[xppc]

She has a vista 32 bit machine that was upgraded to win 7 ultimate 64 bit a little over a year ago. Shes has an HP A6142N amd athlon 64 x2 dual core 4400+ 2.3ghz 2 gb ram. I had originally installed two additional 1gb sticks for a total of 4 but kept getting blue screens and i found 1gb was faulty, so it has only been 3gb until 3 weeks ago. I pulled the newest of the memory sticks and currently is has just the original two 1gb stick that came with the machine. According to HP it is capable of 8gb. She just used this machine for email, some surfing and occasionally Skype with her grandkids and often solitaire. 

 

I will be purchasing a 2 gb stick of memory so it will be soon running 4gb. 

I ran a who crashed report and found the last 4 instances were memory or software (possible driver related)

 

​Lately it has been crashing with blue screen and a couple times I have seen and heard a message about the machine being locked with a website popping up claiming to be microsoft and the machine having a Zeus virus and to call the listed 800 number immediately.

 

I did update the drivers (only 4 were out of date according to drivermax). Super Antispyware just found 46 adware issues, and malware bytes found nothing. ByteDefender, I will have to run next time I am there. 

 

what should my next step be?

 

thanks again in advance for your help

[Advertisements]

The next time you are there you need to install TeamViewer on her PC.  That way you can fix her PC without being there.  https://www.teamview...wnload/windows/

 

I would run Rogue Killer to see if there is anything obvious.

 

Let's run Rogue Killer

 

http://www.adlice.co...iller/#download

Then choose the appropriate download:

 

Portable 32 bits

or

Portable 64 bits

 

Download and Save.

 

 

 

Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe) and Run As admin

 

Start Scan

Start Scan

 

Will take about 20 minutes to complete.

 

Open Report

Export TXT (save it to your desktop as rk) Save

 

Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.  (May not be practical for you so use your own judgement.  Maybe Google what it finds to make sure it's not a false positive.)

 

Open rk.txt and copy and paste it to your next Reply. 

 

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

 

 

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

 

 

•  

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

Check the Addition.txt box

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste log back here. 

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

 

 

 

Download BlueScreenView

http://www.nirsoft.net/utils/blue_screen_view.html 

 

Double click on BlueScreenView.exe file to run the program.

When scanning is done, go Edit, Select All.

 

Go File, Save Selected Items, and save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

 

 

A lot of blue screens are caused by heat.  See if you can get Speedfan to work:

 

http://www.filehippo...nload_speedfan/

 

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin.).

 

It will tell you your temps.  Leave it up and run an anti-virus scan or watch a video and see how high it goes.  idle laptops are around 50, desktops 40.  Under moderate load we don't want either to go over 65.  Heat buildup is usually caused by dust on the heatsink.  Easy to clean on a desktop but may require brain surgery on some laptops.  Usually you can Google the part number and find a video showing how to take the laptop apart.  

 

 

Get the free version of Speccy:

 

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button  - Do NOT press the large Start Download button on the upper left!)  

Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 

File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  

(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

 

First click on More Reply Options

Then scroll down to where you see

Choose File and click on it.  Point it at the file and hit Open.

Now click on Attach this file.

 

 

 

[RKinner]

The next time you are there you need to install TeamViewer on her PC.  That way you can fix her PC without being there.  https://www.teamview...wnload/windows/

 

I would run Rogue Killer to see if there is anything obvious.

 

Let's run Rogue Killer

 

http://www.adlice.co...iller/#download

Then choose the appropriate download:

 

Portable 32 bits

or

Portable 64 bits

 

Download and Save.

 

 

 

Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe) and Run As admin

 

Start Scan

Start Scan

 

Will take about 20 minutes to complete.

 

Open Report

Export TXT (save it to your desktop as rk) Save

 

Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.  (May not be practical for you so use your own judgement.  Maybe Google what it finds to make sure it's not a false positive.)

 

Open rk.txt and copy and paste it to your next Reply. 

 

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

 

 

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

 

 

•  

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

Check the Addition.txt box

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste log back here. 

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

 

 

 

Download BlueScreenView

http://www.nirsoft.net/utils/blue_screen_view.html 

 

Double click on BlueScreenView.exe file to run the program.

When scanning is done, go Edit, Select All.

 

Go File, Save Selected Items, and save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

 

 

A lot of blue screens are caused by heat.  See if you can get Speedfan to work:

 

http://www.filehippo...nload_speedfan/

 

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin.).

 

It will tell you your temps.  Leave it up and run an anti-virus scan or watch a video and see how high it goes.  idle laptops are around 50, desktops 40.  Under moderate load we don't want either to go over 65.  Heat buildup is usually caused by dust on the heatsink.  Easy to clean on a desktop but may require brain surgery on some laptops.  Usually you can Google the part number and find a video showing how to take the laptop apart.  

 

 

Get the free version of Speccy:

 

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button  - Do NOT press the large Start Download button on the upper left!)  

Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 

File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  

(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

 

First click on More Reply Options

Then scroll down to where you see

Choose File and click on it.  Point it at the file and hit Open.

Now click on Attach this file.

 

 

 

[xppc]

below and attached are what you asked i complete. (i think copied or attached all)

 

RogueKiller V12.10.2.0 (x64) [Mar 27 2017] (Free) by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : https://forum.adlice.com

Website : http://www.adlice.co...ad/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : hp [Administrator]

Started from : C:\Program Files\RogueKiller\RogueKiller64.exe

Mode : Scan -- Date : 03/31/2017 12:47:44 (Duration : 00:51:56)

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 16 ¤¤¤

[PUP.Gen1] (X64) HKEY_USERS\RK_Bunny_ON_E_F00E\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Toolbar Cleaner -> Found

[PUP.Gen1] (X64) HKEY_USERS\RK_Bunny_ON_E_F00E\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion -> Found

[PUP.Gen1] (X86) HKEY_USERS\RK_Bunny_ON_E_F00E\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Toolbar Cleaner -> Found

[PUP.Gen1] (X86) HKEY_USERS\RK_Bunny_ON_E_F00E\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion -> Found

[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_27CB\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> Found

[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_27CB\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> Found

[PUM.HomePage] (X64) HKEY_USERS\RK_Default_ON_E_7521\Software\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> Found

[PUM.HomePage] (X86) HKEY_USERS\RK_Default_ON_E_7521\Software\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> Found

[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_27CB\Microsoft\Internet Explorer\Main | Default_Page_URL : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> Found

[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_27CB\Microsoft\Internet Explorer\Main | Default_Page_URL : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> Found

[PUM.HomePage] (X64) HKEY_USERS\RK_Default_ON_E_7521\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> Found

[PUM.HomePage] (X86) HKEY_USERS\RK_Default_ON_E_7521\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 69.1.30.2 69.1.30.3 ([United States][United States])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 69.1.30.2 69.1.30.3 ([United States][United States])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ACBF4585-07A3-412C-BEF4-9F54FE4F4C58} | DhcpNameServer : 69.1.30.2 69.1.30.3 ([United States][United States])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ACBF4585-07A3-412C-BEF4-9F54FE4F4C58} | DhcpNameServer : 69.1.30.2 69.1.30.3 ([United States][United States])  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 1 ¤¤¤

[PUP.Firefox][File] C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\b86f6yv7.default\Invalidprefs.js -> Found

 

¤¤¤ WMI : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST316081 3AS SCSI Disk Device +++++

--- User ---

[MBR] 41f84d422b4072262c265ab244b68511

[BSP] 97ac0413c964b095f6e4b6999cceb990 : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

Error reading LL2 MBR! ([1] Incorrect function. )

 

+++++ PhysicalDrive1: SAMSUNG HD400LJ SCSI Disk Device +++++

--- User ---

[MBR] fb51208ff9c8d708959fbcc1e29df8ca

[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 372491 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 762862590 | Size: 9060 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

Error reading LL2 MBR! ([1] Incorrect function. )

 

+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive4: Generic USB SM Reader USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

 

+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

# AdwCleaner v6.045 - Logfile created 31/03/2017 at 14:59:50

# Updated on 28/03/2017 by Malwarebytes

# Database : 2017-03-31.1 [Local]

# Operating System : Windows 7 Ultimate Service Pack 1 (X64)

# Username : hp - HP-PC

# Running from : C:\Users\hp\Downloads\AdwCleaner(1).exe

# Mode: Clean

# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\b86f6yv7.default\MapsGalaxy_39

***** [ Files ] *****

[-] File deleted: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\b86f6yv7.default\invalidprefs.js

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] ****

***** [ Web browsers ] *****

[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com

[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted

:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1184 Bytes] - [31/03/2017 14:59:50]

C:\AdwCleaner\AdwCleaner[S0].txt - [1440 Bytes] - [31/03/2017 14:42:31]

C:\AdwCleaner\AdwCleaner[S1].txt - [1515 Bytes] - [31/03/2017 14:58:03]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1403 Bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.2 (03.10.2017)

Operating System: Windows 7 Ultimate x64

Ran by hp (Administrator) on Fri 03/31/2017 at 15:17:50.49

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 49

 

Successfully deleted: C:\ProgramData\1468092682.bdinstall.bin (File)

Successfully deleted: C:\ProgramData\1468092744.bdinstall.bin (File)

Successfully deleted: C:\ProgramData\1468093525.2652.bin (File)

Successfully deleted: C:\ProgramData\1468093525.3912.bin (File)

Successfully deleted: C:\ProgramData\1468093692.bdinstall.bin (File)

Successfully deleted: C:\Users\hp\Desktop\drivermax.lnk (Shortcut)

Successfully deleted: C:\Windows\system32\Tasks\DriverMax Notification (Task)

Successfully deleted: C:\Windows\system32\Tasks\DriverMaxAgent (Task)

Successfully deleted: C:\Windows\system32\Tasks\DriverMaxWelcome (Task)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09SWTRI1 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E2GTPII (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7LLBDEN9 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTO1JFJ6 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWJ68KJO (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTGS9179 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HV1LQ10G (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I1MJPYIJ (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IY5ALN71 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PT40WV1A (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSC5I57Z (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RT1LIA2S (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJ9T0Y79 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJ1L1H1L (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU663R97 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZF1F3S32 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09SWTRI1 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E2GTPII (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7LLBDEN9 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTO1JFJ6 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWJ68KJO (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTGS9179 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HV1LQ10G (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I1MJPYIJ (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IY5ALN71 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PT40WV1A (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSC5I57Z (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RT1LIA2S (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJ9T0Y79 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJ1L1H1L (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU663R97 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZF1F3S32 (Temporary Internet Files Folder)

 

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 03/31/2017 at 15:27:21.01

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

==================================================

Dump File         : 031517-20982-01.dmp

Crash Time        : 3/15/2017 12:32:29 PM

Bug Check String  : SYSTEM_SERVICE_EXCEPTION

Bug Check Code    : 0x0000003b

Parameter 1       : 00000000`c0000005

Parameter 2       : fffff960`002670a7

Parameter 3       : fffff880`038d4b20

Parameter 4       : 00000000`00000000

Caused By Driver  : win32k.sys

Caused By Address : win32k.sys+1e70a5

File Description  : Multi-User Win32 Driver

Product Name      : Microsoft® Windows® Operating System

Company           : Microsoft Corporation

File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)

Processor         : x64

Crash Address     : ntoskrnl.exe+70400

Stack Address 1   :

Stack Address 2   :

Stack Address 3   :

Computer Name     :

Full Path         : C:\Windows\Minidump\031517-20982-01.dmp

Processors Count  : 2

Major Version     : 15

Minor Version     : 7601

Dump File Size    : 285,088

Dump File Time    : 3/15/2017 12:33:51 PM

==================================================

 

==================================================

Dump File         : 031317-21465-01.dmp

Crash Time        : 3/13/2017 11:49:06 AM

Bug Check String  : MEMORY_MANAGEMENT

Bug Check Code    : 0x0000001a

Parameter 1       : 00000000`00005003

Parameter 2       : fffff700`01080000

Parameter 3       : 00000000`00009f33

Parameter 4       : 0000b2c5`00013e64

Caused By Driver  : ntoskrnl.exe

Caused By Address : ntoskrnl.exe+70400

File Description  : NT Kernel & System

Product Name      : Microsoft® Windows® Operating System

Company           : Microsoft Corporation

File Version      : 6.1.7601.23677 (win7sp1_ldr.170209-0600)

Processor         : x64

Crash Address     : ntoskrnl.exe+70400

Stack Address 1   :

Stack Address 2   :

Stack Address 3   :

Computer Name     :

Full Path         : C:\Windows\Minidump\031317-21465-01.dmp

Processors Count  : 2

Major Version     : 15

Minor Version     : 7601

Dump File Size    : 262,144

Dump File Time    : 3/13/2017 11:50:24 AM

==================================================

 

==================================================

Dump File         : 031217-29265-01.dmp

Crash Time        : 3/12/2017 8:54:33 PM

Bug Check String  : MEMORY_MANAGEMENT

Bug Check Code    : 0x0000001a

Parameter 1       : 00000000`00005003

Parameter 2       : fffff700`01080000

Parameter 3       : 00000000`0000410d

Parameter 4       : 00004110`00008218

Caused By Driver  : ntoskrnl.exe

Caused By Address : ntoskrnl.exe+70400

File Description  : NT Kernel & System

Product Name      : Microsoft® Windows® Operating System

Company           : Microsoft Corporation

File Version      : 6.1.7601.23677 (win7sp1_ldr.170209-0600)

Processor         : x64

Crash Address     : ntoskrnl.exe+70400

Stack Address 1   :

Stack Address 2   :

Stack Address 3   :

Computer Name     :

Full Path         : C:\Windows\Minidump\031217-29265-01.dmp

Processors Count  : 2

Major Version     : 15

Minor Version     : 7601

Dump File Size    : 262,144

Dump File Time    : 3/12/2017 8:56:03 PM

==================================================

 

 

 

 

 

Attached Files

•  FRST.txt   80.88KB   151 downloads
•  Addition.txt   25.47KB   164 downloads
•  Speccy.txt   398.93KB   248 downloads

[RKinner]

Were you able to run speedfan?  Speccy says it's running too hot and BlueScreenView is showing the usual things we expect when it gets too hot.  Speccy can't really be trusted but since it's a desktop it shouldn't be hard to shut it down, clean out the dust between the fan and the heatsink.  (DO NOT DISTURB THE HEATSINK - tho you can remove the fan as long as you put it back pointing the same way.)  I use a vacuum cleaner hose and a small brush.  

 

Don't see the processor explorer log.

 

Rogue Killer didn't find much.  Most of it just bloatware installed by HP.  Won't hurt to remove it or leave it.

 

FRST doesn't show any signs of infection tho I can see that Driver Max is not happy so I would uninstall it.

 

I would also uninstall SuperAntiSpyware.

 

Clear the Java Cache by following the instructions on

http://www.java.com/...lugin_cache.xml

 

You do not have the latest Java.

First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

I see:

Java 8 Update 60 (64-bit) 

Java 8 Update 60 

 

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

 

If you feel you must have Java:

Get the latest Java at:

http://www.java.com/en/

 

Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.

Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

 

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

[xppc]

i uninstalled everything you mentioned except frst.i do not see it as an installed program or an uninstall option.

 

i did run speedfan along with bitdefender and superantispyware

 

temp2 did have a little fire icon next to it and fluctuated between 50C and 52C. I just opened the pc and the fan definitely needs cleaning. I will do that tomorrow when i return with the correct tools.

[RKinner]

Didn't mean for you to uninstall FRST just Driver Max.

[xppc]

I was wondering that. Drivermax uninstalled. I removed and cleaned the fan and put it back in. I sat on floor with the machine on a stool and leaned it to the floor and brushed off the heat sink as well, it gunked up much worse than the fan.

 

what is next?

 

thanks

[RKinner]

What does speedfan say is the highest temp when it is idle?  After 5 minutes running an anti-virus scan?

[xppc]

Idle.. temp 1... 7-9C.. temp 2.. 40C...temp 3... 25C....temp 1.. 40C

running scan..temps fluctuated.. temp 1... 13-20C..temp2...41-42C (check mark went red briefly at temp change.. then green) temp 3... 25C......temp 1 40C

 

next?

 

have a good weekend

[RKinner]

Sounds like it's running cool enough now.  Hopefully that will stop the BSODs.

 

I don't think we have run Process Explorer yet so let's do that:

 

Get Process Explorer

 

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

 

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

 

 

Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

 

Wait a full minute then:

 

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

[xppc]

below is the report requested.

 

I did see something on the desktop today that i did not notice before..initdebug. should i remove this?

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
armsvc.exe        1,164 K    3,588 K    1968    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
audiodg.exe        19,124 K    17,704 K    1076    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
DTAgent.exe        4,016 K    8,688 K    2384    DAEMON Tools Lite    Disc Soft Ltd    (Verified) Disc Soft Ltd
lsass.exe        4,712 K    9,528 K    620    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
lsm.exe        2,448 K    3,864 K    628    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
mDNSResponder.exe        2,984 K    5,440 K    2144    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
nvtray.exe        7,764 K    9,576 K    2824    NVIDIA Settings    NVIDIA Corporation    (Verified) NVIDIA Corporation
nvvsvc.exe        2,356 K    5,360 K    896    NVIDIA Driver Helper Service, Version 309.08    NVIDIA Corporation    (Verified) NVIDIA Corporation
nvxdsync.exe        6,848 K    7,920 K    1480    NVIDIA User Experience Driver Component    NVIDIA Corporation    (Verified) NVIDIA Corporation
procexp.exe        5,228 K    10,160 K    2800    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
RAVBg64.exe        14,672 K    7,744 K    1372    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RAVCpl64.exe        15,036 K    9,496 K    2340    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtkAudioService64.exe        1,736 K    4,308 K    1328    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
services.exe        5,264 K    9,088 K    608    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        444 K    1,072 K    296    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        6,880 K    8,592 K    1760    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
sppsvc.exe        3,444 K    7,492 K    1808    Microsoft Software Protection Platform Service    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        6,772 K    7,712 K    3288    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,304 K    3,604 K    2272    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,656 K    6,204 K    2200    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        5,112 K    7,152 K    2532    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,224 K    7,724 K    776    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        27,072 K    18,988 K    1000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,984 K    6,908 K    936    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,480 K    4,888 K    1124    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        11,648 K    10,932 K    1816    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,460 K    3,812 K    544    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        2,844 K    5,452 K    684    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVCM.EXE        2,136 K    3,412 K    3260    Microsoft® Windows Live ID Service Monitor    Microsoft Corporation    (Verified) Microsoft Corporation
WmiPrvSE.exe        2,896 K    6,316 K    3532    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        4,188 K    8,528 K    4144    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
wuauclt.exe        1,956 K    6,668 K    5080    Windows Update    Microsoft Corporation    (Verified) Microsoft Windows
WUDFHost.exe        3,088 K    4,936 K    3380    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    52,256 K    43,768 K    3176    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
nvvsvc.exe    < 0.01    5,272 K    6,948 K    1488    NVIDIA Driver Helper Service, Version 309.08    NVIDIA Corporation    (Verified) NVIDIA Corporation
wmpnetwk.exe    < 0.01    11,900 K    5,436 K    3468    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    < 0.01    2,036 K    3,720 K    492    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    100,372 K    102,984 K    340    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
tv_x64.exe    < 0.01    2,552 K    4,716 K    3448    TeamViewer 12    TeamViewer GmbH    (Verified) TeamViewer GmbH
SearchIndexer.exe    < 0.01    21,148 K    14,564 K    2728    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
daemonu.exe    0.01    3,780 K    8,776 K    1904    NVIDIA Settings Update Manager    NVIDIA Corporation    (Verified) NVIDIA Corporation
tv_w32.exe    0.01    2,344 K    4,992 K    3456    TeamViewer 12    TeamViewer GmbH    (Verified) TeamViewer GmbH
DiscSoftBusServiceLite.exe    0.01    3,452 K    7,048 K    1632    Disc Soft Bus Service Lite    Disc Soft Ltd    (Verified) Disc Soft Ltd
TeamViewer.exe    0.01    16,936 K    16,784 K    3920    TeamViewer 12    TeamViewer GmbH    (Verified) TeamViewer GmbH
svchost.exe    0.01    7,468 K    10,696 K    3808    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    8,496 K    11,712 K    728    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    0.01    9,452 K    5,708 K    568    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
AppleMobileDeviceService.exe    0.02    4,496 K    6,548 K    2056    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
WLIDSVC.EXE    0.02    5,820 K    10,492 K    2764    Microsoft® Windows Live ID Service    Microsoft Corporation    (Verified) Microsoft Corporation
svchost.exe    0.03    13,960 K    11,512 K    1408    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
TeamViewer_Service.exe    0.04    7,676 K    12,928 K    2572    TeamViewer 12    TeamViewer GmbH    (Verified) TeamViewer GmbH
explorer.exe    0.08    26,692 K    45,396 K    1368    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
gziface.exe    0.11    70,448 K    16,244 K    1912    Bitdefender Antivirus Free Edition    Bitdefender    (Verified) Bitdefender SRL
taskhost.exe    0.15    7,384 K    10,620 K    1864    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.27    27,828 K    33,156 K    488    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    0.56    0 K    0 K    n/a    Hardware Interrupts and DPCs        
firefox.exe    1.10    301,108 K    329,144 K    4548    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dwm.exe    1.19    34,388 K    45,104 K    1064    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
procexp64.exe    3.41    28,420 K    50,684 K    1600    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
System    3.79    456 K    10,052 K    4            
System Idle Process    39.89    0 K    24 K    0            
gzserv.exe    49.27    397,632 K    152,356 K    836    Bitdefender Antivirus Free Edition    Bitdefender    (Verified) Bitdefender SRL

 

thanks

 

[RKinner]

Bitdefender is going crazy:

 

System Idle Process    39.89    0 K    24 K    0            
gzserv.exe    49.27    397,632 K    152,356 K    836    Bitdefender Antivirus Free Edition    Bitdefender    (Verified) Bitdefender SRL

 

System Idle should be over 90% but BitDefender is eating almost 1/2 of the CPU's time.  Is Bitdefender doing a scan?  

[xppc]

i was not running at scan at the time but it is set for auto scan and i really dont know if it was scanning them or not

[RKinner]

It should be done with the scan by now.  Make another Process Explorer log and post it.

 

If gzserv.exe is still hogging the CPU then you need to uninstall and reinstall a new download of BitDefender.  (Keep the license info so you can reactivate)

[xppc]

just ran process explorer again and below is the log

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    83.02    0 K    24 K    0            
procexp64.exe    7.28    28,352 K    48,324 K    1328    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
gzserv.exe    3.70    276,012 K    177,260 K    844    Bitdefender Antivirus Free Edition    Bitdefender    (Verified) Bitdefender SRL
svchost.exe    2.22    66,680 K    64,376 K    740    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
dwm.exe    1.73    33,092 K    40,292 K    3116    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    1.03    0 K    0 K    n/a    Hardware Interrupts and DPCs        
System    0.53    460 K    10,500 K    4            
explorer.exe    0.19    29,764 K    55,828 K    3148    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
gziface.exe    0.06    18,952 K    2,372 K    2272    Bitdefender Antivirus Free Edition    Bitdefender    (Verified) Bitdefender SRL
daemonu.exe    0.05    3,884 K    8,656 K    2092    NVIDIA Settings Update Manager    NVIDIA Corporation    (Verified) NVIDIA Corporation
wmpnetwk.exe    0.03    12,884 K    29,328 K    3280    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
TeamViewer_Service.exe    0.03    7,788 K    18,888 K    476    TeamViewer 12    TeamViewer GmbH    (Verified) TeamViewer GmbH
csrss.exe    0.02    9,376 K    12,484 K    564    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.02    8,768 K    16,368 K    568    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
taskhost.exe    0.02    8,348 K    12,344 K    3028    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    51,280 K    39,664 K    2876    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
AppleMobileDeviceService.exe    0.01    4,652 K    11,448 K    1832    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
DiscSoftBusServiceLite.exe    0.01    3,588 K    8,828 K    3672    Disc Soft Bus Service Lite    Disc Soft Ltd    (Verified) Disc Soft Ltd
SearchProtocolHost.exe    0.01    3,104 K    6,796 K    3548    Microsoft Windows Search Protocol Host    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    14,548 K    15,864 K    1500    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SearchProtocolHost.exe    0.01    4,388 K    9,456 K    432    Microsoft Windows Search Protocol Host    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    < 0.01    21,240 K    14,680 K    2436    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
nvvsvc.exe    < 0.01    6,268 K    12,568 K    2696    NVIDIA Driver Helper Service, Version 309.08    NVIDIA Corporation    (Verified) NVIDIA Corporation
csrss.exe    < 0.01    2,064 K    4,192 K    504    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    13,300 K    17,812 K    1676    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
WUDFHost.exe        3,152 K    7,192 K    3140    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        4,592 K    9,596 K    2368    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        8,252 K    12,016 K    3468    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVCM.EXE        2,156 K    4,248 K    4032    Microsoft® Windows Live ID Service Monitor    Microsoft Corporation    (Verified) Microsoft Corporation
WLIDSVC.EXE        5,720 K    13,248 K    2060    Microsoft® Windows Live ID Service    Microsoft Corporation    (Verified) Microsoft Corporation
winlogon.exe        2,928 K    7,200 K    640    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,504 K    4,532 K    540    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
TrustedInstaller.exe        5,308 K    11,924 K    1376    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        2,700 K    6,160 K    3124    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        110,388 K    118,680 K    228    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,688 K    7,460 K    936    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        26,132 K    23,076 K    1000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,236 K    9,324 K    784    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,296 K    4,500 K    1944    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,840 K    8,020 K    1896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,620 K    6,776 K    1292    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        7,704 K    14,104 K    4072    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,892 K    6,468 K    1444    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        6,956 K    12,528 K    1080    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
sppsvc.exe        6,572 K    12,396 K    3480    Microsoft Software Protection Platform Service    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        8,336 K    14,100 K    1636    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        444 K    1,144 K    424    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        6,364 K    9,888 K    608    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
SearchFilterHost.exe        3,140 K    7,080 K    1932    Microsoft Windows Search Filter Host    Microsoft Corporation    (Verified) Microsoft Windows
RtkAudioService64.exe        2,904 K    6,172 K    1448    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RAVCpl64.exe        20,908 K    18,864 K    3508    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RAVBg64.exe        16,140 K    13,452 K    1476    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
procexp.exe        5,636 K    9,560 K    2316    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
nvxdsync.exe        8,160 K    17,308 K    2608    NVIDIA User Experience Driver Component    NVIDIA Corporation    (Verified) NVIDIA Corporation
nvvsvc.exe        2,412 K    7,080 K    904    NVIDIA Driver Helper Service, Version 309.08    NVIDIA Corporation    (Verified) NVIDIA Corporation
nvtray.exe        7,292 K    13,592 K    3776    NVIDIA Settings    NVIDIA Corporation    (Verified) NVIDIA Corporation
mscorsvw.exe        5,616 K    7,524 K    3340    .NET Runtime Optimization Service    Microsoft Corporation    (Verified) Microsoft Dynamic Code Publisher
mscorsvw.exe        3,224 K    5,852 K    2004    .NET Runtime Optimization Service    Microsoft Corporation    (Verified) Microsoft Dynamic Code Publisher
mDNSResponder.exe        3,028 K    6,404 K    1860    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
lsm.exe        2,400 K    4,200 K    660    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe        5,100 K    12,468 K    652    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
audiodg.exe        18,944 K    18,976 K    1064    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
armsvc.exe        1,212 K    4,076 K    1780    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems