Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktop has slowed down dramatically


  • Please log in to reply

#1
RedSuedePump

RedSuedePump

    Member

  • Member
  • PipPipPip
  • 163 posts

Hi,

 

My desktop computer has slowed down dramatically today and I can't explain why. I haven't installed any new software for quite a while, but I do recall there being a Firefox update recently.

 

If I go into Task Manager, the disc column is red at the top at 99 or 100%. In the memory column, Firefox sticks out at 1,600 MB, nothing else comes near.

 

If I was feeling brave, I'd uninstall and reinstall Firefox, but I'm worried about downloading it from a bad source.

 

Anyway, I've run FRST and got the following two logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
Ran by Owner (administrator) on TOWER (31-10-2017 19:52:58)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 10 Pro Version 1703 15063.674 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BsSentry.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe
(© 2015 Microsoft Corporation) C:\Users\Owner\AppData\Local\Microsoft\BingSvc\BingSvc.exe
() C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Creative Technology Ltd.) C:\Windows\V0700Mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BgGameMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe [139544 2017-10-23] (BullGuard Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [V0700Mon.exe] => C:\WINDOWS\V0700Mon.exe [28672 2011-08-22] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124536 2015-06-04] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-857570284-1745001965-2900836374-1001\...\Run: [BingSvc] => C:\Users\Owner\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-857570284-1745001965-2900836374-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [804352 2017-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk [2017-03-16]
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-25]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7766d0ef-76a6-4320-993a-8cebc629504c}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-857570284-1745001965-2900836374-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\S-1-5-21-857570284-1745001965-2900836374-1001 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-857570284-1745001965-2900836374-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-10-29] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-04-05] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-10-29] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-05] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-20] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-29] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: i7pmux01.default
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i7pmux01.default [2017-10-31]
FF NewTab: Mozilla\Firefox\Profiles\i7pmux01.default -> hxxp://www.anglianinternet.co.uk/launch
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\i7pmux01.default -> Bing
FF Extension: (ADB Helper) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i7pmux01.default\Extensions\[email protected] [2017-09-26]
FF Extension: (Bing Search) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i7pmux01.default\Extensions\[email protected] [2016-08-25]
FF Extension: (Valence) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i7pmux01.default\Extensions\[email protected] [2017-08-03]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i7pmux01.default\searchplugins\bing-.xml [2016-08-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-05] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1580312 2017-10-23] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [275224 2017-10-23] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [510744 2017-10-23] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [6029592 2017-10-23] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [856344 2017-10-23] (BullGuard Ltd.)
R2 BsNet; C:\Program Files\BullGuard Ltd\BullGuard\BsNet.dll [696088 2017-10-23] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [324376 2017-10-23] (BullGuard Ltd.)
R2 BsSentry; C:\Program Files\BullGuard Ltd\BullGuard\BsSentry.exe [437528 2017-10-29] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [402712 2017-10-23] (BullGuard Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7923880 2017-10-23] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120032 2017-09-25] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3000168 2017-09-25] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-14] (Microsoft Corporation)
R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCMH43XX; C:\WINDOWS\system32\DRIVERS\bcmwlhigh564.sys [765952 2009-11-06] (Broadcom Corporation)
R1 BdAgent; C:\WINDOWS\System32\DRIVERS\BdAgent.sys [174744 2016-09-20] (BullGuard Ltd.)
R0 BdNet; C:\WINDOWS\System32\DRIVERS\BdNet.sys [155568 2017-06-28] (BullGuard Ltd.)
R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [84376 2017-10-23] (BullGuard Ltd.)
R1 BdSpy; C:\WINDOWS\System32\drivers\BdSpy.sys [94952 2015-11-25] (BullGuard Ltd.)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-05-27] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2016-04-14] (BitDefender S.R.L.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
R3 V0700Vid; C:\WINDOWS\system32\DRIVERS\V0700Vid.sys [393920 2011-09-06] (Creative Technology Ltd.)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-06-30] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\WINDOWS\system32\DRIVERS\virtualnet.sys [17408 2013-06-30] (Shrew Soft Inc) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-31 19:52 - 2017-10-31 19:56 - 000017305 _____ C:\Users\Owner\Desktop\FRST.txt
2017-10-31 19:52 - 2017-10-31 19:52 - 000000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion
2017-10-31 19:51 - 2017-10-31 19:52 - 000000000 ____D C:\FRST
2017-10-31 19:47 - 2017-10-31 19:49 - 002403328 _____ (Farbar) C:\Users\Owner\Downloads\FRST64(1).exe
2017-10-31 06:44 - 2017-10-31 06:44 - 000000000 ___HD C:\OneDriveTemp
2017-10-30 20:49 - 2017-10-30 20:49 - 000126779 _____ C:\Users\Owner\Downloads\Re__Keyboard_Lessons_-_Autumn_Term_2.zip
2017-10-29 18:21 - 2017-10-29 18:21 - 000064079 _____ C:\Users\Owner\Downloads\Timetable - Sophia.pdf
2017-10-25 11:25 - 2017-10-25 11:25 - 000131651 _____ C:\Users\Owner\Downloads\Gyproc-cove-127-Mitre-template.pdf
2017-10-25 11:19 - 2017-10-25 11:19 - 000328535 _____ C:\Users\Owner\Downloads\DS-Gyproc-Cove-Cornice.pdf
2017-10-24 05:17 - 2017-10-24 05:17 - 000571360 _____ C:\WINDOWS\system32\.tmp
2017-10-23 18:01 - 2017-10-23 18:01 - 000171192 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BgGamingMonitor.dll
2017-10-23 18:01 - 2017-10-23 18:01 - 000152640 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BgGamingMonitor.dll
2017-10-23 18:01 - 2017-10-23 18:01 - 000084376 _____ (BullGuard Ltd.) C:\WINDOWS\system32\Drivers\BdSentry.sys
2017-10-23 18:01 - 2017-10-23 18:01 - 000076568 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BGLsp.dll
2017-10-23 18:01 - 2017-10-23 18:01 - 000061720 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BGLsp.dll
2017-10-22 19:05 - 2017-10-31 19:35 - 000147456 _____ C:\Users\Owner\Desktop\AHLTD310717.xls
2017-10-22 11:12 - 2017-10-22 11:12 - 014705377 _____ C:\Users\Owner\Downloads\combinepdf(2).pdf
2017-10-21 14:35 - 2017-10-21 14:35 - 000009657 _____ C:\Users\Owner\Downloads\Quote_555636_EdwardYork_21-10-17-11-28.pdf
2017-10-21 14:35 - 2017-10-21 14:35 - 000009656 _____ C:\Users\Owner\Downloads\Quote_555635_EdwardYork_21-10-17-11-28.pdf
2017-10-21 14:35 - 2017-10-21 14:35 - 000009651 _____ C:\Users\Owner\Downloads\Quote_555637_EdwardYork_21-10-17-11-28.pdf
2017-10-21 14:35 - 2017-10-21 14:35 - 000009650 _____ C:\Users\Owner\Downloads\Quote_555638_EdwardYork_21-10-17-11-29.pdf
2017-10-19 05:29 - 2017-10-19 05:29 - 000102899 _____ C:\Users\Owner\Downloads\KS2_Maths_-_Reasoning_Paper_1_Part_1_-_Corrected.pdf
2017-10-16 20:36 - 2017-10-16 20:36 - 000577100 _____ C:\Users\Owner\Downloads\vehicle(2).pdf
2017-10-13 19:50 - 2017-10-13 19:50 - 000259681 _____ C:\Users\Owner\Downloads\Computing overview.87660530.pdf
2017-10-13 05:27 - 2017-10-13 05:27 - 005929727 _____ C:\Users\Owner\Downloads\fe-prospectus_0.pdf
2017-10-13 05:26 - 2017-10-13 05:26 - 002079795 _____ C:\Users\Owner\Downloads\supported_learning_prospectus_aug_2017_low_res.pdf
2017-10-12 08:19 - 2017-10-12 08:19 - 000333371 _____ C:\Users\Owner\Downloads\RV5 Final 452502.87660113.pdf
2017-10-11 08:18 - 2017-10-11 08:18 - 000303655 _____ C:\Users\Owner\Downloads\norwich_city_college_of_further_and_higher_education_10022603_pdf_final.pdf
2017-10-11 06:24 - 2017-10-11 06:24 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 06:16 - 2017-09-30 05:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-11 06:16 - 2017-09-30 05:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-11 06:16 - 2017-09-30 05:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-11 06:16 - 2017-09-30 05:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-11 06:16 - 2017-09-30 02:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-11 06:16 - 2017-09-30 02:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-11 06:16 - 2017-09-30 02:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-11 06:16 - 2017-09-30 02:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-11 06:16 - 2017-09-30 02:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-11 06:16 - 2017-09-30 02:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-11 06:16 - 2017-09-30 02:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-11 06:16 - 2017-09-30 02:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-11 06:16 - 2017-09-30 02:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-11 06:16 - 2017-09-30 02:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-11 06:16 - 2017-09-30 02:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-11 06:16 - 2017-09-30 02:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-11 06:16 - 2017-09-30 02:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-11 06:16 - 2017-09-30 02:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-11 06:16 - 2017-09-30 02:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-11 06:16 - 2017-09-30 02:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-11 06:16 - 2017-09-30 02:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-11 06:16 - 2017-09-30 02:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-11 06:16 - 2017-09-30 02:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-11 06:16 - 2017-09-30 02:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-11 06:16 - 2017-09-30 02:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-11 06:16 - 2017-09-30 02:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-11 06:16 - 2017-09-30 02:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-11 06:16 - 2017-09-30 02:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-11 06:16 - 2017-09-30 02:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-11 06:16 - 2017-09-30 02:02 - 001624096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2017-10-11 06:16 - 2017-09-30 02:02 - 001517464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-10-11 06:16 - 2017-09-30 02:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-11 06:16 - 2017-09-30 02:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-11 06:16 - 2017-09-29 07:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-11 06:16 - 2017-09-29 07:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-11 06:16 - 2017-09-29 07:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-11 06:16 - 2017-09-29 07:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-11 06:16 - 2017-09-29 07:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-11 06:16 - 2017-09-29 07:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-11 06:16 - 2017-09-29 07:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-11 06:16 - 2017-09-29 07:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-11 06:16 - 2017-09-29 07:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-11 06:16 - 2017-09-29 07:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-11 06:16 - 2017-09-29 07:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-11 06:16 - 2017-09-29 07:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-11 06:16 - 2017-09-29 07:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-11 06:16 - 2017-09-29 07:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-11 06:16 - 2017-09-29 07:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-11 06:16 - 2017-09-29 07:38 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2017-10-11 06:16 - 2017-09-29 07:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-11 06:16 - 2017-09-29 07:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-11 06:16 - 2017-09-29 07:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-11 06:16 - 2017-09-29 07:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-11 06:16 - 2017-09-29 07:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-11 06:16 - 2017-09-29 07:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-11 06:16 - 2017-09-29 07:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-11 06:16 - 2017-09-29 07:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-11 06:16 - 2017-09-29 07:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-11 06:16 - 2017-09-29 07:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-11 06:16 - 2017-09-29 07:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-11 06:16 - 2017-09-29 07:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-11 06:16 - 2017-09-29 07:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-11 06:16 - 2017-09-29 07:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-11 06:16 - 2017-09-29 07:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-11 06:16 - 2017-09-29 07:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-11 06:16 - 2017-09-29 07:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-11 06:16 - 2017-09-29 07:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-11 06:16 - 2017-09-29 07:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-11 06:16 - 2017-09-29 07:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-11 06:16 - 2017-09-29 07:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-11 06:16 - 2017-09-29 07:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-11 06:16 - 2017-09-29 07:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-11 06:16 - 2017-09-29 07:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-11 06:16 - 2017-09-29 07:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-11 06:16 - 2017-09-29 07:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-11 06:16 - 2017-09-29 07:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-11 06:16 - 2017-09-29 07:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-11 06:16 - 2017-09-29 07:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-11 06:16 - 2017-09-29 07:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-11 06:16 - 2017-09-29 07:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 06:16 - 2017-09-29 07:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 06:16 - 2017-09-29 05:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-11 06:16 - 2017-09-29 05:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-11 06:16 - 2017-09-20 15:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-11 06:16 - 2017-09-20 15:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-11 06:16 - 2017-09-20 15:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-11 06:16 - 2017-09-18 23:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-11 06:16 - 2017-09-18 22:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-11 06:16 - 2017-09-18 22:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-11 06:15 - 2017-09-30 05:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-11 06:15 - 2017-09-30 05:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 06:15 - 2017-09-30 05:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-11 06:15 - 2017-09-30 05:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 06:15 - 2017-09-30 05:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-11 06:15 - 2017-09-30 05:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-11 06:15 - 2017-09-30 05:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-11 06:15 - 2017-09-30 05:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-11 06:15 - 2017-09-30 05:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-11 06:15 - 2017-09-30 05:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 06:15 - 2017-09-30 05:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-11 06:15 - 2017-09-30 05:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 06:15 - 2017-09-30 05:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-11 06:15 - 2017-09-30 05:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-11 06:15 - 2017-09-30 05:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-11 06:15 - 2017-09-30 05:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-11 06:15 - 2017-09-30 05:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-11 06:15 - 2017-09-30 05:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-11 06:15 - 2017-09-30 05:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-11 06:15 - 2017-09-30 05:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-11 06:15 - 2017-09-30 05:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-11 06:15 - 2017-09-30 05:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-11 06:15 - 2017-09-30 05:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-11 06:15 - 2017-09-30 05:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-11 06:15 - 2017-09-30 05:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-11 06:15 - 2017-09-30 05:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-11 06:15 - 2017-09-30 05:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-11 06:15 - 2017-09-30 05:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-11 06:15 - 2017-09-30 05:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-11 06:15 - 2017-09-30 05:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-11 06:15 - 2017-09-30 05:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-11 06:15 - 2017-09-30 05:40 - 000849816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-10-11 06:15 - 2017-09-30 05:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-11 06:15 - 2017-09-30 05:40 - 000701336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-10-11 06:15 - 2017-09-30 05:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-11 06:15 - 2017-09-30 05:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-11 06:15 - 2017-09-30 05:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-11 06:15 - 2017-09-30 05:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-11 06:15 - 2017-09-30 05:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-11 06:15 - 2017-09-30 05:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 06:15 - 2017-09-30 05:39 - 001694104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-10-11 06:15 - 2017-09-30 05:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 06:15 - 2017-09-30 05:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 06:15 - 2017-09-30 05:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-11 06:15 - 2017-09-30 05:38 - 001854872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-10-11 06:15 - 2017-09-30 05:37 - 002377112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2017-10-11 06:15 - 2017-09-30 05:37 - 002229144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-10-11 06:15 - 2017-09-30 05:37 - 001464728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-10-11 06:15 - 2017-09-30 05:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-11 06:15 - 2017-09-30 05:36 - 000855960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-10-11 06:15 - 2017-09-30 05:36 - 000675224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-10-11 06:15 - 2017-09-30 05:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-11 06:15 - 2017-09-30 02:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-11 06:15 - 2017-09-29 07:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-11 06:15 - 2017-09-29 07:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-11 06:15 - 2017-09-29 07:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-11 06:15 - 2017-09-29 07:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-11 06:15 - 2017-09-29 07:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-11 06:15 - 2017-09-29 07:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-11 06:15 - 2017-09-29 07:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-11 06:15 - 2017-09-29 07:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-11 06:15 - 2017-09-29 07:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-11 06:15 - 2017-09-29 07:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-11 06:15 - 2017-09-29 07:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-11 06:15 - 2017-09-29 07:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-11 06:15 - 2017-09-29 07:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-11 06:15 - 2017-09-29 07:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-11 06:15 - 2017-09-29 07:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-11 06:15 - 2017-09-29 07:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-11 06:15 - 2017-09-29 07:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-11 06:15 - 2017-09-29 07:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-11 06:15 - 2017-09-29 07:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 06:15 - 2017-09-29 07:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 06:15 - 2017-09-29 07:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-11 06:15 - 2017-09-29 07:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-11 06:15 - 2017-09-29 07:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-11 06:15 - 2017-09-29 07:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-11 06:15 - 2017-09-29 07:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-11 06:15 - 2017-09-29 07:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 06:15 - 2017-09-29 07:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 06:15 - 2017-09-29 07:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-11 06:15 - 2017-09-29 07:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-11 06:15 - 2017-09-29 07:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-11 06:15 - 2017-09-29 07:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-11 06:15 - 2017-09-29 07:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-11 06:15 - 2017-09-29 07:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-11 06:15 - 2017-09-29 07:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-11 06:15 - 2017-09-29 07:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-11 06:15 - 2017-09-29 07:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-11 06:15 - 2017-09-29 07:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 06:15 - 2017-09-29 07:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 06:15 - 2017-09-29 07:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-11 06:15 - 2017-09-29 07:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-11 06:15 - 2017-09-29 07:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-11 06:15 - 2017-09-29 07:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-11 06:15 - 2017-09-29 07:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-11 06:15 - 2017-09-29 07:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-11 06:15 - 2017-09-29 07:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-11 06:15 - 2017-09-29 07:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-11 06:15 - 2017-09-29 07:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 06:15 - 2017-09-29 07:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-11 06:15 - 2017-09-29 07:26 - 001197568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2017-10-11 06:15 - 2017-09-29 07:26 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2017-10-11 06:15 - 2017-09-29 07:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-11 06:15 - 2017-09-29 07:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-11 06:15 - 2017-09-29 07:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-11 06:15 - 2017-09-29 07:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-11 06:15 - 2017-09-29 07:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-11 06:15 - 2017-09-29 07:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-11 06:15 - 2017-09-29 07:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 06:15 - 2017-09-29 07:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-11 06:15 - 2017-09-29 07:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 06:15 - 2017-09-29 07:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-11 06:15 - 2017-09-29 07:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-11 06:15 - 2017-09-29 07:24 - 001201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2017-10-11 06:15 - 2017-09-29 07:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-11 06:15 - 2017-09-29 07:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 002195968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-11 06:15 - 2017-09-29 07:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 06:15 - 2017-09-29 07:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-11 06:15 - 2017-09-29 07:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-11 06:15 - 2017-09-29 07:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 06:15 - 2017-09-29 07:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-11 06:15 - 2017-09-29 07:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-11 06:15 - 2017-09-29 07:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-11 06:15 - 2017-09-29 07:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 06:15 - 2017-09-29 07:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-11 06:15 - 2017-09-29 07:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 06:15 - 2017-09-29 07:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-11 06:15 - 2017-09-29 07:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-11 06:15 - 2017-09-29 07:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-11 06:15 - 2017-09-29 07:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-11 06:15 - 2017-09-29 07:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-11 06:15 - 2017-09-29 07:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-11 06:15 - 2017-09-29 07:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-11 06:15 - 2017-09-29 07:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-11 06:15 - 2017-09-29 07:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-11 06:15 - 2017-09-29 07:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-11 06:15 - 2017-09-29 07:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-11 06:15 - 2017-09-29 07:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-11 06:15 - 2017-09-29 07:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-11 06:15 - 2017-09-29 07:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-11 06:15 - 2017-09-29 07:18 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2017-10-11 06:15 - 2017-09-29 07:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-11 06:15 - 2017-09-29 07:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-11 06:15 - 2017-09-18 23:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-11 06:15 - 2017-09-18 23:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-11 06:15 - 2017-09-18 23:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-11 06:15 - 2017-09-18 23:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-11 06:15 - 2017-09-18 23:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-11 06:15 - 2017-09-18 23:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-11 06:15 - 2017-09-18 23:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-11 06:15 - 2017-09-18 22:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-11 06:15 - 2017-09-18 22:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-10-11 06:14 - 2017-09-29 07:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 06:14 - 2017-09-29 07:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-11 06:14 - 2017-09-29 07:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-11 06:14 - 2017-09-29 07:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-11 06:14 - 2017-09-29 07:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-11 06:14 - 2017-09-29 07:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-11 06:14 - 2017-09-29 07:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-11 06:14 - 2017-09-29 07:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-11 06:14 - 2017-09-29 07:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-11 06:14 - 2017-09-29 07:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-11 06:14 - 2017-09-29 07:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 06:14 - 2017-09-29 07:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-11 06:14 - 2017-09-29 07:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-11 06:14 - 2017-09-29 07:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-11 06:14 - 2017-09-29 07:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-11 06:14 - 2017-09-18 22:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-11 06:14 - 2017-09-18 22:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-09 12:31 - 2017-10-09 12:31 - 000207582 _____ C:\Users\Owner\Downloads\List_of_Staff-_6th-form-2017.pdf
2017-10-08 18:44 - 2017-10-08 18:44 - 000385348 _____ C:\Users\Owner\Downloads\vehicle(1).pdf
2017-10-08 15:06 - 2017-10-08 15:06 - 000118322 _____ C:\Users\Owner\Downloads\Konectbus_4_17092017_ii(1).pdf
2017-10-05 16:32 - 2017-10-05 18:01 - 000014370 _____ C:\Users\Owner\Documents\EA17TUV Finance calculations.xlsx
2017-10-03 20:09 - 2017-10-03 20:09 - 001594541 _____ C:\Users\Owner\Downloads\FRS-102-WEB-Ready-2015.pdf
2017-10-03 20:05 - 2017-10-03 20:05 - 000153409 _____ C:\Users\Owner\Downloads\application-pdf(2)
2017-10-03 12:13 - 2017-10-03 12:13 - 000629797 _____ C:\Users\Owner\Downloads\15.9.17-newsletter.pdf
2017-10-03 12:12 - 2017-10-03 12:12 - 000554416 _____ C:\Users\Owner\Downloads\29.9.17-newsletter.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-31 19:56 - 2015-07-20 16:16 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2017-10-31 19:56 - 2015-03-09 13:00 - 000000000 ____D C:\ProgramData\BullGuard
2017-10-31 19:52 - 2017-06-17 12:38 - 002403328 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2017-10-31 18:06 - 2017-07-14 06:22 - 000000426 _____ C:\WINDOWS\BRWMARK.INI
2017-10-31 17:44 - 2017-07-14 06:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-31 16:59 - 2017-03-18 21:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-31 16:59 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-31 07:58 - 2015-09-20 07:51 - 000000000 ____D C:\Users\Owner\Documents\Sophia School
2017-10-31 07:17 - 2016-11-16 06:33 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-10-31 06:50 - 2017-07-14 06:38 - 001699382 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-31 06:44 - 2017-07-14 06:24 - 000000000 ____D C:\Users\Owner
2017-10-31 06:44 - 2015-03-10 16:49 - 000000000 ___RD C:\Users\Owner\OneDrive
2017-10-31 06:43 - 2017-07-14 06:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-31 06:43 - 2017-07-14 06:22 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-31 06:43 - 2016-11-15 22:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-31 06:43 - 2015-03-10 17:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-30 22:43 - 2017-03-18 11:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-10-30 19:47 - 2015-03-06 09:14 - 000000000 ____D C:\Users\Owner\AppData\Local\Packages
2017-10-30 06:23 - 2017-03-18 21:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-30 06:21 - 2017-03-18 21:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-30 06:20 - 2015-03-06 11:45 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-10-30 06:19 - 2017-07-14 06:18 - 000389096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-29 16:36 - 2017-07-26 19:28 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-857570284-1745001965-2900836374-1001
2017-10-29 16:35 - 2016-07-25 17:42 - 000002398 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-25 18:41 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 18:41 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-25 14:13 - 2015-03-10 18:57 - 000000000 ____D C:\Users\Owner\Documents\Refurb files
2017-10-25 06:35 - 2016-07-22 10:10 - 000001464 _____ C:\Users\Owner\Desktop\Roblox Player.lnk
2017-10-25 06:35 - 2016-07-22 10:09 - 000001279 _____ C:\Users\Owner\Desktop\Roblox Studio.lnk
2017-10-25 06:35 - 2016-07-22 10:09 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-10-24 05:20 - 2015-03-09 13:02 - 000000000 ____D C:\Users\Owner\AppData\Roaming\BullGuard
2017-10-23 20:46 - 2015-03-10 17:15 - 000000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2017-10-18 06:22 - 2016-08-25 18:13 - 000000000 ____D C:\ProgramData\Origin
2017-10-18 06:12 - 2016-08-25 18:15 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Origin
2017-10-18 06:11 - 2016-08-25 18:11 - 000000000 ____D C:\Program Files (x86)\Origin
2017-10-18 06:11 - 2015-03-06 11:32 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-18 04:24 - 2017-03-18 20:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-15 12:13 - 2017-09-12 19:23 - 000000000 ____D C:\Users\Owner\Documents\Sophia Piano
2017-10-13 00:21 - 2017-03-18 21:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 00:21 - 2017-03-18 21:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 20:37 - 2017-02-04 20:59 - 000000000 ____D C:\Users\Owner\AppData\Roaming\dvdcss
2017-10-12 07:04 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-11 20:20 - 2016-04-27 05:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-11 20:16 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-10-11 20:16 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-10-11 20:16 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-11 20:16 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-11 20:16 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-10-11 20:15 - 2017-03-18 21:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-11 20:15 - 2017-03-18 21:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-11 06:27 - 2015-03-06 09:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 06:23 - 2015-03-06 09:46 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2017-07-14 06:21 - 2017-07-14 06:21 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-22 08:07

