Laptop has become very slow and getting slower

Hi
here is my problem

My Laptop is getting slower and slower, it used to be great but has been very slow
for a couple of weeks while I try to fix it. 

I have have always hadUAC set on "Quiet" with TeakUAC.

Right now it takes up to a minute to fire up an installed program,
right clicking on a file, it takes 30 seconds plus for the dialogue
box to come up then I select run as admin and nothing happens for
at least 30 seconds.
Once inside a program and I click on an action the same happens.

My browser (Chrome or IE) takes a minute to show on the tackbar
then another minute to load properly.

I have tested my HDD with Seatools and it passed all tests,
I have uninstalled the drivers for my GPU, rebooted, then reinstalled
the drivers and it made no difference.

I have run several complete scans with my AV, I do this weekly and 
do not have scans scheduled.

Windows update is set to never check, I manually check weekly.

I have run an online ESET scan which found no issues, I uninstalled my AV
with Revo Uninstaller, went off line then checked the unit, it was still as slow 
as it was before.

I have run and overnight MEMTEST (dos) and no errors found.

Here are the unit specs

Windows 7 Home Premium (x64) Service Pack 1 (build 7601) fully updated

Laptop: TOSHIBA Satellite L650 PSK1JA-0K4017

CPU
2.67 gigahertz Intel Core i5 M 480
64 kilobyte primary memory cache
256 kilobyte secondary memory cache
3072 kilobyte tertiary memory cache
64-bit ready
Multi-core (2 total)
Hyper-threaded (4 total)

MB: TOSHIBA Portable PC Base Board Version
Bus Clock: 1066 megahertz
BIOS: INSYDE 1.90 11/11/2010

HDD c: (NTFS on drive 0) * 627.09 GB 286.44 GB free

RAM: 3960 Megabytes Usable Installed Memory
Slot 'DIMM0' has 4096 MB 

GPU: AMD Mobility Radeon HD 5000 Series [Display adapter]

AV: PC Matic Super Shield

Here is the FRSt.txt contents

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2017
Ran by Daniel (administrator) on DANIEL-PC (17-11-2017 07:16:06)
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel & PCPitstopSVC (Available Profiles: Daniel & PCPitstopSVC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(PC Pitstop) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
(PC Pitstop) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [28976 2016-04-29] (PC Pitstop LLC)
HKLM-x32\...\Run: [PC Matic] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [2150656 2017-10-11] (PC Pitstop)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.128.128.128
Tcpip\..\Interfaces\{C8EFEDB6-36CD-443F-944C-52CFD6045CCB}: [DhcpNameServer] 10.128.128.128

