Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hp desktop runs slow


  • Please log in to reply

#1
John Aukerman

John Aukerman

    Member

  • Member
  • PipPipPip
  • 233 posts

This desktop has been running slower and slower. Now I have to wait several seconds each time I input anything.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by John (administrator) on MAPLEGROVE (25-05-2017 11:00:52)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & Karen)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2015-04-21] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-12-10] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1193728 2017-02-15] (PDF Complete Inc)
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD)
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-05-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-20]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-05-20]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Shortcut.lnk [2016-04-29]
ShortcutTarget: firefox - Shortcut.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2017-05-25]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1F72C64A-20C5-4AEF-B8F3-C328D039AE59}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-us/?ocid=U221DHP&pc=U221
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2016-05-09] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: myzd5fce.default
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\myzd5fce.default [2017-05-25]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\myzd5fce.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\myzd5fce.default -> hxxps://mail.google.com/mail/u/0/#inbox
hxxps://www.aplos.com/aws/login
hxxps://www.pnc.com/en/personal-banking.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.aplos.com/aws/login"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2016-10-21]
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-26]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1719552 2017-02-15] (PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-05-09] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-12-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-22] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2015-04-21] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3423720 2014-09-02] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-25 11:00 - 2017-05-25 11:01 - 00016344 _____ C:\Users\John\Desktop\FRST.txt
2017-05-25 11:00 - 2017-05-25 11:00 - 00000000 ____D C:\FRST
2017-05-25 10:59 - 2017-05-25 10:59 - 02429952 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2017-05-25 10:03 - 2017-05-25 10:03 - 00447013 _____ C:\Users\Karen\Downloads\Calendar for June 2017 S.pdf
2017-05-23 14:13 - 2017-05-23 14:13 - 00254194 _____ C:\Users\Karen\Downloads\PAYROLL- 5-26-2017 (90).pdf
2017-05-23 13:58 - 2017-05-24 13:00 - 00010595 _____ C:\Users\Karen\Desktop\2017 givings - attendance.xlsx
2017-05-23 13:30 - 2017-05-23 14:12 - 00011923 _____ C:\Users\Karen\Desktop\2016 givings - attendance record.xlsx
2017-05-23 09:08 - 2017-05-23 09:08 - 00114125 _____ C:\Users\Karen\Downloads\Scanned from Anderson.pdf
2017-05-23 09:08 - 2017-05-23 09:08 - 00000168 _____ C:\Users\Karen\Downloads\ATT00001.htm
2017-05-17 17:34 - 2017-05-17 17:34 - 00011370 _____ C:\Users\Karen\Downloads\02512500_54135.pdf
2017-05-17 15:11 - 2017-05-17 15:11 - 00011973 _____ C:\Users\Karen\Downloads\158005_54050.pdf
2017-05-15 14:38 - 2017-05-15 14:38 - 00039761 _____ C:\Users\Karen\Downloads\mothers-day-coloring-page.pdf
2017-05-15 14:37 - 2017-05-15 14:37 - 00060201 _____ C:\Users\Karen\Downloads\i_am_the_way_dot2dot.pdf
2017-05-15 14:36 - 2017-05-15 14:36 - 00098054 _____ C:\Users\Karen\Downloads\john_14v6_colorpg.pdf
2017-05-15 14:12 - 2017-05-15 14:12 - 00254449 _____ C:\Users\Karen\Downloads\PAYROLL- 5-12-2017 (89).pdf
2017-05-10 15:36 - 2017-04-27 21:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 15:36 - 2017-04-27 21:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-10 15:36 - 2017-04-27 21:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-10 15:36 - 2017-04-27 21:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-10 15:36 - 2017-04-27 21:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-10 15:36 - 2017-04-27 21:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-10 15:36 - 2017-04-27 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-10 15:36 - 2017-04-27 20:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-10 15:36 - 2017-04-27 20:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 15:36 - 2017-04-27 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-10 15:36 - 2017-04-27 20:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 15:36 - 2017-04-27 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-10 15:36 - 2017-04-27 20:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-10 15:36 - 2017-04-27 20:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-10 15:36 - 2017-04-27 20:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 15:36 - 2017-04-27 20:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 15:36 - 2017-04-27 20:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 15:36 - 2017-04-27 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-10 15:36 - 2017-04-27 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-10 15:36 - 2017-04-27 20:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-10 15:36 - 2017-04-27 20:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-10 15:36 - 2017-04-27 20:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-10 15:36 - 2017-04-27 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-10 15:36 - 2017-04-27 20:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-10 15:36 - 2017-04-27 20:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-10 15:36 - 2017-04-27 20:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 15:36 - 2017-04-27 20:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-10 15:36 - 2017-04-26 10:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 15:36 - 2017-04-21 11:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-10 15:36 - 2017-04-21 11:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-10 15:36 - 2017-04-19 20:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 15:36 - 2017-04-19 19:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 15:36 - 2017-04-17 11:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 15:36 - 2017-04-17 11:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 15:36 - 2017-04-17 11:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 15:36 - 2017-04-17 11:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-10 15:36 - 2017-04-17 11:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-10 15:36 - 2017-04-17 11:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 15:36 - 2017-04-17 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 15:36 - 2017-04-17 11:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-10 15:36 - 2017-04-17 10:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-10 15:36 - 2017-04-16 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-10 15:36 - 2017-04-16 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-10 15:36 - 2017-04-16 04:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-10 15:36 - 2017-04-16 04:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-10 15:36 - 2017-04-16 04:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-10 15:36 - 2017-04-16 04:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 15:36 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 15:36 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 15:36 - 2017-04-16 04:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-10 15:36 - 2017-04-16 04:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-10 15:36 - 2017-04-16 04:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-10 15:36 - 2017-04-16 04:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-10 15:36 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 15:36 - 2017-04-16 04:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 15:36 - 2017-04-16 04:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-10 15:36 - 2017-04-16 04:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 15:36 - 2017-04-16 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-10 15:36 - 2017-04-16 04:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-10 15:36 - 2017-04-16 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-10 15:36 - 2017-04-16 04:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 15:36 - 2017-04-16 04:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-10 15:36 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 15:36 - 2017-04-16 04:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-10 15:36 - 2017-04-16 04:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-10 15:36 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 15:36 - 2017-04-16 04:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-10 15:36 - 2017-04-16 04:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 15:36 - 2017-04-16 04:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-10 15:36 - 2017-04-16 04:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-10 15:36 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 15:36 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 15:36 - 2017-04-16 03:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-10 15:36 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 15:36 - 2017-04-16 03:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-10 15:36 - 2017-04-16 03:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-10 15:36 - 2017-04-16 03:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 15:36 - 2017-04-16 03:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-10 15:36 - 2017-04-16 03:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 15:36 - 2017-04-16 03:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-10 15:36 - 2017-04-16 03:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-10 15:36 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 15:36 - 2017-04-16 03:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 15:36 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 15:36 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 15:36 - 2017-04-16 03:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-10 15:36 - 2017-04-16 03:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-10 15:36 - 2017-04-16 03:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-10 15:36 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 15:36 - 2017-04-16 03:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-10 15:36 - 2017-04-16 03:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-10 15:36 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 15:36 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 15:36 - 2017-04-16 03:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-10 15:36 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 15:36 - 2017-04-16 03:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 15:36 - 2017-04-16 03:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 15:36 - 2017-04-16 03:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 15:36 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 15:36 - 2017-04-16 03:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-10 15:36 - 2017-04-16 03:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 15:36 - 2017-04-16 02:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 15:36 - 2017-04-16 02:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 15:36 - 2017-04-16 02:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 15:36 - 2017-04-16 02:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 15:36 - 2017-04-16 02:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 15:36 - 2017-04-16 02:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 15:36 - 2017-04-12 11:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 15:36 - 2017-04-12 11:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-10 15:36 - 2017-04-12 11:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-10 15:36 - 2017-04-12 11:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-10 15:36 - 2017-04-12 11:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-10 15:36 - 2017-04-12 11:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 15:36 - 2017-04-12 11:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-10 15:36 - 2017-04-12 11:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-10 15:36 - 2017-04-07 11:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 15:36 - 2017-04-07 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 15:36 - 2017-04-07 11:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 15:36 - 2017-04-07 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-10 15:36 - 2017-04-07 11:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 15:36 - 2017-04-05 10:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 15:36 - 2017-04-05 10:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 15:36 - 2017-04-05 10:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-10 15:36 - 2017-04-04 11:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-10 15:36 - 2017-04-04 11:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-10 15:36 - 2017-04-04 11:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-10 15:36 - 2017-04-04 10:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-10 15:36 - 2017-04-04 10:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-10 15:36 - 2017-03-10 12:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-10 15:36 - 2017-03-10 12:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-10 15:36 - 2017-03-10 12:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-10 15:36 - 2017-03-10 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-10 15:36 - 2017-03-10 11:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-10 15:36 - 2017-03-10 11:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-10 15:36 - 2017-03-10 11:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-10 15:36 - 2017-03-09 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-10 15:36 - 2017-03-09 12:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-08 10:32 - 2017-05-08 10:36 - 00000000 ____D C:\Users\Karen\Desktop\Youth Fundraising
2017-05-04 16:52 - 2017-05-04 16:52 - 00050102 _____ C:\Users\Karen\Desktop\Text - S.305 - 115th Congress (2017-2018)_ Vietnam War Veterans Recognition Act of 2017 _ Congress.gov _ Library of Congress.html
2017-05-04 16:52 - 2017-05-04 16:52 - 00000000 ____D C:\Users\Karen\Desktop\Text - S.305 - 115th Congress (2017-2018)_ Vietnam War Veterans Recognition Act of 2017 _ Congress.gov _ Library of Congress_files
2017-05-03 14:17 - 2017-05-03 14:17 - 00186570 _____ C:\Users\Karen\Downloads\Spring '17 Newsletter .compressed.pdf
2017-05-03 12:25 - 2017-05-04 11:27 - 00000000 ____D C:\Users\Karen\Desktop\23rd Psalm
2017-04-26 12:17 - 2017-04-26 12:17 - 00000000 ____D C:\Users\Karen\Documents\Custom Office Templates
2017-04-26 09:45 - 2017-04-26 09:46 - 06684333 _____ C:\Users\Karen\Downloads\Kihms3W March 2017 Home Assignment Newsletter.pdf
2017-04-25 15:18 - 2017-04-25 15:18 - 00091864 _____ C:\Users\Karen\Downloads\monthly-english.pdf
2017-04-25 15:18 - 2017-04-25 15:18 - 00091864 _____ C:\Users\Karen\Downloads\monthly-english (1).pdf
2017-04-25 13:51 - 2017-04-25 13:51 - 00247997 _____ C:\Users\Karen\Downloads\PAYROLL- 3-17-2017 (85) (6).pdf
2017-04-25 13:51 - 2017-04-25 13:51 - 00247900 _____ C:\Users\Karen\Downloads\PAYROLL- 3-3-2017 (84) (4).pdf
2017-04-25 13:50 - 2017-04-25 13:50 - 00247893 _____ C:\Users\Karen\Downloads\PAYROLL- 3-3-2017 (84) (3).pdf
2017-04-25 13:45 - 2017-04-25 13:45 - 00247991 _____ C:\Users\Karen\Downloads\PAYROLL- 3-3-2017 (84) (2).pdf
2017-04-25 13:41 - 2017-04-25 13:41 - 00254240 _____ C:\Users\Karen\Downloads\PAYROLL- 4-14-2017 (87) (2).pdf
2017-04-25 13:38 - 2017-04-25 13:38 - 00254229 _____ C:\Users\Karen\Downloads\PAYROLL- 4-28-2017 (88).pdf
2017-04-25 13:36 - 2017-04-25 13:36 - 00254262 _____ C:\Users\Karen\Downloads\PAYROLL- 4-14-2017 (87).pdf
2017-04-25 13:36 - 2017-04-25 13:36 - 00254260 _____ C:\Users\Karen\Downloads\PAYROLL- 4-14-2017 (87) (1).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-25 10:41 - 2009-07-14 00:45 - 00023408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-25 10:41 - 2009-07-14 00:45 - 00023408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-25 10:39 - 2015-03-06 12:52 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A31D05A0-4A77-4D7D-9C5B-3B7EB0D692F8}
2017-05-25 10:38 - 2016-12-02 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-25 10:37 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-25 10:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-25 10:34 - 2016-12-09 10:00 - 00000000 ____D C:\Users\John\AppData\LocalLow\Mozilla
2017-05-25 10:34 - 2015-06-23 14:21 - 00000000 ___RD C:\Users\John\Google Drive
2017-05-25 10:32 - 2014-04-02 04:31 - 00000000 ____D C:\ProgramData\PDFC
2017-05-25 10:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-25 10:02 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Avery Templates
2017-05-25 09:02 - 2015-11-30 09:53 - 00000000 ___RD C:\Users\Karen\Google Drive
2017-05-24 14:27 - 2016-10-12 13:33 - 00000000 ____D C:\Users\Karen\Documents\Visual Tech Schedule
2017-05-24 12:38 - 2015-05-19 12:48 - 00000000 ____D C:\Users\Karen\Desktop\Newsletter Info
2017-05-24 10:36 - 2015-04-22 11:03 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36D9C53B-37EF-4B56-AF55-4CCDF8D010ED}
2017-05-23 14:47 - 2015-03-31 14:25 - 00000000 ____D C:\Windows\system32\MRT
2017-05-23 14:40 - 2015-03-31 14:25 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-22 09:46 - 2015-05-19 12:50 - 00019035 _____ C:\Users\Karen\Documents\Scripture & Offertory Rotation.xlsx
2017-05-22 09:08 - 2015-03-16 09:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-16 11:14 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Correspondence
2017-05-16 10:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-05-16 10:11 - 2015-03-16 09:48 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-15 14:09 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Faith Promise
2017-05-12 08:05 - 2009-07-14 00:45 - 00452128 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-12 08:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 17:15 - 2011-02-11 16:29 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-10 17:12 - 2015-04-14 19:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-05-10 17:00 - 2009-07-13 22:34 - 00000580 _____ C:\Windows\win.ini
2017-05-09 10:48 - 2015-03-16 11:05 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-09 10:48 - 2015-03-16 11:05 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 10:48 - 2015-03-16 11:05 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-09 10:48 - 2015-03-16 11:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-09 10:48 - 2015-03-16 11:05 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-04 09:00 - 2015-05-04 13:43 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-04 08:58 - 2015-04-22 11:03 - 00002267 _____ C:\Users\Karen\Desktop\Google Chrome.lnk
2017-05-03 14:31 - 2015-12-15 15:31 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMAPLEGROVE$
2017-05-03 14:31 - 2015-12-15 15:31 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForMAPLEGROVE$.job
2017-05-03 14:01 - 2016-02-17 20:09 - 00051237 ____H C:\Users\Karen\Desktop\~WRL0005.tmp
2017-04-30 17:34 - 2015-11-19 14:56 - 00003182 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKaren
2017-04-30 17:34 - 2015-11-19 14:56 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForKaren.job
2017-04-30 15:40 - 2015-03-16 09:45 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 15:40 - 2015-03-16 09:45 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-26 14:12 - 2017-03-08 12:01 - 00000000 ____D C:\Users\Karen\Desktop\Escape Through Genesis
2017-04-26 11:51 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Forms
2017-04-25 12:33 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Children's Story Schedule

==================== Files in the root of some directories =======

2016-08-26 11:14 - 2016-08-29 09:52 - 0000115 _____ () C:\Users\John\AppData\Roaming\LogFile.txt
2015-07-14 13:29 - 2015-07-14 13:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-10 14:35 - 2015-11-10 14:56 - 15102356 _____ () C:\ProgramData\hpcsmmsilogs.log
2015-05-19 14:21 - 2015-05-19 14:22 - 2001298 _____ () C:\ProgramData\hpdam_install_log.txt
2015-04-21 13:41 - 2015-04-21 13:41 - 1034462 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
2015-08-04 13:24 - 2015-08-04 13:25 - 0040378 _____ () C:\ProgramData\HPTrustCircles_Install_Log.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-23 10:59

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by John (25-05-2017 11:02:34)
Running from C:\Users\John\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-03-06 16:51:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2994528611-1495046117-1799070532-500 - Administrator - Disabled)
Guest (S-1-5-21-2994528611-1495046117-1799070532-501 - Limited - Disabled)
John (S-1-5-21-2994528611-1495046117-1799070532-1002 - Administrator - Enabled) => C:\Users\John
Karen (S-1-5-21-2994528611-1495046117-1799070532-1003 - Limited - Enabled) => C:\Users\Karen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{BA88C518-1C29-6931-1190-D9153F49461B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DJ2540FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
DllTool 1.0 (HKLM-x32\...\{8C36FC6F-3576-447C-B15D-FF1504C91104}_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{85D645CF-0F3B-477A-A9C9-194917F1A75B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{49524B48-4FE9-4A62-A9FD-1F2258DF5489}) (Version: 3.4.12.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{7561C06A-7797-4462-A7C3-86F45AE901CF}) (Version: 8.7.4 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.3.34.7 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.37 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{51015b63-d62c-4ca9-af93-9c3c601cef0b}) (Version: 17.12.0 - Intel Corporation)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 53.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 en-US)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.11 - PDF Complete, Inc)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickBooks (x32 Version: 23.0.4018.2305 - Intuit Inc.) Hidden
QuickBooks Premier: Nonprofit Edition 2013 (HKLM-x32\...\{38874F22-DDAA-4A43-8F1B-6ED2D0BF063A}) (Version: 23.0.4005.2305 - Intuit Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.74.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Update for Skype for Business 2015 (KB3191876) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{0C5B0FE3-809E-4D71-B5F6-3EFDAA93C2E6}) (Version:  - Microsoft)
WinUtilities Free Edition 11.33 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version: 11.33 - YL Computing, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06290AFA-84EE-4B32-B5C8-C35C128CD928} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {0CE3B313-2ED6-4A07-B5AF-221CC36C3B85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {10205207-CC5C-4BF0-B155-41DFB8F32A76} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files (x86)\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {15394FBD-61DB-451A-B93D-57C32F21838F} - System32\Tasks\HP AR Program Upload - c6813afd8bdd4e5dbbd612a7c39535f574f098f765a94c11ad135085cfa2d2d4 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {1B8A4FF8-3FDA-4375-8B2C-9EFE688C8A7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {42C6B70E-0215-44A4-A7F3-FD76E9A69713} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {49F3E36F-0D7A-433D-9877-5D4AA7BCC1E5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {5722665F-91EE-458D-9777-ACF1728DCECB} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {5F656B7B-1C0C-49B8-AEA6-E9CFA74D3A9A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {97E529F4-0111-44CB-850A-9CB55101CFA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {A3984152-5BDF-4825-9EA6-F065A549E99D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {A58CE342-E758-40F0-AF94-7ABB69ECF4D6} - System32\Tasks\HPCeeScheduleForMAPLEGROVE$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B6A98587-34D1-4BFA-9E89-7C74642550E2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {BF9C44CE-54AD-4E69-8E9C-CD3B5D074430} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {C0100212-2422-4C75-8B80-E4C886691E78} - System32\Tasks\HPCeeScheduleForKaren => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C1F4C0A1-1CC6-4557-B881-06B36A2DFAC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {CB0F1CA4-EEA6-4859-BEE8-0D044E2D1703} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {E49515D1-99EC-4241-A1BB-1308E9F4F09D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {F0C5822A-76EA-488A-B3DB-3030158ACE47} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F171FDEA-36E5-4382-A15E-D14E774BDF50} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForKaren.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMAPLEGROVE$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-30 22:47 - 2013-08-30 22:47 - 00127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 08909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-30 22:47 - 2013-08-30 22:47 - 00102400 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-05-09 12:37 - 2016-05-09 12:37 - 00269080 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2016-05-09 12:39 - 2016-05-09 12:39 - 00021784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2016-05-09 09:28 - 2016-05-09 09:28 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2016-05-09 12:39 - 2016-05-09 12:39 - 00141592 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2016-05-09 12:37 - 2016-05-09 12:37 - 00176920 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2016-05-09 12:38 - 2016-05-09 12:38 - 00415512 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2016-05-09 12:37 - 2016-05-09 12:37 - 00529176 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2016-05-09 12:40 - 2016-05-09 12:40 - 00128792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll
2016-05-09 12:38 - 2016-05-09 12:38 - 00578840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2016-05-09 12:39 - 2016-05-09 12:39 - 00042776 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 08909512 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-05-25 10:33 - 2017-05-25 10:33 - 00098816 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32api.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00110080 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\pywintypes27.dll
2017-05-25 10:33 - 2017-05-25 10:33 - 00364544 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\pythoncom27.dll
2017-05-25 10:33 - 2017-05-25 10:33 - 00320512 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32com.shell.shell.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00914432 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_hashlib.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 01176576 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._core_.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00806400 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._gdi_.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00816128 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._windows_.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 01067008 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._controls_.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00733184 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._misc_.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00682496 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\pysqlite2._sqlite.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00088064 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_ctypes.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00686080 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\unicodedata.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00119808 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32file.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00108544 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32security.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00007168 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\hashobjs_ext.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00017920 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\thumbnails_ext.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00088064 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\usb_ext.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00012800 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\common.time34.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00018432 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32event.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00167936 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32gui.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00046080 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_socket.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 01303552 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_ssl.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00128512 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_elementtree.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00127488 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\pyexpat.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00038912 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32inet.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00036864 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_psutil_windows.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00524248 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\windows._lib_cacheinvalidation.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00011264 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32crypt.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00123392 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._wizard.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00077312 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._html2.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00027648 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_multiprocessing.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00020480 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\_yappi.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00035840 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32process.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00078848 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\wx._animate.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00024064 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32pipe.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00010240 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\select.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00025600 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32pdh.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00017408 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32profile.pyd
2017-05-25 10:33 - 2017-05-25 10:33 - 00022528 ____R () C:\Users\John\AppData\Local\Temp\_MEI27402\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-08-31 17:34 - 00000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mozilla Firefox.lnk => C:\Windows\pss\Mozilla Firefox.lnk.Startup
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: CryptoMill Refresh => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1847647E-CBB4-4B6C-8EDC-5AEC2846D710}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9DDBE74B-CE76-4CCB-89E6-E9D50A1CAD48}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{D3C6FCC8-EBEE-411D-91E0-671C959157C1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{47EC0C2A-FA3D-4920-B991-6016848E2F33}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{A014DBC5-A815-4B09-B5FB-8B0B72274228}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CCCCD3A1-2788-466D-8A67-2118E3AB8DB4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0179F88D-3142-4E1B-BAD5-E2981C67D41D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{677B6DB7-EF1E-4F67-BD79-6A23D82F0A82}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{85BF657F-DD24-4DCC-A0B1-4360C31F8DDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9459C854-903F-45F3-B3C1-71009FE50AB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AACE28F1-0AC5-4D44-811B-58C0F9B84AE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F8501BFB-A26A-4ACF-9080-C97F8D87CD0D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CC4CDE13-4552-44BB-9F98-FEA872BD2AEA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F20CA863-8841-4D9F-A919-F53FDE7A7CA1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{7C05CF65-0866-4E32-866E-AB9A3736BB7F}] => (Allow) LPort=5357
FirewallRules: [{FB1A1FCF-F683-4BD8-97BC-8B8FC12551BE}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{19C766C7-720B-45A2-8FFE-9D1857DBE1EF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{EF8FB091-47C9-44BE-8C7D-538201EFC90D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5103A3E-5847-442E-82BD-020B42AFDA78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB42C538-6247-4773-BE3E-A4C27722B8C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-05-2017 16:00:39 Windows Update
10-05-2017 16:54:41 Windows Update
15-05-2017 09:55:43 Windows Update
19-05-2017 08:02:00 Windows Update
22-05-2017 09:27:22 Windows Update
23-05-2017 14:40:16 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2017 12:43:37 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
V23.0D R18 (M=1066, L=339, C=249, V=0 (0))

Error: (03/29/2017 04:16:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace4e7
Exception code: 0xc0000005
Fault offset: 0x000000000001e1ac
Faulting process id: 0xff8
Faulting application start time: 0x01d2a8a2852270e3
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
Report Id: 968c811c-14bc-11e7-8368-9cb654f71540

Error: (03/20/2017 10:14:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CLMSMonitorServicePDVD12.exe, version: 2.2.0.11508, time stamp: 0x51da6868
Faulting module name: ntdll.dll, version: 6.1.7601.23677, time stamp: 0x589c957a
Exception code: 0xc0000005
Fault offset: 0x000331f6
Faulting process id: 0x804
Faulting application start time: 0x01d2a1844bde0da9
Faulting application path: c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 92f3d73d-0d77-11e7-b42d-9cb654f71540

Error: (03/06/2017 11:37:50 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
V23.0D R18 (M=1066, L=339, C=249, V=0 (0))

Error: (02/13/2017 11:26:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.

Error: (01/04/2017 01:29:22 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
V23.0D R18 (M=1066, L=339, C=249, V=0 (0))

Error: (10/20/2016 01:55:11 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
DMError Information:-6069Additional Info:An Invalid Id or password was specified.

Error: (10/20/2016 01:55:11 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (10/20/2016 01:55:11 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_23; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Maple Grove Church of God.QBW;ENG=QB_data_engine_23;DBN=22e0d8aeb82a42049cfafcafc5752a1f

Error: (10/20/2016 01:55:11 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
Connection Error:Invalid user ID or password


System errors:
=============
Error: (05/25/2017 09:01:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:00:32 AM on ‎5/‎25/‎2017 was unexpected.

Error: (05/23/2017 09:15:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:15:06 AM on ‎5/‎23/‎2017 was unexpected.

Error: (05/23/2017 09:14:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.

Error: (05/23/2017 09:13:14 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:12:22 AM on ‎5/‎23/‎2017 was unexpected.

Error: (05/10/2017 10:19:45 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.241.1423.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.13701.0

    Error code: 0x8024402f

    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (05/09/2017 12:51:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:50:28 PM on ‎5/‎9/‎2017 was unexpected.

Error: (05/09/2017 09:48:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Flash Player Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/04/2017 11:56:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:55:25 AM on ‎5/‎4/‎2017 was unexpected.

Error: (05/04/2017 11:53:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:52:38 AM on ‎5/‎4/‎2017 was unexpected.

Error: (04/20/2017 06:49:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.


CodeIntegrity:
===================================
  Date: 2016-08-29 09:49:30.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 09:49:30.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 10:40:05.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 10:40:04.942
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 10:37:13.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 10:37:13.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 09:31:59.942
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 09:31:59.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-19 10:13:38.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-19 10:13:38.662
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 5573.83 MB
Available physical RAM: 3235.88 MB
Total Virtual: 11145.85 MB
Available Virtual: 8550.95 MB

==================== Drives ================================

Drive c: (Windows ) (Fixed) (Total:919.25 GB) (Free:755.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.16 GB) (Free:1.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
Drive g: (USB20FD) (Removable) (Total:7.52 GB) (Free:6.1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DE9D643C)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,179 posts
  • MVP
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10-20 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 

  • 0

#3
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    82.44    0 K    24 K    0            
CompatTelRunner.exe    6.86    43,288 K    42,264 K    5144    Microsoft Compatibility Telemetry    Microsoft Corporation    (Verified) Microsoft Windows
procexp64.exe    5.01    27,696 K    48,228 K    4212    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
Interrupts    0.93    0 K    0 K    n/a    Hardware Interrupts and DPCs        
dwm.exe    0.91    31,832 K    33,420 K    3356    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    0.53    2,664 K    6,352 K    608    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
googledrivesync.exe    0.49    106,892 K    119,884 K    4344    Google Drive    Google    (Verified) Google Inc
rundll32.exe    0.48    4,572 K    12,368 K    4464    Windows host process (Rundll32)    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.47    415,980 K    242,308 K    1044    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.38    122,012 K    155,664 K    4136    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
System    0.34    228 K    3,912 K    4            
spoolsv.exe    0.29    9,796 K    17,592 K    1780    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
MsMpEng.exe    0.27    132,400 K    136,372 K    968    Antimalware Service Executable    Microsoft Corporation    (Verified) Microsoft Corporation
svchost.exe    0.16    5,552 K    12,472 K    784    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
explorer.exe    0.10    26,556 K    45,456 K    4008    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.09    30,272 K    34,664 K    4812    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
taskhost.exe    0.08    8,600 K    12,516 K    3284    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.06    243,036 K    249,648 K    5108    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
CCC.exe    0.04    95,364 K    18,940 K    1932    Catalyst Control Center: Host application    ATI Technologies Inc.    (No signature was present in the subject) ATI Technologies Inc.
csrss.exe    0.02    3,252 K    5,792 K    508    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
MOM.exe    0.02    26,712 K    5,476 K    4552    Catalyst Control Center: Monitoring program    Advanced Micro Devices Inc.    (No signature was present in the subject) Advanced Micro Devices Inc.
svchost.exe    0.01    8,132 K    13,652 K    592    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
QBCFMonitorService.exe    < 0.01    8,812 K    13,488 K    2320    QuickBooks Company File Monitoring Service    Intuit    (No signature was present in the subject) Intuit
svchost.exe    < 0.01    138,156 K    146,964 K    632    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe    < 0.01    1,160 K    3,192 K    4276    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    15,540 K    17,376 K    1416    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    < 0.01    26,156 K    18,312 K    4580    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
CLMSServerPDVD12.exe    < 0.01    7,156 K    14,428 K    1284    CyberLink Media Server Service    CyberLink    (Verified) CyberLink Corp.
svchost.exe    < 0.01    5,420 K    10,560 K    904    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
ZeroConfigService.exe        6,012 K    14,988 K    2652    Intel® PROSet/Wireless Zero Configure Service    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
WUDFHost.exe        2,076 K    6,376 K    812    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        3,676 K    9,876 K    3876    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        5,504 K    11,000 K    4256    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
wlanext.exe        6,144 K    15,216 K    1684    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        3,120 K    7,596 K    852    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,916 K    4,956 K    584    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,900 K    5,588 K    3764    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
TrustedInstaller.exe        7,976 K    12,664 K    6076    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        2,444 K    7,056 K    3384    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        1,992 K    5,700 K    3732    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        19,284 K    21,332 K    528    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,532 K    6,228 K    3024    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        13,540 K    14,600 K    1808    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,760 K    6,224 K    1156    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,956 K    5,872 K    2600    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,228 K    5,804 K    2868    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        6,044 K    11,940 K    1848    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
sppsvc.exe        2,540 K    7,492 K    5676    Microsoft Software Protection Platform Service    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        544 K    1,240 K    308    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        5,756 K    10,616 K    640    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
RtkNGUI64.exe        13,672 K    11,052 K    3932    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe        2,024 K    5,608 K    1316    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RegSrvc.exe        2,016 K    7,124 K    2512    Intel® PROSet/Wireless Registry Service    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
RAVBg64.exe        15,000 K    12,068 K    1352    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
qbupdate.exe        9,992 K    22,032 K    3416    QuickBooks Automatic Update    Intuit Inc.    (Verified) Intuit
QBIDPService.exe        8,160 K    13,248 K    2388    QBIDPService    Intuit Inc.    (No signature was present in the subject) Intuit Inc.
procexp.exe        2,332 K    7,652 K    2164    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
pdfsvc.exe        2,156 K    7,180 K    2112    Dispatcher    PDF Complete Inc    (Verified) PDF Complete Inc.
NisSrv.exe        16,380 K    9,308 K    2192    Microsoft Network Realtime Inspection Service    Microsoft Corporation    (Verified) Microsoft Corporation
msseces.exe        6,496 K    14,820 K    3956    Microsoft Security Client User Interface    Microsoft Corporation    (Verified) Microsoft Corporation
mDNSResponder.exe        2,440 K    6,060 K    2004    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
lsm.exe        2,756 K    4,564 K    672    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe        4,732 K    12,056 K    664    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
Intuit.QuickBooks.FCS.exe        20,272 K    23,832 K    5400    QuickBooks FCS module    Intuit Inc.    (No signature was present in the subject) Intuit Inc.
HydraDM64.exe        2,308 K    6,576 K    4228    HydraDMH64    AMD    (No signature was present in the subject) AMD
HydraDM.exe        1,852 K    6,300 K    4088    HydraDM    AMD    (No signature was present in the subject) AMD
HPSupportSolutionsFrameworkService.exe        47,756 K    55,524 K    5516    HP Support Solutions Framework Service    HP Inc.    (Verified) HP Inc.
googledrivesync.exe        1,668 K    3,980 K    3208    Google Drive    Google    (Verified) Google Inc
Fuel.Service.exe        1,968 K    6,100 K    1980    AMD Fuel Service    Advanced Micro Devices, Inc.    (No signature was present in the subject) Advanced Micro Devices, Inc.
EvtEng.exe        5,572 K    13,012 K    2064    Intel® PROSet/Wireless Event Log Service    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
conhost.exe        1,080 K    3,008 K    1692    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
CompatTelRunner.exe        1,132 K    1,968 K    5664    Microsoft Compatibility Telemetry    Microsoft Corporation    (Verified) Microsoft Windows
CLMSMonitorServicePDVD12.exe        896 K    2,960 K    2036    CyberLink Media Server Monitor Service    CyberLink    (Verified) CyberLink Corp.
audiodg.exe        21,280 K    22,856 K    1096    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
atiesrxx.exe        1,484 K    4,476 K    324    AMD External Events Service Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe        2,828 K    8,040 K    1248    AMD External Events Client Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe        1,232 K    4,124 K    1888    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
AERTSr64.exe        1,256 K    3,072 K    1952    Andrea filters APO access service (64-bit)    Andrea Electronics Corporation    (Verified) Andrea Electronics

 

 

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       308 N/A                                         
csrss.exe                      508 N/A                                         
wininit.exe                    584 N/A                                         
csrss.exe                      608 N/A                                         
services.exe                   640 N/A                                         
lsass.exe                      664 EFS, KeyIso, SamSs                          
lsm.exe                        672 N/A                                         
svchost.exe                    784 DcomLaunch, PlugPlay, Power                 
winlogon.exe                   852 N/A                                         
svchost.exe                    904 RpcEptMapper, RpcSs                         
MsMpEng.exe                    968 MsMpSvc                                     
atiesrxx.exe                   324 AMD External Events Utility                 
svchost.exe                    528 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc   
svchost.exe                    632 AudioEndpointBuilder, CscService, hidserv,  
                                   Netman, PcaSvc, SysMain, TrkWks, UxSms,     
                                   WdiSystemHost, Wlansvc, WPDBusEnum, wudfsvc
svchost.exe                    592 EventSystem, FontCache, netprofm, nsi,      
                                   WdiServiceHost, WinHttpAutoProxySvc         
svchost.exe                   1044 AeLookupSvc, Appinfo, BITS, EapHost,        
                                   iphlpsvc, LanmanServer, MMCSS, ProfSvc,     
                                   Schedule, SENS, ShellHWDetection, Themes,   
                                   Winmgmt, wuauserv                           
audiodg.exe                   1096 N/A                                         
svchost.exe                   1156 gpsvc                                       
atieclxx.exe                  1248 N/A                                         
RtkAudioService64.exe         1316 RtkAudioService                             
RAVBg64.exe                   1352 N/A                                         
svchost.exe                   1416 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
wlanext.exe                   1684 N/A                                         
conhost.exe                   1692 N/A                                         
spoolsv.exe                   1780 Spooler                                     
svchost.exe                   1808 BFE, DPS, MpsSvc                            
armsvc.exe                    1888 AdobeARMservice                             
AERTSr64.exe                  1952 AERTFilters                                 
Fuel.Service.exe              1980 AMD FUEL Service                            
mDNSResponder.exe             2004 Bonjour Service                             
CLMSMonitorServicePDVD12.     2036 CyberLink PowerDVD 12 Media Server Monitor S
                                   ervice                                      
CLMSServerPDVD12.exe          1284 CyberLink PowerDVD 12 Media Server Service  
svchost.exe                   1848 DiagTrack                                   
EvtEng.exe                    2064 EvtEng                                      
pdfsvc.exe                    2112 pdfcDispatcher                              
QBCFMonitorService.exe        2320 QBCFMonitorService                          
QBIDPService.exe              2388 QBVSS                                       
RegSrvc.exe                   2512 RegSrvc                                     
svchost.exe                   2600 stisvc                                      
ZeroConfigService.exe         2652 ZeroConfigService                           
NisSrv.exe                    2192 NisSrv                                      
svchost.exe                   2868 SSDPSRV                                     
svchost.exe                   3024 PolicyAgent                                 
WUDFHost.exe                   812 N/A                                         
taskhost.exe                  3284 N/A                                         
dwm.exe                       3356 N/A                                         
taskeng.exe                   3384 N/A                                         
unsecapp.exe                  3764 N/A                                         
WmiPrvSE.exe                  3876 N/A                                         
explorer.exe                  4008 N/A                                         
RtkNGUI64.exe                 3932 N/A                                         
msseces.exe                   3956 N/A                                         
HydraDM.exe                   4088 N/A                                         
googledrivesync.exe           3208 N/A                                         
qbupdate.exe                  3416 N/A                                         
HydraDM64.exe                 4228 N/A                                         
googledrivesync.exe           4344 N/A                                         
rundll32.exe                  4464 N/A                                         
SearchIndexer.exe             4580 WSearch                                     
firefox.exe                   4136 N/A                                         
WmiPrvSE.exe                  4256 N/A                                         
firefox.exe                   4812 N/A                                         
MOM.exe                       4552 N/A                                         
firefox.exe                   5108 N/A                                         
CCC.exe                       1932 N/A                                         
HPSupportSolutionsFramewo     5516 HPSupportSolutionsFrameworkService          
sppsvc.exe                    5676 sppsvc                                      
Intuit.QuickBooks.FCS.exe     5400 QBFCService                                 
TrustedInstaller.exe          6076 TrustedInstaller                            
procexp.exe                   2164 N/A                                         
procexp64.exe                 4212 N/A                                         
taskeng.exe                   3732 N/A                                         
notepad.exe                   6032 N/A                                         
cmd.exe                       5832 N/A                                         
conhost.exe                   5612 N/A                                         
tasklist.exe                  5232 N/A                                         
 

 

 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,179 posts
  • MVP

This process is eating a lot of CPU time:

 

CompatTelRunner.exe    6.86    43,288 K    42,264 K    5144    Microsoft Compatibility Telemetry    Microsoft Corporation    (Verified) Microsoft Windows

 

You can turn it off with one of the options here:  (The Group Policy option won't work on Home PCs.)

 

https://www.ghacks.n...rience-program/

 

Speccy says it is running a bit hot.  Lately it has not been that reliable so let's get a second opinion.

 

Get Speedfan:

 

 
 
 
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin.).
 
It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.  Whne idle we want to see the Core or CPU readings around 45 C for a desktop.  GPU or Video will ofen run a bit hotter.  Under load (watching a video or running an antivirus scan) it will normally climb up some but should stay below 65.  If you see it getting hot then shut it down, open it up and clean the dust from the heatsink, vents and fans.  (It is OK to remove the fan to clean the heatsink (as long as you make sure you put it back the same way) but do not detach the heatsink from the CPU or you will need to replace the thermal paste.  I use a small brush and a vacuum cleaner hose.  Leave it plugged into the wall so it has a good ground.  A hot PC is a slow PC as the CPU will slow down to protect itself.  

  • 0

#5
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts

OK. I turned off the Windows Customer Experience program.

 

Speedfan says the CPU is 52, 53 when idle.


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,179 posts
  • MVP

53 is  a bit warm for a desktop.  You should shut it down, leave it plugged up and open it up.  Use a vacuum cleaner hose and a small brush and clear the dust out of the heatsink, vents and fans.

Do not disturb the heatsink or you will need to redo the thermal paste.  It's OK to remove the fan if you can do so without releasing the heatsink.  Just make sure you put it back blowing in the same direction.

 

Let's do a new process explorer log to see how it looks now.  (Assume you have rebooted at least once since stopping Windows Customer Experience .)


  • 0

#7
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts

I followed the instructions.

 

Here is the new process explorer log:

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    94.84    0 K    24 K    0            
procexp64.exe    2.85    27,564 K    47,592 K    4884    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
googledrivesync.exe    0.50    108,660 K    121,988 K    5032    Google Drive    Google    (Verified) Google Inc
Interrupts    0.29    0 K    0 K    n/a    Hardware Interrupts and DPCs        
dwm.exe    0.32    31,644 K    32,588 K    3824    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.28    277,056 K    283,464 K    5044    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
csrss.exe    0.26    2,820 K    6,248 K    608    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
MsMpEng.exe    0.24    129,112 K    130,288 K    984    Antimalware Service Executable    Microsoft Corporation    (Verified) Microsoft Corporation
System    0.17    192 K    2,280 K    4            
firefox.exe    0.15    118,976 K    149,016 K    4264    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
explorer.exe    0.02    26,964 K    46,260 K    3992    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
CCC.exe    0.02    95,856 K    18,400 K    2140    Catalyst Control Center: Host application    ATI Technologies Inc.    (No signature was present in the subject) ATI Technologies Inc.
MOM.exe    0.01    26,780 K    4,192 K    2980    Catalyst Control Center: Monitoring program    Advanced Micro Devices Inc.    (No signature was present in the subject) Advanced Micro Devices Inc.
svchost.exe    0.01    43,292 K    44,340 K    1068    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    < 0.01    26,184 K    18,596 K    4496    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
taskhost.exe    < 0.01    7,752 K    12,524 K    3732    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    15,128 K    16,520 K    1428    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
CLMSServerPDVD12.exe    < 0.01    7,116 K    14,388 K    1196    CyberLink Media Server Service    CyberLink    (Verified) CyberLink Corp.
rundll32.exe    < 0.01    4,568 K    12,320 K    4304    Windows host process (Rundll32)    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    7,108 K    12,784 K    1028    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    137,852 K    145,188 K    656    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SearchProtocolHost.exe    < 0.01    3,264 K    8,776 K    5764    Microsoft Windows Search Protocol Host    Microsoft Corporation    (Verified) Microsoft Windows
ZeroConfigService.exe        6,096 K    14,944 K    2884    Intel® PROSet/Wireless Zero Configure Service    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
WUDFHost.exe        2,080 K    6,388 K    3240    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        4,528 K    9,728 K    5884    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        3,732 K    9,808 K    1604    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
wlanext.exe        6,176 K    15,296 K    1676    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        3,100 K    7,604 K    872    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,916 K    4,944 K    584    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,828 K    5,480 K    2360    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        2,536 K    7,088 K    3816    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        5,400 K    12,144 K    792    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        5,192 K    10,308 K    912    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        19,096 K    21,204 K    512    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        12,972 K    14,172 K    1832    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,080 K    5,984 K    2660    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,248 K    5,812 K    3420    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,608 K    6,272 K    3196    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,660 K    6,224 K    1176    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        5,364 K    11,020 K    1580    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
sppsvc.exe        2,540 K    5,596 K    2604    Microsoft Software Protection Platform Service    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        9,824 K    17,592 K    1804    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        544 K    1,248 K    308    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        5,636 K    9,608 K    640    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
SearchFilterHost.exe        3,296 K    7,384 K    4160    Microsoft Windows Search Filter Host    Microsoft Corporation    (Verified) Microsoft Windows
RtkNGUI64.exe        13,632 K    11,016 K    3744    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe        2,012 K    5,592 K    1324    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RegSrvc.exe        2,148 K    7,260 K    2556    Intel® PROSet/Wireless Registry Service    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
RAVBg64.exe        14,992 K    12,052 K    1364    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
QBW32.EXE        62,292 K    96,524 K    4224    QuickBooks    Intuit Inc.    (Verified) Intuit
qbupdate.exe        10,008 K    20,328 K    4204    QuickBooks Automatic Update    Intuit Inc.    (Verified) Intuit
QBIDPService.exe        8,376 K    13,392 K    2456    QBIDPService    Intuit Inc.    (No signature was present in the subject) Intuit Inc.
QBCFMonitorService.exe        8,724 K    13,380 K    2412    QuickBooks Company File Monitoring Service    Intuit    (No signature was present in the subject) Intuit
procexp.exe        2,336 K    7,684 K    5616    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
pdfsvc.exe        2,196 K    7,192 K    2368    Dispatcher    PDF Complete Inc    (Verified) PDF Complete Inc.
NisSrv.exe        16,052 K    9,460 K    2340    Microsoft Network Realtime Inspection Service    Microsoft Corporation    (Verified) Microsoft Corporation
msseces.exe        6,508 K    14,780 K    3876    Microsoft Security Client User Interface    Microsoft Corporation    (Verified) Microsoft Corporation
mDNSResponder.exe        2,368 K    5,996 K    2008    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
lsm.exe        2,664 K    4,544 K    676    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe        4,736 K    11,828 K    660    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
HydraDM64.exe        2,304 K    6,432 K    4372    HydraDMH64    AMD    (No signature was present in the subject) AMD
HydraDM.exe        1,852 K    6,160 K    2824    HydraDM    AMD    (No signature was present in the subject) AMD
HPSupportSolutionsFrameworkService.exe        48,816 K    56,464 K    1384    HP Support Solutions Framework Service    HP Inc.    (Verified) HP Inc.
googledrivesync.exe        1,644 K    3,964 K    4124    Google Drive    Google    (Verified) Google Inc
Fuel.Service.exe        1,952 K    6,084 K    1976    AMD Fuel Service    Advanced Micro Devices, Inc.    (No signature was present in the subject) Advanced Micro Devices, Inc.
firefox.exe        32,168 K    33,952 K    4924    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
EvtEng.exe        5,552 K    13,004 K    2076    Intel® PROSet/Wireless Event Log Service    Intel® Corporation    (Verified) Intel Corporation-Mobile Wireless Group
csrss.exe        2,392 K    4,924 K    508    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        1,080 K    3,004 K    1712    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
CLMSMonitorServicePDVD12.exe        888 K    2,952 K    2032    CyberLink Media Server Monitor Service    CyberLink    (Verified) CyberLink Corp.
audiodg.exe        21,404 K    22,944 K    1120    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
atiesrxx.exe        1,460 K    4,452 K    180    AMD External Events Service Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe        2,844 K    8,036 K    1304    AMD External Events Client Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe        1,220 K    4,108 K    1932    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
AERTSr64.exe        1,256 K    3,068 K    1952    Andrea filters APO access service (64-bit)    Andrea Electronics Corporation    (Verified) Andrea Electronics

 


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,179 posts
  • MVP

Process Explorer log looks very good.  How is it running now?


  • 0

#9
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts

It is running much better now. Thank you.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP