10.209.0%%834 = Writeable NCs prevent this DC from demoting.%%8580 = Writeable NCs prevent this DC from demoting.x80070057The parameter is incorrect. 3


CodeIntegrity:
===================================
Date: 2017-05-25 16:35:53.372
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:35:53.276
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:34:13.128
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:34:13.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:33:40.671
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:33:40.598
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:33:07.452
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:33:07.371
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:32:28.062
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 16:32:27.993
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 39%
Total physical RAM: 3063.07 MB
Available physical RAM: 1852.57 MB
Total Virtual: 6124.33 MB
Available Virtual: 4826.97 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:290.45 GB) (Free:242.55 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.62 GB) (Free:286.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E61AB66B)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[gus]

Hello caskin, thank you for your logs, whilst I review them please scan your PC with Junkware Removal Tool, the instructions follow.

Your machine shows evidence of Utorrent and Bittorrent, these P2P programs have been notorious for allowing malware to infiltrate PCs and cause all sorts of problems. Much has been written about the dangers of P2P and we strongly recommend you avoid these programs at all costs. We also recommend you remove these programs and associated files. It's your call but if you choose not to we will have to insist you at least not use them whilst your computer is being cleaned.

You should also install a reputable antivirus on your PC, there are a number of excellent free offerings available including
Avast HERE
Avira HERE
360 Total Security HERE

We now need to run Junkware Removal Tool (JRT) on your computer, please go HERE and download it to your DESKTOP.
Before running JRT ensure your antivirus, and any other security software is disabled, if you are unsure how to do this please ask. Also close browsers and other applications before running this tool.
Should you receive any User Account Control (UAC) alert warning when starting JRT you can safely allow it.

Right click the JRT desktop icon

and select "run as administrator" from the menu, for XP users just double click the icon. JRT will open with a simple interface, and ask to press any keyboard key to continue. Please do so.

Depending on the amount of data on your computer JRT may take some time to complete the scan. When JRT finishes a .txt file will be saved and displayed on your desktop, please COPY and PASTE the contents of this file in your next post

 

[caskin]

Hello caskin, thank you for your logs, whilst I review them please scan your PC with Junkware Removal Tool, the instructions follow.

Your machine shows evidence of Utorrent and Bittorrent, these P2P programs have been notorious for allowing malware to infiltrate PCs and cause all sorts of problems. Much has been written about the dangers of P2P and we strongly recommend you avoid these programs at all costs. We also recommend you remove these programs and associated files. It's your call but if you choose not to we will have to insist you at least not use them whilst your computer is being cleaned.

You should also install a reputable antivirus on your PC, there are a number of excellent free offerings available including
Avast HERE
Avira HERE
360 Total Security HERE

We now need to run Junkware Removal Tool (JRT) on your computer, please go HERE and download it to your DESKTOP.
Before running JRT ensure your antivirus, and any other security software is disabled, if you are unsure how to do this please ask. Also close browsers and other applications before running this tool.
Should you receive any User Account Control (UAC) alert warning when starting JRT you can safely allow it.

Right click the JRT desktop icon

and select "run as administrator" from the menu, for XP users just double click the icon. JRT will open with a simple interface, and ask to press any keyboard key to continue. Please do so.

Depending on the amount of data on your computer JRT may take some time to complete the scan. When JRT finishes a .txt file will be saved and displayed on your desktop, please COPY and PASTE the contents of this file in your next post

Apologies over P2P programmes,have to say did use for a short period but was again under impression all remnants of U2 and bit torrent had been removed???/NO chance of being used again as no longer interested..assume any P2P "files" left over will be cleared with Junk removal tool.?
I used to run Avast but removed it for the checks you asked earlier when trying to instal MSE? So if OK will reinstall after carrying out junk removal programme?
To my knowledge only "security" programmes running are UAC and Win 7 Defender???/ Do I need to disablle before using JRT these if so how please?

 

[caskin]

Took a chance that no Av was running and have uploaded JRT txt file....can you advise if OK?Thanks,or another run of JRT required?


Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Delboy (Administrator) on 03/08/2017 at 13:56:03.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 63

Successfully deleted: C:\ProgramData\reimage protector (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\free window registry repair (Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{106A5179-D3AB-4277-8C48-48FD0ED18D1B} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{112A2F53-3E92-44B7-8932-98A087D45D28} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{1A982458-CAD6-4BF3-B092-961C8ECFFC93} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{1D78C919-652B-465B-8F42-7CC5760F1D1E} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{216185A2-4001-4BEF-B4F0-33CB7A88392A} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{23B23993-AD91-48A7-8A37-CCDED5FFFC22} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{25373FAD-6009-447B-B1EF-8B29797C4DF9} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{25F8604B-FC9F-46B9-A10B-516511037164} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{2835B770-1688-4DAF-A651-3E9D7B2B0758} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{2E10E713-6677-4FBC-A706-9CC94E3B8131} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{3194A425-E9EA-4306-B121-5811F063C411} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{33A013C0-6B2F-465A-B8B8-BE442E26F9B1} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{3FAF111D-7079-4491-A878-79A27E399DA3} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{4B1C20BB-B135-4E84-922C-5C0BA79C0E52} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{4DC87589-6DAF-47F3-8B2C-7EB79FDF1653} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{5972C328-03E7-4782-87AC-4E6BA4DDBDF2} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{62DC3EBE-21A4-4966-980C-75480E0D8BF4} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{679E915D-E8B0-4B82-9B95-38AB5016E56B} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{68D785DE-1281-4A51-8D36-6AAED6ECEDAA} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{6C9B4358-8E19-4D5A-A741-7E2D4DDE8992} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{750D1B52-5E83-4E7D-ADD2-B253EC93A609} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{7DA2CF1F-408B-4FD7-BB8E-645E39526E17} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{903DCF83-5AA8-4563-B4CC-515E76A26D4D} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{9A3D9B94-C9D9-4E27-98A7-7903C2B9AF72} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{9C93C2BD-9048-4F47-92B8-CFCF2688B85B} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{9DA37C6B-10FA-4B89-8E05-7B5E9284B253} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{AF5469A0-8892-414F-9F81-55C9DDDA99DE} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{B0BD47E4-1094-416E-9749-9450D6FFBD19} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{B4863DAB-F6F7-4FA9-AF09-B43F9ECF89CC} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{B8C4F29B-29A1-4B5D-A80E-076F9D25BDA1} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{BEB991C4-6CB0-4C24-8D10-EB17AD2D2483} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{BF88B225-500E-44C4-A8FC-DB91D5D96680} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{D666946F-68D4-4BB3-9AEB-0B0C24BB3358} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\{E4186705-B3D9-4D9D-807D-ED32683C256A} (Empty Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\slimware utilities inc (Folder)
Successfully deleted: C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Profiles\p6yzmj74.default\Invalidprefs.js (File)
Successfully deleted: C:\Users\Delboy\AppData\Roaming\Mozilla\Firefox\Profiles\p6yzmj74.default\user.js (File)
Successfully deleted: C:\Users\Delboy\AppData\Roaming\pcprotect (Folder)
Successfully deleted: C:\Users\Public\Desktop\ebay.lnk (Shortcut)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\Common Files\avg secure search\vtoolbarupdater (Folder)
Successfully deleted: C:\Program Files (x86)\media freeware (Folder)
Successfully deleted: C:\Program Files\reimage (Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YHYNSNS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54FUN10B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WV9RO8OY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Delboy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYGPE39T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YHYNSNS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54FUN10B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WV9RO8OY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYGPE39T (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/08/2017 at 13:57:00.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[caskin]

Since uploading JRT log have installed 360 total security.Avast once agin would NOT install,but 360 appears on the face of it to be more up market?

 

[gus]

Hi caskin, you did run JRT correctly thank you, and it's good you now have a resident AntiVirus in place:thumbsup:

Please follow the instructions below and run the FRST fix.

Please left click a blank spot on your desktop, select "New" on the opening menu, then select "Text Document" from the sub menu.

A new file will be created on your desktop called "New Text Document. txt" Right click this new file and choose "Rename" from the menu. Rename the file "fixlist.txt"

Now go to the Quote box in this post and copy the contents of it to your clipboard. Open your new fixlist.txt file by double left clicking on it and paste the copied quote box contents into the file and save it.

Start
CreateRestorepoint:
CloseProcesses:
HKU\S-1-5-21-1185751014-4152620646-720881419-1000\...\Run: [BingSvc] => C:\Users\Delboy\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKLM\...\Run: [ALU] => C:\Program Files\Acer\Acer Updater\ALU.exe [2419104 2016-06-06] (Acer Incorporated)SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1185751014-4152620646-720881419-1000 -> DefaultScope {93BCD679-4F15-480F-8D94-BAE116E88A03} URL =
Toolbar: HKU\S-1-5-21-1185751014-4152620646-720881419-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/launch.ocx
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-27] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-31] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-31] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-25] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-05-31] (Malwarebytes)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> No File
Task: {5262A46D-32DB-4097-805D-2A1DD16F5C56} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2016-06-08] (Acer Incorporated)
Task: {562D82D7-C576-4B42-A0BA-8FCEA33F62DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {6845992F-A4EC-4B76-86FC-DE973A21535B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {AFEC12D5-5FBA-4599-9138-FC2AA8A094AC} - System32\Tasks\SSBkgdUpdate => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Delboy\AppData\Roaming\uTorrent\updates\3.5.0_43916.exe" /MINIMIZED
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
FirewallRules: [{8C0A0EB0-A4C6-41B0-9D47-6712EDC45370}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{91CA7837-0B0F-4F2D-9A7F-863E0BE08C38}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{97ADBBA9-6F8A-4715-ADE6-6DE20A47EE71}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AE0764B0-C29C-413D-89FB-6C8306DF1A74}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{58761677-7E1A-4DC0-9484-F15C620B7F28}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5C5D9470-92A4-4F0A-82F1-ECAD34811E39}] => (Allow) C:\Users\Delboy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{C5FB0EA6-F5C8-4F32-9C32-1E406DA62D9D}C:\users\delboy\appdata\roaming\utorrent\updates\3.5.0_43916.exe] => (Allow) C:\users\delboy\appdata\roaming\utorrent\updates\3.5.0_43916.exe
FirewallRules: [UDP Query User{F66F7BFF-ED1A-4E69-A25E-953E33A4EE61}C:\users\delboy\appdata\roaming\utorrent\updates\3.5.0_43916.exe] => (Allow) C:\users\delboy\appdata\roaming\utorrent\updates\3.5.0_43916.exe
FirewallRules: [{95FBB107-F53D-41FD-9678-FBA62EFE5A92}] => (Allow) LPort=2869
FirewallRules: [{47F84E54-5E3A-4E79-91A9-21DFA65ED28D}] => (Allow) LPort=1900
C:\Users\Delboy\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\Delboy\AppData\Roaming\BitTorrent
C:\Users\Delboy\AppData\LocalLow\uTorrent
C:\Users\Delboy\AppData\Roaming\uTorrent
C:\Users\Delboy\AppData\Local\Avg
C:\Windows\system32\drivers\mbae64.sys
C:\Windows\system32\drivers\MBAMChameleon.sys
C:\Windows\system32\drivers\farflt.sys
C:\Windows\system32\drivers\mbam.sys
C:\Windows\System32\drivers\MBAMSwissArmy.sys
C:\Windows\system32\drivers\mwac.sys
C:\Program Files\SUPERAntiSpyware
C:\Program Files (x86)\AVG
C:\PROGRAM FILES\MALWAREBYTES
C:\ProgramData\Avg
C:\Program Files (x86)\Free Window Registry Repair
C:\ProgramData\SecuritySuite
C:\Users\Delboy\AppData\Local\AVG Netherlands BV
C:\Windows\system32\Drivers\atc.sys
C:\Windows\system32\Drivers\edrsensor.sys
C:\Windows\system32\Drivers\avc3.sys
C:\Users\Delboy\AppData\Roaming\PCProtect
C:\Users\Delboy\AppData\Roaming\ParetoLogic
C:\ProgramData\ParetoLogic
C:\ProgramData\AVAST Software
C:\SUPERDelete
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
CMD: netsh advfirewall set all ptofiles state on
Hosts:
Emptytemp:
Reboot:
End

To run the fix right click the FRST icon and choose "Run as Administrator" then click on "Fix"

Please note for the fix to work the Fixlist.txt file and FRST program will have to be in the same location.

Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the "Fixlist.txt" you created will be renamed "Fixlog.txt"

Please COPY and PASTE the contents of this new file in your next post

Please note this fixlist was made for this users machine only and the use of it on another machine may render the operating system permanently damaged.

 

[caskin]

Slight snag....opened new folder as requested and renamed as fixlist.txt.
however apparently Win 7 does not have the old ME style clip board,and is not readily available?
In an attempt to get around this I pasted contents into note pad,and then into new fixlst.txt folder
I placed FRST program in the fixlist.exe folder which held pasted contents from your quote,....but unable to get programme to run.......what am I doing wrong now???Thanks for patience.

 

[gus]

Think you are confusing folders and files? Its a new FILE we want, as per instructions, called fixlist.txt, and it has to be in the same location as FRST.

Try this way then.

Please left click on the attached Fixlist.txt file at the bottom of this post. On the dialogue box that opens click "Save File" and then "OK"

Select a location then save the file. IMPORTANT the fixlist.txt file must be in the same location as the FRST program otherwise the fix will not work.

To run the fix right click the FRST program icon and choose "Run as Administrator" then click on "Fix"

Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the "Fixlist.txt" file you created will be renamed "Fixlog.txt"

Please COPY and PASTE the contents of this new file in your next post

 

[caskin]

Think you are confusing folders and files? Its a new FILE we want, as per instructions, called fixlist.txt, and it has to be in the same location as FRST.

Try this way then.

Please left click on the attached Fixlist.txt file at the bottom of this post. On the dialogue box that opens click "Save File" and then "OK"

Select a location then save the file. IMPORTANT the fixlist.txt file must be in the same location as the FRST program otherwise the fix will not work.

To run the fix right click the FRST program icon and choose "Run as Administrator" then click on "Fix"

Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the "Fixlist.txt" file you created will be renamed "Fixlog.txt"

Please COPY and PASTE the contents of this new file in your next post

OK everything you have advised seems straight forward,I have FRST(64)on my desk top.I also saved fixlist.exe (from your reply) to desk top.I ran FRST as admin,clicked fix,same result unable to find fixlist.exe file..

On descktop I Checked properties of both FRST(64) and that of fixlist.exe file,FRST(64) was in downloads, where as fixlist.exe text file was in desktop/...so went to downloads where both FRST(64) and fixlist were in fact situated and properties of both confirmed this, thought I had cracked it,but again FRST(64) could not find fixlist??

Im not normally this stupid,so what is it Im missing???/

 

[gus]

Hi caskin, for frst fix to work both the frst program and the fixlist.txt file must be in the same location (folder)

It is my fault I'm sorry, delete the fixlist.exe file I posted previously and try this one. This one doesn't have a typo in the name.

 

[caskin]

Hi caskin, for frst fix to work both the frst program and the fixlist.txt file must be in the same location (folder)

It is my fault I'm sorry, delete the fixlist.exe file I posted previously and try this one. This one doesn't have a typo in the name.

NO blame placed,but relieved as I thought I was just not getting it.Anyway all OK now and log atached,look forward to hearing outcome and to see if we can get MSE installed Thanks Derek

 

[gus]

Hi caskin, thank you for your fixlog

Can you please advise what version of Malwarebytes you had installed and if it was the free or paid for version? It doesn't show in your list of installed programs but there's bit of it we need to remove.

 

[caskin]

Hi caskin, thank you for your fixlog

Can you please advise what version of Malwarebytes you had installed and if it was the free or paid for version? It doesn't show in your list of installed programs but there's bit of it we need to remove.

I did have FREE MALWAREBYTES installed,but when you requested removal of all antivirus/malware etc at the beginning of the chase,it was removed I used Revouninstaller, so again assummed all traces had been removed????

 

[gus]

Unfortunately there are leftovers of Malwarebytes. Can you please reinstall the free version of Malwarebytes which you can use as a second opinion scanner when required.

A deal of stuff has been removed but can you please scan with ZHPdiag and lets see what's left.

Please go HERE and click the

link (French for Download) and save it to your desktop.

Once saved to your desktop left click the new icon

and choose "Run as administrator"

Accept any security warnings that may pop up.

Then select

1. Options
2. Check all
3. Validate
4. Close

Next select Scanner from the main interface.

Depending on the amount of data on your PC it may take a little time to complete. Once it finishes then click the Report tab as shown above and a notepad file will open with your report file.

Please COPY and PASTE the contents of the notepad file with your next post

 

[caskin]

Unfortunately there are leftovers of Malwarebytes. Can you please reinstall the free version of Malwarebytes which you can use as a second opinion scanner when required.

A deal of stuff has been removed but can you please scan with ZHPdiag and lets see what's left.

Please go HERE and click the

link (French for Download) and save it to your desktop.

Once saved to your desktop left click the new icon

and choose "Run as administrator"

Accept any security warnings that may pop up.

Then select

1. Options
2. Check all
3. Validate
4. Close

Next select Scanner from the main interface.

Depending on the amount of data on your PC it may take a little time to complete. Once it finishes then click the Report tab as shown above and a notepad file will open with your report file.

Please COPY and PASTE the contents of the notepad file with your next post

OK Freemalwarebytes reinstalled,placed in selective start so only available if required.
carried out scan as requested: log attached.

 

[gus]

Hi caskin, hopefully getting to the pointy end here soon, ZHP has picked up some stuff we need to move. Please follow the instructions below.

Please go HERE and click the blue

link (French for download) and save the file to your desktop.

Please note is it important to disable your antivirus before running this tool. If you are uncertain how to do this please ask?

Right click the desktop icon

and choose "Run as Administrator". You can safely ignore any security warnings when running this tool.

On the main interface select IMPORT

If a box appears similar to that below, click OK or just X out of it.

Copy the entire contents of the box below

Script Zhpfix
HKLM\SOFTWARE\Wow6432Node\ParetoLogic
HKLM\SOFTWARE\Wow6432Node\SlimWare Utilities Inc
HKCU\SOFTWARE\IM
HKCU\SOFTWARE\ParetoLogic
HKCU\SOFTWARE\SlimWare Utilities Inc
HKLM\SOFTWARE\Wow6432Node\AVG =>.AVG Software
HKLM\SOFTWARE\Wow6432Node\AVG Netherlands B.V =>.AVG Netherlands B.V
HKLM\SOFTWARE\Wow6432Node\AVG Netherlands BV =>.AVG Software
HKLM\SOFTWARE\Wow6432Node\AVG Tuneup =>.AVG Software
HKLM\SOFTWARE\Wow6432Node\AVG Web TuneUp =>.AVG Web TuneUp
HKCU\SOFTWARE\AVG =>.AVG Software
HKCU\SOFTWARE\AVG Netherlands BV =>.AVG Software
HKCU\SOFTWARE\AVG Web TuneUp =>.AVG Web TuneUp
O43 - CFD: 25/05/2017 - [] D -- C:\ProgramData\AVG Netherlands B.V =>.AVG Netherlands B.V
O43 - CFD: 03/08/2017 - [] D -- C:\Program Files (x86)\Common Files\AVG Secure Search =>.AVG Secure Search
O43 - CFD: 20/05/2017 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Avg =>.AVG Software
O69 - SBI: prefs.js [Delboy - p6yzmj74.default] user_pref("browser.search.defaultenginename", "Search Provided by Bing");
O69 - SBI: prefs.js [Delboy - p6yzmj74.default] user_pref("browser.search.selectedEngine", "Search Provided by Bing");
HKLM\SOFTWARE\Microsoft\Tracing\Reimage_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\Reimage_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ReimagePackage_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ReimagePackage_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ReimageRepair[1]_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ReimageRepair[1]_RASMANCS
[HKLM64\SOFTWARE\Microsoft\Tracing\Reimage_RASAPI32]
[HKLM64\SOFTWARE\Microsoft\Tracing\Reimage_RASMANCS]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ReimagePackage_RASAPI32]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ReimagePackage_RASMANCS]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ReimageRepair[1]_RASAPI32]
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ReimageRepair[1]_RASMANCS]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1916A2AF346D399F50313C393200F14140456616]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2A83E9020591A55FC6DDAD3FB102794C52B24E70]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3A850044D8A195CD401A680C012CB0A3B5F8DC08]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\6431723036FD26DEA502792FA595922493030F97]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D74DEE97]
EmptyPrefetch
ShortcutFix
Emptytemp
EmptyClsid

And paste it into the blank ZHP Fix interface screen, then click GO.

Accept the cleaning process by clicking "Oui" (yes)

The cleanup will run and will again ask for permission to complete, again select "Oui".

At the conclusion of cleaning a file notepad will open and be saved to your desktop. Please Copy and Paste the contents of this file in your next reply

 

[caskin]

Rapport de ZHPFix 2017.06.13.1 par Nicolas Coolman, Update du 13/06/2017
Fichier d'export Registre :
Run by Delboy at 09/08/2017 12:15:46
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (Canceled by user)

========== Registry keys ==========
REMOVES:³ HKLM\SOFTWARE\Wow6432Node\ParetoLogic
REMOVES:³ HKLM\SOFTWARE\Wow6432Node\SlimWare Utilities Inc
REMOVES: HKCU\SOFTWARE\IM
REMOVES: HKCU\SOFTWARE\ParetoLogic
REMOVES: HKCU\SOFTWARE\SlimWare Utilities Inc
REMOVES:³ HKLM\SOFTWARE\Wow6432Node\AVG


========== Summary ==========
6 : Registry keys


End of clean in 00mn 06s

========== Path to file report ==========
C:\Users\Delboy\AppData\Roaming\ZHP\ZHPFix[R1].txt - 09/08/2017 12:15:52 [711]