Internet Explorer:
==================
HKU\S-1-5-21-1812437027-413150883-2478753703-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/?gfe_rd=cr&dcr=0&ei=UaOxWbQl4dzzB8eWn-gK&gws_rd=ssl
BHO-x32: PCMatic AdBlocker -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\PCPitstop\PC Matic\AdBlockers\PCMaticAdBlocker.dll [2017-10-12] (PC Matic, LLC)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxps://files.pcpitstop.com/cab/pcmatic.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: (DAP Link Checker) - C:\Program Files (x86)\DAP\daplinkchecker [2017-09-13] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [noreply@pcpitstop.com] - C:\Program Files (x86)\PCPitstop\PC Matic\AdBlockers\pc_matic-1.01-sm+fx+an-windows
FF Extension: (PC Matic) - C:\Program Files (x86)\PCPitstop\PC Matic\AdBlockers\pc_matic-1.01-sm+fx+an-windows [2017-11-16] [Lagacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-05] (Adobe Systems Inc.)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.cliftons.com/"
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default [2017-11-17]
CHR Extension: (Slides) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-08]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhkmkdoaaodjbcemiienppccafbgagfl [2017-09-08]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08]
CHR Extension: (Disable HTML5 Autoplay) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdhoaajjjgckpbkoglidkeendpkolai [2017-09-08]
CHR Extension: (Google Calendar) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-09-08]
CHR Extension: (Sheets) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2017-09-13]
CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-08]
CHR Extension: (PC Matic) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmhneofinpilciglijihehjpaegledb [2017-10-14]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-08]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2017-09-13]
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S4 caspereui; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [1168984 2014-09-03] (Future Systems Solutions, Inc.)
S4 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [1168984 2014-09-03] (Future Systems Solutions, Inc.)
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1085968 2017-10-09] (Garmin Ltd. or its subsidiaries)
R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [758528 2017-10-11] (PC Pitstop)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [198416 2017-10-12] (PC Pitstop LLC)
S4 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [35760 2016-12-25] ()
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-17 07:16 - 2017-11-17 07:17 - 000008912 _____ C:\Users\Daniel\Desktop\FRST.txt
2017-11-17 07:02 - 2017-11-17 07:02 - 000000000 ____D C:\Users\Daniel\Desktop\FRST-OlderVersion
2017-11-17 06:45 - 2017-11-17 06:45 - 000000000 ____D C:\Users\Daniel\AppData\LocalLow\Oracle
2017-11-17 06:42 - 2017-11-17 06:42 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-17 06:40 - 2017-11-17 06:40 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-17 06:40 - 2017-11-17 06:40 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-11-17 06:40 - 2017-11-17 06:40 - 000002047 _____ C:\ProgramData\Desktop\Acrobat Reader DC.lnk
2017-11-17 06:40 - 2017-11-17 06:40 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-17 05:57 - 2017-11-17 05:58 - 000001467 _____ C:\Users\Daniel\Desktop\iexplore.exe.lnk
2017-11-16 09:06 - 2017-11-17 06:52 - 000000000 ____D C:\Users\PCPitstopSVC
2017-11-16 09:06 - 2017-11-16 09:06 - 000000020 ___SH C:\Users\PCPitstopSVC\ntuser.ini
2017-11-16 09:06 - 2017-10-18 05:49 - 000000000 ____D C:\Users\PCPitstopSVC\AppData\Roaming\Sun
2017-11-16 09:06 - 2017-09-20 05:56 - 000000000 ____D C:\Users\PCPitstopSVC\AppData\Local\Microsoft Help
2017-11-16 09:06 - 2011-04-12 18:28 - 000000000 ____D C:\Users\PCPitstopSVC\AppData\Roaming\Media Center Programs
2017-11-16 08:22 - 2017-11-16 08:22 - 000001240 _____ C:\Users\Daniel\Desktop\PC Matic.lnk
2017-11-16 08:22 - 2017-11-16 08:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop
2017-11-16 07:04 - 2017-11-16 07:10 - 070513728 _____ (Oracle Corporation) C:\Users\Daniel\Desktop\jre-8u151-windows-x64.exe
2017-11-16 07:04 - 2017-11-16 07:09 - 063666752 _____ (Oracle Corporation) C:\Users\Daniel\Desktop\jre-8u151-windows-i586.exe
2017-11-16 07:02 - 2017-11-16 07:11 - 120189936 _____ (Adobe Systems Incorporated) C:\Users\Daniel\Desktop\AcroRdrDC1800920044_en_US.exe
2017-11-16 06:42 - 2017-11-17 07:02 - 002392576 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2017-11-15 09:28 - 2017-11-17 07:16 - 000000000 ____D C:\FRST
2017-11-15 09:22 - 2017-11-15 09:22 - 000000000 ____D C:\Users\Daniel\AppData\Local\ElevatedDiagnostics
2017-11-15 09:07 - 2017-11-15 09:07 - 000001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-15 09:07 - 2017-11-15 09:07 - 000001753 _____ C:\ProgramData\Desktop\iTunes.lnk
2017-11-15 09:04 - 2010-03-06 20:38 - 000002881 _____ C:\Users\Daniel\Desktop\Performance Troubleshoot.lnk
2017-11-15 08:24 - 2017-11-15 08:24 - 000007605 _____ C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
2017-11-14 12:38 - 2017-11-14 12:42 - 000011944 _____ C:\Users\Daniel\Desktop\OpenRailsLog.txt
2017-11-14 12:26 - 2017-11-14 12:30 - 015065792 _____ (Microsoft Corporation) C:\Users\Daniel\Downloads\MSEInstall.exe
2017-11-14 10:54 - 2017-11-14 10:54 - 000000000 ____D C:\Users\Daniel\Desktop\Shortcuts
2017-11-13 05:18 - 2017-11-13 06:20 - 000000000 ____D C:\Users\Daniel\AppData\Local\Abelssoft
2017-11-13 05:13 - 2017-11-13 05:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTubeSongDownloader
2017-11-13 05:13 - 2017-11-13 05:13 - 000000000 ____D C:\ProgramData\Abelssoft
2017-11-13 05:13 - 2017-11-13 05:13 - 000000000 ____D C:\Program Files (x86)\YouTubeSongDownloader
2017-11-12 05:23 - 2017-11-12 05:24 - 000029360 _____ C:\Windows\Tehachapi Pass Cumulative Update Setup Log.txt
2017-11-10 10:51 - 2017-11-10 10:54 - 000000000 ____D C:\Removed from MSTS
2017-11-10 07:47 - 2017-11-10 07:48 - 000000000 ____D C:\Stray eng and wag files
2017-11-08 08:44 - 2017-10-18 12:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-08 08:44 - 2017-10-18 12:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-08 08:44 - 2017-10-16 08:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-08 08:44 - 2017-10-04 23:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-08 08:44 - 2017-10-04 23:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-08 08:44 - 2017-10-04 23:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-08 08:44 - 2017-10-04 23:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-08 08:44 - 2017-10-04 23:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-08 08:44 - 2017-10-04 23:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-08 08:44 - 2017-10-04 23:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-08 08:09 - 2017-11-08 08:09 - 000000000 ____D C:\Users\Daniel\AppData\LocalLow\Lapioware
2017-11-06 05:58 - 2017-11-08 07:44 - 000000000 ____D C:\Diesel Railcar Simulator
2017-11-02 04:15 - 2017-11-02 06:52 - 000000000 ____D C:\Laci_Trip
2017-10-31 19:05 - 2017-10-31 19:05 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connecticut River Route Mainline
2017-10-28 05:38 - 2017-10-28 05:38 - 000000000 ____D C:\Users\Daniel\AppData\Local\ESET
2017-10-27 04:03 - 2017-10-29 04:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-10-27 04:03 - 2017-10-29 04:08 - 000000000 ____D C:\Program Files (x86)\Seagate
2017-10-26 15:20 - 2017-10-26 15:20 - 000003552 ____N C:\bootsqm.dat
2017-10-26 08:08 - 2017-10-26 08:08 - 000002280 _____ C:\Users\Daniel\Documents\cc_20171026_080825.reg
2017-10-26 08:07 - 2017-10-26 08:07 - 000026344 _____ C:\Users\Daniel\Documents\cc_20171026_080720.reg
2017-10-24 17:16 - 2017-10-24 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Trains
2017-10-23 03:51 - 2017-10-23 03:51 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSTS_Check v1.2
2017-10-22 20:15 - 2017-11-15 15:25 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-22 20:02 - 2017-09-14 01:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-22 20:02 - 2017-09-14 01:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-22 20:02 - 2017-09-14 01:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-22 20:02 - 2017-09-14 01:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-22 20:02 - 2017-09-14 01:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-22 20:02 - 2017-09-14 01:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-22 20:02 - 2017-09-14 01:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-22 20:02 - 2017-09-14 01:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-22 20:02 - 2017-09-14 01:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-22 20:02 - 2017-09-14 01:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-22 20:02 - 2017-09-14 01:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-10-22 20:02 - 2017-09-14 01:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-10-22 20:02 - 2017-09-14 01:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-10-22 20:02 - 2017-09-14 01:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-10-22 20:02 - 2017-09-14 01:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-10-22 20:02 - 2017-09-14 01:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-22 20:02 - 2017-09-14 01:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-10-22 20:02 - 2017-09-14 01:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-10-22 20:02 - 2017-09-14 01:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-10-22 20:02 - 2017-09-14 01:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-10-22 20:02 - 2017-09-14 01:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-10-22 20:02 - 2017-09-14 01:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-10-22 20:02 - 2017-09-14 01:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-10-22 20:02 - 2017-09-14 01:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-22 20:02 - 2017-09-14 00:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-22 20:02 - 2017-09-14 00:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-22 20:02 - 2017-09-14 00:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-22 20:02 - 2017-09-09 01:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-22 20:02 - 2017-09-09 01:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-22 20:02 - 2017-09-09 01:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-10-22 20:02 - 2017-09-09 01:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-22 20:02 - 2017-09-09 01:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-10-22 20:02 - 2017-09-09 01:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-10-22 20:02 - 2017-09-09 01:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-22 20:02 - 2017-09-09 00:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-22 20:02 - 2017-09-08 07:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-22 20:02 - 2017-09-08 07:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-22 20:02 - 2017-09-08 07:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-22 20:02 - 2017-09-08 06:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-22 20:02 - 2017-09-08 06:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-22 20:02 - 2017-09-08 06:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-22 20:02 - 2017-09-08 05:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-22 20:02 - 2017-09-08 05:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-22 20:02 - 2017-09-08 05:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-22 20:02 - 2017-09-08 05:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-10-22 20:02 - 2017-09-08 05:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-10-22 20:02 - 2017-09-08 05:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-10-22 20:02 - 2017-09-08 04:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-10-22 20:02 - 2017-09-08 04:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-10-22 20:02 - 2017-09-08 04:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-10-22 20:02 - 2017-09-08 04:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-10-22 20:02 - 2017-09-08 04:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-10-22 20:02 - 2017-09-08 04:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-10-22 20:02 - 2017-09-08 03:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-10-22 20:02 - 2017-09-08 00:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-22 20:01 - 2017-09-14 01:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-10-22 20:01 - 2017-09-14 01:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-10-22 20:01 - 2017-09-14 01:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-22 20:01 - 2017-09-14 01:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-10-22 20:01 - 2017-09-14 01:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-10-22 20:01 - 2017-09-14 01:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 01:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-10-22 20:01 - 2017-09-14 01:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-10-22 20:01 - 2017-09-14 01:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-22 20:01 - 2017-09-14 01:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-10-22 20:01 - 2017-09-14 00:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-10-22 20:01 - 2017-09-14 00:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-10-22 20:01 - 2017-09-14 00:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-22 20:01 - 2017-09-14 00:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-22 20:01 - 2017-09-14 00:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-10-22 20:01 - 2017-09-14 00:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-10-22 20:01 - 2017-09-14 00:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-10-22 20:01 - 2017-09-14 00:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-10-22 20:01 - 2017-09-14 00:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-10-22 20:01 - 2017-09-14 00:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 00:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 00:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 00:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-10-22 20:01 - 2017-09-14 00:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-10-22 20:01 - 2017-09-09 10:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-22 20:01 - 2017-09-09 09:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-10-22 20:01 - 2017-09-09 01:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-22 20:01 - 2017-09-09 01:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-10-22 20:01 - 2017-09-09 01:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-10-22 20:01 - 2017-09-09 01:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-22 20:01 - 2017-09-09 01:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-10-22 20:01 - 2017-09-09 01:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-22 20:01 - 2017-09-09 01:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-10-22 20:01 - 2017-09-09 01:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-22 20:01 - 2017-09-09 01:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-10-22 20:01 - 2017-09-09 01:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-10-22 20:01 - 2017-09-09 01:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-22 20:01 - 2017-09-09 01:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-22 20:01 - 2017-09-09 01:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-10-22 20:01 - 2017-09-09 01:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-22 20:01 - 2017-09-09 01:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-10-22 20:01 - 2017-09-09 01:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-10-22 20:01 - 2017-09-09 01:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-10-22 20:01 - 2017-09-09 01:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-10-22 20:01 - 2017-09-09 01:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-10-22 20:01 - 2017-09-09 01:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-10-22 20:01 - 2017-09-09 01:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-10-22 20:01 - 2017-09-09 01:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-10-22 20:01 - 2017-09-09 01:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-10-22 20:01 - 2017-09-09 00:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-10-22 20:01 - 2017-09-09 00:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-10-22 20:01 - 2017-09-09 00:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-22 20:01 - 2017-09-09 00:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-22 20:01 - 2017-09-08 07:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-22 20:01 - 2017-09-08 07:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-10-22 20:01 - 2017-09-08 07:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-10-22 20:01 - 2017-09-08 07:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-22 20:01 - 2017-09-08 07:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-10-22 20:01 - 2017-09-08 07:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-22 20:01 - 2017-09-08 07:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-22 20:01 - 2017-09-08 07:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-22 20:01 - 2017-09-08 07:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-10-22 20:01 - 2017-09-08 07:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-22 20:01 - 2017-09-08 07:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-22 20:01 - 2017-09-08 07:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-22 20:01 - 2017-09-08 07:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-10-22 20:01 - 2017-09-08 06:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-22 20:01 - 2017-09-08 06:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-22 20:01 - 2017-09-08 06:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-22 20:01 - 2017-09-08 06:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-10-22 20:01 - 2017-09-08 06:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-10-22 20:01 - 2017-09-08 06:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-10-22 20:01 - 2017-09-08 06:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-22 20:01 - 2017-09-08 06:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-22 20:01 - 2017-09-08 06:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-10-22 20:01 - 2017-09-08 06:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-22 20:01 - 2017-09-08 06:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-22 20:01 - 2017-09-08 06:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-10-22 20:01 - 2017-09-08 05:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-10-22 20:01 - 2017-09-08 05:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-22 20:01 - 2017-09-08 05:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-10-22 20:01 - 2017-09-08 05:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-10-22 20:01 - 2017-09-08 05:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-10-22 20:01 - 2017-09-08 05:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-10-22 20:01 - 2017-09-08 05:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-10-22 20:01 - 2017-09-08 05:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-10-22 20:01 - 2017-09-08 04:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-10-22 20:01 - 2017-09-08 04:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-10-22 20:01 - 2017-09-08 04:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-10-22 20:01 - 2017-09-08 04:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-10-22 20:01 - 2017-09-08 04:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-10-22 20:01 - 2017-09-08 04:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-10-22 20:01 - 2017-09-08 04:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-10-22 20:01 - 2017-09-08 04:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-10-22 20:01 - 2017-09-08 04:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-10-22 20:01 - 2017-09-08 04:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-10-22 20:01 - 2017-09-08 04:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-10-22 20:01 - 2017-09-08 04:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-10-22 20:01 - 2017-09-08 04:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-10-22 20:01 - 2017-09-08 03:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-10-22 20:01 - 2017-09-08 01:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-22 20:01 - 2017-09-08 01:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2017-10-22 20:01 - 2017-09-08 00:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-22 20:01 - 2017-09-08 00:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-20 08:25 - 2017-10-20 08:25 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-10-20 08:15 - 2017-11-14 07:58 - 000000000 ____D C:\Program Files\AMD
2017-10-19 17:51 - 2017-10-19 17:51 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-10-19 17:51 - 2017-10-19 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-10-18 05:49 - 2017-10-18 05:49 - 000000000 ____D C:\Users\Default\AppData\Roaming\Sun
2017-10-18 05:49 - 2017-10-18 05:49 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Sun