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by Owner (31-10-2017 19:58:29)
Running from C:\Users\Owner\Desktop
Windows 10 Pro Version 1703 15063.674 (X64) (2017-07-14 06:50:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-857570284-1745001965-2900836374-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-857570284-1745001965-2900836374-503 - Limited - Disabled)
Guest (S-1-5-21-857570284-1745001965-2900836374-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-857570284-1745001965-2900836374-1003 - Limited - Enabled)
Owner (S-1-5-21-857570284-1745001965-2900836374-1001 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: BullGuard Antivirus (Enabled - Up to date) {13E9CAA5-762A-794E-2DA9-245D5622A105}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: BullGuard Antispyware (Enabled - Up to date) {A8882B41-5010-76C0-1719-1F2F2DA5EBB8}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall (Enabled) {2BD24B80-3C45-7816-06F6-8D68A8F1E67E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

[email protected] ISO Burner 4 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 4 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 18.0 - BullGuard Ltd.)
Creative Live! Cam Chat HD (VF0700) (1.00.06.00) (HKLM\...\Creative VF0700) (Version:  - Creative Technology Ltd.)
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 5.06 - NCH Software)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{08B90A20-95D3-4725-84B9-AF6553E06C4F}) (Version: 5.0.10.2850 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
LeapFrog Connect (HKLM-x32\...\{5B0F473D-7E18-477F-99DC-3745D5A711E9}) (Version: 7.0.6.19846 - LeapFrog) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog)
LeapFrog LeapPad Explorer Plugin (HKLM-x32\...\{50B93E1B-EBA1-46AE-909F-10F6F97E1505}) (Version: 7.0.6.19846 - LeapFrog) Hidden
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.8528.2147 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-857570284-1745001965-2900836374-1001\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 56.0.2 (x64 en-GB)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.3.59240 - Electronic Arts, Inc.)
Play Wireless USB Adapter (HKLM-x32\...\{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin) Hidden
Play Wireless USB Adapter (HKLM-x32\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Roblox Player for Owner (HKU\S-1-5-21-857570284-1745001965-2900836374-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
ROBLOX Studio for Owner (HKU\S-1-5-21-857570284-1745001965-2900836374-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 17.12.8 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-10-23] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-10-23] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-10-23] (BullGuard Ltd.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [bgshellext] -> {F4BF1657-195F-4A0F-ACA2-9AE99D65BC0E} => C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll [2017-10-23] (BullGuard Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CB88190-F1AE-43FE-95BF-F9F788F590C6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-10-29] (Microsoft Corporation)
Task: {1734B589-5D00-4861-A3F6-0488B25B4A71} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {2E2B7BB2-C168-4A91-8058-0BDF1A75C439} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {52B40B26-B342-4B4E-9E2A-2DEEA059F114} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-23] (Microsoft Corporation)
Task: {88E0D73D-1DDB-48A7-9C65-25A9D004F281} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {8A3F5800-61D4-4460-A208-610C37EEE00C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-23] (Microsoft Corporation)
Task: {9A65ABC5-64E1-4E33-9D37-E157DB2B7BC5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-26] ()
Task: {A85152E4-2EA6-4A3D-80E1-DB0100F041B0} - System32\Tasks\BullGuard\BullGuardUpdate2 => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2017-10-23] (BullGuard Ltd.)
Task: {B44ABFB8-412B-4849-ACFE-F7228D8BA57F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {CE7A89D7-F170-4734-A17E-A302773EA778} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-26] ()
Task: {EEE81D54-C24A-4B5B-B390-AB974428562B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-10-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Owner\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-07-14 06:22 - 2016-11-14 11:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-10-23 18:01 - 2017-10-23 18:00 - 000727320 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2017-10-23 18:01 - 2017-10-23 18:01 - 000084248 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2017-10-23 18:01 - 2017-10-23 18:00 - 000644888 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2016-07-05 14:23 - 2016-07-05 14:23 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 14:23 - 2016-07-05 14:23 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-23 18:01 - 2017-10-23 18:01 - 000064792 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2009-12-28 17:25 - 2009-12-28 17:25 - 000036864 _____ () C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
2017-03-18 20:58 - 2017-03-18 20:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-05-08 08:05 - 2017-10-20 05:35 - 008929464 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 20:59 - 2017-03-20 03:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2009-11-25 18:45 - 2009-11-25 18:45 - 000110592 _____ () C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
2017-09-14 05:20 - 2017-09-14 05:21 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-05 04:57 - 2017-10-05 04:59 - 000021504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-10-05 04:57 - 2017-10-05 04:59 - 048839168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 04:57 - 2017-10-05 04:59 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-10-05 04:57 - 2017-10-05 04:59 - 000164352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-05 04:57 - 2017-10-05 04:59 - 000352256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-10-05 04:57 - 2017-10-05 04:59 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-10-05 04:57 - 2017-10-05 04:59 - 002836480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-10-05 04:57 - 2017-10-05 04:59 - 020559872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-10-05 04:57 - 2017-10-05 04:59 - 002705408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-10-05 04:57 - 2017-10-05 04:57 - 003128320 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-29 06:05 - 2017-08-29 06:05 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-05 04:57 - 2017-10-05 04:59 - 000118784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\ExploreModel.dll
2017-10-05 04:57 - 2017-10-05 04:59 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-10-05 04:57 - 2017-10-05 04:59 - 001380864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-10-05 04:57 - 2017-10-05 04:57 - 000367616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AnimatedGIF.dll
2017-10-26 06:09 - 2017-10-26 06:10 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-10-26 06:09 - 2017-10-26 06:10 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-10-26 06:09 - 2017-10-26 06:10 - 025446400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-10-26 06:09 - 2017-10-26 06:10 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-10-26 06:09 - 2017-10-26 06:10 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2009-09-15 19:17 - 2009-09-15 19:17 - 000200704 ____N () C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
2016-05-08 08:00 - 2017-10-20 05:33 - 001010856 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-05-08 08:05 - 2017-10-20 05:34 - 000538288 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll
2017-08-17 15:51 - 2017-08-17 15:51 - 001993184 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2017-03-24 13:59 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-857570284-1745001965-2900836374-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Monitor"
HKU\S-1-5-21-857570284-1745001965-2900836374-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1B2AF49E-02E0-4EBC-95A5-EA09900B1F61}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{83389FC9-376D-414D-B08E-9519C6328BA2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3A1E627C-6786-4C94-B280-13B4E97FAFBD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7211F9DF-0FE1-4257-B8E7-7F062A03C833}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1ADF47F1-FCAC-4E1E-8970-228B5D6075EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8EC8CBC9-6EEA-4D5F-98B3-FA0FC4C2490B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{491C3300-C523-42C2-96A5-432B7656EE9F}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3A0818A1-7686-4A53-9D6B-2A0B1141ECCB}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F8A90493-3A75-4392-BFB8-6E3979BD19B1}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{ECD7C2C3-7859-4993-AC0D-7025C513B3F4}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F6B71108-5961-4A8E-A3EF-1B3F6FDBF423}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{C4C30DB3-76BA-4A0C-824F-9E2538AD2088}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{8730179A-2BEC-4EE7-BDF7-D36C5120D1CB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Restore Points =========================

09-10-2017 07:28:38 Scheduled Checkpoint
18-10-2017 04:23:46 Windows Update
30-10-2017 06:33:23 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2017 08:01:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TOWER)
Description: Package Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (10/31/2017 07:29:25 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/31/2017 06:49:06 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/30/2017 06:24:38 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/30/2017 06:22:42 AM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x80070005).

Error: (10/30/2017 06:22:42 AM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x80070005.

Error: (10/29/2017 06:09:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/29/2017 04:41:10 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/26/2017 06:12:07 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/26/2017 06:05:06 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {605BE43D-2871-451F-8B8E-9129F2CCAB3B}


System errors:
=============
Error: (10/31/2017 06:55:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/31/2017 07:19:52 AM) (Source: DCOM) (EventID: 10016) (User: TOWER)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Tower\Owner SID (S-1-5-21-857570284-1745001965-2900836374-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/31/2017 06:47:06 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (10/31/2017 06:44:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/31/2017 06:44:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (10/31/2017 06:43:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (10/30/2017 10:43:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BsFileScan service.

Error: (10/30/2017 10:42:28 PM) (Source: DCOM) (EventID: 10010) (User: TOWER)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (10/30/2017 07:44:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/30/2017 06:22:57 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2017-10-31 06:43:22.734
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-30 06:18:50.631
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-29 16:30:42.940
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-26 09:47:54.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-26 07:02:35.776
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-25 06:33:19.978
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-24 06:17:08.962
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-23 06:38:04.510
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-22 08:42:21.816
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-21 07:41:46.468
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4160 CPU @ 3.60GHz
Percentage of memory in use: 75%
Total physical RAM: 4031.83 MB
Available physical RAM: 984.68 MB
Total Virtual: 8904.55 MB
Available Virtual: 2022.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.98 GB) (Free:416.43 GB) NTFS
Drive d: (MONEY) (Removable) (Total:14.43 GB) (Free:14.14 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DF632CCF)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 5D405CD7)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

I'd be grateful for any help offered.

 

Regards

 

RSP


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,894 posts
  • MVP

Try starting Firefox in Safe Mode:

 

https://www.wikihow....ox-in-Safe-Mode

 

If that makes a difference it's one of your extensions.

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo.com/download_speccy/ (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP