Jump to content

joddle

Members
 View Profile  See their activity

  • Posts

    418

  • Joined

  • Last visited

  • Days Won

    4

 Content Type 

Everything posted by joddle

  1. joddle
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 01 Ran by Josh (19-10-2017 08:22:15) Running from C:\Users\joshi\Desktop Windows 10 Pro Version 1703 15063.674 (X64) (2017-06-14 19:48:48) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-205630320-448354025-1664443452-500 - Administrator - Disabled) ASPNET (S-1-5-21-205630320-448354025-1664443452-1002 - Limited - Enabled) DefaultAccount (S-1-5-21-205630320-448354025-1664443452-503 - Limited - Disabled) Guest (S-1-5-21-205630320-448354025-1664443452-501 - Limited - Enabled) Josh (S-1-5-21-205630320-448354025-1664443452-1001 - Administrator - Enabled) => C:\Users\joshi ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) ABBYY FineReader 11 (HKLM-x32\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.169 - ABBYY) Adobe Acrobat 8.1.0 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.1.0 - Adobe Systems) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) ANT Drivers Installer x64 (HKLM\...\{B9218A36-7AD3-4046-8D77-31F51DC0D795}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Avira (HKLM-x32\...\{5aafdcfa-1dc4-4c8e-9171-d68f7578dcb2}) (Version: 1.2.98.24768 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{857417D9-30F6-4899-9DEE-59785B7A895A}) (Version: 1.2.98.24768 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.32.12 - Avira Operations GmbH & Co. KG) Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dot4 (HKLM\...\{3EEDA265-C6F3-4EC1-A317-1C9315DEDDDE}) (Version: 1.0.0.0 - HP) Elevated Installer (HKLM-x32\...\{B85F70BE-A5A3-48A2-A790-AF6001F026E0}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden FastStone Photo Resizer 3.5 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.5 - FastStone Soft.) Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries) Garmin City Navigator Europe NT 2017.10 (HKLM-x32\...\{C2E4DB83-144A-4D88-A1A7-E8433874AC2A}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{5b328687-2baf-4fb6-b6c7-c49fb4840cba}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{5F4164CE-621E-4AFD-BBFE-1BBE2299710E}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (HKLM-x32\...\{4E9533AB-7743-4B73-A5D2-42207E159E11}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.) Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - ) HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl) Jump Ahead 2000 Preschool v2.0 (HKLM-x32\...\JA2000PR_2.0) (Version: - ) Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - ) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.4.0.6486 - Mozilla) Mozilla Thunderbird 52.4.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 en-GB)) (Version: 52.4.0 - Mozilla) Novabench (HKLM\...\{CC27A05D-9D9A-43C7-B202-96A0BAAC86B9}) (Version: 4.0.1 - Novawave Inc.) PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) RealDownloader (HKLM-x32\...\{2275115D-1431-4A62-A98F-2F0393815327}) (Version: 18.1.9.106 - RealNetworks, Inc.) Hidden RealDownloader (HKLM-x32\...\{45bcec97-14a2-4e10-a129-58d2d0b34398}) (Version: 18.1.9.106 - RealNetworks) Hidden RealDownloader (HKLM-x32\...\{85584A8B-8989-42AA-81A0-80ABF61EFAF1}) (Version: 18.1.9.106 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.9 - RealNetworks) RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden Scan Tailor (HKLM-x32\...\Scan Tailor) (Version: - ) Shotcut (HKLM-x32\...\Shotcut) (Version: - ) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.) SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7280 - Analog Devices) Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform) SPSS Statistics 17.0 (HKLM-x32\...\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}) (Version: 17.0.0 - SPSS Inc.) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden Video Downloader (HKLM-x32\...\{4C68AE5C-915A-492A-AFCD-B630ECB9522D}) (Version: 18.1.9 - RealNetworks) Hidden VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) vs2015_redist x64 (HKLM\...\{EAED8692-5B63-4665-B857-D626633691DA}) (Version: 1.0.0.0 - Realnetworks) Hidden vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden VSDC Free Video Editor version 5.7.8.724 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.8.724 - Flash-Integro LLC) WhatsApp (HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\WhatsApp) (Version: 0.2.6426 - WhatsApp) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-205630320-448354025-1664443452-1001_Classes\CLSID\{96796C34-5460-E15F-894A-D38EF5BBCEDE}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-11] (Adobe Systems Inc.) ContextMenuHandlers1: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2014-02-19] (ABBYY Production LLC) ContextMenuHandlers1: [shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-10-12] (Avira Operations GmbH & Co. KG) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers3-x32: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-09-21] (RealNetworks, Inc.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-11] (Adobe Systems Inc.) ContextMenuHandlers6: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2014-02-19] (ABBYY Production LLC) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers6: [shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-10-12] (Avira Operations GmbH & Co. KG) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2531BCCF-CE0F-4EAB-91BE-2C352CCBA65D} - System32\Tasks\{7CFDA236-0A64-4177-B209-C5B1EEE17BC6} => "c:\windows\system32\launchwinapp.exe" hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsBing Task: {76123D1E-DCBA-4B12-9118-914EC942A315} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-10-09] () Task: {8A361CCE-87A6-41E3-AA2E-C5AB7B2B4F77} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe Task: {8FD9940C-81B3-4031-B4DE-A658B982CB6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-16] (Google Inc.) Task: {9A84B012-3241-499D-A2F4-3C4D4BCD3DEA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {9B285063-831A-4BDE-8043-DE169624B86D} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {A627F4D3-6625-49BB-9618-2BBF832BB2FC} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\RealDownloader\downloader2.exe [2017-08-17] () Task: {AE7980CA-AF94-4DC8-9D0A-E00AA2039316} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-16] (Google Inc.) Task: {B74307DD-A10D-4D17-913A-FBB62F0D73F7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-205630320-448354025-1664443452-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [2017-08-17] (RealNetworks, Inc.) Task: {C327F00A-B473-4CCC-AFD3-FB9585906D80} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd) Task: {E40AC95F-90EA-41C5-901E-EBE8D2C1F01F} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-10-12] (Avira Operations GmbH & Co. KG) Task: {F7CA35CE-FCA4-4C90-A250-4CD0A8C9754D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-205630320-448354025-1664443452-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [2017-08-17] (RealNetworks, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 22:59 - 2017-03-20 05:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-08-17 15:21 - 2017-08-17 15:21 - 001259704 _____ () C:\Program Files (x86)\Real\RealDownloader\downloader2.exe 2017-09-14 08:03 - 2017-09-14 08:04 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-10-05 07:38 - 2017-10-05 07:38 - 010634752 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2017-10-05 07:38 - 2017-10-05 07:38 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll 2017-09-21 07:42 - 2017-09-21 07:42 - 000101200 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 09:24 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-205630320-448354025-1664443452-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C4DDB210-7B8E-418C-B818-6BC8AA136146}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe FirewallRules: [{0664BB01-2EB4-4A29-B7B2-E0B2BB12A499}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe FirewallRules: [{BF7AEAC7-E524-4257-B846-99FEBC007910}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe FirewallRules: [{F8435D4C-5149-4F7B-9ABC-417B1FA086D9}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe FirewallRules: [{D3E6FDC2-E615-44B2-99E0-BB88DF536A9D}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{C86421C0-7659-4445-A9A2-5C8C9447737C}] => (Allow) LPort=5357 FirewallRules: [{17CCEEF5-31F9-4939-8C53-CE81B9549175}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe FirewallRules: [uDP Query User{CD301444-528A-450B-838D-2D7BF6797AC4}E:\archive\installation\tp-link\powerline utility\powerline scan.exe] => (Allow) E:\archive\installation\tp-link\powerline utility\powerline scan.exe FirewallRules: [TCP Query User{488B0530-C874-43DD-90B9-F46BB29FB1AA}E:\archive\installation\tp-link\powerline utility\powerline scan.exe] => (Allow) E:\archive\installation\tp-link\powerline utility\powerline scan.exe FirewallRules: [TCP Query User{AE617C0A-68CF-475A-A668-B73C1A6C2922}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe FirewallRules: [uDP Query User{57B775C6-9AE7-4E3A-858A-D11563096800}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe FirewallRules: [{809B8AB4-7262-419D-950E-8DBF5F97AB2A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{21FDDE6F-7BE9-453F-99AB-83FC39D1D84F}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Block) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe FirewallRules: [uDP Query User{480C3295-6436-440F-A0E7-1AC81F434239}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Block) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe FirewallRules: [{819CAABA-F439-48CC-8950-141798A1716E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D104222D-4091-450A-AFAA-ADE691AB4146}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{1F617F90-F5F3-4373-94E9-8D4487C00070}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{588C7B32-C754-442B-BFFA-A2B2834D68B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{3D924AE2-B0FB-4A32-8295-C42BE8202514}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\statistics.com FirewallRules: [{D4BEA1AE-B438-47B5-A725-3964E55A31B9}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\statistics.com FirewallRules: [{A0F2951B-05BC-4AB7-89E3-C6DD39FC9D87}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\SPSSWinWrapIDE.exe FirewallRules: [{B745DFB8-EEB8-438C-B4B2-385D1FB122E4}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\SPSSWinWrapIDE.exe FirewallRules: [{71039857-FB2D-4930-AB25-F679A6499C67}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\statistics.exe FirewallRules: [{0540460D-19D9-4524-B4A6-4B4929E018F0}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\statistics.exe FirewallRules: [{BA27155A-06F0-4942-B24A-02360C7EE0FD}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{5C609FA8-8D71-4841-AD9C-F6BC8CFC23A1}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{8C123CA1-9FAA-4557-BA92-C80EA3ACD893}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe FirewallRules: [{905BD752-4FE7-4F9B-9C74-3FCAB19017FB}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe FirewallRules: [{A3108015-E39E-41B3-9698-A07414E16C13}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{8933588D-3738-4838-B524-681FFF56AA5B}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{A0FF0682-6E9A-4AA8-8C55-C187C97E2B08}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{93ED78AE-4848-4107-BC52-E21842A858DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{F4F547B6-C026-44FB-A871-C395904D7900}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [uDP Query User{AD1B8F40-CFD9-44D5-BA3D-29EBEC5DFE9F}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe ==================== Restore Points ========================= 02-10-2017 08:19:17 Scheduled Checkpoint 09-10-2017 15:27:11 Installed Novabench 17-10-2017 08:05:12 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: PCI Serial Port Description: PCI Serial Port Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/18/2017 07:34:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.674, time stamp: 0x59cdf479 Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b Exception code: 0xcfffffff Fault offset: 0x00000000000a5ef4 Faulting process ID: 0x3b68 Faulting application start time: 0x01d347d1085f766a Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report ID: f89035ee-d394-475c-9962-4d5741cb6841 Faulting package full name: Microsoft.MicrosoftEdge_40.15063.674.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess Error: (10/18/2017 07:34:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.674, time stamp: 0x59cdf479 Faulting module name: win32u.dll, version: 10.0.15063.608, time stamp: 0xd9592a17 Exception code: 0xcfffffff Fault offset: 0x0000000000001144 Faulting process ID: 0x3558 Faulting application start time: 0x01d347d1d2b17a5c Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: C:\WINDOWS\System32\win32u.dll Report ID: 3e2bfff4-15c8-4d62-9179-a3df46f098ea Faulting package full name: Microsoft.MicrosoftEdge_40.15063.674.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess Error: (10/18/2017 07:30:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: downloader2.exe, version: 18.1.9.106, time stamp: 0x599616f2 Faulting module name: downloader2.exe, version: 18.1.9.106, time stamp: 0x599616f2 Exception code: 0xc0000005 Fault offset: 0x000178db Faulting process ID: 0x348c Faulting application start time: 0x01d347d02fb3a0e7 Faulting application path: C:\Program Files (x86)\Real\RealDownloader\downloader2.exe Faulting module path: C:\Program Files (x86)\Real\RealDownloader\downloader2.exe Report ID: 1617fc97-1ad8-43c5-97eb-0ae4aa70c009 Faulting package full name: Faulting package-relative application ID: Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 104) (User: ) Description: qmgr.dll (10864) QmgrDatabaseInstance: The database engine stopped the instance (0) with error (-1090). Internal Timing Sequence: [1] 0.000005 +J(0) [2] 0.000021 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [3] 0.000003 +J(0) [4] 0.000003 +J(0) [5] 0.0 +J(0) [6] 0.000065 +J(0) +M(C:0K, Fs:2, WS:-44K # 0K, PF:-52K # 0K, P:-52K) [7] - [8] 0.008363 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [9] 0.001333 +J(0) +M(C:0K, Fs:2, WS:-28K # 0K, PF:-36K # 0K, P:-36K) [10] - [11] 0.000007 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] - [13] 0.000034 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K) [14] 0.000217 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-8K # 0K, P:-8K) [15] 0.000013 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-12K # 0K, P:-12K) [16] 0.000003 +J(0). Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 471) (User: ) Description: qmgr.dll (10864) QmgrDatabaseInstance: Unable to rollback operation #-75 on database C:\ProgramData\Microsoft\Network\Downloader\qmgr.db. Error: -510. All future database updates will be rejected. Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 492) (User: ) Description: qmgr.dll (10864) QmgrDatabaseInstance: The logfile sequence in "C:\ProgramData\Microsoft\Network\Downloader\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup. Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 413) (User: ) Description: qmgr.dll (10864) QmgrDatabaseInstance: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032. Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 488) (User: ) Description: qmgr.dll (10864) QmgrDatabaseInstance: An attempt to create the file "C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log" failed with system error 80 (0x00000050): "The file exists. ". The create file operation will fail with error -1814 (0xfffff8ea). Error: (10/15/2017 05:24:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RealPlayerUpdateSvc.exe, version: 18.1.9.106, time stamp: 0x599621f2 Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x802f667e Exception code: 0xc0000005 Fault offset: 0x00091cc2 Faulting process ID: 0xbb0 Faulting application start time: 0x01d345c586ab3f11 Faulting application path: C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report ID: dba7c64e-793b-479c-9554-31300ef6095c Faulting package full name: Faulting package-relative application ID: Error: (10/13/2017 11:24:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WhatsApp_ExecutionStub.exe, version: 0.2.6426.0, time stamp: 0x5931cd5c Faulting module name: WhatsApp_ExecutionStub.exe, version: 0.2.6426.0, time stamp: 0x5931cd5c Exception code: 0xc0000005 Fault offset: 0x00004729 Faulting process ID: 0x2674 Faulting application start time: 0x01d344051caa6eac Faulting application path: C:\Users\joshi\AppData\Local\WhatsApp\app-0.2.6426\WhatsApp_ExecutionStub.exe Faulting module path: C:\Users\joshi\AppData\Local\WhatsApp\app-0.2.6426\WhatsApp_ExecutionStub.exe Report ID: 91719e2e-86b8-4337-94ce-2f7b22ceb2d5 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/16/2017 10:33:24 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/16/2017 10:33:24 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/16/2017 10:33:21 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E6550 @ 2.33GHz Percentage of memory in use: 34% Total physical RAM: 8052.61 MB Available physical RAM: 5282.88 MB Total Virtual: 9332.61 MB Available Virtual: 6389.55 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:254.16 GB) (Free:104.24 GB) NTFS Drive d: (Files) (Fixed) (Total:594.9 GB) (Free:290.38 GB) NTFS Drive e: (Archive) (Fixed) (Total:1013.41 GB) (Free:376.64 GB) NTFS Drive f: (Backup1) (Fixed) (Total:898.44 GB) (Free:600.17 GB) NTFS Drive h: (Backup2) (Fixed) (Total:964.58 GB) (Free:332.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 01F8C637) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Active) - (Size=100 MB) - (Type=42) Partition 3: (Not Active) - (Size=254.2 GB) - (Type=42) Partition 4: (Not Active) - (Size=1608.8 GB) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 91764494) Partition 1: (Not Active) - (Size=898.4 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=964.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  2. joddle
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01 Ran by Josh (administrator) on MAIN755 (19-10-2017 08:21:00) Running from C:\Users\joshi\Desktop Loaded Profiles: Josh (Available Profiles: Josh) Platform: Windows 10 Pro Version 1703 15063.674 (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (ABBYY InfoPoisk LLC) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (Novawave Inc.) C:\Program Files\Novawave\Novabench\NovabenchService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe (VoipConnect) C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe () C:\Program Files (x86)\Real\RealDownloader\downloader2.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealDownloader\realdownloader264.exe (Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [securityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.) HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [1363984 2014-02-19] (ABBYY Production LLC) HKLM-x32\...\Run: [soundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2011-02-24] (Analog Devices, Inc.) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [353104 2017-09-21] (RealNetworks, Inc.) HKLM-x32\...\Run: [RealDownloader] => C:\program files (x86)\real\RealDownloader\downloader2.exe [1259704 2017-08-17] () HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [HP ENVY 4500] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [42303056 2017-09-20] (VoipConnect) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-04-16] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-09-21] ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{868645ed-2e5d-4dee-a7f7-32c373a81406}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-205630320-448354025-1664443452-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-08-17] (RealDownloader) BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-08-17] (RealDownloader) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-205630320-448354025-1664443452-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.) Edge: ====== Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.13.8.0_neutral__f8jsg5mm64m62 [2017-10-18] FireFox: ======== FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-09-21] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-09-21] (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-24] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default [2017-10-16] CHR Extension: (Docs) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16] CHR Extension: (Google Drive) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-17] CHR Extension: (YouTube) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17] CHR Extension: (Google Docs Offline) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-11] CHR Extension: (Gmail) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-17] CHR Extension: (Chrome Media Router) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-16] CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821048 2014-02-19] (ABBYY InfoPoisk LLC) R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-10-12] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-10-12] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-10-12] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-10-12] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [408944 2017-10-09] (Avira Operations GmbH & Co. KG) R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-04-16] (Macrovision Europe Ltd.) [File not signed] S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1085968 2017-10-09] (Garmin Ltd. or its subsidiaries) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed] R2 NovabenchService; C:\Program Files\Novawave\Novabench\NovabenchService.exe [313392 2017-08-11] (Novawave Inc.) S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed] S2 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [37104 2017-08-17] (RealNetworks, Inc.) R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [989912 2017-09-21] (RealNetworks, Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation) S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X] S3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-20] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176224 2017-09-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-09-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG) R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider) R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2015-03-10] (Windows ® Win 7 DDK provider) R3 NovabenchDriver; C:\Program Files\Novawave\Novabench\NovabenchDriver.sys [26976 2017-03-30] () S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-19 08:21 - 2017-10-19 08:21 - 000016480 _____ C:\Users\joshi\Desktop\FRST.txt 2017-10-19 08:20 - 2017-10-19 08:21 - 000000000 ____D C:\FRST 2017-10-19 08:17 - 2017-10-19 08:17 - 002402816 _____ (Farbar) C:\Users\joshi\Desktop\FRST64.exe 2017-10-17 20:48 - 2017-10-17 20:48 - 000025827 _____ C:\Users\joshi\Documents\to erase.pdf 2017-10-16 20:31 - 2017-10-16 20:31 - 000000000 ____D C:\Users\joshi\AppData\LocalLow\Unity 2017-10-16 20:18 - 1994-09-21 03:30 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system\WING32.DLL 2017-10-15 16:50 - 2017-10-15 16:53 - 000000000 ____D C:\AdwCleaner 2017-10-15 16:49 - 2017-10-15 16:49 - 008250832 _____ (Malwarebytes) C:\Users\joshi\Downloads\AdwCleaner (1).exe 2017-10-12 12:41 - 2017-10-12 12:41 - 000001189 _____ C:\Users\Public\Desktop\Avira.lnk 2017-10-11 18:03 - 2017-10-11 18:03 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-10-11 17:58 - 2017-09-30 07:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2017-10-11 17:58 - 2017-09-30 07:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2017-10-11 17:58 - 2017-09-30 07:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2017-10-11 17:58 - 2017-09-30 07:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-10-11 17:58 - 2017-09-30 07:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-10-11 17:58 - 2017-09-30 07:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-10-11 17:58 - 2017-09-30 07:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-10-11 17:58 - 2017-09-30 07:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2017-10-11 17:58 - 2017-09-30 07:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2017-10-11 17:58 - 2017-09-30 07:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2017-10-11 17:58 - 2017-09-30 07:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-10-11 17:58 - 2017-09-30 07:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2017-10-11 17:58 - 2017-09-30 07:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2017-10-11 17:58 - 2017-09-30 07:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2017-10-11 17:58 - 2017-09-30 07:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-10-11 17:58 - 2017-09-30 07:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2017-10-11 17:58 - 2017-09-30 07:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys 2017-10-11 17:58 - 2017-09-30 07:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2017-10-11 17:58 - 2017-09-30 07:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-10-11 17:58 - 2017-09-30 07:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2017-10-11 17:58 - 2017-09-30 04:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-10-11 17:58 - 2017-09-30 04:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2017-10-11 17:58 - 2017-09-30 04:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2017-10-11 17:58 - 2017-09-30 04:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-10-11 17:58 - 2017-09-30 04:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-10-11 17:58 - 2017-09-30 04:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2017-10-11 17:58 - 2017-09-30 04:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2017-10-11 17:58 - 2017-09-30 04:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2017-10-11 17:58 - 2017-09-30 04:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2017-10-11 17:58 - 2017-09-30 04:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-10-11 17:58 - 2017-09-30 04:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2017-10-11 17:58 - 2017-09-30 04:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-10-11 17:58 - 2017-09-30 04:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2017-10-11 17:58 - 2017-09-30 04:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll 2017-10-11 17:58 - 2017-09-30 04:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2017-10-11 17:58 - 2017-09-30 04:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-10-11 17:58 - 2017-09-30 04:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2017-10-11 17:58 - 2017-09-30 04:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2017-10-11 17:58 - 2017-09-30 04:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-10-11 17:58 - 2017-09-30 04:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2017-10-11 17:58 - 2017-09-30 04:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll 2017-10-11 17:58 - 2017-09-30 04:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-10-11 17:58 - 2017-09-30 04:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2017-10-11 17:58 - 2017-09-30 04:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-10-11 17:58 - 2017-09-30 04:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-10-11 17:58 - 2017-09-30 04:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2017-10-11 17:58 - 2017-09-30 04:02 - 001624096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll 2017-10-11 17:58 - 2017-09-30 04:02 - 001517464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2017-10-11 17:58 - 2017-09-30 04:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll 2017-10-11 17:58 - 2017-09-30 04:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2017-10-11 17:58 - 2017-09-29 09:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-10-11 17:58 - 2017-09-29 09:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-10-11 17:58 - 2017-09-29 09:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2017-10-11 17:58 - 2017-09-29 09:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-10-11 17:58 - 2017-09-29 09:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll 2017-10-11 17:58 - 2017-09-29 09:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2017-10-11 17:58 - 2017-09-29 09:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll 2017-10-11 17:58 - 2017-09-29 09:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-10-11 17:58 - 2017-09-29 09:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll 2017-10-11 17:58 - 2017-09-29 09:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-10-11 17:58 - 2017-09-29 09:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-10-11 17:58 - 2017-09-29 09:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-10-11 17:58 - 2017-09-29 09:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-10-11 17:58 - 2017-09-29 09:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-10-11 17:58 - 2017-09-29 09:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll 2017-10-11 17:58 - 2017-09-29 09:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll 2017-10-11 17:58 - 2017-09-29 09:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2017-10-11 17:58 - 2017-09-29 09:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-10-11 17:58 - 2017-09-29 09:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2017-10-11 17:58 - 2017-09-29 09:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-10-11 17:58 - 2017-09-29 09:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-10-11 17:58 - 2017-09-29 09:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-10-11 17:58 - 2017-09-29 09:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2017-10-11 17:58 - 2017-09-29 09:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-10-11 17:58 - 2017-09-29 09:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll 2017-10-11 17:58 - 2017-09-29 09:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-10-11 17:58 - 2017-09-29 09:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-10-11 17:58 - 2017-09-29 09:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2017-10-11 17:58 - 2017-09-29 09:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2017-10-11 17:58 - 2017-09-29 09:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll 2017-10-11 17:58 - 2017-09-29 09:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2017-10-11 17:58 - 2017-09-29 09:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-10-11 17:58 - 2017-09-29 09:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-10-11 17:58 - 2017-09-29 09:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2017-10-11 17:58 - 2017-09-29 09:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2017-10-11 17:58 - 2017-09-29 09:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2017-10-11 17:58 - 2017-09-29 09:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2017-10-11 17:58 - 2017-09-29 09:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2017-10-11 17:58 - 2017-09-29 09:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe 2017-10-11 17:58 - 2017-09-29 09:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2017-10-11 17:58 - 2017-09-29 09:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe 2017-10-11 17:58 - 2017-09-29 09:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-10-11 17:58 - 2017-09-29 09:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2017-10-11 17:58 - 2017-09-29 09:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll 2017-10-11 17:58 - 2017-09-29 09:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-10-11 17:58 - 2017-09-29 09:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-10-11 17:58 - 2017-09-29 09:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-10-11 17:58 - 2017-09-29 09:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2017-10-11 17:58 - 2017-09-29 09:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-10-11 17:58 - 2017-09-29 09:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-10-11 17:58 - 2017-09-29 09:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2017-10-11 17:58 - 2017-09-29 09:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-10-11 17:58 - 2017-09-29 09:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2017-10-11 17:58 - 2017-09-29 09:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2017-10-11 17:58 - 2017-09-29 09:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2017-10-11 17:58 - 2017-09-29 09:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2017-10-11 17:58 - 2017-09-29 09:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2017-10-11 17:58 - 2017-09-29 09:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2017-10-11 17:58 - 2017-09-29 09:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2017-10-11 17:58 - 2017-09-29 09:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2017-10-11 17:58 - 2017-09-29 09:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll 2017-10-11 17:58 - 2017-09-29 09:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll 2017-10-11 17:58 - 2017-09-29 09:18 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe 2017-10-11 17:58 - 2017-09-29 09:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe 2017-10-11 17:58 - 2017-09-29 09:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe 2017-10-11 17:58 - 2017-09-29 07:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls 2017-10-11 17:58 - 2017-09-29 07:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls 2017-10-11 17:58 - 2017-09-20 17:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll 2017-10-11 17:58 - 2017-09-20 17:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\m***cl40.dll 2017-10-11 17:58 - 2017-09-20 17:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll 2017-10-11 17:58 - 2017-09-19 01:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2017-10-11 17:58 - 2017-09-19 00:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll 2017-10-11 17:58 - 2017-09-19 00:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll 2017-10-11 17:58 - 2017-09-19 00:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll 2017-10-11 17:57 - 2017-09-30 07:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-10-11 17:57 - 2017-09-30 07:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2017-10-11 17:57 - 2017-09-30 07:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-10-11 17:57 - 2017-09-30 07:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2017-10-11 17:57 - 2017-09-30 07:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-10-11 17:57 - 2017-09-30 07:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2017-10-11 17:57 - 2017-09-30 07:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-10-11 17:57 - 2017-09-30 07:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2017-10-11 17:57 - 2017-09-30 07:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-10-11 17:57 - 2017-09-30 07:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-10-11 17:57 - 2017-09-30 07:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-10-11 17:57 - 2017-09-30 07:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-10-11 17:57 - 2017-09-30 07:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2017-10-11 17:57 - 2017-09-30 07:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-10-11 17:57 - 2017-09-30 07:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2017-10-11 17:57 - 2017-09-30 07:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2017-10-11 17:57 - 2017-09-30 07:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2017-10-11 17:57 - 2017-09-30 07:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2017-10-11 17:57 - 2017-09-30 07:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-10-11 17:57 - 2017-09-30 07:40 - 000849816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2017-10-11 17:57 - 2017-09-30 07:40 - 000701336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2017-10-11 17:57 - 2017-09-30 07:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-10-11 17:57 - 2017-09-30 07:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll 2017-10-11 17:57 - 2017-09-30 07:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-10-11 17:57 - 2017-09-30 07:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2017-10-11 17:57 - 2017-09-30 07:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe 2017-10-11 17:57 - 2017-09-30 07:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-10-11 17:57 - 2017-09-30 07:39 - 001694104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2017-10-11 17:57 - 2017-09-30 07:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll 2017-10-11 17:57 - 2017-09-30 07:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-10-11 17:57 - 2017-09-30 07:38 - 001854872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2017-10-11 17:57 - 2017-09-30 07:37 - 002377112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll 2017-10-11 17:57 - 2017-09-30 07:37 - 002229144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2017-10-11 17:57 - 2017-09-30 07:37 - 001464728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2017-10-11 17:57 - 2017-09-30 07:36 - 000855960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2017-10-11 17:57 - 2017-09-30 07:36 - 000675224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2017-10-11 17:57 - 2017-09-29 09:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-10-11 17:57 - 2017-09-29 09:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-10-11 17:57 - 2017-09-29 09:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2017-10-11 17:57 - 2017-09-29 09:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-10-11 17:57 - 2017-09-29 09:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll 2017-10-11 17:57 - 2017-09-29 09:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2017-10-11 17:57 - 2017-09-29 09:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2017-10-11 17:57 - 2017-09-29 09:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-10-11 17:57 - 2017-09-29 09:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll 2017-10-11 17:57 - 2017-09-29 09:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-10-11 17:57 - 2017-09-29 09:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-10-11 17:57 - 2017-09-29 09:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll 2017-10-11 17:57 - 2017-09-29 09:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-10-11 17:57 - 2017-09-29 09:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2017-10-11 17:57 - 2017-09-29 09:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2017-10-11 17:57 - 2017-09-29 09:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2017-10-11 17:57 - 2017-09-29 09:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-10-11 17:57 - 2017-09-29 09:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll 2017-10-11 17:57 - 2017-09-29 09:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe 2017-10-11 17:57 - 2017-09-29 09:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2017-10-11 17:57 - 2017-09-29 09:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll 2017-10-11 17:57 - 2017-09-29 09:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-10-11 17:57 - 2017-09-29 09:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2017-10-11 17:57 - 2017-09-29 09:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll 2017-10-11 17:57 - 2017-09-29 09:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll 2017-10-11 17:57 - 2017-09-29 09:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll 2017-10-11 17:57 - 2017-09-29 09:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll 2017-10-11 17:57 - 2017-09-29 09:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2017-10-11 17:57 - 2017-09-29 09:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2017-10-11 17:57 - 2017-09-29 09:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 001197568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe 2017-10-11 17:57 - 2017-09-29 09:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2017-10-11 17:57 - 2017-09-29 09:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2017-10-11 17:57 - 2017-09-29 09:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll 2017-10-11 17:57 - 2017-09-29 09:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2017-10-11 17:57 - 2017-09-29 09:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-10-11 17:57 - 2017-09-29 09:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2017-10-11 17:57 - 2017-09-29 09:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-10-11 17:57 - 2017-09-29 09:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-10-11 17:57 - 2017-09-29 09:24 - 001201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe 2017-10-11 17:57 - 2017-09-29 09:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2017-10-11 17:57 - 2017-09-29 09:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 002195968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-10-11 17:57 - 2017-09-29 09:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll 2017-10-11 17:57 - 2017-09-29 09:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-10-11 17:57 - 2017-09-29 09:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll 2017-10-11 17:57 - 2017-09-29 09:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-10-11 17:57 - 2017-09-29 09:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2017-10-11 17:57 - 2017-09-29 09:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2017-10-11 17:57 - 2017-09-29 09:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll 2017-10-11 17:57 - 2017-09-29 09:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll 2017-10-11 17:57 - 2017-09-29 09:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2017-10-11 17:57 - 2017-09-29 09:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll 2017-10-11 17:57 - 2017-09-29 09:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll 2017-10-11 17:57 - 2017-09-29 09:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2017-10-11 17:57 - 2017-09-29 09:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2017-10-11 17:57 - 2017-09-29 09:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2017-10-11 17:57 - 2017-09-29 09:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-10-11 17:57 - 2017-09-29 09:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2017-10-11 17:57 - 2017-09-29 09:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2017-10-11 17:57 - 2017-09-29 09:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2017-10-11 17:57 - 2017-09-29 09:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2017-10-11 17:57 - 2017-09-29 09:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe 2017-10-11 17:57 - 2017-09-19 01:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2017-10-11 17:57 - 2017-09-19 01:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2017-10-11 17:57 - 2017-09-19 01:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-10-11 17:57 - 2017-09-19 01:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2017-10-11 17:57 - 2017-09-19 01:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2017-10-11 17:57 - 2017-09-19 01:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-10-11 17:57 - 2017-09-19 01:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2017-10-11 17:57 - 2017-09-19 00:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 2017-10-11 17:57 - 2017-09-19 00:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll 2017-10-11 17:57 - 2017-09-19 00:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2017-10-10 08:15 - 2017-10-10 08:15 - 000015654 _____ C:\Users\joshi\Documents\Tax-Q3-17r.xlsx 2017-10-09 15:28 - 2017-10-09 15:31 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Novabench 2017-10-09 15:28 - 2017-10-09 15:29 - 000000000 ____D C:\ProgramData\Novabench 2017-10-09 15:28 - 2017-10-09 15:28 - 000000000 ____D C:\Users\joshi\AppData\Local\Novabench 2017-10-09 15:27 - 2017-10-09 15:27 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novabench.lnk 2017-10-09 15:27 - 2017-10-09 15:27 - 000000000 ____D C:\Program Files\Novawave 2017-10-09 15:23 - 2017-10-09 15:24 - 096575488 _____ C:\Users\joshi\Downloads\novabench.msi 2017-10-09 12:11 - 2017-10-10 08:15 - 000015653 _____ C:\Users\joshi\Documents\Tax-Q3-17.xlsx 2017-10-05 15:30 - 2017-08-23 11:26 - 000204016 _____ (HP Inc.) C:\WINDOWS\system32\hpmtp210.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000529136 _____ (HP Inc.) C:\WINDOWS\system32\hpcpn210.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000494320 _____ (HP Inc.) C:\WINDOWS\SysWOW64\hpcc3210.