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-17 07:17 - 2017-09-02 07:30 - 000000000 ____D C:\ProgramData\PCPitstopDat
2017-11-17 07:12 - 2009-07-14 15:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-17 07:03 - 2009-07-14 14:45 - 000029936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-17 07:02 - 2009-07-14 14:45 - 000029936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-17 06:26 - 2017-09-10 09:37 - 000000000 ____D C:\ProgramData\Adobe
2017-11-17 06:16 - 2017-09-02 07:02 - 000000000 ____D C:\ProgramData\PCPitstop
2017-11-17 05:51 - 2017-09-02 07:30 - 000000000 ____D C:\1
2017-11-17 05:23 - 2017-09-10 06:56 - 000000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2017-11-16 12:29 - 2009-07-14 15:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-16 12:29 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\inf
2017-11-16 09:21 - 2017-10-14 04:42 - 000234950 _____ C:\AppRemover_Log.txt
2017-11-16 08:26 - 2009-07-14 15:32 - 000000000 ____D C:\Windows\Downloaded Program Files
2017-11-16 08:23 - 2017-09-02 07:02 - 000000000 ____D C:\Program Files (x86)\PCPitstop
2017-11-16 07:46 - 2017-09-10 06:32 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Sun
2017-11-16 07:46 - 2017-09-10 06:31 - 000000000 ____D C:\ProgramData\Oracle
2017-11-16 07:40 - 2017-09-10 06:32 - 000000000 ____D C:\Users\Daniel\AppData\LocalLow\Sun
2017-11-15 16:19 - 2009-07-14 15:08 - 000032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-15 15:59 - 2017-09-09 07:40 - 000766100 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-15 15:44 - 2017-09-02 14:10 - 000000000 ____D C:\Windows\system32\MRT
2017-11-15 15:25 - 2017-09-09 06:53 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-15 09:07 - 2017-09-08 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-15 09:06 - 2017-09-08 16:15 - 000000000 ____D C:\Program Files\iTunes
2017-11-15 07:39 - 2017-09-09 12:55 - 000000000 ____D C:\Program Files (x86)\Qimage-U
2017-11-15 07:24 - 2017-09-09 12:56 - 000000035 _____ C:\Windows\iltwain.ini
2017-11-14 12:10 - 2017-09-02 06:44 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 06:00 - 2017-09-02 06:44 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 05:59 - 2017-09-02 06:44 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-13 11:05 - 2009-07-14 14:45 - 000346504 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-13 09:19 - 2017-09-10 07:11 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Open Rails
2017-11-13 07:43 - 2017-09-02 09:27 - 000000000 ____D C:\1MSTS
2017-11-13 06:54 - 2017-09-08 14:55 - 000087112 _____ C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-13 06:24 - 2017-05-01 05:39 - 000000000 ____D C:\YSD_Videos
2017-11-13 06:23 - 2017-09-13 05:59 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2017-11-12 05:30 - 2017-09-23 07:06 - 000014157 _____ C:\Windows\Sherman Hill Route Beta Setup Log.txt
2017-11-11 05:53 - 2017-09-07 05:57 - 000000000 ____D C:\QMCInput
2017-11-10 08:28 - 2017-06-16 08:05 - 000000000 ____D C:\Caravan Issues
2017-11-09 06:02 - 2017-09-11 11:22 - 000000000 ____D C:\Users\Daniel\AppData\Local\CutePDF Writer
2017-11-08 16:36 - 2017-09-09 08:01 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-06 07:44 - 2017-09-18 07:48 - 000015361 _____ C:\Users\Daniel\Desktop\Open Rails Keyboard.txt
2017-11-02 04:18 - 2017-05-06 07:58 - 000000000 ____D C:\Caravan Trip May 2017
2017-10-31 07:05 - 2017-09-15 11:22 - 000000000 ____D C:\MSTS APK Extractor v3
2017-10-28 17:15 - 2017-07-26 17:06 - 000000000 ____D C:\A_Joan_Print
2017-10-27 12:14 - 2017-10-07 14:54 - 000003140 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTask
2017-10-27 07:14 - 2017-09-09 11:55 - 000000000 ____D C:\Program Files\Corel
2017-10-27 07:10 - 2017-09-09 11:54 - 000000000 ____D C:\ProgramData\Corel
2017-10-27 06:50 - 2017-10-15 11:20 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Kingsoft
2017-10-27 05:56 - 2017-09-02 09:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-10-27 04:04 - 2017-09-09 11:51 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-26 09:37 - 2013-10-16 05:34 - 000000000 ____D C:\Pics
2017-10-26 08:41 - 2017-09-10 06:55 - 000000000 _____ C:\Users\Daniel\AppData\Roaming\FileOut.cns
2017-10-26 08:41 - 2017-09-10 06:55 - 000000000 _____ C:\Users\Daniel\AppData\Roaming\FileIn.cns
2017-10-26 06:52 - 2017-09-17 10:58 - 000000000 _____ C:\FileOut.Cns
2017-10-26 06:52 - 2017-09-17 10:58 - 000000000 _____ C:\FileIn.Cns
2017-10-25 04:14 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\system32\NDF
2017-10-24 17:16 - 2017-09-27 14:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-10-23 03:51 - 2017-05-01 06:30 - 000000000 ____D C:\Rail_Utilities
2017-10-20 18:52 - 2017-09-13 06:08 - 000000000 ____D C:\Program Files (x86)\DAP
2017-10-20 08:13 - 2017-09-10 09:59 - 000000000 ____D C:\AMD
2017-10-19 17:51 - 2017-09-09 09:05 - 000000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2017-09-12 06:31 - 2017-09-12 06:31 - 000032741 _____ () C:\Users\Daniel\AppData\Roaming\Comma Separated Values (Windows).ADR
2017-09-10 06:55 - 2017-10-26 08:41 - 000000000 _____ () C:\Users\Daniel\AppData\Roaming\FileIn.cns
2017-09-10 06:55 - 2017-10-26 08:41 - 000000000 _____ () C:\Users\Daniel\AppData\Roaming\FileOut.cns
2017-11-15 08:24 - 2017-11-15 08:24 - 000007605 _____ () C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-08 12:21

==================== End of FRST.txt ============================

Here is my Additions.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2017
Ran by Daniel (17-11-2017 07:17:47)
Running from C:\Users\Daniel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2017-09-08 04:54:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1812437027-413150883-2478753703-500 - Administrator - Disabled)
Daniel (S-1-5-21-1812437027-413150883-2478753703-1000 - Administrator - Enabled) => C:\Users\Daniel
Guest (S-1-5-21-1812437027-413150883-2478753703-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1812437027-413150883-2478753703-1005 - Limited - Enabled)
PCPitstopSVC (S-1-5-21-1812437027-413150883-2478753703-1010 - Administrator - Enabled) => C:\Users\PCPitstopSVC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: PC Matic Super Shield (Disabled - Up to date) {4FA50ECA-6D1E-553A-06EB-C13191BCA12A}
AS: PC Matic Super Shield (Disabled - Up to date) {F4C4EF2E-4B24-5AB4-3C5B-FA43EA3BEB97}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
AceIt v1.3.1 (HKLM-x32\...\AceIt_is1) (Version:  - Scott M. Miller)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Agent Ransack x64 (HKLM\...\{F46C91EA-16DE-46D6-BE3B-C94BDF641567}) (Version: 8.0.867.1 - Mythicsoft Ltd)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
American Classics (HKLM-x32\...\{7EDA0540-377F-11D6-B782-00A0CC7B9044}) (Version: 1.00.000 - Just Flight)
ANT Drivers Installer x64 (HKLM\...\{B9218A36-7AD3-4046-8D77-31F51DC0D795}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AOMEI Partition Assistant Standard Edition 6.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.34.223.5 - Broadcom Corporation)
Casper 8.0 (HKLM\...\{3EF580B0-E4FA-408E-A4A5-F20CAAD48B98}) (Version: 8.0.46120 - Future Systems Solutions, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Class_50_Content_Update (HKLM-x32\...\{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}) (Version: 1.00.0000 - Microsoft)
CN Blackfoot Vegreville Subs v2 Route (HKU\S-1-5-21-1812437027-413150883-2478753703-1000\...\CN Blackfoot Vegreville Subs v2 Route) (Version:  - )
CN Blackfoot Vegreville v2 Equipment Pack (HKU\S-1-5-21-1812437027-413150883-2478753703-1000\...\CN Blackfoot Vegreville v2 Equipment Pack) (Version:  - )
ConBuilder (HKLM-x32\...\ConBuilder) (Version: 6.2.3.0 - ConBuilder)
Connecticut River Route Mainline (HKU\S-1-5-21-1812437027-413150883-2478753703-1000\...\Connecticut River Route Mainline) (Version:  - )
Corel PaintShop Pro 2018 (HKLM-x32\...\_{6000096B-318C-40F8-A450-043B6A602D16}) (Version: 20.2.0.1 - Corel Corporation)
Corel PaintShop Pro 2018 (HKLM-x32\...\{5A150D1D-326B-4C75-8984-2D2C602D1CA1}) (Version: 20.0.0.132 - Corel Corporation) Hidden
Corel Update Manager (HKLM\...\{67881956-8135-4804-9465-BA1419010638}) (Version: 2.4.245 - Corel corporation) Hidden
Corel Update Manager (HKLM-x32\...\{3F8C582C-B21D-49EC-AD5F-C9890041A0CC}) (Version: 2.4.245 - Corel corporation) Hidden
Creative Content (HKLM-x32\...\_{CC5E4DDE-C3D8-4492-B306-B9587E7FD24F}) (Version: 1.0.0.143 - Corel Corporation) Hidden
Creative Content (HKLM-x32\...\{CC5E4DDE-C3D8-4492-B306-B9587E7FD24F}) (Version: 1.0.0.143 - Corel Corporation) Hidden
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version:  3.2 - Acro Software Inc.)
Elevated Installer (HKLM-x32\...\{B85F70BE-A5A3-48A2-A790-AF6001F026E0}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Feather River Route (HKLM-x32\...\Feather River Routev1.06) (Version: v1.06 - 3DTrains)
Garmin Express (HKLM-x32\...\{5b328687-2baf-4fb6-b6c7-c49fb4840cba}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5F4164CE-621E-4AFD-BBFE-1BBE2299710E}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{4E9533AB-7743-4B73-A5D2-42207E159E11}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\{F6560624-E6FE-35B0-A93A-1DE5EDAD9B44}) (Version: 62.0.3202.94 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HL-1210W series (HKLM-x32\...\{75E38F04-1BAF-4054-A059-57F831688943}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
ICA (HKLM-x32\...\{6000096B-318C-40F8-A450-043B6A602D16}) (Version: 20.0.0.132 - Corel Corporation) Hidden
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
IPM_PSP_COM (HKLM-x32\...\{E366C7D5-FD35-482C-AA33-38AE3BC48021}) (Version: 20.0.0.132 - Corel Corporation) Hidden
IPM_PSP_COM64 (HKLM\...\{2013AABB-7212-4D79-B13B-25E567C2D0E4}) (Version: 20.0.0.132 - Corel Corporation) Hidden
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MSTS APK Extractor v3 (HKU\S-1-5-21-1812437027-413150883-2478753703-1000\...\MSTS APK Extractor v3) (Version:  - )
MSTS_ActMan (HKU\S-1-5-21-1812437027-413150883-2478753703-1000\...\MSTS_ActMan) (Version:  - )
MSTS_Check v1.2 (HKU\S-1-5-21-1812437027-413150883-2478753703-1000\...\MSTS_Check v1.2) (Version:  - )
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Open Rails 1.2.3766 (HKLM-x32\...\{94E15E08-869D-4B69-B8D7-8C82075CB51C} ; Generat~67F3DAC8_is1) (Version: 1.2.3766 - Open Rails)
PC Matic 3.0.0.5 (HKLM-x32\...\PC Matic_is1) (Version: 3.0.0.5 - PC Pitstop LLC)
PC Matic Super Shield 3.0.0.5 (HKLM-x32\...\PC Pitstop SuperShield_is1) (Version: 3.0.0.5 - PC Pitstop LLC)
PC Pitstop Info Center 1.0.0.19 (HKLM-x32\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.19 - PC Pitstop LLC.)
Photomatix Pro version 5.1.3 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.1.3 - HDRsoft Ltd)
PSPPContent (HKLM-x32\...\{CC719875-8939-48D2-BA50-D5F5673C4C6A}) (Version: 20.0.0.132 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{BBF5A9A0-82BD-4C51-9EAD-624651FE765B}) (Version: 20.0.0.132 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{A8A7345E-0111-4A73-9F0F-560A837BF901}) (Version: 20.0.0.132 - Corel Corporation) Hidden
Qimage Ultimate (HKLM-x32\...\Qimage Ultimate) (Version:  - )
QuickMediaConverter (HKLM-x32\...\QUICKMEDIACONVERTERExécutable Windows 64 bits) (Version:  - )
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Route Riter 7.8 (HKLM-x32\...\Route Riter 7.8) (Version: 7.8.10 - Digital Rails Corporation)
Route_Riter v7.6.xx (HKU\S-1-5-21-1812437027-413150883-2478753703-1000\...\Route_Riter v7.6.xx) (Version:  - )
RW_Tools V7 (HKU\S-1-5-21-1812437027-413150883-2478753703-1000\...\RW_Tools V7) (Version:  - )
ScaleRail (HKLM-x32\...\ScaleRail1.77) (Version: 1.77 - 3DTrains)
SD40-2_Content_Update (HKLM-x32\...\{BF7C1B99-A250-45EF-B186-0C33B7308F95}) (Version: 1.00.0000 - Microsoft)
SeaTools for Windows 1.4.0.5 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.5 - Seagate Technology)
Setup (HKLM-x32\...\{C9C9ACD1-F275-45CB-B507-96486DB5E608}) (Version: 20.0.0.132 - Corel Corporation) Hidden
Shape Viewer (HKLM-x32\...\{88DA244E-4CEA-49E4-AD6A-301B65131E25}) (Version: 2.2.0.237 - )
Skype™ 7.40 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 7.40.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TGATool2A version 4.00.34 (HKLM-x32\...\TGATool2A_is1) (Version:  - Martin Wright)
Union Pacific Sherman Hill Beta (HKLM-x32\...\Union Pacific Sherman Hill Betav1.06.02.17) (Version: v1.06.02.17 - 3DTrains)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Wupper Express 11 Actpack 1.0 (HKU\S-1-5-21-1812437027-413150883-2478753703-1000\...\Wupper Express 11 Actpack 1.0) (Version:  - )
YouTube Song Downloader 2017 (HKLM-x32\...\AbAppId-55_is1) (Version: 17.13 - Abelssoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers2_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2017-03-02] (Mythicsoft Ltd)
ContextMenuHandlers4_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2017-03-02] (Mythicsoft Ltd)
ContextMenuHandlers5_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2017-03-02] (Mythicsoft Ltd)
ContextMenuHandlers6_.DEFAULT: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2017-03-02] (Mythicsoft Ltd)
ContextMenuHandlers2_S-1-5-21-1812437027-413150883-2478753703-1000: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2017-03-02] (Mythicsoft Ltd)
ContextMenuHandlers4_S-1-5-21-1812437027-413150883-2478753703-1000: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2017-03-02] (Mythicsoft Ltd)
ContextMenuHandlers5_S-1-5-21-1812437027-413150883-2478753703-1000: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2017-03-02] (Mythicsoft Ltd)
ContextMenuHandlers6_S-1-5-21-1812437027-413150883-2478753703-1000: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2017-03-02] (Mythicsoft Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0287E0E6-D1FA-4A26-AE35-6951B0B3F17E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-28] (Adobe Systems Incorporated)
Task: {24EA48AA-F274-46AF-BC87-4C26CE6224B5} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-10-09] ()
Task: {2551F7D9-B448-4C40-BF88-CF3B54AA9E26} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-09-26] (Corel Corporation)
Task: {47FBCBAF-B607-4A64-A876-630016D0CDC7} - System32\Tasks\CorelUpdateHelperTask => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-09-26] (Corel Corporation)
Task: {659CEA8F-54A1-45DC-9CFD-7CBD8C827B97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-02] (Google Inc.)
Task: {83738F34-CACA-4551-B2B4-C6A3FD05A354} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-02] (Google Inc.)
Task: {A9378052-BDDB-4CC9-B3F5-F5AF062CD417} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 8.0\CASPER.EXE [2016-09-12] (Future Systems Solutions, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b8da4a38624bbb1e\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gfdkimpbcpahaombhbimeihdjnejgicl

==================== Loaded Modules (Whitelisted) ==============

2017-09-11 08:41 - 2017-05-26 06:47 - 000090096 _____ () C:\Windows\System32\cpwmon64_v32.dll
2017-08-29 10:43 - 2017-08-29 10:43 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-11-16 08:23 - 2014-04-15 13:02 - 000524288 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\SQLiteEncrypt.dll
2017-11-16 08:23 - 2017-10-11 19:08 - 000187136 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRTen.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [578]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2009-06-11 07:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1812437027-413150883-2478753703-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.128.128.128
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: caspereui => 2
MSCONFIG\Services: casperhpb => 2
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Rail_Utilities\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6F540689-A720-45F5-B5DB-DECE69C259FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{399ADB80-078D-4714-893B-CF0E1DF262CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C72E54D7-5ABB-4CF6-880D-CA8E4F3503B6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FFEA756A-36A3-448F-82B6-FDCB47394AB9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F763AB7E-3BFC-4B60-9499-7060CAD49646}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3047F26C-D4D3-4706-B022-60397EE08094}] => (Allow) C:\Rail_Utilities\Steam\Steam.exe
FirewallRules: [{3A2A7135-789E-447A-BA50-5ED1BC81A215}] => (Allow) C:\Rail_Utilities\Steam\Steam.exe
FirewallRules: [{2CBCFB5E-73A3-48FE-9F97-82DD3F1EFBCC}] => (Allow) C:\Rail_Utilities\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9D35A89E-8323-4105-8A48-957485A6610B}] => (Allow) C:\Rail_Utilities\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{67C37224-266A-465C-96D3-50E43098DDD5}] => (Allow) C:\Rail_Utilities\Steam\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{E05E20ED-9B9E-4E81-873E-F046B816A1D0}] => (Allow) C:\Rail_Utilities\Steam\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{22F5620C-25C0-4349-9FE5-EFDA020D4326}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E894B785-A67E-4493-974D-58C313E1636D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-11-2017 05:13:50 Microsoft_VC100_CRT_x86 wird installiert
14-11-2017 11:34:41 PC Pitstop Restore Point
15-11-2017 09:04:09 Revo Uninstaller's restore point - iTunes
15-11-2017 15:19:38 Windows Update
15-11-2017 18:15:52 Windows Update
16-11-2017 05:56:01 Revo Uninstaller's restore point - PC Wizard 2015.2.14
16-11-2017 07:14:23 Revo Uninstaller's restore point - Adobe Acrobat Reader DC
16-11-2017 07:32:51 Revo Uninstaller's restore point - Java 8 Update 151
16-11-2017 07:33:26 Removed Java 8 Update 151
16-11-2017 07:40:12 Revo Uninstaller's restore point - Java 8 Update 151 (64-bit)
16-11-2017 07:41:52 Removed Java 8 Update 151 (64-bit)
16-11-2017 08:02:59 Revo Uninstaller's restore point - PC Matic 3.0.0.5
16-11-2017 08:09:33 Revo Uninstaller's restore point - PC Matic Super Shield 3.0.0.5
17-11-2017 06:39:13 Installed Adobe Acrobat Reader DC.

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Description: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2017 07:13:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/17/2017 06:53:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/17/2017 06:33:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/17/2017 06:00:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 228

Start Time: 01d35f1557ad2816

Termination Time: 30

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/17/2017 05:55:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9f8

Start Time: 01d35f128d33c736

Termination Time: 31

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/17/2017 05:22:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SeaToolsforWindows.exe, version: 1.4.0.5, time stamp: 0x59762779
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23915, time stamp: 0x59b94abb
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x2bc
Faulting application start time: 0x01d35f1034193780
Faulting application path: C:\Program Files (x86)\Seagate\SeaTools for Windows\SeaToolsforWindows.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 7c56498c-cb03-11e7-9d57-f671e70c6e80

Error: (11/17/2017 05:22:23 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: SeaToolsforWindows.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Microsoft.VisualBasic.ApplicationServices.CantStartSingleInstanceException
   at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])
   at SeaToolsforWindows.My.MyApplication.Main(System.String[])

Error: (11/17/2017 05:06:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2017 12:20:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2017 09:33:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (11/17/2017 07:14:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/17/2017 06:33:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/17/2017 05:08:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/17/2017 05:06:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PCPitstop Realtime service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (11/17/2017 05:06:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the PCPitstop Realtime service to connect.

Error: (11/16/2017 11:05:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

Error: (11/16/2017 12:21:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/16/2017 09:36:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

Error: (11/16/2017 09:33:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/16/2017 09:13:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PCPitstop Realtime service terminated unexpectedly.  It has done this 6 time(s).


CodeIntegrity:
===================================
  Date: 2017-09-09 13:33:28.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-1812437027-413150883-2478753703-1000\$RODPTI8\Download\680abf31f54d1d44537ad659fbd3fdef\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_c0447b8c164e4bbc\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-09 13:33:28.213
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-1812437027-413150883-2478753703-1000\$RODPTI8\Download\680abf31f54d1d44537ad659fbd3fdef\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_c0447b8c164e4bbc\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-09 13:33:28.166
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-1812437027-413150883-2478753703-1000\$RODPTI8\Download\680abf31f54d1d44537ad659fbd3fdef\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_c0447b8c164e4bbc\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-09 13:33:28.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-1812437027-413150883-2478753703-1000\$RODPTI8\Download\680abf31f54d1d44537ad659fbd3fdef\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_c0447b8c164e4bbc\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-09 13:33:28.072
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-1812437027-413150883-2478753703-1000\$RODPTI8\Download\680abf31f54d1d44537ad659fbd3fdef\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_c0447b8c164e4bbc\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-09 13:33:28.026
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-1812437027-413150883-2478753703-1000\$RODPTI8\Download\680abf31f54d1d44537ad659fbd3fdef\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_c0447b8c164e4bbc\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-09 13:33:27.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-1812437027-413150883-2478753703-1000\$RODPTI8\Download\680abf31f54d1d44537ad659fbd3fdef\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_c0447b8c164e4bbc\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-09 13:33:27.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-1812437027-413150883-2478753703-1000\$RODPTI8\Download\680abf31f54d1d44537ad659fbd3fdef\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_c0447b8c164e4bbc\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-09 13:33:27.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-1812437027-413150883-2478753703-1000\$RODPTI8\Download\680abf31f54d1d44537ad659fbd3fdef\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_c0447b8c164e4bbc\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-09 13:33:27.838
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-1812437027-413150883-2478753703-1000\$RODPTI8\Download\680abf31f54d1d44537ad659fbd3fdef\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_c0447b8c164e4bbc\appidapi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 29%
Total physical RAM: 3958.84 MB
Available physical RAM: 2780.54 MB
Total Virtual: 7915.87 MB
Available Virtual: 6824.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:584.02 GB) (Free:263.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Small_HDD) (Fixed) (Total:10.69 GB) (Free:2.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 4B5E4CF1)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer. 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
While I'm checking over the logs please run these scans and post the logs here.

Please download AdwareCleaner onto your Desktop. AdwCleaner

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.



AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.



AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Download and install: Please download Malwarebytes' scanner to your desktop.
Double Click mbam-setup.exe to install the application.

• It should update automatically if the computer is connected to the internet.
  
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)
  

*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Security Check

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
***************************************
You AV (PC Matic Super Shield) is disabled. Please enable it ASAP. Also enable PC Matic Super Shield and Windows Defender

Hi

the link for JRT is not working, 

http://thisisudax.org/downloads/JRT.exe

I tried in Chrome and IE11

Cheers

Daniel

Ok. I'll check that out. It may be just temporary.

Hi

The JRT link is still not working so I downloaded it from the MWB site.

Below are the results logs.

Re
 ADWleaner Log

# AdwCleaner 7.0.4.0 - Logfile created on Thu Nov 16 23:09:14 2017
# Updated on 2017/27/10 by Malwarebytes 
# Database: 11-15-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\ProgramData\Speedbit
PUP.Optional.Legacy, C:\ProgramData\Application Data\Speedbit
PUP.Optional.Legacy, C:\Users\All Users\Speedbit
PUP.Optional.Legacy, C:\Users\Daniel\AppData\LocalLow\Speedbit
PUP.Optional.Legacy, C:\Users\Daniel\AppData\Roaming\Speedbit
Trojan.Buzus, C:\Program Files (x86)\DAP


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SpeedBit
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1812437027-413150883-2478753703-1000\Software\SpeedBit
PUP.Optional.Legacy, [Key] - HKCU\Software\SpeedBit
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
PUP.Optional.SysTweak, [Key] - HKLM\SOFTWARE\systweak


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: Download Accelerator Plus (DAP) - 

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 


*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

===========================================================================================================

ADWCleaner fix log

# AdwCleaner 7.0.4.0 - Logfile created on Thu Nov 16 23:13:30 2017
# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Speedbit
Deleted: C:\ProgramData\Application Data\Speedbit
Deleted: C:\Users\All Users\Speedbit
Deleted: C:\Users\Daniel\AppData\LocalLow\Speedbit
Deleted: C:\Users\Daniel\AppData\Roaming\Speedbit
Deleted: C:\Program Files (x86)\DAP


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\SpeedBit
Deleted: [Key] - HKU\S-1-5-21-1812437027-413150883-2478753703-1000\Software\SpeedBit
Deleted: [Key] - HKCU\Software\SpeedBit
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
Deleted: [Key] - HKLM\SOFTWARE\systweak


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: Download Accelerator Plus (DAP) - 


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2341 B] - [2017/11/16 23:9:14]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########======================================================

MWB Summary

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/17/17
Scan Time: 9:23 AM
Log File: 210b87b8-cb25-11e7-aea5-000000000000.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3151
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Daniel-PC\Daniel

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357443
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 5 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

=======================================================================================================================================================
JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Daniel (Administrator) on Sat 18/11/2017 at  5:59:45.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 18/11/2017 at  6:06:33.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
=================================================================================================================================

Security Check Log

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
PC Matic Super Shield   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (62.0.3202.94) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

The Security log shows that your AV on-access scanning is disabled. Please enable this feature.

ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

    Download and execute ESET OnlineScan (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
    Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

        Enable detection of potentially unwanted applications;
        Scan archives;
        Scan for potentially unsafe applications;
        Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;

  

    After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
   

    Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
   

    After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
   


    Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
   


    Once you're done, click on the Back button;
    Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;

Hi

here is the ESET report, nothing was found on the C: drive

Regards

Daniel

D:\Downloads\TestPC\pc-wizard_2014.2.14-setup.exe MSIL/AdvancedSystemProtector.D potentially unwanted application cleaned by deleting
D:\Downloads\TestPC\PCFixKit_Setup.exe a variant of Win32/Deceptor.PCFixKit.A application cleaned by deleting

Ok. Please give me an update on your computer?

Hi

there is no improvement, response to mouse clicks is still very slow and programs take a long time to open
and sometimes do not.

Cheers

Daniel

I'm at a loss. I believe that this problem in not caused by malware/virus. Have you tried disconnecting the D drive?

Hi

thanks for you help, I too am at a loss, the system passed the hardware tests so I need to ensure
the problem was not malware. 

The D drive is a partition on the hard drive, I mainly do not
have attached drives when working with my Laptop.

It could be the Graphics card but how can I tell, also I have a Toshiba HDD but Toshiba do not produce a 
test program like Seagate do and Seatools does not have the range of tests that is has for Seagate drives. 

I cannot run Seatools for DOS as the program does not see the Toshiba drive.

At lease we/you tried.

Regards

Daniel

Hirens have a Toshiba Diagnostic Tool you can get to toshiba diagnostic tool from Dos Programs.

Hiren’s BootCD 15.2

Please follow my suggestions for boosting speed of Windows OS.

Tweaking & Optimizing Windows Operating System

FreeBooter wrote:

Please follow my suggestions for boosting speed of Windows OS.

Tweaking & Optimizing Windows Operating System

Hi, thanks for the link, all I can say is WOW, I can't believe I forgot ll that stuff.

Back in the days of Pentium3, 256meg GPUs etc, that stuff is what I did on all of my home and work PC's 
to get some speed but since the CPUs and GPUs have gotten powerful it became unnecessary.

Your site has solved all my issues, it wasn't malware it was my stupidity....

Thank you so much.

Regards

Daniel

We are glad to hear your issue has been resolved, thank you for letting us know that all is now well!

I will lock this thread. If you need it re-opened, please send me a pm.[/COLOR]