This desktop has been running slower and slower. Now I have to wait several seconds each time I input anything.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by John (administrator) on MAPLEGROVE (25-05-2017 11:00:52)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & Karen)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2015-04-21] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-12-10] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1193728 2017-02-15] (PDF Complete Inc)
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD)
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-05-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-20]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-05-20]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Shortcut.lnk [2016-04-29]
ShortcutTarget: firefox - Shortcut.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2017-05-25]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1F72C64A-20C5-4AEF-B8F3-C328D039AE59}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-us/?ocid=U221DHP&pc=U221
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2016-05-09] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: myzd5fce.default
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\myzd5fce.default [2017-05-25]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\myzd5fce.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\myzd5fce.default -> hxxps://mail.google.com/mail/u/0/#inbox
hxxps://www.aplos.com/aws/login
hxxps://www.pnc.com/en/personal-banking.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.aplos.com/aws/login"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2016-10-21]
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-26]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1719552 2017-02-15] (PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-05-09] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-12-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-22] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2015-04-21] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3423720 2014-09-02] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-25 11:00 - 2017-05-25 11:01 - 00016344 _____ C:\Users\John\Desktop\FRST.txt
2017-05-25 11:00 - 2017-05-25 11:00 - 00000000 ____D C:\FRST
2017-05-25 10:59 - 2017-05-25 10:59 - 02429952 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2017-05-25 10:03 - 2017-05-25 10:03 - 00447013 _____ C:\Users\Karen\Downloads\Calendar for June 2017 S.pdf
2017-05-23 14:13 - 2017-05-23 14:13 - 00254194 _____ C:\Users\Karen\Downloads\PAYROLL- 5-26-2017 (90).pdf
2017-05-23 13:58 - 2017-05-24 13:00 - 00010595 _____ C:\Users\Karen\Desktop\2017 givings - attendance.xlsx
2017-05-23 13:30 - 2017-05-23 14:12 - 00011923 _____ C:\Users\Karen\Desktop\2016 givings - attendance record.xlsx
2017-05-23 09:08 - 2017-05-23 09:08 - 00114125 _____ C:\Users\Karen\Downloads\Scanned from Anderson.pdf
2017-05-23 09:08 - 2017-05-23 09:08 - 00000168 _____ C:\Users\Karen\Downloads\ATT00001.htm
2017-05-17 17:34 - 2017-05-17 17:34 - 00011370 _____ C:\Users\Karen\Downloads\02512500_54135.pdf
2017-05-17 15:11 - 2017-05-17 15:11 - 00011973 _____ C:\Users\Karen\Downloads\158005_54050.pdf
2017-05-15 14:38 - 2017-05-15 14:38 - 00039761 _____ C:\Users\Karen\Downloads\mothers-day-coloring-page.pdf
2017-05-15 14:37 - 2017-05-15 14:37 - 00060201 _____ C:\Users\Karen\Downloads\i_am_the_way_dot2dot.pdf
2017-05-15 14:36 - 2017-05-15 14:36 - 00098054 _____ C:\Users\Karen\Downloads\john_14v6_colorpg.pdf
2017-05-15 14:12 - 2017-05-15 14:12 - 00254449 _____ C:\Users\Karen\Downloads\PAYROLL- 5-12-2017 (89).pdf
2017-05-10 15:36 - 2017-04-27 21:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 15:36 - 2017-04-27 21:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-10 15:36 - 2017-04-27 21:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-10 15:36 - 2017-04-27 21:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-10 15:36 - 2017-04-27 21:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-10 15:36 - 2017-04-27 21:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-10 15:36 - 2017-04-27 20:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-10 15:36 - 2017-04-27 20:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 15:36 - 2017-04-27 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-10 15:36 - 2017-04-27 20:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 15:36 - 2017-04-27 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-10 15:36 - 2017-04-27 20:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-10 15:36 - 2017-04-27 20:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-10 15:36 - 2017-04-27 20:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 15:36 - 2017-04-27 20:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 15:36 - 2017-04-27 20:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 15:36 - 2017-04-27 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-10 15:36 - 2017-04-27 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-10 15:36 - 2017-04-27 20:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-10 15:36 - 2017-04-27 20:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-10 15:36 - 2017-04-27 20:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-10 15:36 - 2017-04-27 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-10 15:36 - 2017-04-27 20:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-10 15:36 - 2017-04-27 20:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-10 15:36 - 2017-04-27 20:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-10 15:36 - 2017-04-26 10:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 15:36 - 2017-04-21 11:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-10 15:36 - 2017-04-21 11:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-10 15:36 - 2017-04-19 20:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 15:36 - 2017-04-19 19:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 15:36 - 2017-04-17 11:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 15:36 - 2017-04-17 11:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 15:36 - 2017-04-17 11:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 15:36 - 2017-04-17 11:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-10 15:36 - 2017-04-17 11:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-10 15:36 - 2017-04-17 11:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 15:36 - 2017-04-17 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 15:36 - 2017-04-17 11:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-10 15:36 - 2017-04-17 10:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-10 15:36 - 2017-04-16 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-10 15:36 - 2017-04-16 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-10 15:36 - 2017-04-16 04:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-10 15:36 - 2017-04-16 04:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-10 15:36 - 2017-04-16 04:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-10 15:36 - 2017-04-16 04:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 15:36 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 15:36 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 15:36 - 2017-04-16 04:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-10 15:36 - 2017-04-16 04:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-10 15:36 - 2017-04-16 04:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-10 15:36 - 2017-04-16 04:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-10 15:36 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 15:36 - 2017-04-16 04:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 15:36 - 2017-04-16 04:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-10 15:36 - 2017-04-16 04:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 15:36 - 2017-04-16 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-10 15:36 - 2017-04-16 04:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-10 15:36 - 2017-04-16 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-10 15:36 - 2017-04-16 04:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 15:36 - 2017-04-16 04:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-10 15:36 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 15:36 - 2017-04-16 04:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-10 15:36 - 2017-04-16 04:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-10 15:36 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 15:36 - 2017-04-16 04:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-10 15:36 - 2017-04-16 04:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 15:36 - 2017-04-16 04:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-10 15:36 - 2017-04-16 04:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-10 15:36 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 15:36 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 15:36 - 2017-04-16 03:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-10 15:36 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 15:36 - 2017-04-16 03:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-10 15:36 - 2017-04-16 03:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-10 15:36 - 2017-04-16 03:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 15:36 - 2017-04-16 03:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-10 15:36 - 2017-04-16 03:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 15:36 - 2017-04-16 03:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-10 15:36 - 2017-04-16 03:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-10 15:36 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 15:36 - 2017-04-16 03:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 15:36 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 15:36 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 15:36 - 2017-04-16 03:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-10 15:36 - 2017-04-16 03:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-10 15:36 - 2017-04-16 03:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-10 15:36 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 15:36 - 2017-04-16 03:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-10 15:36 - 2017-04-16 03:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-10 15:36 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 15:36 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 15:36 - 2017-04-16 03:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-10 15:36 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 15:36 - 2017-04-16 03:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 15:36 - 2017-04-16 03:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 15:36 - 2017-04-16 03:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 15:36 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 15:36 - 2017-04-16 03:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-10 15:36 - 2017-04-16 03:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 15:36 - 2017-04-16 02:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 15:36 - 2017-04-16 02:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 15:36 - 2017-04-16 02:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 15:36 - 2017-04-16 02:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 15:36 - 2017-04-16 02:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 15:36 - 2017-04-16 02:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 15:36 - 2017-04-12 11:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 15:36 - 2017-04-12 11:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-10 15:36 - 2017-04-12 11:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-10 15:36 - 2017-04-12 11:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-10 15:36 - 2017-04-12 11:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-10 15:36 - 2017-04-12 11:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 15:36 - 2017-04-12 11:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-10 15:36 - 2017-04-12 11:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-10 15:36 - 2017-04-07 11:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 15:36 - 2017-04-07 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 15:36 - 2017-04-07 11:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 15:36 - 2017-04-07 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-10 15:36 - 2017-04-07 11:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 15:36 - 2017-04-05 10:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 15:36 - 2017-04-05 10:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 15:36 - 2017-04-05 10:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-10 15:36 - 2017-04-04 11:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-10 15:36 - 2017-04-04 11:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-10 15:36 - 2017-04-04 11:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-10 15:36 - 2017-04-04 10:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-10 15:36 - 2017-04-04 10:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-10 15:36 - 2017-03-10 12:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-10 15:36 - 2017-03-10 12:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-10 15:36 - 2017-03-10 12:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-10 15:36 - 2017-03-10 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-10 15:36 - 2017-03-10 11:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-10 15:36 - 2017-03-10 11:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-10 15:36 - 2017-03-10 11:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-10 15:36 - 2017-03-09 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-10 15:36 - 2017-03-09 12:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-08 10:32 - 2017-05-08 10:36 - 00000000 ____D C:\Users\Karen\Desktop\Youth Fundraising
2017-05-04 16:52 - 2017-05-04 16:52 - 00050102 _____ C:\Users\Karen\Desktop\Text - S.305 - 115th Congress (2017-2018)_ Vietnam War Veterans Recognition Act of 2017 _ Congress.gov _ Library of Congress.html
2017-05-04 16:52 - 2017-05-04 16:52 - 00000000 ____D C:\Users\Karen\Desktop\Text - S.305 - 115th Congress (2017-2018)_ Vietnam War Veterans Recognition Act of 2017 _ Congress.gov _ Library of Congress_files
2017-05-03 14:17 - 2017-05-03 14:17 - 00186570 _____ C:\Users\Karen\Downloads\Spring '17 Newsletter .compressed.pdf
2017-05-03 12:25 - 2017-05-04 11:27 - 00000000 ____D C:\Users\Karen\Desktop\23rd Psalm
2017-04-26 12:17 - 2017-04-26 12:17 - 00000000 ____D C:\Users\Karen\Documents\Custom Office Templates
2017-04-26 09:45 - 2017-04-26 09:46 - 06684333 _____ C:\Users\Karen\Downloads\Kihms3W March 2017 Home Assignment Newsletter.pdf
2017-04-25 15:18 - 2017-04-25 15:18 - 00091864 _____ C:\Users\Karen\Downloads\monthly-english.pdf
2017-04-25 15:18 - 2017-04-25 15:18 - 00091864 _____ C:\Users\Karen\Downloads\monthly-english (1).pdf
2017-04-25 13:51 - 2017-04-25 13:51 - 00247997 _____ C:\Users\Karen\Downloads\PAYROLL- 3-17-2017 (85) (6).pdf
2017-04-25 13:51 - 2017-04-25 13:51 - 00247900 _____ C:\Users\Karen\Downloads\PAYROLL- 3-3-2017 (84) (4).pdf
2017-04-25 13:50 - 2017-04-25 13:50 - 00247893 _____ C:\Users\Karen\Downloads\PAYROLL- 3-3-2017 (84) (3).pdf
2017-04-25 13:45 - 2017-04-25 13:45 - 00247991 _____ C:\Users\Karen\Downloads\PAYROLL- 3-3-2017 (84) (2).pdf
2017-04-25 13:41 - 2017-04-25 13:41 - 00254240 _____ C:\Users\Karen\Downloads\PAYROLL- 4-14-2017 (87) (2).pdf
2017-04-25 13:38 - 2017-04-25 13:38 - 00254229 _____ C:\Users\Karen\Downloads\PAYROLL- 4-28-2017 (88).pdf
2017-04-25 13:36 - 2017-04-25 13:36 - 00254262 _____ C:\Users\Karen\Downloads\PAYROLL- 4-14-2017 (87).pdf
2017-04-25 13:36 - 2017-04-25 13:36 - 00254260 _____ C:\Users\Karen\Downloads\PAYROLL- 4-14-2017 (87) (1).pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-25 10:41 - 2009-07-14 00:45 - 00023408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-25 10:41 - 2009-07-14 00:45 - 00023408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-25 10:39 - 2015-03-06 12:52 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A31D05A0-4A77-4D7D-9C5B-3B7EB0D692F8}
2017-05-25 10:38 - 2016-12-02 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-25 10:37 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-25 10:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-25 10:34 - 2016-12-09 10:00 - 00000000 ____D C:\Users\John\AppData\LocalLow\Mozilla
2017-05-25 10:34 - 2015-06-23 14:21 - 00000000 ___RD C:\Users\John\Google Drive
2017-05-25 10:32 - 2014-04-02 04:31 - 00000000 ____D C:\ProgramData\PDFC
2017-05-25 10:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-25 10:02 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Avery Templates
2017-05-25 09:02 - 2015-11-30 09:53 - 00000000 ___RD C:\Users\Karen\Google Drive
2017-05-24 14:27 - 2016-10-12 13:33 - 00000000 ____D C:\Users\Karen\Documents\Visual Tech Schedule
2017-05-24 12:38 - 2015-05-19 12:48 - 00000000 ____D C:\Users\Karen\Desktop\Newsletter Info
2017-05-24 10:36 - 2015-04-22 11:03 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36D9C53B-37EF-4B56-AF55-4CCDF8D010ED}
2017-05-23 14:47 - 2015-03-31 14:25 - 00000000 ____D C:\Windows\system32\MRT
2017-05-23 14:40 - 2015-03-31 14:25 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-22 09:46 - 2015-05-19 12:50 - 00019035 _____ C:\Users\Karen\Documents\Scripture & Offertory Rotation.xlsx
2017-05-22 09:08 - 2015-03-16 09:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-16 11:14 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Correspondence
2017-05-16 10:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-05-16 10:11 - 2015-03-16 09:48 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-15 14:09 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Faith Promise
2017-05-12 08:05 - 2009-07-14 00:45 - 00452128 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-12 08:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 17:15 - 2011-02-11 16:29 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-10 17:12 - 2015-04-14 19:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-05-10 17:00 - 2009-07-13 22:34 - 00000580 _____ C:\Windows\win.ini
2017-05-09 10:48 - 2015-03-16 11:05 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-09 10:48 - 2015-03-16 11:05 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 10:48 - 2015-03-16 11:05 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-09 10:48 - 2015-03-16 11:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-09 10:48 - 2015-03-16 11:05 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-04 09:00 - 2015-05-04 13:43 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-04 08:58 - 2015-04-22 11:03 - 00002267 _____ C:\Users\Karen\Desktop\Google Chrome.lnk
2017-05-03 14:31 - 2015-12-15 15:31 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMAPLEGROVE$
2017-05-03 14:31 - 2015-12-15 15:31 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForMAPLEGROVE$.job
2017-05-03 14:01 - 2016-02-17 20:09 - 00051237 ____H C:\Users\Karen\Desktop\~WRL0005.tmp
2017-04-30 17:34 - 2015-11-19 14:56 - 00003182 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKaren
2017-04-30 17:34 - 2015-11-19 14:56 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForKaren.job
2017-04-30 15:40 - 2015-03-16 09:45 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 15:40 - 2015-03-16 09:45 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-26 14:12 - 2017-03-08 12:01 - 00000000 ____D C:\Users\Karen\Desktop\Escape Through Genesis
2017-04-26 11:51 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Forms
2017-04-25 12:33 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Children's Story Schedule
==================== Files in the root of some directories =======
2016-08-26 11:14 - 2016-08-29 09:52 - 0000115 _____ () C:\Users\John\AppData\Roaming\LogFile.txt
2015-07-14 13:29 - 2015-07-14 13:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-10 14:35 - 2015-11-10 14:56 - 15102356 _____ () C:\ProgramData\hpcsmmsilogs.log
2015-05-19 14:21 - 2015-05-19 14:22 - 2001298 _____ () C:\ProgramData\hpdam_install_log.txt
2015-04-21 13:41 - 2015-04-21 13:41 - 1034462 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
2015-08-04 13:24 - 2015-08-04 13:25 - 0040378 _____ () C:\ProgramData\HPTrustCircles_Install_Log.txt
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-23 10:59
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by John (25-05-2017 11:02:34)
Running from C:\Users\John\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-03-06 16:51:08)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2994528611-1495046117-1799070532-500 - Administrator - Disabled)
Guest (S-1-5-21-2994528611-1495046117-1799070532-501 - Limited - Disabled)
John (S-1-5-21-2994528611-1495046117-1799070532-1002 - Administrator - Enabled) => C:\Users\John
Karen (S-1-5-21-2994528611-1495046117-1799070532-1003 - Limited - Enabled) => C:\Users\Karen
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{BA88C518-1C29-6931-1190-D9153F49461B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DJ2540FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
DllTool 1.0 (HKLM-x32\...\{8C36FC6F-3576-447C-B15D-FF1504C91104}_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{85D645CF-0F3B-477A-A9C9-194917F1A75B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{49524B48-4FE9-4A62-A9FD-1F2258DF5489}) (Version: 3.4.12.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{7561C06A-7797-4462-A7C3-86F45AE901CF}) (Version: 8.7.4 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.3.34.7 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.37 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{51015b63-d62c-4ca9-af93-9c3c601cef0b}) (Version: 17.12.0 - Intel Corporation)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 53.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 en-US)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.11 - PDF Complete, Inc)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickBooks (x32 Version: 23.0.4018.2305 - Intuit Inc.) Hidden
QuickBooks Premier: Nonprofit Edition 2013 (HKLM-x32\...\{38874F22-DDAA-4A43-8F1B-6ED2D0BF063A}) (Version: 23.0.4005.2305 - Intuit Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.74.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Update for Skype for Business 2015 (KB3191876) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{0C5B0FE3-809E-4D71-B5F6-3EFDAA93C2E6}) (Version: - Microsoft)
WinUtilities Free Edition 11.33 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version: 11.33 - YL Computing, Inc)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06290AFA-84EE-4B32-B5C8-C35C128CD928} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {0CE3B313-2ED6-4A07-B5AF-221CC36C3B85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {10205207-CC5C-4BF0-B155-41DFB8F32A76} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files (x86)\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {15394FBD-61DB-451A-B93D-57C32F21838F} - System32\Tasks\HP AR Program Upload - c6813afd8bdd4e5dbbd612a7c39535f574f098f765a94c11ad135085cfa2d2d4 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {1B8A4FF8-3FDA-4375-8B2C-9EFE688C8A7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {42C6B70E-0215-44A4-A7F3-FD76E9A69713} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {49F3E36F-0D7A-433D-9877-5D4AA7BCC1E5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {5722665F-91EE-458D-9777-ACF1728DCECB} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {5F656B7B-1C0C-49B8-AEA6-E9CFA74D3A9A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {97E529F4-0111-44CB-850A-9CB55101CFA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {A3984152-5BDF-4825-9EA6-F065A549E99D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {A58CE342-E758-40F0-AF94-7ABB69ECF4D6} - System32\Tasks\HPCeeScheduleForMAPLEGROVE$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B6A98587-34D1-4BFA-9E89-7C74642550E2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {BF9C44CE-54AD-4E69-8E9C-CD3B5D074430} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {C0100212-2422-4C75-8B80-E4C886691E78} - System32\Tasks\HPCeeScheduleForKaren => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C1F4C0A1-1CC6-4557-B881-06B36A2DFAC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {CB0F1CA4-EEA6-4859-BEE8-0D044E2D1703} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {E49515D1-99EC-4241-A1BB-1308E9F4F09D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {F0C5822A-76EA-488A-B3DB-3030158ACE47} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F171FDEA-36E5-4382-A15E-D14E774BDF50} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\HPCeeScheduleForKaren.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMAPLEGROVE$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2013-08-30 22:47 - 2013-08-30 22:47 - 00127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 08909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-30 22:47 - 2013-08-30 22:47 - 00102400 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-05-09 12:37 - 2016-05-09 12:37 - 00269080 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2016-05-09 12:39 - 2016-05-09 12:39 - 00021784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2016-05-09 09:28 - 2016-05-09 09:28 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2016-05-09 12:39 - 2016-05-09 12:39 - 00141592 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2016-05-09 12:37 - 2016-05-09 12:37 - 00176920 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2016-05-09 12:38 - 2016-05-09 12:38 - 00415512 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2016-05-09 12:37 - 2016-05-09 12:37 - 00529176 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2016-05-09 12:40 - 2016-05-09 12:40 - 00128792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll
2016-05-09 12:38 - 2016-05-09 12:38 - 00578840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2016-05-09 12:39 - 2016-05-09 12:39 - 00042776 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 08909512 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-05-25 10:33 - 2017-05-25 10:33 - 00098816 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32api.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00110080 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\pywintypes27.dll
2017-05-25 10:33 - 2017-05-25 10:33 - 00364544 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\pythoncom27.dll
2017-05-25 10:33 - 2017-05-25 10:33 - 00320512 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32com.shell.shell.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00914432 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_hashlib.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 01176576 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._core_.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00806400 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._gdi_.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00816128 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._windows_.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 01067008 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._controls_.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00733184 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._misc_.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00682496 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\pysqlite2._sqlite.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00088064 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_ctypes.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00686080 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\unicodedata.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00119808 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32file.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00108544 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32security.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00007168 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\hashobjs_ext.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00017920 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\thumbnails_ext.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00088064 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\usb_ext.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00012800 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\common.time34.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00018432 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32event.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00167936 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32gui.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00046080 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_socket.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 01303552 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_ssl.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00128512 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_elementtree.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00127488 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\pyexpat.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00038912 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32inet.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00036864 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_psutil_windows.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00524248 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\windows._lib_cacheinvalidation.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00011264 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32crypt.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00123392 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._wizard.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00077312 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._html2.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00027648 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_multiprocessing.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00020480 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_yappi.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00035840 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32process.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00078848 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._animate.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00024064 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32pipe.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00010240 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\select.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00025600 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32pdh.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00017408 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32profile.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00022528 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32ts.pyd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2016-08-31 17:34 - 00000035 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mozilla Firefox.lnk => C:\Windows\pss\Mozilla Firefox.lnk.Startup
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: CryptoMill Refresh => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1847647E-CBB4-4B6C-8EDC-5AEC2846D710}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9DDBE74B-CE76-4CCB-89E6-E9D50A1CAD48}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{D3C6FCC8-EBEE-411D-91E0-671C959157C1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{47EC0C2A-FA3D-4920-B991-6016848E2F33}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{A014DBC5-A815-4B09-B5FB-8B0B72274228}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CCCCD3A1-2788-466D-8A67-2118E3AB8DB4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0179F88D-3142-4E1B-BAD5-E2981C67D41D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{677B6DB7-EF1E-4F67-BD79-6A23D82F0A82}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{85BF657F-DD24-4DCC-A0B1-4360C31F8DDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9459C854-903F-45F3-B3C1-71009FE50AB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AACE28F1-0AC5-4D44-811B-58C0F9B84AE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F8501BFB-A26A-4ACF-9080-C97F8D87CD0D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CC4CDE13-4552-44BB-9F98-FEA872BD2AEA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F20CA863-8841-4D9F-A919-F53FDE7A7CA1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{7C05CF65-0866-4E32-866E-AB9A3736BB7F}] => (Allow) LPort=5357
FirewallRules: [{FB1A1FCF-F683-4BD8-97BC-8B8FC12551BE}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{19C766C7-720B-45A2-8FFE-9D1857DBE1EF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{EF8FB091-47C9-44BE-8C7D-538201EFC90D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5103A3E-5847-442E-82BD-020B42AFDA78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB42C538-6247-4773-BE3E-A4C27722B8C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
08-05-2017 16:00:39 Windows Update
10-05-2017 16:54:41 Windows Update
15-05-2017 09:55:43 Windows Update
19-05-2017 08:02:00 Windows Update
22-05-2017 09:27:22 Windows Update
23-05-2017 14:40:16 Windows Update
==================== Faulty Device Manager Devices =============
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2017 12:43:37 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
V23.0D R18 (M=1066, L=339, C=249, V=0 (0))
Error: (03/29/2017 04:16:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace4e7
Exception code: 0xc0000005
Fault offset: 0x000000000001e1ac
Faulting process id: 0xff8
Faulting application start time: 0x01d2a8a2852270e3
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
Report Id: 968c811c-14bc-11e7-8368-9cb654f71540
Error: (03/20/2017 10:14:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CLMSMonitorServicePDVD12.exe, version: 2.2.0.11508, time stamp: 0x51da6868
Faulting module name: ntdll.dll, version: 6.1.7601.23677, time stamp: 0x589c957a
Exception code: 0xc0000005
Fault offset: 0x000331f6
Faulting process id: 0x804
Faulting application start time: 0x01d2a1844bde0da9
Faulting application path: c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 92f3d73d-0d77-11e7-b42d-9cb654f71540
Error: (03/06/2017 11:37:50 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
V23.0D R18 (M=1066, L=339, C=249, V=0 (0))
Error: (02/13/2017 11:26:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.
Error: (01/04/2017 01:29:22 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
V23.0D R18 (M=1066, L=339, C=249, V=0 (0))
Error: (10/20/2016 01:55:11 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
DMError Information:-6069Additional Info:An Invalid Id or password was specified.
Error: (10/20/2016 01:55:11 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
Error: (10/20/2016 01:55:11 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_23; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Maple Grove Church of God.QBW;ENG=QB_data_engine_23;DBN=22e0d8aeb82a42049cfafcafc5752a1f
Error: (10/20/2016 01:55:11 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
Connection Error:Invalid user ID or password
System errors:
=============
Error: (05/25/2017 09:01:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:00:32 AM on 5/25/2017 was unexpected.
Error: (05/23/2017 09:15:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:15:06 AM on 5/23/2017 was unexpected.
Error: (05/23/2017 09:14:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.
Error: (05/23/2017 09:13:14 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:12:22 AM on 5/23/2017 was unexpected.
Error: (05/10/2017 10:19:45 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.241.1423.0
Update Source: Microsoft Update Server
Update Stage: Search
Source Path: http://www.microsoft.com
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.13701.0
Error code: 0x8024402f
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Error: (05/09/2017 12:51:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:50:28 PM on 5/9/2017 was unexpected.
Error: (05/09/2017 09:48:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/04/2017 11:56:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:55:25 AM on 5/4/2017 was unexpected.
Error: (05/04/2017 11:53:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:52:38 AM on 5/4/2017 was unexpected.
Error: (04/20/2017 06:49:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
CodeIntegrity:
===================================
Date: 2016-08-29 09:49:30.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-29 09:49:30.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-26 10:40:05.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-26 10:40:04.942
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-26 10:37:13.906
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-26 10:37:13.548
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-26 09:31:59.942
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-26 09:31:59.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-19 10:13:38.724
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-19 10:13:38.662
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD A4-5000 APU with Radeon HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 5573.83 MB
Available physical RAM: 3235.88 MB
Total Virtual: 11145.85 MB
Available Virtual: 8550.95 MB
==================== Drives ================================
Drive c: (Windows ) (Fixed) (Total:919.25 GB) (Free:755.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.16 GB) (Free:1.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
Drive g: (USB20FD) (Removable) (Total:7.52 GB) (Free:6.1 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DE9D643C)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)
==================== End of Addition.txt ============================