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000265128 _____ (HP Inc.) C:\WINDOWS\system32\hpmml210.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000242088 _____ (HP Inc.) C:\WINDOWS\system32\hpmja210.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000229616 _____ (HP Inc.) C:\WINDOWS\system32\hpmpm081.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000178416 _____ (HP Inc.) C:\WINDOWS\system32\hpcjpm.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000127728 _____ (HP Inc.) C:\WINDOWS\system32\hpmpw081.dll 2017-10-05 15:30 - 2017-08-23 11:24 - 000310696 _____ (HP Inc.) C:\WINDOWS\system32\hpmlm190.dll 2017-10-05 15:28 - 2017-10-05 15:28 - 001544192 _____ C:\Users\joshi\Downloads\Dot4x64 (1).msi 2017-10-05 15:20 - 2017-10-05 15:20 - 018600800 _____ C:\Users\joshi\Downloads\upd-pcl6-x64-6.5.0.22695.exe 2017-10-05 11:04 - 2017-10-05 11:04 - 000477693 _____ C:\Users\joshi\Downloads\044447492420170929214613050951.pdf 2017-10-04 07:37 - 2017-10-04 07:37 - 000056244 _____ C:\Users\joshi\Documents\Tenses.pdf 2017-10-03 22:17 - 2017-10-18 07:36 - 000009888 _____ C:\Users\joshi\Documents\New Girls.xlsx 2017-10-03 21:45 - 2017-10-03 21:45 - 000078770 _____ C:\Users\joshi\Documents\fruit&veg.pdf 2017-10-03 20:23 - 2017-10-04 07:37 - 000081920 _____ C:\Users\joshi\Documents\Tenses.pub 2017-10-03 18:35 - 2017-10-03 18:35 - 000455392 _____ C:\Users\joshi\Documents\clocks.pdf 2017-10-01 19:49 - 2017-10-14 12:35 - 000000000 ____D C:\Users\joshi\AppData\Roaming\WhatsApp 2017-10-01 19:49 - 2017-10-13 11:26 - 000002275 _____ C:\Users\joshi\Desktop\WhatsApp.lnk 2017-10-01 19:49 - 2017-10-13 11:24 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2017-10-01 19:49 - 2017-10-13 11:24 - 000000000 ____D C:\Users\joshi\AppData\Local\WhatsApp 2017-10-01 19:49 - 2017-10-13 11:24 - 000000000 ____D C:\Users\joshi\AppData\Local\SquirrelTemp 2017-10-01 19:48 - 2017-10-01 19:49 - 084144400 _____ (WhatsApp) C:\Users\joshi\Downloads\WhatsAppSetup.exe 2017-09-29 20:27 - 2017-10-02 08:29 - 000010518 _____ C:\Users\joshi\Documents\Pearl v us.xlsx 2017-09-29 16:48 - 2017-09-29 16:48 - 000000000 ____D C:\Users\joshi\AppData\Roaming\HandBrake Team 2017-09-29 16:48 - 2017-09-29 16:48 - 000000000 ____D C:\Program Files\HandBrake 2017-09-29 16:46 - 2017-09-29 16:46 - 010468271 _____ C:\Users\joshi\Downloads\HandBrake-1.0.7-x86_64-Win_GUI.exe 2017-09-27 20:23 - 2017-09-27 20:27 - 000000000 ____D C:\Users\joshi\Documents\8mmfilms 2017-09-27 17:14 - 2017-09-29 16:49 - 000000000 ____D C:\Users\joshi\AppData\Roaming\HandBrake 2017-09-27 17:14 - 2017-09-29 16:48 - 000000865 _____ C:\Users\joshi\Desktop\Handbrake.lnk 2017-09-27 17:14 - 2017-09-27 17:14 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2017-09-27 17:14 - 2017-09-27 17:14 - 000000000 ____D C:\Program Files (x86)\Handbrake 2017-09-23 12:38 - 2017-09-23 12:38 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray 2017-09-23 12:38 - 2017-09-23 12:38 - 000003208 _____ C:\WINDOWS\System32\Tasks\Avira SystrayStartTrigger 2017-09-21 15:17 - 2017-09-21 15:17 - 000000000 ____D C:\Users\joshi\AppData\Local\Meltytech 2017-09-21 15:16 - 2017-09-21 15:16 - 000001711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk 2017-09-21 15:15 - 2017-09-21 15:16 - 000000000 ____D C:\Program Files\Shotcut 2017-09-21 15:04 - 2017-09-21 15:06 - 193011560 _____ C:\Users\joshi\Downloads\shotcut-win64-170904.exe 2017-09-21 07:42 - 2017-09-21 07:42 - 000001277 _____ C:\Users\Public\Desktop\RealPlayer (RealTimes).lnk 2017-09-21 07:42 - 2017-09-21 07:42 - 000000000 ____D C:\Users\joshi\AppData\Roaming\RealNetworks 2017-09-21 07:42 - 2017-09-21 07:42 - 000000000 ____D C:\ProgramData\RealNetworks 2017-09-21 07:41 - 2017-09-21 07:41 - 000285520 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll 2017-09-21 07:41 - 2017-09-21 07:41 - 000207696 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll 2017-09-21 01:52 - 2017-09-21 01:52 - 000142960 _____ (HP Inc.) C:\WINDOWS\system32\hpmco210.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-19 08:18 - 2017-05-22 15:46 - 000000000 ____D C:\Users\joshi\AppData\LocalLow\Mozilla 2017-10-19 08:07 - 2017-06-14 21:40 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{039BA300-6BEC-4172-AA30-191FCA5DCE5A} 2017-10-19 08:07 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-10-19 08:07 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-10-19 08:03 - 2017-06-14 21:24 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs 2017-10-18 22:45 - 2017-06-14 21:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-10-18 15:29 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-10-18 10:20 - 2016-04-16 14:57 - 000000000 ____D C:\Users\joshi\AppData\Local\Packages 2017-10-17 22:19 - 2016-04-16 18:20 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Skype 2017-10-16 20:20 - 2016-04-16 15:33 - 000000000 ____D C:\Users\joshi\AppData\Local\ElevatedDiagnostics 2017-10-16 20:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\System 2017-10-16 07:39 - 2016-05-16 12:51 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-10-15 16:59 - 2017-06-14 21:42 - 001115750 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-10-15 16:54 - 2017-06-14 21:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-10-15 16:53 - 2017-03-18 13:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2017-10-15 16:43 - 2016-04-16 18:47 - 000000191 _____ C:\Users\joshi\Desktop\Ebay UK.url 2017-10-15 13:48 - 2016-04-21 14:33 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-10-14 22:31 - 2017-06-14 21:26 - 000000000 ____D C:\Users\joshi 2017-10-14 14:19 - 2016-04-16 15:02 - 000000420 _____ C:\Users\joshi\Desktop\This PC - Shortcut.lnk 2017-10-13 02:21 - 2017-03-18 23:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-10-13 02:21 - 2017-03-18 23:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-12 22:13 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache 2017-10-12 15:15 - 2016-07-25 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-10-12 12:41 - 2016-04-17 20:58 - 000000000 ____D C:\ProgramData\Package Cache 2017-10-12 09:08 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF 2017-10-12 09:05 - 2016-02-13 19:33 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-10-12 09:03 - 2017-06-14 21:23 - 005034824 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-10-12 09:02 - 2017-06-15 20:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-10-12 09:02 - 2017-06-15 11:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB 2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\en-GB 2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Provisioning 2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2017-10-11 22:13 - 2017-03-18 23:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2017-10-11 22:13 - 2017-03-18 23:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2017-10-11 18:06 - 2016-04-16 17:19 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-10-11 18:03 - 2016-04-16 17:19 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-10-11 07:32 - 2016-05-24 09:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2017-10-11 07:32 - 2016-05-24 09:56 - 000000000 ____D C:\Program Files (x86)\Garmin 2017-10-11 07:31 - 2017-06-14 21:40 - 000003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask 2017-10-09 11:48 - 2016-12-20 20:44 - 000020240 _____ C:\Users\joshi\Documents\MMBookings2017.xlsx 2017-10-09 10:48 - 2017-09-04 19:38 - 000018725 _____ C:\Users\joshi\Documents\MMBookings2018.xlsx 2017-10-07 17:44 - 2016-04-16 18:19 - 000000000 ___RD C:\Program Files (x86)\Skype 2017-10-07 17:44 - 2016-04-16 18:19 - 000000000 ____D C:\ProgramData\Skype 2017-10-05 15:20 - 2016-04-16 17:12 - 000000000 ____D C:\HP Universal Print Driver 2017-09-29 18:14 - 2016-06-18 14:28 - 000000000 ____D C:\Users\joshi\AppData\Roaming\vlc 2017-09-29 16:23 - 2015-10-18 16:50 - 000000000 ____D C:\backup 2017-09-26 22:53 - 2016-04-16 18:17 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-09-26 22:53 - 2016-04-16 18:17 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-09-25 11:36 - 2016-07-06 15:04 - 000114848 _____ C:\Users\joshi\Documents\joddle.vcf 2017-09-25 11:36 - 2016-05-16 12:51 - 000000000 ____D C:\Users\joshi\AppData\Roaming\TeamViewer 2017-09-23 19:41 - 2016-06-17 17:07 - 000692224 _____ C:\Users\joshi\Documents\OSOBSMembForm.indd 2017-09-23 12:35 - 2016-04-17 19:09 - 000176224 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2017-09-22 15:35 - 2017-09-04 18:58 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-205630320-448354025-1664443452-1001 2017-09-22 15:35 - 2016-04-16 15:00 - 000002400 _____ C:\Users\joshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-09-22 15:35 - 2016-04-16 15:00 - 000000000 ___RD C:\Users\joshi\OneDrive 2017-09-22 11:53 - 2017-07-06 09:02 - 000000000 ____D C:\Users\joshi\Desktop\gardening 2017-09-22 11:27 - 2017-09-12 17:16 - 000010310 _____ C:\Users\joshi\Documents\exch Sept 17.xlsx 2017-09-21 07:56 - 2017-06-14 21:40 - 000003536 _____ C:\WINDOWS\System32\Tasks\RealDownloader Update Check 2017-09-21 07:42 - 2017-06-14 21:40 - 000003584 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-205630320-448354025-1664443452-1001 2017-09-21 07:42 - 2017-06-14 21:40 - 000003520 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-205630320-448354025-1664443452-1001 2017-09-21 07:42 - 2016-04-17 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2017-09-21 07:42 - 2016-04-17 20:57 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Real 2017-09-21 07:42 - 2016-04-17 20:57 - 000000000 ____D C:\Program Files (x86)\Real 2017-09-21 07:42 - 2016-04-17 20:56 - 000000000 ____D C:\ProgramData\Real 2017-09-21 07:41 - 2016-06-20 08:21 - 000512336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll 2017-09-21 07:41 - 2016-06-20 08:21 - 000360784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll 2017-09-20 14:06 - 2017-09-14 15:48 - 000000400 __RSH C:\ProgramData\ntuser.pol 2017-09-20 14:05 - 2017-09-14 15:58 - 000000085 _____ C:\Users\joshi\Downloads\rufus.ini ==================== Files in the root of some directories ======= 2016-04-16 16:24 - 2016-04-16 16:24 - 000000057 _____ () C:\ProgramData\Ament.ini 2016-04-18 14:28 - 2016-04-18 14:30 - 000000377 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== 2017-09-23 14:14 - 2017-09-23 14:27 - 058881488 _____ (Skype Technologies S.A.) C:\Users\joshi\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-10 21:54 ==================== End of FRST.txt ============================
  3. joddle
    Further to the last post - now another clue - If I log out of Ebay then log in again the music is gone - at least until I reboot the PC. If I do that then the music is back so something is happening at the boot up stage to start the music happening when I am logged into Ebay. I have loaded the uBock add-in to Edge and at the moment am having no music - I cant reboot until later today as I have loads going on so will see if that has been effective later on. I can only think of some piece of malware or pup which is not being detected by Malwarebytes or my Avira Antivirus. Any ideas anyone?
  4. joddle
    Spoke too soon - this morning its back again agggg - but again only when I am logged into my ebay account - if I log out then there is no music playing. This is weird
  5. joddle
    Thanks Starbuck but having logged out of my ebay account and logged in again no music - and can't replicate the issue any more. It seems somehow have been due to my account> but how I have no idea. At least I can now browse in peace :) I have never installed any uBlock or similar add-ons for the browsers - all simply the way W10 installs Edge and IE
  6. joddle
    I know its really odd - but like you can't find anything that's setting it off. It happens after a few moments of going onto ebay and then repeats if I click on an item or something else - then there is a pause and the same music starts up. I have just tried on another machine and no music - so I tried logging out of my account on the offending machine and again no music - so I logged in again and guess what? no music :) :) - no idea why though!!!
  7. joddle
    This little issue is driving me mad - which only happens when I am searching on Ebay UK. After a few moments I get a piece of music coming up - if I then click on a link on the page to view and item etc the music stops - then after the link has opened it comes up again and keeps doing this. Its always the same piece of music. When I close ebay it stops Funny thing it does not happen in IE only in Edge - so is there a cure? Have already checked for viruses and malware using Ad aware and Malwarebytes but nothing found. In every other respect the system is running as normal !!!
  8. joddle
    All a bit of a mystery - I think if the additional memory can be eliminated then the dealer should either give you another replacement straight away or at least send the PC back to ASUS for examination - no way should it be performing less than your old HP. It will need a detailed letter going with it explaining exactly the way the issues manifest themselves (i.e. comparisons of run times of jobs you have had issues with and internet connections) so ASUS can see exactly what is going on. I can't think of any more you can do at the moment. It appears you may just have chanced on a rouge machine - but from here that is also difficult to prove. The effect on internet access particularly is making me feel there is an on board issue there - I assume y have tested that with an Ethernet connection and not just wi-fi!
  9. joddle
    Personally I would not take the RAM out myself as the dealer could then say you caused a problem. - However if you did, make sure you know how to handle RAM first - you can wreck it easily just by touching if you have a static charge on you - so make sure you take all the proper precautions. The machine may well report a change in memory when it boots up. As for the crucial scan - I was a little surprised more detail was not forthcoming on the memory as in the HP case - I wonder why that is? Other than that it seems normal but does not tell you if the ram is good or even compatible but does suggest the additional RAM is in slot 2. In your position I would do the benchmark test first on the PC as is and on you old PC and compare the results. - Post them here so we can see what it it is saying. Novabench is a very simple test and is free but would give a good start. If you do remove the RAM yourself retest again with the RAM out.
  10. joddle
    Ah yes the correct machine id does help !!! However, if they checked everything how do they account for the slow speed? - You say it is just as bad as before but really you need to be there when they test it to demonstrate its not right. If they simply reinstalled everything then I would expect it to be just the same - and that does not really help isolate a fault - l still would want to know how the machine performs as supplied from the maker - i.e. without the additional RAM - that's the one thing that is essential to determine if its a machine or RAM issue. Did they do that? - and you need to be there when that is done to verify the result - Or they could just compare it with another new machine without any mods! What other tests did they do? You can easily download and run a benchmark tester (just google for free benchmark tester) and run it on both your machines to give some sort of authoritative comparison which you can then wave in front of the dealer - and if the dealer is not able to come up with something more concrete I would be in touch with ASUS for some help or asking for my money back because it does not do what it was purchased for.
  11. joddle
    Just looked at the ASUS site for warranty conditions and I note the following: Warranty Limitations: Warrant doesn’t apply to the product if:- "The product being serviced or repaired by anyone or un-trained engineer other than Authorized service Provider and modification from original ASUS manufacturing standard" Not absolutely sure if that applies also in SA but if the OPs dealer is not "Authorized" then in fitting the new RAM he may possibly have invalided his warranty! I hope not but the OP needs to check this for himself.
  12. joddle
    Seems your dealer should not be in business - at least in computers! - from what you say it seems that the additional Ram is the problem but not due to excess memory as I first thought but maybe just not suitable for this PC! However even the f541ua has different variants so again I cannot be sure what the proper spec of your machine is. - and interestingly I can't find I on the list of current products on their South African website - but that may just be me! BUT punching in f541ua into the Crucial memory site reports only 12gb max!! [ATTACH=CONFIG]1543.vB5-legacyid=2640[/ATTACH] The new ram needs to come out and the machine tested again. If its fine then maybe simply get your money back for the Ram and get some put in elsewhere - I don't know if adding ram would invalidate the warranty - but maybe check with ASUS on that but maybe putting incorrect RAM in does invalidate the warranty so if it is wrong then maybe the dealer is actually liable!. The only other option is to say as the machine is not working properly you want a full refund then get another machine from elsewhere. No idea about consumer law in your part of the world so maybe best to check. At the end of the day your have paid for a high spec machine and that's not what you have got so far -ASUS will not be pleased if a dealer is screwing up their reputation by botching upgrades!
  13. joddle
    Just to add to above - looking more on the web to verify things - it gets a little more confusing as the f541 series has a number of incarnations specs and these seem to vary a little depending on the country for which they are aimed! I cannot see the exact model the OP has mentioned and see that different the RAM specs are not all the same. So to be sure - check the manual for your particular machine first - then once you know the max of ram you can begin to understand where the problem might be. I still think the additional RAM is the most likely cause of your issues but you wont know until the shop removes it and tests again!
  14. joddle
    Before you go back to the shop please read the manual which came with your PC - the spec will confirm what the max Ram is - On the web all indications are that the limit is 12GB but if your model is slightly different your manual may say something else. If however the limit is confirmed at 12 GB then your dealer is really at fault and should have known that 8GB extra was too much. If the limit is higher than 12gb then the RAM he put in may be suspect or the wrong type and so the machine needs to be tested in its original state - I.e. without the additional RAM. Only then will you know for certain if its a RAM issue or something else - If it is the RAM then you should get your money back for that at least so you can then get the correct RAM if you still want that - If its not the RAM and something else then you should be offered a replacement machine under the warranty. The only other possibility is that the machine is OK with the original RAM but won't accept an upgrade - and if that's the case its a machine fault and so should be replaced under warranty. Let us how how you get on...
  15. joddle
    I have just re-read that post - and if you added 8GB to the original 8GB you most certainly have gone way over the 12GB limit for the system - and the sales person who suggested it should have known that!
  16. joddle
    Also noted that according to data sheet on the web for you PC that 12 GB it the max allowable ram but there is only one RAM slot - so what happened to the original Ram? and what value was it replaced with? Its looking more and more like a Ram issue - if the wrong type of RAM or excess ram has been installed then that could be the root of the issue. The original spec is for DDR3L SDRAM Speed 1600 MHz / PC3-12800 1 x 4 GB + 4 GB (soldered)
  17. joddle
    Something is not right there - I am a big fan of Asus machines as normally they are good value as well as being pretty well built. No way should a properly functioning Asus laptop added to a network starve other machines of resources - unless its downloading loads of updates or is virus contaminated. It all points to something internal slowing the machine down and the two main candidates or either a machine fault or a ram fault. Could it even be a fake? Even with its basic spec your new machine should be quite a bit faster than your older one! In your position I think its back to the shop - insist they get it working properly as currently its not fit for the purpose for which it was purchased but (don't know much about consumer law in SA but there must be some protection!) - anyway suggest they remove the additional ram and retest explaining you don't want to do that in case you invalidate the guarantee. If then it still is a lemon then get a replacement but don't let the shop mod it in any way at all. Take it home and test it out - If it works fine then consider getting help to add more suitable ram from someone else after checking the quality and suitability of the ram you are getting- or maybe even live without it! Running the Crucial Scanner will tell you how many slots are occupied at the moment and how many are free - it wont tell you much about the quality of the ram though but will tell you what type of ram there should be in the machine. Keep us updated on any progress
  18. joddle
    Adding to Starbuck - can you specify what type of additional ram you put in - not just the size but make, type and full specification and in how many slots and who put it in - could it have been static damaged?
  19. joddle
    You mentioned upgrading the Ram - could that be the issue? What did you mean by upgrading? - adding more or changing the original? In your position my first reaction would be to return the PC to its original configuration - 8Gb is enough to test the machine for speed in W10 etc. If it's still slow then maybe others will chip in here .I have had suspect RAM cripple a machine before and taking it out cured a speed issue!
  20. joddle
    Not sure what that means = they all have MEBx but this one did have a setting changed many years ago to stop it reacting every time is sensed the lan was active - all the tweak did was stop it reacting to the wake up - cant remember which setting was changed though/
  21. joddle
    I was thinking exactly that - no point going though it all again - may try again if a new build of w10 comes along in case the problem has been addressed by MS. Still can't work out why Creators works fine in the other two machines and not in this one though! The processors are different in all three but of the same generation so really only speed. Agreed the ram is a bit low but 4 GB should be OK - The only other difference is the bios version which I simply can't get to update - fails every time with "cant find files in memory" or something similar. (but what memory is it talking about???) I think there must be another issue with this pc as it always takes ages to boot and sticks with a little curser in the top left hand corner for ages before anything happens. No idea why though.
  22. joddle
    Now unsure of how best to proceed - i.e whether to leave the PC as W7 or update to W10 1607 and leave it at that! Maybe wait also for next W10 build and see if they sort out the incompatibility error as apparently I am not the only one getting this issue.
  23. joddle
    Thanks - I have had another go - was a bit scared it was going to try and reinstall the latest W10 which is what caused the problem I the first place! Anyway cant make head nor tail of the results - posted below - does it say anything about the compatibility? and if so what? 2017-09-17 10:27:25: CommandLine: [F:\Sources\SetupPrep.exe /Compat ScanOnly] 2017-09-17 10:27:25: Opening Box: [F:\Sources\SetupPrep.exe] 2017-09-17 10:27:25: Opening Box Result: [0x0] 2017-09-17 10:27:25: Deleting box result... 2017-09-17 10:27:25: ResumeMode: Not found. 2017-09-17 10:27:25: ResumeMode: [No] 2017-09-17 10:27:25: OsUninstallWarning: Execute file found [FALSE]. 2017-09-17 10:27:25: OsUninstallWarning: [No] 2017-09-17 10:27:25: Checking cleanup registry value... 2017-09-17 10:27:25: Skipping cleanup. 2017-09-17 10:27:25: Cleaning working dir... 2017-09-17 10:27:25: Cleaning alternate storage paths... 2017-09-17 10:27:25: Cleaning MoSetup Volatile key... 2017-09-17 10:27:25: Cleaning MoSetup RegBackup key... 2017-09-17 10:27:25: Removing CorrelationVector registry value... 2017-09-17 10:27:25: Removing cleanup registry value... 2017-09-17 10:27:25: Creating path (with ACL): [C:\$WINDOWS.~BT]... 2017-09-17 10:27:25: Creating path: [C:\$WINDOWS.~BT\Sources]... 2017-09-17 10:27:27: Launching process: [C:\$WINDOWS.~BT\Sources\SetupHost.exe] with command-line [/install /Media /ProcessId 1956 /InstallFile "F:\Sources\Install.wim" "/Compat" "ScanOnly" /MediaPath "F:" /SuccessId 8203030a-3e64-4c2d-9500-01e10b05e709] in Session: [-1] 2017-09-17 10:27:27: Launching: [C:\$WINDOWS.~BT\Sources\SetupHost.exe] [/install /Media /ProcessId 1956 /InstallFile "F:\Sources\Install.wim" "/Compat" "ScanOnly" /MediaPath "F:" /SuccessId 8203030a-3e64-4c2d-9500-01e10b05e709] from []! 2017-09-17 10:27:27: Waiting for process events... 2017-09-17 10:29:54: Process exit code: [0x800704C7] 2017-09-17 10:29:54: LaunchProcessInSession: Error = 0x800704C7 2017-09-17 10:29:54: LaunchProcessInSession returned: [0x800704C7] 2017-09-17 10:29:54: Checking cleanup registry value... 2017-09-17 10:29:54: Performing cleanup level: [0x1] 2017-09-17 10:29:54: Populating preservation paths... 2017-09-17 10:29:54: Acquiring privileges... 2017-09-17 10:29:54: Cleaning install folder... 2017-09-17 10:29:54: Cleaning folder: [C:\$WINDOWS.~BT\Boot]... 2017-09-17 10:29:54: Cleaning folder: [C:\$WINDOWS.~BT\Efi]... 2017-09-17 10:29:54: Protecting folder: [C:\$WINDOWS.~BT\Sources]... 2017-09-17 10:29:54: Cleaning parent folder: [C:\$WINDOWS.~BT\Sources]... 2017-09-17 10:29:54: Protecting folder: [C:\$WINDOWS.~BT\Sources\Diagnostics]... 2017-09-17 10:29:54: Cleaning folder: [C:\$WINDOWS.~BT\Sources\dlmanifests]... 2017-09-17 10:29:55: Cleaning folder: [C:\$WINDOWS.~BT\Sources\es-es]... 2017-09-17 10:29:55: Cleaning folder: [C:\$WINDOWS.~BT\Sources\etwproviders]... 2017-09-17 10:29:55: Cleaning folder: [C:\$WINDOWS.~BT\Sources\inf]... 2017-09-17 10:29:55: Cleaning folder: [C:\$WINDOWS.~BT\Sources\migration]... 2017-09-17 10:29:55: Protecting folder: [C:\$WINDOWS.~BT\Sources\Panther]... 2017-09-17 10:29:55: Cleaning folder: [C:\$WINDOWS.~BT\Sources\replacementmanifests]... 2017-09-17 10:29:56: Cleaning folder: [C:\$WINDOWS.~BT\Sources\sxs]... 2017-09-17 10:29:56: Cleaning MoSetup Volatile key... 2017-09-17 10:29:56: Cleaning MoSetup RegBackup key... 2017-09-17 10:29:56: Removing CorrelationVector registry value... 2017-09-17 10:29:56: Removing cleanup registry value... 2017-09-17 10:29:56: Path successfully cleaned! 2017-09-17 10:29:56: MainHr: Error = 0x800704C7 2017-09-17 10:29:56: wWinMain: Error = 0x800704C7 2017-09-17 13:00:36: CommandLine: [F:\Sources\SetupPrep.exe /Compat ScanOnly] 2017-09-17 13:00:36: Opening Box: [F:\Sources\SetupPrep.exe] 2017-09-17 13:00:36: Opening Box Result: [0x0] 2017-09-17 13:00:36: Deleting box result... 2017-09-17 13:00:36: ResumeMode: Not found. 2017-09-17 13:00:36: ResumeMode: [No] 2017-09-17 13:00:36: OsUninstallWarning: Execute file found [FALSE]. 2017-09-17 13:00:36: OsUninstallWarning: [No] 2017-09-17 13:00:36: Checking cleanup registry value... 2017-09-17 13:00:36: Checking SetupHost result value... 2017-09-17 13:00:36: SetupHost result missing! Forcing full cleanup... 2017-09-17 13:00:36: Performing cleanup level: [0x1] 2017-09-17 13:00:36: Populating preservation paths... 2017-09-17 13:00:36: Acquiring privileges... 2017-09-17 13:00:36: Cleaning install folder... 2017-09-17 13:00:37: Protecting folder: [C:\$WINDOWS.~BT\Sources]... 2017-09-17 13:00:37: Cleaning parent folder: [C:\$WINDOWS.~BT\Sources]... 2017-09-17 13:00:37: Protecting folder: [C:\$WINDOWS.~BT\Sources\Diagnostics]... 2017-09-17 13:00:37: Protecting folder: [C:\$WINDOWS.~BT\Sources\Panther]... 2017-09-17 13:00:37: Cleaning MoSetup Volatile key... 2017-09-17 13:00:37: Cleaning MoSetup RegBackup key... 2017-09-17 13:00:37: Removing CorrelationVector registry value... 2017-09-17 13:00:37: Removing cleanup registry value... 2017-09-17 13:00:37: Path successfully cleaned! 2017-09-17 13:00:37: Preserve working path: [No] 2017-09-17 13:00:37: Cleaning working dir... 2017-09-17 13:00:37: Attempting to close previous ETW session... 2017-09-17 13:00:37: Attempting to clean mounted registry hives... 2017-09-17 13:00:37: Attempting to clean mounted SafeOs image... 2017-09-17 13:00:37: Attempting to preserve existing logs... 2017-09-17 13:00:37: Creating path: [C:\Windows\Panther\NewOs\Panther]... 2017-09-17 13:00:37: Copying [C:\$WINDOWS.~BT\Sources\Panther] -> [C:\Windows\Panther\NewOs\Panther]... 2017-09-17 13:00:37: Cleaning working path: [C:\$WINDOWS.~BT]... 2017-09-17 13:00:37: Cleaning alternate storage paths... 2017-09-17 13:00:37: Cleaning MoSetup Volatile key... 2017-09-17 13:00:37: Cleaning MoSetup RegBackup key... 2017-09-17 13:00:37: Cleaning SetupWatson key... 2017-09-17 13:00:37: Removing CorrelationVector registry value... 2017-09-17 13:00:37: Removing cleanup registry value... 2017-09-17 13:00:37: Creating path (with ACL): [C:\$WINDOWS.~BT]... 2017-09-17 13:00:38: Creating path: [C:\$WINDOWS.~BT\Sources]... 2017-09-17 13:00:40: Launching process: [C:\$WINDOWS.~BT\Sources\SetupHost.exe] with command-line [/install /Media /InstallFile "F:\Sources\Install.esd" "/Compat" "ScanOnly" /MediaPath "F:"] in Session: [-1] 2017-09-17 13:00:40: Launching: [C:\$WINDOWS.~BT\Sources\SetupHost.exe] [/install /Media /InstallFile "F:\Sources\Install.esd" "/Compat" "ScanOnly" /MediaPath "F:"] from []! 2017-09-17 13:00:40: Waiting for process events... 2017-09-17 13:04:02: Process exit code: [0x800704C7] 2017-09-17 13:04:02: LaunchProcessInSession: Error = 0x800704C7 2017-09-17 13:04:02: LaunchProcessInSession returned: [0x800704C7] 2017-09-17 13:04:02: Checking cleanup registry value... 2017-09-17 13:04:02: Checking SetupHost result value... 2017-09-17 13:04:02: Performing cleanup level: [0x1] 2017-09-17 13:04:02: Populating preservation paths... 2017-09-17 13:04:02: Acquiring privileges... 2017-09-17 13:04:02: Cleaning install folder... 2017-09-17 13:04:02: Cleaning folder: [C:\$WINDOWS.~BT\Boot]... 2017-09-17 13:04:02: Cleaning folder: [C:\$WINDOWS.~BT\Efi]... 2017-09-17 13:04:02: Protecting folder: [C:\$WINDOWS.~BT\Sources]... 2017-09-17 13:04:02: Cleaning parent folder: [C:\$WINDOWS.~BT\Sources]... 2017-09-17 13:04:02: Protecting folder: [C:\$WINDOWS.~BT\Sources\Diagnostics]... 2017-09-17 13:04:02: Cleaning folder: [C:\$WINDOWS.~BT\Sources\dlmanifests]... 2017-09-17 13:04:02: Cleaning folder: [C:\$WINDOWS.~BT\Sources\en-gb]... 2017-09-17 13:04:03: Cleaning folder: [C:\$WINDOWS.~BT\Sources\etwproviders]... 2017-09-17 13:04:03: Cleaning folder: [C:\$WINDOWS.~BT\Sources\hwcompat]... 2017-09-17 13:04:03: Cleaning folder: [C:\$WINDOWS.~BT\Sources\inf]... 2017-09-17 13:04:03: Cleaning folder: [C:\$WINDOWS.~BT\Sources\migration]... 2017-09-17 13:04:04: Protecting folder: [C:\$WINDOWS.~BT\Sources\Panther]... 2017-09-17 13:04:04: Cleaning folder: [C:\$WINDOWS.~BT\Sources\replacementmanifests]... 2017-09-17 13:04:04: Cleaning folder: [C:\$WINDOWS.~BT\Sources\sxs]... 2017-09-17 13:04:04: Cleaning MoSetup Volatile key... 2017-09-17 13:04:04: Cleaning MoSetup RegBackup key... 2017-09-17 13:04:04: Removing CorrelationVector registry value... 2017-09-17 13:04:04: Removing cleanup registry value... 2017-09-17 13:04:04: Path successfully cleaned! 2017-09-17 13:04:04: MainHr: Error = 0x800704C7 2017-09-17 13:04:04: wWinMain: Error = 0x800704C7 2017-09-17 17:42:02: CommandLine: [F:\Sources\SetupPrep.exe /Compat ScanOnly] 2017-09-17 17:42:02: Opening Box: [F:\Sources\SetupPrep.exe] 2017-09-17 17:42:02: Opening Box Result: [0x0] 2017-09-17 17:42:02: Deleting box result... 2017-09-17 17:42:02: ResumeMode: Not found. 2017-09-17 17:42:02: ResumeMode: [No] 2017-09-17 17:42:02: OsUninstallWarning: Execute file found [FALSE]. 2017-09-17 17:42:02: OsUninstallWarning: [No] 2017-09-17 17:42:02: Checking cleanup registry value... 2017-09-17 17:42:02: Checking SetupHost result value... 2017-09-17 17:42:02: SetupHost result missing! Forcing full cleanup... 2017-09-17 17:42:02: Performing cleanup level: [0x1] 2017-09-17 17:42:02: Populating preservation paths... 2017-09-17 17:42:02: Acquiring privileges... 2017-09-17 17:42:02: Cleaning install folder... 2017-09-17 17:42:02: Protecting folder: [C:\$WINDOWS.~BT\Sources]... 2017-09-17 17:42:02: Cleaning parent folder: [C:\$WINDOWS.~BT\Sources]... 2017-09-17 17:42:02: Protecting folder: [C:\$WINDOWS.~BT\Sources\Diagnostics]... 2017-09-17 17:42:02: Protecting folder: [C:\$WINDOWS.~BT\Sources\Panther]... 2017-09-17 17:42:02: Cleaning MoSetup Volatile key... 2017-09-17 17:42:02: Cleaning MoSetup RegBackup key... 2017-09-17 17:42:02: Removing CorrelationVector registry value... 2017-09-17 17:42:02: Removing cleanup registry value... 2017-09-17 17:42:02: Path successfully cleaned! 2017-09-17 17:42:02: Preserve working path: [No] 2017-09-17 17:42:02: Cleaning working dir... 2017-09-17 17:42:02: Attempting to close previous ETW session... 2017-09-17 17:42:02: Attempting to clean mounted registry hives... 2017-09-17 17:42:02: Attempting to clean mounted SafeOs image... 2017-09-17 17:42:02: Attempting to preserve existing logs... 2017-09-17 17:42:02: Cleaning path: [C:\Windows\Panther\NewOs]... 2017-09-17 17:42:02: Creating path: [C:\Windows\Panther\NewOs\Panther]... 2017-09-17 17:42:02: Copying [C:\$WINDOWS.~BT\Sources\Panther] -> [C:\Windows\Panther\NewOs\Panther]... 2017-09-17 17:42:03: Cleaning working path: [C:\$WINDOWS.~BT]... 2017-09-17 17:42:03: Cleaning alternate storage paths... 2017-09-17 17:42:03: Cleaning MoSetup Volatile key... 2017-09-17 17:42:03: Cleaning MoSetup RegBackup key... 2017-09-17 17:42:03: Cleaning SetupWatson key... 2017-09-17 17:42:03: Removing CorrelationVector registry value... 2017-09-17 17:42:03: Removing cleanup registry value... 2017-09-17 17:42:03: Creating path (with ACL): [C:\$WINDOWS.~BT]... 2017-09-17 17:42:03: Creating path: [C:\$WINDOWS.~BT\Sources]... 2017-09-17 17:42:03: Launching process: [C:\$WINDOWS.~BT\Sources\SetupHost.exe] with command-line [/install /Media /InstallFile "F:\Sources\Install.esd" "/Compat" "ScanOnly" /MediaPath "F:"] in Session: [-1] 2017-09-17 17:42:03: Launching: [C:\$WINDOWS.~BT\Sources\SetupHost.exe] [/install /Media /InstallFile "F:\Sources\Install.esd" "/Compat" "ScanOnly" /MediaPath "F:"] from []! 2017-09-17 17:42:03: Waiting for process events... 2017-09-17 17:45:29: Process exit code: [0xC1900210] 2017-09-17 17:45:29: LaunchProcessInSession: Error = 0xC1900210 2017-09-17 17:45:29: LaunchProcessInSession returned: [0xC1900210] 2017-09-17 17:45:29: Checking cleanup registry value... 2017-09-17 17:45:30: Checking SetupHost result value... 2017-09-17 17:45:30: Performing cleanup level: [0x1] 2017-09-17 17:45:30: Populating preservation paths... 2017-09-17 17:45:30: Acquiring privileges... 2017-09-17 17:45:30: Cleaning install folder... 2017-09-17 17:45:30: Cleaning folder: [C:\$WINDOWS.~BT\Boot]... 2017-09-17 17:45:30: Cleaning folder: [C:\$WINDOWS.~BT\Efi]... 2017-09-17 17:45:30: Protecting folder: [C:\$WINDOWS.~BT\Sources]... 2017-09-17 17:45:30: Cleaning parent folder: [C:\$WINDOWS.~BT\Sources]... 2017-09-17 17:45:30: Protecting folder: [C:\$WINDOWS.~BT\Sources\Diagnostics]... 2017-09-17 17:45:30: Cleaning folder: [C:\$WINDOWS.~BT\Sources\dlmanifests]... 2017-09-17 17:45:30: Cleaning folder: [C:\$WINDOWS.~BT\Sources\en-gb]... 2017-09-17 17:45:30: Cleaning folder: [C:\$WINDOWS.~BT\Sources\etwproviders]... 2017-09-17 17:45:31: Cleaning folder: [C:\$WINDOWS.~BT\Sources\hwcompat]... 2017-09-17 17:45:31: Cleaning folder: [C:\$WINDOWS.~BT\Sources\inf]... 2017-09-17 17:45:31: Cleaning folder: [C:\$WINDOWS.~BT\Sources\migration]... 2017-09-17 17:45:31: Protecting folder: [C:\$WINDOWS.~BT\Sources\Panther]... 2017-09-17 17:45:31: Cleaning folder: [C:\$WINDOWS.~BT\Sources\replacementmanifests]... 2017-09-17 17:45:32: Cleaning folder: [C:\$WINDOWS.~BT\Sources\sxs]... 2017-09-17 17:45:32: Cleaning MoSetup Volatile key... 2017-09-17 17:45:32: Cleaning MoSetup RegBackup key... 2017-09-17 17:45:32: Removing CorrelationVector registry value... 2017-09-17 17:45:32: Removing cleanup registry value... 2017-09-17 17:45:32: Path successfully cleaned! 2017-09-17 17:45:32: MainHr: Error = 0xC1900210 2017-09-17 17:45:32: wWinMain: Error = 0xC1900210
  24. joddle
    Still unsure about some of this - the three 755s and the configurations are as follows 2.33gigahertz Intel Core 2 Duo E6550 8 GB Memory - Running w10 1703 - no issues 3.0 gigahertz Intel Core 2 Duo E6850 6GB Memory – Running W10 1703 - no issues 2.0 gigahertz Intel Core 2 Duo E4400 4GB Memory – says incompatible for W10 Creators when I try installing from DVD or from USB but runs earlier W10 fine. From the basic info none of these seem out of spec for the Creators upgrade so I have tried testing compatibility usingthe install media and the command “setup/Compat ScanOnly” Howeverthis seems to want to install W10 but I only want it checked! How far does it run before coming up with the test results and how far can I let itrun before it wrecks my current system?
  25. joddle
    Well now had a moment to try a W10 install so put in a scrap HDD which I had lying around and installed an old version of W10 - and hey presto it worked just fine with no errors. So it seems it is only the creator version which says the PC is not compatible. Still not got around the Bios upgrade situation - every time I try it it fails with the same could not find files in memory issue. The cmos battery seems to be holding up the time and other settings OK so does this mean it does not need changing? and is there anything in the MBEX settings that I need to look at?
×
×
  • Create New...