Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer running slower than it used to run

Started by John Aukerman , Jun 15 2019 06:46 AM

Please log in to reply

#1
John Aukerman

Posted 15 June 2019 - 06:46 AM

Member

Member
284 posts

I think that I've picked up some virus or malware. This computer used to be lightning fast. Now it crawls along.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2019
Ran by John (administrator) on MAPLEGROVE (Hewlett-Packard HP ProDesk 405 G1 MT) (15-06-2019 08:28:47)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & Karen)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit, Inc. -> Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\John\Desktop\MediaCreationTool1903.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\$Windows.~WS\Sources\SetupHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(PDF Complete Inc. -> PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2015-04-21] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-12-10] (Intuit, Inc. -> Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1194048 2018-02-01] (PDF Complete Inc. -> PDF Complete Inc)
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD) [File not signed]
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\Run: [GoogleDriveFS] => "C:\Program Files\Google\Drive File Stream\31.0.16.0\GoogleDriveFS.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-27] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{438363A8-F486-4C37-834C-4955773CB3D3}] -> msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-05-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-20]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-05-20]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AceMoney Lite.lnk [2018-03-03]
ShortcutTarget: AceMoney Lite.lnk -> C:\Program Files (x86)\AceMoney\AceMoney.exe (MechCAD Software LLC) [File not signed]
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Calculator.lnk [2018-08-31]
ShortcutTarget: Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Windows -> Microsoft Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Shortcut.lnk [2016-04-29]
ShortcutTarget: firefox - Shortcut.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2019-06-15]
ShortcutAndArgument: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 2540 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3C42BWXD0604;CONNECTION=USB;MONITOR=1;
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06290AFA-84EE-4B32-B5C8-C35C128CD928} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {0CE3B313-2ED6-4A07-B5AF-221CC36C3B85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.)
Task: {0DB1264F-86C9-4E9C-A2C6-E7825457ED43} - System32\Tasks\HP AR Program Upload => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [3495432 2014-03-06] (Hewlett Packard -> TODO: <Company name>)
Task: {10205207-CC5C-4BF0-B155-41DFB8F32A76} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files (x86)\BlueSprig\JetClean\AutoUpdate.exe [1050928 2013-05-14] (BlueSprig, Inc. -> BlueSprig)
Task: {11B43F60-6B10-47AB-9CDA-2A75A56C7076} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-11] (Adobe Inc. -> Adobe)
Task: {1B8A4FF8-3FDA-4375-8B2C-9EFE688C8A7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [120680 2017-06-22] (HP Inc. -> HP Inc.)
Task: {23AFE61E-93EA-4793-9F74-4030E77D3709} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [208760 2018-06-27] (HP Inc. -> HP Inc.)
Task: {257756D9-1576-4033-BCC7-FBB100682F57} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1061240 2019-01-17] (HP Inc. -> HP Inc.)
Task: {2B172895-B893-4D2B-B2F9-C0DF4A4C7275} - System32\Tasks\HP AR Program Upload - c6813afd8bdd4e5dbbd612a7c39535f574f098f765a94c11ad135085cfa2d2d4 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [3495432 2014-03-06] (Hewlett Packard -> TODO: <Company name>)
Task: {42C6B70E-0215-44A4-A7F3-FD76E9A69713} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {5722665F-91EE-458D-9777-ACF1728DCECB} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [5745672 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {5F656B7B-1C0C-49B8-AEA6-E9CFA74D3A9A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)
Task: {75214437-D53D-46D1-B5FE-48E782AE3A8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1061240 2019-01-17] (HP Inc. -> HP Inc.)
Task: {8309A7E8-E8F1-4899-B911-2E41D1A2F032} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {97E529F4-0111-44CB-850A-9CB55101CFA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.)
Task: {A3984152-5BDF-4825-9EA6-F065A549E99D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [4796696 2014-08-21] (Piriform Ltd -> Piriform Ltd)
Task: {A58CE342-E758-40F0-AF94-7ABB69ECF4D6} - System32\Tasks\HPCeeScheduleForMAPLEGROVE$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {B6A98587-34D1-4BFA-9E89-7C74642550E2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-24] (HP Inc. -> )
Task: {BF9C44CE-54AD-4E69-8E9C-CD3B5D074430} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {C0100212-2422-4C75-8B80-E4C886691E78} - System32\Tasks\HPCeeScheduleForKaren => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {C1F4C0A1-1CC6-4557-B881-06B36A2DFAC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {CB0F1CA4-EEA6-4859-BEE8-0D044E2D1703} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1459056 2018-05-04] (HP Inc. -> HP Inc.)
Task: {D5EF9969-31F5-4103-AA25-064895F67EBE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {E49515D1-99EC-4241-A1BB-1308E9F4F09D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1459056 2018-05-04] (HP Inc. -> HP Inc.)
Task: {F171FDEA-36E5-4382-A15E-D14E774BDF50} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [38784 2012-03-21] (Hewlett-Packard Company -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForKaren.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMAPLEGROVE$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{1F72C64A-20C5-4AEF-B8F3-C328D039AE59}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-us/?ocid=U221DHP&pc=U221
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2016-05-09] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: myzd5fce.default
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\myzd5fce.default [2019-06-15]
FF Homepage: Mozilla\Firefox\Profiles\myzd5fce.default -> hxxps://mail.google.com/mail/u/0/#inbox|hxxps://www.pnc.com/en/personal-banking.html|hxxps://docs.google.com/spreadsheets/d/1K0iRxAxhFkAKylGA7MXpD_gj-vizmo0Cou2jJ3guwbQ/edit?pli=1#gid=9668873
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.aplos.com/aws/login"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2018-03-23]
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-26]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [239616 2013-08-30] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink Corp. -> CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink Corp. -> CyberLink)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-24] (HP Inc. -> HP Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] (Intel Corporation-Mobile Wireless Group -> )
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1795136 2018-02-01] (PDF Complete Inc. -> PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-05-09] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-12-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-22] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2015-04-21] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-02] (Microsoft Windows -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\Windows\system32\WirelessKB850NotificationService.exe [174256 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdhub30; C:\Windows\system32\drivers\amdhub30.sys [108128 2013-02-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [12528640 2013-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [618496 2013-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdxhc; C:\Windows\system32\drivers\amdxhc.sys [228448 2013-02-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [82600 2012-10-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [42664 2012-10-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [219360 2013-04-18] (APPEX NETWORKS CORPORATION -> AppEx Networks Corporation)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink -> CyberLink)
R1 googledrivefs2713; C:\Windows\System32\DRIVERS\googledrivefs2713.sys [114472 2019-05-20] (Google LLC -> Google, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3423720 2014-09-02] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-15 08:32 - 2019-06-15 08:33 - 000000000 ___HD C:\$WINDOWS.~BT
2019-06-15 08:28 - 2019-06-15 08:33 - 000028120 _____ C:\Users\John\Desktop\FRST.txt
2019-06-15 08:21 - 2019-06-15 08:21 - 002418688 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2019-06-15 08:08 - 2019-06-15 08:32 - 000000000 ____D C:\ESD
2019-06-15 08:02 - 2019-06-15 08:02 - 000000000 ___HD C:\$Windows.~WS
2019-06-15 08:01 - 2019-06-15 08:02 - 019256968 _____ (Microsoft Corporation) C:\Users\John\Desktop\MediaCreationTool1903.exe
2019-06-14 09:48 - 2019-06-14 09:48 - 000103094 _____ C:\Users\Karen\Downloads\invoice_11877002.pdf
2019-06-13 11:24 - 2019-06-13 11:24 - 000082438 _____ C:\Users\Karen\Downloads\Invoice 0305810.pdf
2019-06-12 07:03 - 2019-06-03 19:11 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-06-12 07:03 - 2019-06-03 19:11 - 000474112 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2019-06-12 07:03 - 2019-06-03 19:10 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2019-06-12 07:03 - 2019-05-27 03:19 - 000396896 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-06-12 07:03 - 2019-05-27 02:29 - 000348984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-06-12 07:03 - 2019-05-24 21:42 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-06-12 07:03 - 2019-05-24 21:33 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-06-12 07:03 - 2019-05-24 21:33 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-06-12 07:03 - 2019-05-24 21:22 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-06-12 07:03 - 2019-05-24 21:21 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-06-12 07:03 - 2019-05-24 21:20 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-06-12 07:03 - 2019-05-24 21:20 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-06-12 07:03 - 2019-05-24 21:20 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-06-12 07:03 - 2019-05-24 21:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-06-12 07:03 - 2019-05-24 21:14 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-06-12 07:03 - 2019-05-24 21:13 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-06-12 07:03 - 2019-05-24 21:11 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-06-12 07:03 - 2019-05-24 21:10 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-06-12 07:03 - 2019-05-24 21:10 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-06-12 07:03 - 2019-05-24 21:10 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-06-12 07:03 - 2019-05-24 21:10 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-06-12 07:03 - 2019-05-24 21:09 - 005776384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-06-12 07:03 - 2019-05-24 21:07 - 020275712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-06-12 07:03 - 2019-05-24 21:04 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-06-12 07:03 - 2019-05-24 21:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-06-12 07:03 - 2019-05-24 20:56 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-06-12 07:03 - 2019-05-24 20:55 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-06-12 07:03 - 2019-05-24 20:55 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-06-12 07:03 - 2019-05-24 20:55 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-06-12 07:03 - 2019-05-24 20:52 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-06-12 07:03 - 2019-05-24 20:52 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-06-12 07:03 - 2019-05-24 20:50 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-06-12 07:03 - 2019-05-24 20:48 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-06-12 07:03 - 2019-05-24 20:45 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-06-12 07:03 - 2019-05-24 20:45 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-06-12 07:03 - 2019-05-24 20:44 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-06-12 07:03 - 2019-05-24 20:44 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-06-12 07:03 - 2019-05-24 20:43 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-06-12 07:03 - 2019-05-24 20:42 - 002297344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-06-12 07:03 - 2019-05-24 20:40 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-06-12 07:03 - 2019-05-24 20:40 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-06-12 07:03 - 2019-05-24 20:39 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-06-12 07:03 - 2019-05-24 20:38 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-06-12 07:03 - 2019-05-24 20:38 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-06-12 07:03 - 2019-05-24 20:38 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-06-12 07:03 - 2019-05-24 20:37 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-06-12 07:03 - 2019-05-24 20:37 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-06-12 07:03 - 2019-05-24 20:36 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-06-12 07:03 - 2019-05-24 20:36 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-06-12 07:03 - 2019-05-24 20:36 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-06-12 07:03 - 2019-05-24 20:34 - 015311872 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-06-12 07:03 - 2019-05-24 20:30 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-06-12 07:03 - 2019-05-24 20:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-06-12 07:03 - 2019-05-24 20:27 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-06-12 07:03 - 2019-05-24 20:26 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-06-12 07:03 - 2019-05-24 20:26 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-06-12 07:03 - 2019-05-24 20:24 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-06-12 07:03 - 2019-05-24 20:23 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-06-12 07:03 - 2019-05-24 20:23 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-06-12 07:03 - 2019-05-24 20:22 - 004492800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-06-12 07:03 - 2019-05-24 20:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-06-12 07:03 - 2019-05-24 20:17 - 013706240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-06-12 07:03 - 2019-05-24 20:17 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-06-12 07:03 - 2019-05-24 20:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-06-12 07:03 - 2019-05-24 20:15 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-06-12 07:03 - 2019-05-24 20:15 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-06-12 07:03 - 2019-05-24 20:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-06-12 07:03 - 2019-05-24 20:05 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-06-12 07:03 - 2019-05-24 20:04 - 014185984 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-06-12 07:03 - 2019-05-24 20:03 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2019-06-12 07:03 - 2019-05-24 20:02 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-06-12 07:03 - 2019-05-24 19:59 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-06-12 07:03 - 2019-05-24 19:59 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-06-12 07:03 - 2019-05-24 19:58 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2019-06-12 07:03 - 2019-05-24 19:56 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-06-12 07:03 - 2019-05-22 22:06 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2019-06-12 07:03 - 2019-05-22 22:06 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-06-12 07:03 - 2019-05-22 22:06 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-06-12 07:03 - 2019-05-22 22:06 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2019-06-12 07:03 - 2019-05-22 21:58 - 000628224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2019-06-12 07:03 - 2019-05-22 21:58 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-06-12 07:03 - 2019-05-22 21:58 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-06-12 07:03 - 2019-05-22 21:58 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2019-06-12 07:03 - 2019-05-22 20:31 - 001251840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-06-12 07:03 - 2019-05-22 20:05 - 001650176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-06-12 07:03 - 2019-05-22 20:05 - 001182208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-06-12 07:03 - 2019-05-17 14:21 - 000372456 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2019-06-12 07:03 - 2019-05-16 11:22 - 004057312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-06-12 07:03 - 2019-05-16 11:22 - 003963624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-06-12 07:03 - 2019-05-16 11:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-06-12 07:03 - 2019-05-16 11:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-06-12 07:03 - 2019-05-16 11:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-06-12 07:03 - 2019-05-16 11:19 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-06-12 07:03 - 2019-05-16 11:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-06-12 07:03 - 2019-05-16 11:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-06-12 07:03 - 2019-05-16 11:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-06-12 07:03 - 2019-05-16 11:19 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-06-12 07:03 - 2019-05-16 11:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-06-12 07:03 - 2019-05-16 11:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-06-12 07:03 - 2019-05-16 11:18 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-06-12 07:03 - 2019-05-16 11:18 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-06-12 07:03 - 2019-05-16 11:18 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-06-12 07:03 - 2019-05-16 11:18 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-06-12 07:03 - 2019-05-16 11:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-06-12 07:03 - 2019-05-16 11:18 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-06-12 07:03 - 2019-05-16 11:18 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-06-12 07:03 - 2019-05-16 11:18 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-06-12 07:03 - 2019-05-16 11:18 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-06-12 07:03 - 2019-05-16 11:18 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:17 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:10 - 005552872 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-06-12 07:03 - 2019-05-16 11:10 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-06-12 07:03 - 2019-05-16 11:09 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-06-12 07:03 - 2019-05-16 11:09 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-06-12 07:03 - 2019-05-16 11:09 - 000153832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-06-12 07:03 - 2019-05-16 11:09 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-06-12 07:03 - 2019-05-16 11:08 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-06-12 07:03 - 2019-05-16 11:07 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 10:53 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-06-12 07:03 - 2019-05-16 10:53 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-06-12 07:03 - 2019-05-16 10:48 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-06-12 07:03 - 2019-05-16 10:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-06-12 07:03 - 2019-05-16 10:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-06-12 07:03 - 2019-05-16 10:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-06-12 07:03 - 2019-05-16 10:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-06-12 07:03 - 2019-05-16 10:45 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-06-12 07:03 - 2019-05-16 10:45 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 10:45 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 10:45 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 10:45 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-06-12 07:03 - 2019-05-16 10:41 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-06-12 07:03 - 2019-05-16 10:41 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-06-12 07:03 - 2019-05-16 10:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-06-12 07:03 - 2019-05-16 10:41 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-06-12 07:03 - 2019-05-16 10:39 - 003229696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-06-12 07:03 - 2019-05-16 10:38 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-06-12 07:03 - 2019-05-16 10:38 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-06-12 07:03 - 2019-05-16 10:38 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-06-12 07:03 - 2019-05-16 10:35 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-06-12 07:03 - 2019-05-16 10:35 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-06-12 07:03 - 2019-05-16 10:35 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-06-12 07:03 - 2019-05-16 10:35 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-06-12 07:03 - 2019-05-16 10:35 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-06-12 07:03 - 2019-05-16 10:35 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-06-12 07:03 - 2019-05-16 10:34 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-06-12 07:03 - 2019-05-16 10:34 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-06-12 07:03 - 2019-05-16 10:34 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-06-12 07:03 - 2019-05-16 10:34 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-06-12 07:03 - 2019-05-16 10:34 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-06-12 07:03 - 2019-05-16 10:34 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-06-12 07:03 - 2019-05-16 10:34 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-06-12 07:03 - 2019-05-13 10:44 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-06-12 07:03 - 2019-05-13 10:44 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-06-12 07:03 - 2019-05-13 10:44 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-06-12 07:03 - 2019-05-13 10:44 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-06-12 07:03 - 2019-05-09 11:18 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-06-12 07:03 - 2019-05-09 11:18 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-06-12 07:03 - 2019-05-09 11:18 - 002368000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-06-12 07:03 - 2019-05-09 11:18 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-06-12 07:03 - 2019-05-09 11:18 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-06-12 07:03 - 2019-05-09 11:18 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-06-12 07:03 - 2019-05-09 11:18 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-06-12 07:03 - 2019-05-09 11:18 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2019-06-12 07:03 - 2019-05-09 11:18 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-06-12 07:03 - 2019-05-09 11:18 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-06-12 07:03 - 2019-05-09 11:18 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2019-06-12 07:03 - 2019-05-09 11:18 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-06-12 07:03 - 2019-05-09 11:17 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-06-12 07:03 - 2019-05-09 11:10 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-06-12 07:03 - 2019-05-09 11:09 - 000114400 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2019-06-12 07:03 - 2019-05-09 11:07 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-06-12 07:03 - 2019-05-09 11:07 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 003247616 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-06-12 07:03 - 2019-05-09 11:07 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-06-12 07:03 - 2019-05-09 11:07 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-06-12 07:03 - 2019-05-09 11:06 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-06-12 07:03 - 2019-05-09 11:06 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-06-12 07:03 - 2019-05-09 11:06 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-06-12 07:03 - 2019-05-09 11:06 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2019-06-12 07:03 - 2019-05-09 11:06 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-06-12 07:03 - 2019-05-09 11:06 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-06-12 07:03 - 2019-05-09 11:06 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-06-12 07:03 - 2019-05-09 11:06 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-06-12 07:03 - 2019-05-09 11:06 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-06-12 07:03 - 2019-05-09 11:06 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-06-12 07:03 - 2019-05-09 11:06 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2019-06-12 07:03 - 2019-05-09 11:03 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-06-12 07:03 - 2019-05-09 11:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-06-12 07:03 - 2019-05-09 11:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-06-12 07:03 - 2019-05-09 11:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-06-12 07:03 - 2019-05-09 11:02 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-06-12 07:03 - 2019-05-09 11:01 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-06-12 07:03 - 2019-05-09 10:51 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2019-06-12 07:03 - 2019-05-09 10:49 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-06-12 07:03 - 2019-05-09 10:49 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-06-12 07:03 - 2019-05-09 10:40 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2019-06-12 07:03 - 2019-05-09 10:37 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-06-12 07:03 - 2019-05-09 10:37 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-06-12 07:03 - 2019-04-29 22:07 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-06-12 07:03 - 2019-04-29 21:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-06-12 07:03 - 2019-04-25 11:18 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-06-12 07:03 - 2019-04-25 11:06 - 000110592 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-06-12 07:03 - 2019-04-24 11:11 - 001893096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-06-12 07:03 - 2019-04-24 11:09 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-06-12 07:03 - 2019-04-24 11:09 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-06-12 07:03 - 2019-04-12 09:05 - 000994384 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000064248 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000020944 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000019408 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000017656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000017656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000016120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000015608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000014288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000014072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000013560 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000012752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000012536 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000012240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000011512 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000011512 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000011512 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:05 - 000011504 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000914584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000065784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000021752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000018680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000017352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000017144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000015608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000015096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000013560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000013560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000013048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000012024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000012024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000011728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000011000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000011000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000011000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2019-06-12 07:03 - 2019-04-12 09:04 - 000011000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2019-06-12 07:03 - 2019-04-09 11:17 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2019-06-12 07:03 - 2019-04-09 11:05 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2019-06-12 07:03 - 2019-04-09 11:05 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2019-06-12 07:03 - 2019-04-09 11:05 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2019-06-12 07:03 - 2019-04-09 11:05 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2019-06-12 07:03 - 2019-04-09 11:05 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2019-06-12 07:03 - 2019-04-09 11:05 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2019-06-12 07:03 - 2019-04-09 11:05 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2019-06-12 07:03 - 2019-04-09 11:03 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2019-06-12 07:03 - 2019-04-09 10:53 - 002651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-06-12 07:03 - 2019-04-09 10:52 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2019-06-12 07:03 - 2019-04-09 10:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-06-12 07:03 - 2019-04-09 10:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-06-12 07:03 - 2019-04-09 10:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2019-06-12 07:03 - 2019-04-09 10:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2019-06-12 07:03 - 2019-04-09 10:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2019-06-08 07:46 - 2019-06-15 07:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-05-31 08:35 - 2019-06-11 20:09 - 000002047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drive File Stream.lnk
2019-05-31 08:35 - 2019-05-31 08:35 - 000002053 _____ C:\Users\John\Google Sheets.lnk
2019-05-31 08:35 - 2019-05-31 08:35 - 000002053 _____ C:\Users\John\Desktop\Google Slides.lnk
2019-05-31 08:35 - 2019-05-31 08:35 - 000002045 _____ C:\Users\John\Google Docs.lnk
2019-05-31 08:35 - 2019-05-20 15:33 - 000114472 _____ (Google, Inc.) C:\Windows\system32\Drivers\googledrivefs2713.sys
2019-05-29 16:29 - 2019-05-29 16:30 - 000168376 _____ C:\Users\Karen\Downloads\06-2019 calendar format.pdf
2019-05-29 11:19 - 2019-05-29 11:19 - 001028637 _____ C:\Users\Karen\Downloads\Sellers Sequel Jan 2019 - Stephen 2 (Link) (1).pdf
2019-05-29 10:17 - 2019-05-29 10:17 - 000105637 _____ C:\Users\Karen\Downloads\June 2019 PDF1 (1).pdf
2019-05-29 10:12 - 2019-05-29 10:12 - 000105637 _____ C:\Users\Karen\Downloads\June 2019 PDF1.pdf
2019-05-27 14:18 - 2019-05-27 14:18 - 001028637 _____ C:\Users\Karen\Downloads\Sellers Sequel Jan 2019 - Stephen 2 (Link).pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-15 08:32 - 2015-03-16 09:58 - 000001890 _____ C:\Windows\diagwrn.xml
2019-06-15 08:32 - 2015-03-16 09:58 - 000001890 _____ C:\Windows\diagerr.xml
2019-06-15 08:32 - 2011-02-11 16:13 - 000000000 ____D C:\Windows\Panther
2019-06-15 08:25 - 2009-07-14 00:45 - 000023408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-06-15 08:25 - 2009-07-14 00:45 - 000023408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-06-15 08:22 - 2017-05-25 11:00 - 000000000 ____D C:\FRST
2019-06-15 08:09 - 2017-10-16 08:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-06-15 07:58 - 2017-09-29 09:56 - 000106906 _____ C:\Users\John\Documents\Untitled_30249.amj
2019-06-15 07:37 - 2015-03-06 12:52 - 000003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A31D05A0-4A77-4D7D-9C5B-3B7EB0D692F8}
2019-06-15 07:33 - 2016-12-09 10:00 - 000000000 ____D C:\Users\John\AppData\LocalLow\Mozilla
2019-06-15 07:33 - 2015-03-16 09:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-06-15 07:31 - 2014-04-02 04:31 - 000000000 ____D C:\ProgramData\PDFC
2019-06-15 07:30 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-14 09:35 - 2015-05-19 12:50 - 000021276 _____ C:\Users\Karen\Documents\Scripture Rotation.xlsx
2019-06-14 09:02 - 2015-11-30 09:53 - 000000000 ___RD C:\Users\Karen\Google Drive
2019-06-13 13:06 - 2015-05-04 13:43 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-06-13 11:40 - 2015-04-22 11:03 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36D9C53B-37EF-4B56-AF55-4CCDF8D010ED}
2019-06-13 04:15 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2019-06-13 03:33 - 2009-07-14 01:13 - 002266620 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-13 03:26 - 2009-07-14 00:45 - 000452152 _____ C:\Windows\system32\FNTCACHE.DAT
2019-06-13 03:21 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-06-13 03:21 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\Dism
2019-06-13 03:21 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2019-06-13 03:19 - 2015-03-31 14:25 - 000000000 ____D C:\Windows\system32\MRT
2019-06-13 03:04 - 2015-03-31 14:25 - 135349160 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-06-12 03:01 - 2015-04-14 19:57 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-06-11 12:22 - 2018-03-13 10:48 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-06-11 12:22 - 2015-03-16 11:05 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-06-11 12:22 - 2015-03-16 11:05 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-06-11 12:22 - 2015-03-16 11:05 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-06-11 12:22 - 2015-03-16 11:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-06-11 12:22 - 2015-03-16 11:05 - 000000000 ____D C:\Windows\system32\Macromed
2019-06-04 11:22 - 2017-05-08 10:32 - 000000000 ____D C:\Users\Karen\Desktop\Youth Fundraising
2019-05-31 08:36 - 2015-03-06 12:51 - 000000000 ____D C:\Users\John
2019-05-31 08:35 - 2018-03-27 09:25 - 000000000 ____D C:\Program Files\Google
2019-05-30 14:12 - 2015-05-19 12:47 - 000000000 ____D C:\Users\Karen\Documents\Avery Templates
2019-05-30 13:56 - 2018-01-25 15:33 - 000000000 ____D C:\Users\Karen\Desktop\The Maple Leaf
2019-05-30 09:16 - 2015-05-19 12:47 - 000000000 ____D C:\Users\Karen\Documents\Church Council
2019-05-29 12:11 - 2018-10-15 13:08 - 000000000 ____D C:\Users\Karen\Documents\Sabbatical
2019-05-29 11:34 - 2015-11-19 14:56 - 000003182 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKaren
2019-05-29 11:34 - 2015-11-19 14:56 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForKaren.job
2019-05-27 10:12 - 2015-03-16 09:48 - 000002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-16 14:31 - 2015-12-15 15:31 - 000003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMAPLEGROVE$
2019-05-16 14:31 - 2015-12-15 15:31 - 000000346 _____ C:\Windows\Tasks\HPCeeScheduleForMAPLEGROVE$.job

==================== Files in the root of some directories ================

2017-09-29 09:19 - 2017-09-29 09:19 - 006809544 _____ (MechCAD Software ) C:\Users\John\AceMoneyLiteSetup.exe
2016-08-26 11:14 - 2016-08-29 09:52 - 000000115 _____ () C:\Users\John\AppData\Roaming\LogFile.txt

==================== FLock ================

2014-04-02 04:05 C:\Windows\CSC
2017-04-05 09:37 C:\Windows\Minidump\040517-14367-01.dmp
2016-05-26 09:42 C:\Windows\Minidump\052616-15600-01.dmp
2018-06-21 10:27 C:\Windows\Minidump\062118-18314-01.dmp
2016-10-17 11:21 C:\Windows\Minidump\101716-16099-01.dmp
2017-11-02 17:06 C:\Windows\Minidump\110217-16255-01.dmp

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-06-12 00:06
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2019
Ran by John (15-06-2019 08:39:47)
Running from C:\Users\John\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-03-06 16:51:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2994528611-1495046117-1799070532-500 - Administrator - Disabled)
Guest (S-1-5-21-2994528611-1495046117-1799070532-501 - Limited - Disabled)
John (S-1-5-21-2994528611-1495046117-1799070532-1002 - Administrator - Enabled) => C:\Users\John
Karen (S-1-5-21-2994528611-1495046117-1799070532-1003 - Limited - Enabled) => C:\Users\Karen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AceMoney Lite (HKLM-x32\...\AceMoney Lite_is1) (Version: - MechCAD Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.207 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
AMD Catalyst Install Manager (HKLM\...\{BA88C518-1C29-6931-1190-D9153F49461B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Backup and Sync from Google (HKLM\...\{6E936AE8-D841-4F3C-BE25-496231AF73D9}) (Version: 3.44.4943.6228 - Google, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DJ2540FWUpdateAlert (HKLM-x32\...\{9D341092-CB1C-4F6F-B492-FD79193A0F82}) (Version: 1.00.0000 - HP) Hidden
DllTool 1.0 (HKLM-x32\...\{8C36FC6F-3576-447C-B15D-FF1504C91104}_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 31.0.19.0 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.165 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{85D645CF-0F3B-477A-A9C9-194917F1A75B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{49524B48-4FE9-4A62-A9FD-1F2258DF5489}) (Version: 3.4.12.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{7561C06A-7797-4462-A7C3-86F45AE901CF}) (Version: 8.7.4 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.6.18.11 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.9.24.3 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HydraVision (HKLM-x32\...\{1101B6BA-2F21-A029-5F09-DEB4B81F4425}) (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{51015b63-d62c-4ca9-af93-9c3c601cef0b}) (Version: 17.12.0 - Intel Corporation)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 67.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 67.0.1 (x64 en-US)) (Version: 67.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 67.0.1.7088 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.33 - PDF Complete, Inc)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
PX Profile Update (HKLM-x32\...\{756A5BB1-AF94-FD92-EBA6-26E3D9650D6A}) (Version: 1.00.1. - AMD) Hidden
PX Profile Update (HKLM-x32\...\{C8FBAB98-1C3A-1E53-C981-9A0DE3D11B12}) (Version: 1.00.1. - AMD) Hidden
QuickBooks (HKLM-x32\...\{3167CC62-C775-4E47-92C1-73EBB845751A}) (Version: 23.0.4018.2305 - Intuit Inc.) Hidden
QuickBooks Premier: Nonprofit Edition 2013 (HKLM-x32\...\{38874F22-DDAA-4A43-8F1B-6ED2D0BF063A}) (Version: 23.0.4005.2305 - Intuit Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.74.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Update for Skype for Business 2015 (KB4464593) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{D21509F9-FB24-4770-8F6B-616E510F2FB9}) (Version: - Microsoft)
WinUtilities Free Edition 11.33 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version: 11.33 - YL Computing, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\31.0.19.0\drivefsext.dll [2019-06-05] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\31.0.19.0\drivefsext.dll [2019-06-05] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\31.0.19.0\drivefsext.dll [2019-06-05] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-05-22] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-05-22] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-05-22] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-19] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\31.0.19.0\drivefsext.dll [2019-06-05] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-05-22] (Google LLC -> Google)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-19] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\31.0.19.0\drivefsext.dll [2019-06-05] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-05-22] (Google LLC -> Google)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\31.0.19.0\drivefsext.dll [2019-06-05] (Google LLC -> Google, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-30 22:47 - 2013-08-30 22:47 - 000127488 _____ () [File not signed] c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-30 22:47 - 2013-08-30 22:47 - 000102400 _____ () [File not signed] c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-05-07 13:51 - 2013-05-07 13:51 - 000299520 _____ (Advanced Micro Devices Inc.) [File not signed] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2019-05-15 14:10 - 2019-05-15 14:10 - 000031744 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\A4.Foundation\9eb5fad41137ee1dfea9f0c3eb2937d3\A4.Foundation.ni.dll
2019-05-15 14:12 - 2019-05-15 14:12 - 000022528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Actions5dc83b46#\0b4fe5c24b18f447303b9a9b5709751e\AEM.Actions.CCAA.Shared.ni.dll
2019-05-15 14:12 - 2019-05-15 14:12 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.0a1309f7#\7617a06250fe8583b6766b8000cf59c7\AEM.Plugin.EEU.Shared.ni.dll
2019-05-15 14:12 - 2019-05-15 14:12 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.2b6a6775#\dde285602964d8060cfc8d932e67911e\AEM.Plugin.Hotkeys.Shared.ni.dll
2019-05-15 14:12 - 2019-05-15 14:12 - 000016384 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.54d8abe3#\73a6c939c98b7f869738d22cc29a5e09\AEM.Plugin.DPPE.Shared.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000275968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.5d945b6b#\e955189f60dc38ad9129851cff97f6d1\AEM.Plugin.Source.Kit.Server.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.674d2b8a#\ca2d5aa8c23da13ebdd9b26bd663a6ce\AEM.Plugin.WinMessages.Shared.ni.dll
2019-05-15 14:12 - 2019-05-15 14:12 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.88aba5d2#\035fe3fc7a9bf4ff8ccc6acf851a6ab7\AEM.Plugin.REG.Shared.ni.dll
2019-05-15 14:12 - 2019-05-15 14:12 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.GD.Shared\dc11e01888d4f435eaf0ac1b771994fd\AEM.Plugin.GD.Shared.ni.dll
2019-05-15 14:12 - 2019-05-15 14:12 - 000013824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server.Shared\c036804696852e5ca97122f73b95c2bb\AEM.Server.Shared.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000263168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server\727293d5c2cbd349d6e237ebc50cec91\AEM.Server.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000056320 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Foundation\225f889fc86a3d2d1b8cc85e901883d1\APM.Foundation.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000122368 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ATICCCom\c60547304775778291dbbe9d22063e99\ATICCCom.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000199168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CCC.Implementation\4c8f18e86a8876185973bca33dd7659a\CCC.Implementation.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000147456 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.2042675f#\6f2432617ba98f13a8984465a22f4610\CLI.Aspect.CPUPStates.Fuel.Dashboard.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000050176 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.20568423#\b5279c686d8ce4cb9c8fa718bcb0b59a\CLI.Aspect.DeskMan.HydraVision.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000150528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.21d2ac78#\8b5d825c9cc8dde2763e0ed6b479c11e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000124928 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3399d0ec#\2838421e09fb23cd42c584bc242c4adf\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.37d3d968#\8d4103c3d69e604882ccf267dfd03005\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.382a3def#\a301d603c5fe07f513502149de922e4f\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll
2019-05-16 11:32 - 2019-05-16 11:32 - 000104448 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3a6f1658#\bdc15e21bc2f4ed21647ba2d1e543e14\CLI.Aspect.TransCode.Graphics.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000206336 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4542c692#\6af50ef8c01f040e3b7effe8f539cc6a\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000126976 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.46819220#\7ad35001a695319f86e823e7ea562e53\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.ni.dll
2019-05-16 11:32 - 2019-05-16 11:32 - 000073728 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4bbb0755#\757162791cf898e3ac227d128cad5a7c\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000148992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4ede500c#\361c6df633c644f43f210e3c5221174f\CLI.Aspect.DPPE.Fuel.Dashboard.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000040960 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.5432938c#\88a658a4ad511e4139ce1bbb0e940e86\CLI.Aspect.MDProp.HydraVision.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000073216 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.59a12d95#\88f1d47004a7f570cc8fbf3a466efbb2\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000110592 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.5a772e69#\2dfe8ac7b38e8b9a89fdb90732a76385\CLI.Aspect.Fets.Fuel.Dashboard.ni.dll
2019-05-16 12:32 - 2019-05-16 12:32 - 000070656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.648b65fc#\e2acc885c66de8bde61f429193da83a4\CLI.Aspect.WiFi.Fuel.Dashboard.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000259584 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.73911eb5#\c093acb5858cb023f8e4918e267b3bd5\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000285696 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.7ec2db45#\27a5e1252783b53665b4aace110095e5\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000604672 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.846fa813#\b03d0ee509fecf437b17f52ab1384fb2\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll
2019-05-16 11:32 - 2019-05-16 11:32 - 000723968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8d333b6b#\ad10ab758ee96af726c2d0262be5777f\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000450048 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8e996306#\e8ee6e2c7272b615f47a16000ae50733\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000145920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a0ae52bc#\06be2a23df0596eebc35ef6cd0dc9256\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000451584 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.acb9d930#\58e7c6a27907c8df10a7b330e638ef0d\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000085504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ae5e117c#\b052969d70c1d22b82816459d5111264\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000066560 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.b0a7c1fb#\6c9ac0941979968e2f77649c33ecd818\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000039936 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.bdcffe00#\cbbdd9f5491ec7d0ef6fdbd93788764c\CLI.Aspect.Grid.HydraVision.Shared.ni.dll
2019-05-16 12:32 - 2019-05-16 12:32 - 000024064 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c2a2b491#\c93c3a35c6bba46c0c08d68c936619f4\CLI.Aspect.WiFi.Fuel.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000310272 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c7aaa0f8#\97cd33d16aa852388d12c7210784341e\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c854b457#\101d05529bd726738fde7e06b3e77468\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000079872 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.caa5cc64#\46ec5015c8e2e982cf1720387acce773\CLI.Aspect.Fets.Fuel.Shared.ni.dll
2019-05-16 11:32 - 2019-05-16 11:32 - 001315328 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.d7e090dc#\d69e594a498ce3d3c7fcbfea9ff5f6a1\CLI.Aspect.User.Fuel.Dashboard.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.dd2ab3e8#\47b4da89b656c84d7d6f16eb416d18da\CLI.Aspect.MultiDesk.HydraVision.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000267776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e8635fc7#\e9fb041031ee872e6961508194d0c374\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll
2019-05-16 11:32 - 2019-05-16 11:32 - 003329024 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e9fd7406#\4267c223de39d9bff6b6886b5382bd15\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000236032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.eda8935e#\93b0da8ce73e2387bd279e2f7a7f67a7\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll
2019-05-16 11:32 - 2019-05-16 11:32 - 000046592 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ef3eaa4d#\0f5ae1048e7a9166a5610928f40608f2\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000069120 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.efd83192#\6dec11a7721939f9c6ec13820b5612e0\CLI.Aspect.CPUPStates.Fuel.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000057344 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f45bd021#\6142308ac35d49c4a960d33198ba5d3a\CLI.Aspect.DPPE.Fuel.Shared.ni.dll
2019-05-16 11:32 - 2019-05-16 11:32 - 000058368 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.fdcb645d#\0242fe411e169de654361367820bca5d\CLI.Aspect.Settings.HydraVision.Shared.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Runtime\845c182a77970b79923b3611d5e0eeb5\CLI.Caste.A4.Runtime.ni.dll
2019-05-16 11:30 - 2019-05-16 11:30 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Shared\a7764ef1eea5667f2606d5018c2069d5\CLI.Caste.A4.Shared.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000027648 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Af820fedc#\ded2a6dafac03385ed2cc02e0d6ae520\CLI.Caste.A4.Dashboard.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F24de14fe#\12039974fee490498eb5c64f11a1d3d7\CLI.Caste.Fuel.Shared.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000304640 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F36b07a2b#\5dd42b044fe2de1cc48fa4464276e9e7\CLI.Caste.Fuel.Runtime.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000027648 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Ff3085433#\da276397638cd822d7af94d6b7b43340\CLI.Caste.Fuel.Dashboard.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000038400 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60338cc0#\d9cd91867bb9b646f3dc2996e0daa704\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 001529856 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gd9d9b43b#\2d934837abd8ffadbb37cec012b63af3\CLI.Caste.Graphics.Dashboard.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000460800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gee7d2dbc#\35709083e999e776ba1d75f8f04c8841\CLI.Caste.Graphics.Dashboard.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H18c99613#\3944eb918eb07f87b3eda6e6576d64be\CLI.Caste.HydraVision.Runtime.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H92ba4e46#\7dadc3ae20f8a5d2c943865c9d71c09e\CLI.Caste.HydraVision.Shared.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Hbb906c0b#\4277e3673d961ef7806b51e2e8883e5c\CLI.Caste.HydraVision.Dashboard.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\9ea6cb40be25a8c6b6d85bb1bbedfda4\CLI.Caste.Platform.Shared.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000043520 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\c3ab07884980b3dce0879580789e58d9\CLI.Caste.Platform.Runtime.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000024064 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pfeefa2b6#\1123fe3bb97aa6a95afdebd188f1b8cd\CLI.Caste.Platform.Dashboard.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000167936 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine930f827b#\47e688622033728af06a23ab882d15aa\CLI.Combined.HydraVision.Aspects.Runtime.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000344064 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combinee84f0351#\d6e17f59769e4552b39b413d29ca1cb3\CLI.Combined.Fusion.Aspects.Runtime.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone1b4a8c97#\5e9f908833c75be30c85ea34cceeb646\CLI.Component.Runtime.Shared.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000879616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone26c9c557#\6c97d854686549a7bed24ea616e546d1\CLI.Component.Systemtray.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000168960 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\025c70b8620dea4b881ecd22247490f9\CLI.Component.Dashboard.ProfileManager2.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000148992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone59f353b4#\aa29664ba10428b83eb71c820717ab2e\CLI.Component.Runtime.Shared.Private.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componeb4d0485c#\3f612ba263b7722083b3a36b5639668b\CLI.Component.Runtime.Extension.EEU.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 001599488 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componec89c3bec#\f865a45fc0411fd8f126893348a88c41\CLI.Component.Dashboard.Shared.Private.ni.dll
2019-05-15 14:14 - 2019-05-15 14:14 - 000019968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef1fd67b2#\bf387f866152b0c85c99fcb33cf93f2f\CLI.Component.Client.Shared.ni.dll
2019-05-15 14:14 - 2019-05-15 14:14 - 000084992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\5597b2614026f4833a234fde24d157f6\CLI.Component.Dashboard.Shared.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000088576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat3d5d3945#\a5719417bc845ff5bb40a05d276ed38c\CLI.Foundation.Private.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000060928 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat60cdf5df#\ba70162fdad44c509dd53647bf87273c\CLI.Foundation.XManifest.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat619559bd#\7389cf8020ed6aca2b8b8ebd4e484d8d\CLI.Foundation.CoreAudioAPI.ni.dll
2019-05-15 14:14 - 2019-05-15 14:14 - 000910336 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundatd3771151#\ab9da8c8bc0b822f24ca49bd5b2dc567\CLI.Foundation.Client.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000295424 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundation\404b987ec6addd045ca73cbf9c72b87c\CLI.Foundation.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000015872 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics\3708fbace506218c500be8b4f5d6a989\DEM.Graphics.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000037888 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Fuel.Foundation\b0f5437ed6aa358864dc50ee7455b84e\Fuel.Foundation.ni.dll
2019-05-16 12:34 - 2019-05-16 12:34 - 000285696 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat03490438#\b86dd56405f33bd18bb50cf31b67093b\LOG.Foundation.Implementation.ni.dll
2019-05-15 14:10 - 2019-05-15 14:10 - 000146432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat5023f8e7#\bcf47c21e0441a63a7f7f4fa94a5fa3a\LOG.Foundation.Private.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000085504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundatcaafa75b#\094b06836d33909b8e4f2d856bd7333b\LOG.Foundation.Implementation.Private.ni.dll
2019-05-15 14:10 - 2019-05-15 14:10 - 000122368 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundation\727384b681f092699b7054702d6f668a\LOG.Foundation.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Foundation\7567ed0dd67d11e74cf2c25f0cbe23ef\MOM.Foundation.ni.dll
2019-05-16 12:59 - 2019-05-16 12:59 - 000391680 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Implementation\49ac974808aa0f17e9350137618720b7\MOM.Implementation.ni.dll
2019-05-16 12:59 - 2019-05-16 12:59 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM\56a6535ebc37b22315e03ded36b965d9\MOM.ni.exe
2019-05-15 14:12 - 2019-05-15 14:12 - 000055296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\NEWAEM.Foundation\391060ecd981924058a374e2467f76a4\NEWAEM.Foundation.ni.dll
2013-08-30 22:46 - 2013-08-30 22:46 - 000344064 _____ (Advanced Micro Devices, Inc.) [File not signed] c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2019-05-15 14:12 - 2019-05-15 14:12 - 000766464 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ADL.Foundation\b7289bcb01b0a31903a62dc423455eea\ADL.Foundation.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000245248 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Server\036f1503d677dc3ecad63cb90d7a7920\APM.Server.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000290304 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9b707b25#\4cc002710323d43622731d8ae4d455f7\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 001641984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.aa59351a#\8f3e6a8612f9f8a7e6e6c562e86cadae\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000728064 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e6d9f3a8#\2a8824f7de4a97a42dadb6201170e677\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 002518016 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine0616f305#\6cb83aca14ecb7f3dc863f13ae1bc144\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000964608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\53d43ef9bf6b226e9377f4639374f150\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll
2019-05-15 14:14 - 2019-05-15 14:14 - 000133632 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone168638d1#\775575f8eb798d393cc4847f77ed47ca\CLI.Component.Client.Shared.Private.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000227840 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6692ca50#\3306125e45f8df85ade70487c51f23d3\CLI.Component.Runtime.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000896512 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6bf88b08#\4be119909ff24373c95d829dfaa5fd94\CLI.Component.Dashboard.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0706\d7cf5dce556f79539bf14afb161c0f4d\DEM.Graphics.I0706.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000083456 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0709\440b1d55476dbc9d23c3b00e33900e89\DEM.Graphics.I0709.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0712\309e1ced81b82da71fbd2a26637af235\DEM.Graphics.I0712.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000018944 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0804\86b91110b629b74b98e65f60cb5f5cf9\DEM.Graphics.I0804.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000011264 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0805\1c164c4c4fb7dacf6781041a3230e5b4\DEM.Graphics.I0805.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000011776 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0812\eab49f2e0e5b93e806d616d12fb21867\DEM.Graphics.I0812.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0906\c02c439ae5cb0139010a8abb18759a3c\DEM.Graphics.I0906.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000014848 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0912\18daa16b234466386ab0464c11628704\DEM.Graphics.I0912.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 000036352 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I1010\5938fc06155d2d08c96ada301567307f\DEM.Graphics.I1010.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 001010688 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Localizatio01dbc1c0#\e25b46f38b968cfec0bcdac5834fc24d\Localization.Foundation.Private.ni.dll
2019-05-16 12:59 - 2019-05-16 12:59 - 000241152 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceMan446ca0e5#\050238a36d47533b5d190a3740960fe5\ResourceManagement.Foundation.Implementation.ni.dll
2019-05-15 14:14 - 2019-05-15 14:14 - 000023552 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceManf163905a#\226e8fc8503bbe6ec4d18371912df4d6\ResourceManagement.Foundation.Private.ni.dll
2019-05-16 11:31 - 2019-05-16 11:31 - 000090112 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ec8786e5#\9732f3edbfb8d9deeee8ff098cc3ed2e\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 002239488 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60a7b4d1#\8b32df6dff3dd19573f73b14c11f6c8c\CLI.Caste.Graphics.Shared.ni.dll
2019-05-16 12:33 - 2019-05-16 12:33 - 002717696 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G962aa464#\3156e72e6ced2ada2d1470c00165fdda\CLI.Caste.Graphics.Runtime.ni.dll
2013-08-30 22:33 - 2013-08-30 22:33 - 000389120 _____ (AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
2013-08-30 22:34 - 2013-08-30 22:34 - 000282624 _____ (AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
2013-08-30 22:33 - 2013-08-30 22:33 - 000217088 _____ (AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH.dll
2013-08-30 22:33 - 2013-08-30 22:33 - 000241664 _____ (AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll
2013-08-30 22:33 - 2013-08-30 22:33 - 000086016 _____ (AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraEnu.dll
2013-05-07 13:52 - 2013-05-07 13:52 - 000299520 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2019-05-15 14:13 - 2019-05-15 14:13 - 000020480 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CCC\86fe04be0144733defc3cf7332bb1ca3\CCC.ni.exe
2019-05-15 14:13 - 2019-05-15 14:13 - 000026112 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Foundation\4b9cc1b49fea347190704a43a8e0bd21\DEM.Foundation.ni.dll
2019-05-15 14:13 - 2019-05-15 14:13 - 000117248 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0601\f6aab430a6f1574be45ac45a13c31b47\DEM.Graphics.I0601.ni.dll
2014-04-02 04:29 - 2013-08-09 13:42 - 000404992 _____ (Hewlett-Packard) [File not signed] C:\Windows\System32\hpbprtmon.dll
2013-08-09 13:45 - 2013-08-09 13:45 - 000403968 _____ (Hewlett-Packard) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\hpbxjobsvr1301.dll
2012-12-22 23:53 - 2012-12-22 23:53 - 001248256 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
2016-05-09 11:52 - 2016-05-09 11:52 - 000045056 _____ (Intuit) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
2016-05-09 12:41 - 2016-05-09 12:41 - 001180784 _____ (Intuit, Inc. -> Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
2006-01-18 15:06 - 2006-01-18 15:06 - 001017856 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll
2014-04-02 04:27 - 2013-07-08 03:21 - 000499712 _____ (Microsoft Corporation) [File not signed] c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\MSVCP71.dll
2014-04-02 04:27 - 2013-07-08 03:21 - 000348160 _____ (Microsoft Corporation) [File not signed] c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\MSVCR71.dll
2014-04-02 04:29 - 2014-04-02 04:29 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2012-12-22 23:49 - 2012-12-22 23:49 - 000643072 _____ (STLport Consulting, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\stlport_r50.dll
2012-12-22 23:49 - 2012-12-22 23:49 - 000643072 _____ (STLport Consulting, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\stlport_r50.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-08-31 17:34 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mozilla Firefox.lnk => C:\Windows\pss\Mozilla Firefox.lnk.Startup
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: CryptoMill Refresh => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1847647E-CBB4-4B6C-8EDC-5AEC2846D710}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{9DDBE74B-CE76-4CCB-89E6-E9D50A1CAD48}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{D3C6FCC8-EBEE-411D-91E0-671C959157C1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{47EC0C2A-FA3D-4920-B991-6016848E2F33}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{A014DBC5-A815-4B09-B5FB-8B0B72274228}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CCCCD3A1-2788-466D-8A67-2118E3AB8DB4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0179F88D-3142-4E1B-BAD5-E2981C67D41D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{677B6DB7-EF1E-4F67-BD79-6A23D82F0A82}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{85BF657F-DD24-4DCC-A0B1-4360C31F8DDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9459C854-903F-45F3-B3C1-71009FE50AB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AACE28F1-0AC5-4D44-811B-58C0F9B84AE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{F8501BFB-A26A-4ACF-9080-C97F8D87CD0D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{CC4CDE13-4552-44BB-9F98-FEA872BD2AEA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F20CA863-8841-4D9F-A919-F53FDE7A7CA1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{7C05CF65-0866-4E32-866E-AB9A3736BB7F}] => (Allow) LPort=5357
FirewallRules: [{FB1A1FCF-F683-4BD8-97BC-8B8FC12551BE}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{19C766C7-720B-45A2-8FFE-9D1857DBE1EF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [{EF8FB091-47C9-44BE-8C7D-538201EFC90D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D5103A3E-5847-442E-82BD-020B42AFDA78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{86E22D41-AC1B-4C8A-AAE0-25ECA943724E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

31-05-2019 07:53:27 Windows Update
04-06-2019 11:18:40 Windows Update
08-06-2019 07:53:05 Windows Update
11-06-2019 09:56:42 Windows Update
12-06-2019 03:00:14 Windows Update
13-06-2019 03:00:17 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2019 08:29:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 15.6.2019.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1fa0

Start Time: 01d52374f5089e4d

Termination Time: 221

Application Path: C:\Users\John\Desktop\FRST64.exe

Report Id: de8fe045-8f68-11e9-9169-9cb654f71540

Error: (06/13/2019 03:32:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/13/2019 03:32:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/31/2019 08:35:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 15.0.5137.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bb0

Start Time: 01d517ad2c703dbf

Termination Time: 31

Application Path: C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE

Report Id: 81d1a459-83a0-11e9-9b38-9cb654f71540

Error: (05/27/2019 12:28:52 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Nonprofit Edition 2013":
V23.0D R18 (M=1066, L=339, C=249, V=0 (0))

Error: (05/16/2019 09:08:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/16/2019 09:08:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/15/2019 01:42:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (06/14/2019 09:21:55 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.295.628.0

   Update Source: Microsoft Malware Protection Center

   Update Stage: Install

   Source Path: http://go.microsoft....5D-99752CCA7094

   Signature Type: AntiSpyware

   Update Type: Full

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version:

   Previous Engine Version: 1.1.16000.6

   Error code: 0x80070652

   Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Error: (06/14/2019 09:21:55 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.295.628.0

   Update Source: Microsoft Malware Protection Center

   Update Stage: Install

   Source Path: http://go.microsoft....5D-99752CCA7094

   Signature Type: AntiVirus

   Update Type: Full

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version:

   Previous Engine Version: 1.1.16000.6

   Error code: 0x80070652

   Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Error: (06/14/2019 09:21:51 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version:

   Update Source: User

   Update Stage: Install

   Source Path:

   Signature Type:

   Update Type:

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version:

   Previous Engine Version:

   Error code: 0x80070652

   Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Error: (06/14/2019 09:21:51 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version:

   Update Source: User

   Update Stage: Install

   Source Path:

   Signature Type:

   Update Type:

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version:

   Previous Engine Version:

   Error code: 0x80070652

   Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Error: (06/14/2019 09:21:43 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.295.628.0

   Update Source: Microsoft Update Server

   Update Stage: Download

   Source Path: http://www.microsoft.com

   Signature Type: AntiVirus

   Update Type: Full

   User: NT AUTHORITY\SYSTEM

   Current Engine Version:

   Previous Engine Version: 1.1.16000.6

   Error code: 0x80240016

   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (06/14/2019 09:21:43 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.295.628.0

   Update Source: Microsoft Update Server

   Update Stage: Install

   Source Path: http://www.microsoft.com

   Signature Type: AntiVirus

   Update Type: Full

   User: NT AUTHORITY\SYSTEM

   Current Engine Version:

   Previous Engine Version: 1.1.16000.6

   Error code: 0x80240016

   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (06/14/2019 09:21:43 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.295.628.0

   Update Source: Microsoft Update Server

   Update Stage: Install

   Source Path: http://www.microsoft.com

   Signature Type: AntiVirus

   Update Type: Full

   User: NT AUTHORITY\SYSTEM

   Current Engine Version:

   Previous Engine Version: 1.1.16000.6

   Error code: 0x80240016

   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (06/08/2019 07:51:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

CodeIntegrity:
===================================

Date: 2016-08-29 09:49:30.757
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 09:49:30.445
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-26 10:40:05.005
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-26 10:40:04.942
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-26 10:37:13.906
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-26 10:37:13.548
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-26 09:31:59.942
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-26 09:31:59.864
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: AMI 80.04 12/25/2013
Motherboard: Hewlett-Packard 2171
Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 86%
Total physical RAM: 5573.83 MB
Available physical RAM: 734.44 MB
Total Virtual: 11145.81 MB
Available Virtual: 5532.56 MB

==================== Drives ================================

Drive c: (Windows ) (Fixed) (Total:919.25 GB) (Free:710.62 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.16 GB) (Free:1.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
Drive g: (USB20FD) (Removable) (Total:7.52 GB) (Free:7.27 GB) FAT32

\\?\Volume{02966a1c-c42a-11e4-9942-806e6f6e6963}\ (SYSTEM ) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DE9D643C)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End of Addition.txt ============================

#2
RKinner

Posted 15 June 2019 - 01:41 PM

Malware Expert

Expert
24,625 posts

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name.   Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER.    Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin. It will install and then start the program.
It will tell you to click on the Start button but there isn't one.
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds. Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.

#3
John Aukerman

Posted 15 June 2019 - 02:57 PM

Member

Topic Starter
Member
284 posts

Process   CPU   Private Bytes   Working Set   PID   Verified Signer
System Idle Process   68.65   0 K   24 K   0
TrustedInstaller.exe   14.19   28,072 K   57,412 K   1868   (Verified) Microsoft Windows
svchost.exe   8.41   229,872 K   198,008 K   1036   (Verified) Microsoft Windows
procexp64.exe   3.15   44,164 K   66,308 K   1440   (Verified) Microsoft Corporation
Interrupts   1.05   0 K   0 K   n/a
dwm.exe   1.01   31,864 K   33,200 K   4000   (Verified) Microsoft Windows
System   0.66   260 K   5,628 K   4
svchost.exe   0.57   160,492 K   169,308 K   368   (Verified) Microsoft Windows
firefox.exe   0.53   36,436 K   42,388 K   4500   (Verified) Mozilla Corporation
firefox.exe   0.51   163,968 K   231,084 K   2240   (Verified) Mozilla Corporation
csrss.exe   0.48   2,724 K   6,972 K   612   (Verified) Microsoft Windows
firefox.exe   0.29   321,256 K   348,752 K   4760   (Verified) Mozilla Corporation
MsMpEng.exe   0.22   141,832 K   158,480 K   980   (Verified) Microsoft Corporation
firefox.exe   0.13   92,188 K   121,136 K   4900   (Verified) Mozilla Corporation
firefox.exe   0.03   51,448 K   62,796 K   4824   (Verified) Mozilla Corporation
explorer.exe   0.03   32,640 K   56,352 K   4008   (Verified) Microsoft Windows
CCC.exe   0.02   101,588 K   19,044 K   5840   (No signature was present in the subject) ATI Technologies Inc.
TouchpointAnalyticsClientService.exe   0.02   54,400 K   54,012 K   6064   (Verified) HP Inc.
svchost.exe   0.01   5,640 K   10,904 K   916   (Verified) Microsoft Windows
MOM.exe   0.01   28,060 K   5,728 K   5456   (No signature was present in the subject) Advanced Micro Devices Inc.
firefox.exe   0.01   43,716 K   41,732 K   4844   (Verified) Mozilla Corporation
firefox.exe   0.01   260,064 K   273,556 K   4920   (Verified) Mozilla Corporation
SearchIndexer.exe   < 0.01   25,580 K   17,860 K   3624   (Verified) Microsoft Windows
taskhost.exe   < 0.01   8,516 K   12,668 K   3696   (Verified) Microsoft Windows
lsass.exe   < 0.01   5,484 K   12,448 K   664   (Verified) Microsoft Windows
svchost.exe   < 0.01   15,476 K   17,688 K   1408   (Verified) Microsoft Windows
CLMSMonitorServicePDVD12.exe   < 0.01   892 K   3,096 K   2000   (Verified) CyberLink Corp.
CLMSServerPDVD12.exe   < 0.01   7,124 K   14,684 K   2044   (Verified) CyberLink Corp.
svchost.exe   < 0.01   7,172 K   13,468 K   656   (Verified) Microsoft Windows
csrss.exe   < 0.01   2,564 K   5,172 K   512   (Verified) Microsoft Windows
ZeroConfigService.exe       6,100 K   15,172 K   2680   (Verified) Intel Corporation-Mobile Wireless Group
WUDFHost.exe       2,088 K   6,576 K   3084   (Verified) Microsoft Windows
WmiPrvSE.exe       12,928 K   20,384 K   4440   (Verified) Microsoft Windows
WmiPrvSE.exe       3,988 K   10,532 K   3040   (Verified) Microsoft Windows
wlanext.exe       6,148 K   15,600 K   1660   (Verified) Microsoft Windows
WirelessKB850NotificationService.exe       1,524 K   4,728 K   2648   (Verified) Microsoft Corporation
winlogon.exe       3,116 K   7,752 K   772   (Verified) Microsoft Windows
wininit.exe       1,960 K   5,176 K   588   (Verified) Microsoft Windows
unsecapp.exe       1,908 K   5,732 K   3048   (Verified) Microsoft Windows
taskeng.exe       2,468 K   7,292 K   3804   (Verified) Microsoft Windows
svchost.exe       5,768 K   12,756 K   840   (Verified) Microsoft Windows
svchost.exe       19,692 K   22,072 K   428   (Verified) Microsoft Windows
svchost.exe       2,448 K   6,088 K   3396   (Verified) Microsoft Windows
svchost.exe       12,456 K   14,272 K   1788   (Verified) Microsoft Windows
svchost.exe       3,852 K   7,652 K   1448   (Verified) Microsoft Windows
svchost.exe       2,348 K   6,380 K   600   (Verified) Microsoft Windows
svchost.exe       1,996 K   6,100 K   2600   (Verified) Microsoft Windows
svchost.exe       2,768 K   6,508 K   1156   (Verified) Microsoft Windows
spoolsv.exe       9,976 K   17,928 K   1752   (Verified) Microsoft Windows
smss.exe       540 K   1,348 K   312   (Verified) Microsoft Windows
services.exe       5,276 K   11,508 K   648   (Verified) Microsoft Windows
rundll32.exe       4,648 K   12,708 K   3632   (Verified) Microsoft Windows
RtkNGUI64.exe       13,652 K   11,184 K   3800   (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe       2,024 K   5,796 K   1280   (Verified) Realtek Semiconductor Corp
RegSrvc.exe       2,040 K   7,400 K   2532   (Verified) Intel Corporation-Mobile Wireless Group
RAVBg64.exe       14,996 K   12,280 K   1316   (Verified) Realtek Semiconductor Corp
QBW32.EXE       68,188 K   102,652 K   3584   (Verified) Intuit, Inc.
qbupdate.exe       9,612 K   20,480 K   1340   (Certificate expired) Intuit Inc.
QBIDPService.exe       8,852 K   13,900 K   2428   (No signature was present in the subject) Intuit Inc.
QBCFMonitorService.exe       9,292 K   13,496 K   2348   (No signature was present in the subject) Intuit
procexp.exe       3,564 K   8,720 K   5592   (Verified) Microsoft Corporation
pdfsvc.exe       2,304 K   7,740 K   2088   (Verified) PDF Complete Inc.
NisSrv.exe       15,460 K   9,552 K   3528   (Verified) Microsoft Corporation
msseces.exe       6,560 K   15,176 K   3676   (Verified) Microsoft Corporation
mDNSResponder.exe       2,336 K   6,168 K   1976   (Verified) Apple Inc.
lsm.exe       2,752 K   4,708 K   676   (Verified) Microsoft Windows
HydraDM64.exe       2,312 K   6,676 K   1104   (No signature was present in the subject) AMD
HydraDM.exe       1,848 K   6,372 K   1536   (No signature was present in the subject) AMD
HPSupportSolutionsFrameworkService.exe       39,284 K   46,888 K   5784   (Verified) HP Inc.
hpqwmiex.exe       2,000 K   6,796 K   3376   (Verified) Hewlett-Packard
Fuel.Service.exe       1,976 K   6,312 K   1952   (No signature was present in the subject) Advanced Micro Devices, Inc.
EvtEng.exe       5,748 K   13,364 K   1276   (Verified) Intel Corporation-Mobile Wireless Group
conhost.exe       1,096 K   3,220 K   1668   (Verified) Microsoft Windows
audiodg.exe       21,156 K   22,572 K   3920   (Verified) Microsoft Windows
atiesrxx.exe       1,504 K   4,688 K   356   (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe       2,852 K   8,228 K   1324   (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe       1,228 K   4,284 K   1904   (Verified) Adobe Systems, Incorporated
AERTSr64.exe       1,260 K   3,200 K   1924   (Verified) Andrea Electronics

Image Name                     PID Services
========================= ======== ============================================
System Idle Process              0 N/A
System                           4 N/A
smss.exe                       312 N/A
csrss.exe                      512 N/A
wininit.exe                    588 N/A
csrss.exe                      612 N/A
services.exe                   648 N/A
lsass.exe                      664 EFS, KeyIso, SamSs
lsm.exe                        676 N/A
winlogon.exe                   772 N/A
svchost.exe                    840 DcomLaunch, PlugPlay, Power
svchost.exe                    916 RpcEptMapper, RpcSs
MsMpEng.exe                    980 MsMpSvc
atiesrxx.exe                   356 AMD External Events Utility
svchost.exe                    428 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc
svchost.exe                    368 AudioEndpointBuilder, CscService, hidserv,
                                   Netman, PcaSvc, SysMain, TrkWks, UxSms,
                                   WdiSystemHost, Wlansvc, WPDBusEnum, wudfsvc
svchost.exe                    656 EventSystem, FontCache, netprofm, nsi,
                                   WdiServiceHost, WinHttpAutoProxySvc
svchost.exe                   1036 AeLookupSvc, Appinfo, BITS, EapHost,
                                   iphlpsvc, LanmanServer, MMCSS, ProfSvc,
                                   Schedule, SENS, ShellHWDetection, Themes,
                                   Winmgmt, wuauserv
svchost.exe                   1156 gpsvc
RtkAudioService64.exe         1280 RtkAudioService
RAVBg64.exe                   1316 N/A
atieclxx.exe                  1324 N/A
svchost.exe                   1408 CryptSvc, Dnscache, LanmanWorkstation,
                                   NlaSvc
wlanext.exe                   1660 N/A
conhost.exe                   1668 N/A
spoolsv.exe                   1752 Spooler
svchost.exe                   1788 BFE, DPS, MpsSvc
armsvc.exe                    1904 AdobeARMservice
AERTSr64.exe                  1924 AERTFilters
Fuel.Service.exe              1952 AMD FUEL Service
mDNSResponder.exe             1976 Bonjour Service
CLMSMonitorServicePDVD12.     2000 CyberLink PowerDVD 12 Media Server Monitor S
                                   ervice
CLMSServerPDVD12.exe          2044 CyberLink PowerDVD 12 Media Server Service
svchost.exe                   1448 DiagTrack
EvtEng.exe                    1276 EvtEng
pdfsvc.exe                    2088 pdfcDispatcher
QBCFMonitorService.exe        2348 QBCFMonitorService
QBIDPService.exe              2428 QBVSS
RegSrvc.exe                   2532 RegSrvc
svchost.exe                   2600 stisvc
WirelessKB850Notification     2648 WirelessKB850NotificationService
ZeroConfigService.exe         2680 ZeroConfigService
unsecapp.exe                  3048 N/A
svchost.exe                    600 PolicyAgent
WmiPrvSE.exe                  3040 N/A
WUDFHost.exe                  3084 N/A
svchost.exe                   3396 SSDPSRV
NisSrv.exe                    3528 NisSrv
taskhost.exe                  3696 N/A
dwm.exe                       4000 N/A
explorer.exe                  4008 N/A
RtkNGUI64.exe                 3800 N/A
msseces.exe                   3676 N/A
HydraDM.exe                   1536 N/A
qbupdate.exe                  1340 N/A
QBW32.EXE                     3584 N/A
firefox.exe                   2240 N/A
HydraDM64.exe                 1104 N/A
rundll32.exe                  3632 N/A
SearchIndexer.exe             3624 WSearch
WmiPrvSE.exe                  4440 N/A
firefox.exe                   4500 N/A
firefox.exe                   4760 N/A
firefox.exe                   4900 N/A
firefox.exe                   4920 N/A
firefox.exe                   4824 N/A
MOM.exe                       5456 N/A
CCC.exe                       5840 N/A
HPSupportSolutionsFramewo     5784 HPSupportSolutionsFrameworkService
TouchpointAnalyticsClient     6064 HPTouchpointAnalyticsService
hpqwmiex.exe                  3376 hpqwmiex
firefox.exe                   4844 N/A
Speccy64.exe                  5856 N/A
svchost.exe                   5592 p2pimsvc, PNRPsvc
wuauclt.exe                   3196 N/A
audiodg.exe                   1436 N/A
cmd.exe                       2868 N/A
conhost.exe                    596 N/A
WmiApSrv.exe                  6684 wmiApSrv
tasklist.exe                  1252 N/A

Process   CPU   Private Bytes   Working Set   PID   Verified Signer
System Idle Process   68.65   0 K   24 K   0
TrustedInstaller.exe   14.19   28,072 K   57,412 K   1868   (Verified) Microsoft Windows
svchost.exe   8.41   229,872 K   198,008 K   1036   (Verified) Microsoft Windows
procexp64.exe   3.15   44,164 K   66,308 K   1440   (Verified) Microsoft Corporation
Interrupts   1.05   0 K   0 K   n/a
dwm.exe   1.01   31,864 K   33,200 K   4000   (Verified) Microsoft Windows
System   0.66   260 K   5,628 K   4
svchost.exe   0.57   160,492 K   169,308 K   368   (Verified) Microsoft Windows
firefox.exe   0.53   36,436 K   42,388 K   4500   (Verified) Mozilla Corporation
firefox.exe   0.51   163,968 K   231,084 K   2240   (Verified) Mozilla Corporation
csrss.exe   0.48   2,724 K   6,972 K   612   (Verified) Microsoft Windows
firefox.exe   0.29   321,256 K   348,752 K   4760   (Verified) Mozilla Corporation
MsMpEng.exe   0.22   141,832 K   158,480 K   980   (Verified) Microsoft Corporation
firefox.exe   0.13   92,188 K   121,136 K   4900   (Verified) Mozilla Corporation
firefox.exe   0.03   51,448 K   62,796 K   4824   (Verified) Mozilla Corporation
explorer.exe   0.03   32,640 K   56,352 K   4008   (Verified) Microsoft Windows
CCC.exe   0.02   101,588 K   19,044 K   5840   (No signature was present in the subject) ATI Technologies Inc.
TouchpointAnalyticsClientService.exe   0.02   54,400 K   54,012 K   6064   (Verified) HP Inc.
svchost.exe   0.01   5,640 K   10,904 K   916   (Verified) Microsoft Windows
MOM.exe   0.01   28,060 K   5,728 K   5456   (No signature was present in the subject) Advanced Micro Devices Inc.
firefox.exe   0.01   43,716 K   41,732 K   4844   (Verified) Mozilla Corporation
firefox.exe   0.01   260,064 K   273,556 K   4920   (Verified) Mozilla Corporation
SearchIndexer.exe   < 0.01   25,580 K   17,860 K   3624   (Verified) Microsoft Windows
taskhost.exe   < 0.01   8,516 K   12,668 K   3696   (Verified) Microsoft Windows
lsass.exe   < 0.01   5,484 K   12,448 K   664   (Verified) Microsoft Windows
svchost.exe   < 0.01   15,476 K   17,688 K   1408   (Verified) Microsoft Windows
CLMSMonitorServicePDVD12.exe   < 0.01   892 K   3,096 K   2000   (Verified) CyberLink Corp.
CLMSServerPDVD12.exe   < 0.01   7,124 K   14,684 K   2044   (Verified) CyberLink Corp.
svchost.exe   < 0.01   7,172 K   13,468 K   656   (Verified) Microsoft Windows
csrss.exe   < 0.01   2,564 K   5,172 K   512   (Verified) Microsoft Windows
ZeroConfigService.exe       6,100 K   15,172 K   2680   (Verified) Intel Corporation-Mobile Wireless Group
WUDFHost.exe       2,088 K   6,576 K   3084   (Verified) Microsoft Windows
WmiPrvSE.exe       12,928 K   20,384 K   4440   (Verified) Microsoft Windows
WmiPrvSE.exe       3,988 K   10,532 K   3040   (Verified) Microsoft Windows
wlanext.exe       6,148 K   15,600 K   1660   (Verified) Microsoft Windows
WirelessKB850NotificationService.exe       1,524 K   4,728 K   2648   (Verified) Microsoft Corporation
winlogon.exe       3,116 K   7,752 K   772   (Verified) Microsoft Windows
wininit.exe       1,960 K   5,176 K   588   (Verified) Microsoft Windows
unsecapp.exe       1,908 K   5,732 K   3048   (Verified) Microsoft Windows
taskeng.exe       2,468 K   7,292 K   3804   (Verified) Microsoft Windows
svchost.exe       5,768 K   12,756 K   840   (Verified) Microsoft Windows
svchost.exe       19,692 K   22,072 K   428   (Verified) Microsoft Windows
svchost.exe       2,448 K   6,088 K   3396   (Verified) Microsoft Windows
svchost.exe       12,456 K   14,272 K   1788   (Verified) Microsoft Windows
svchost.exe       3,852 K   7,652 K   1448   (Verified) Microsoft Windows
svchost.exe       2,348 K   6,380 K   600   (Verified) Microsoft Windows
svchost.exe       1,996 K   6,100 K   2600   (Verified) Microsoft Windows
svchost.exe       2,768 K   6,508 K   1156   (Verified) Microsoft Windows
spoolsv.exe       9,976 K   17,928 K   1752   (Verified) Microsoft Windows
smss.exe       540 K   1,348 K   312   (Verified) Microsoft Windows
services.exe       5,276 K   11,508 K   648   (Verified) Microsoft Windows
rundll32.exe       4,648 K   12,708 K   3632   (Verified) Microsoft Windows
RtkNGUI64.exe       13,652 K   11,184 K   3800   (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe       2,024 K   5,796 K   1280   (Verified) Realtek Semiconductor Corp
RegSrvc.exe       2,040 K   7,400 K   2532   (Verified) Intel Corporation-Mobile Wireless Group
RAVBg64.exe       14,996 K   12,280 K   1316   (Verified) Realtek Semiconductor Corp
QBW32.EXE       68,188 K   102,652 K   3584   (Verified) Intuit, Inc.
qbupdate.exe       9,612 K   20,480 K   1340   (Certificate expired) Intuit Inc.
QBIDPService.exe       8,852 K   13,900 K   2428   (No signature was present in the subject) Intuit Inc.
QBCFMonitorService.exe       9,292 K   13,496 K   2348   (No signature was present in the subject) Intuit
procexp.exe       3,564 K   8,720 K   5592   (Verified) Microsoft Corporation
pdfsvc.exe       2,304 K   7,740 K   2088   (Verified) PDF Complete Inc.
NisSrv.exe       15,460 K   9,552 K   3528   (Verified) Microsoft Corporation
msseces.exe       6,560 K   15,176 K   3676   (Verified) Microsoft Corporation
mDNSResponder.exe       2,336 K   6,168 K   1976   (Verified) Apple Inc.
lsm.exe       2,752 K   4,708 K   676   (Verified) Microsoft Windows
HydraDM64.exe       2,312 K   6,676 K   1104   (No signature was present in the subject) AMD
HydraDM.exe       1,848 K   6,372 K   1536   (No signature was present in the subject) AMD
HPSupportSolutionsFrameworkService.exe       39,284 K   46,888 K   5784   (Verified) HP Inc.
hpqwmiex.exe       2,000 K   6,796 K   3376   (Verified) Hewlett-Packard
Fuel.Service.exe       1,976 K   6,312 K   1952   (No signature was present in the subject) Advanced Micro Devices, Inc.
EvtEng.exe       5,748 K   13,364 K   1276   (Verified) Intel Corporation-Mobile Wireless Group
conhost.exe       1,096 K   3,220 K   1668   (Verified) Microsoft Windows
audiodg.exe       21,156 K   22,572 K   3920   (Verified) Microsoft Windows
atiesrxx.exe       1,504 K   4,688 K   356   (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe       2,852 K   8,228 K   1324   (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe       1,228 K   4,284 K   1904   (Verified) Adobe Systems, Incorporated
AERTSr64.exe       1,260 K   3,200 K   1924   (Verified) Andrea Electronics

Attached Files

MAPLEGROVE.txt 814.12KB 147 downloads

#4
RKinner

Posted 15 June 2019 - 09:15 PM

Malware Expert

Expert
24,625 posts

Process Explorer shows that Trusted Installer is using a lot of CPU. Usually that means it's doing an update. It should have stopped by now so try Process Explorer again.

Still waiting on Latency Monitor.

#5
John Aukerman

Posted 16 June 2019 - 09:45 AM

Member

Topic Starter
Member
284 posts

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts.
LatencyMon has been analyzing your system for 0:00:40 (h:mm:ss) on all processors.

_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        MAPLEGROVE
OS version:                                           Windows 7 Service Pack 1 , 6.1, build: 7601 (x64)
Hardware:                                             HP ProDesk 405 G1 MT, Hewlett-Packard, 2171
CPU:                                                  AuthenticAMD AMD A4-5000 APU with Radeon™ HD Graphics
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  5573 MB total

_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   1497 MHz

Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.

_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.

Highest measured interrupt to process latency (µs):   612.125278
Average measured interrupt to process latency (µs):   9.223817

Highest measured interrupt to DPC latency (µs):       251.005561
Average measured interrupt to DPC latency (µs):       2.980649

_________________________________________________________________________________________________________
REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.

Highest ISR routine execution time (µs):              28.466266
Driver with highest ISR routine execution time:       storport.sys - Microsoft Storage Port Driver, Microsoft Corporation

Highest reported total ISR routine time (%):          0.007521
Driver with highest ISR total time:                   hal.dll - Hardware Abstraction Layer DLL, Microsoft Corporation

Total time spent in ISRs (%)                          0.011245

ISR count (execution time <250 µs):                   1282
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0

_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.

Highest DPC routine execution time (µs):              352.766199
Driver with highest DPC routine execution time:       ndis.sys - NDIS 6.20 driver, Microsoft Corporation

Highest reported total DPC routine time (%):          0.035877
Driver with highest DPC total execution time:         USBPORT.SYS - USB 1.1 & 2.0 Port Driver, Microsoft Corporation

Total time spent in DPCs (%)                          0.079745

DPC count (execution time <250 µs):                   11004
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                3
DPC count (execution time 1000-1999 µs):              0
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0

_________________________________________________________________________________________________________
REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.

NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.

Process with highest pagefault count:                 msmpeng.exe

Total number of hard pagefaults                       2
Hard pagefault count of hardest hit process:          2
Number of processes hit:                              1

_________________________________________________________________________________________________________
PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.231125
CPU 0 ISR highest execution time (µs):                25.838343
CPU 0 ISR total execution time (s):                   0.012756
CPU 0 ISR count:                                      780
CPU 0 DPC highest execution time (µs):                145.044088
CPU 0 DPC total execution time (s):                   0.030265
CPU 0 DPC count:                                      4766
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.097926
CPU 1 ISR highest execution time (µs):                28.466266
CPU 1 ISR total execution time (s):                   0.000285
CPU 1 ISR count:                                      30
CPU 1 DPC highest execution time (µs):                137.420842
CPU 1 DPC total execution time (s):                   0.005253
CPU 1 DPC count:                                      383
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.117769
CPU 2 ISR highest execution time (µs):                27.171677
CPU 2 ISR total execution time (s):                   0.001312
CPU 2 ISR count:                                      151
CPU 2 DPC highest execution time (µs):                352.766199
CPU 2 DPC total execution time (s):                   0.028041
CPU 2 DPC count:                                      2162
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.282707
CPU 3 ISR highest execution time (µs):                26.505678
CPU 3 ISR total execution time (s):                   0.003989
CPU 3 ISR count:                                      321
CPU 3 DPC highest execution time (µs):                287.152973
CPU 3 DPC total execution time (s):                   0.066515
CPU 3 DPC count:                                      3696
_________________________________________________________________________________________________________
Process   CPU   Private Bytes   Working Set   PID   Verified Signer
System Idle Process   93.27   0 K   24 K   0
procexp64.exe   1.92   44,832 K   66,580 K   756   (Verified) Microsoft Corporation
rundll32.exe   1.17   4,544 K   12,616 K   2464   (Verified) Microsoft Windows
spoolsv.exe   0.97   9,960 K   17,992 K   1752   (Verified) Microsoft Windows
firefox.exe   0.68   399,768 K   416,000 K   416   (Verified) Mozilla Corporation
svchost.exe   0.55   5,824 K   12,932 K   840   (Verified) Microsoft Windows
System   0.38   512 K   18,688 K   4
Interrupts   0.27   0 K   0 K   n/a
dwm.exe   0.27   31,736 K   33,060 K   612   (Verified) Microsoft Windows
MsMpEng.exe   0.19   176,696 K   189,732 K   980   (Verified) Microsoft Corporation
csrss.exe   0.13   3,140 K   7,796 K   6140   (Verified) Microsoft Windows
firefox.exe   0.03   51,496 K   62,600 K   7104   (Verified) Mozilla Corporation
firefox.exe   0.03   150,040 K   212,084 K   4964   (Verified) Mozilla Corporation
explorer.exe   0.02   32,248 K   54,544 K   4260   (Verified) Microsoft Windows
CCC.exe   0.02   106,032 K   6,516 K   4304   (No signature was present in the subject) ATI Technologies Inc.
WmiApSrv.exe   0.02   2,352 K   6,996 K   5548   (Verified) Microsoft Windows
lsass.exe   0.02   5,492 K   13,212 K   664   (Verified) Microsoft Windows
MOM.exe   0.01   28,040 K   4,572 K   6904   (No signature was present in the subject) Advanced Micro Devices Inc.
TouchpointAnalyticsClientService.exe   0.01   52,564 K   53,996 K   6064   (Verified) HP Inc.
firefox.exe   0.01   43,776 K   41,884 K   5320   (Verified) Mozilla Corporation
svchost.exe   0.01   5,784 K   11,120 K   916   (Verified) Microsoft Windows
WmiPrvSE.exe   0.01   20,308 K   29,036 K   3040   (Verified) Microsoft Windows
taskhost.exe   < 0.01   8,384 K   12,660 K   4648   (Verified) Microsoft Windows
svchost.exe   < 0.01   38,912 K   58,668 K   1036   (Verified) Microsoft Windows
CLMSServerPDVD12.exe   < 0.01   7,124 K   14,796 K   2044   (Verified) CyberLink Corp.
SearchIndexer.exe   < 0.01   34,944 K   27,304 K   3624   (Verified) Microsoft Windows
svchost.exe   < 0.01   32,656 K   36,956 K   1408   (Verified) Microsoft Windows
csrss.exe   < 0.01   2,620 K   5,220 K   512   (Verified) Microsoft Windows
svchost.exe   < 0.01   170,676 K   179,472 K   368   (Verified) Microsoft Windows
lsm.exe   < 0.01   2,796 K   4,836 K   676   (Verified) Microsoft Windows
ZeroConfigService.exe       6,280 K   15,376 K   2680   (Verified) Intel Corporation-Mobile Wireless Group
WUDFHost.exe       2,092 K   6,592 K   3084   (Verified) Microsoft Windows
wlanext.exe       6,232 K   15,680 K   1660   (Verified) Microsoft Windows
WirelessKB850NotificationService.exe       1,528 K   4,748 K   2648   (Verified) Microsoft Corporation
winlogon.exe       3,096 K   7,680 K   6024   (Verified) Microsoft Windows
wininit.exe       1,960 K   5,176 K   588   (Verified) Microsoft Windows
unsecapp.exe       1,932 K   5,780 K   3048   (Verified) Microsoft Windows
taskeng.exe       1,996 K   5,940 K   6948   (Verified) Microsoft Windows
taskeng.exe       2,600 K   7,180 K   4624   (Verified) Microsoft Windows
taskeng.exe       2,368 K   6,808 K   5428   (Verified) Microsoft Windows
svchost.exe       2,448 K   6,104 K   3396   (Verified) Microsoft Windows
svchost.exe       18,564 K   21,500 K   428   (Verified) Microsoft Windows
svchost.exe       13,004 K   15,236 K   1788   (Verified) Microsoft Windows
svchost.exe       8,168 K   15,564 K   656   (Verified) Microsoft Windows
svchost.exe       3,368 K   8,188 K   1156   (Verified) Microsoft Windows
svchost.exe       4,136 K   7,820 K   1448   (Verified) Microsoft Windows
svchost.exe       2,300 K   7,076 K   5592   (Verified) Microsoft Windows
svchost.exe       2,348 K   6,396 K   600   (Verified) Microsoft Windows
smss.exe       576 K   1,364 K   312   (Verified) Microsoft Windows
services.exe       5,592 K   12,184 K   648   (Verified) Microsoft Windows
RtkNGUI64.exe       13,644 K   11,224 K   3660   (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe       2,032 K   5,816 K   1280   (Verified) Realtek Semiconductor Corp
RegSrvc.exe       2,064 K   7,452 K   2532   (Verified) Intel Corporation-Mobile Wireless Group
RAVBg64.exe       15,000 K   12,268 K   3916   (Verified) Realtek Semiconductor Corp
qbupdate.exe       10,260 K   21,672 K   752   (Certificate expired) Intuit Inc.
QBIDPService.exe       8,964 K   14,280 K   2428   (No signature was present in the subject) Intuit Inc.
QBCFMonitorService.exe       9,728 K   13,996 K   2348   (No signature was present in the subject) Intuit
procexp.exe       3,564 K   8,732 K   6388   (Verified) Microsoft Corporation
pdfsvc.exe       2,364 K   8,932 K   2088   (Verified) PDF Complete Inc.
NisSrv.exe       16,988 K   9,848 K   3528   (Verified) Microsoft Corporation
msseces.exe       6,584 K   15,188 K   5884   (Verified) Microsoft Corporation
mDNSResponder.exe       2,388 K   6,240 K   1976   (Verified) Apple Inc.
HydraDM64.exe       2,316 K   6,744 K   2944   (No signature was present in the subject) AMD
HydraDM.exe       1,848 K   6,508 K   4492   (No signature was present in the subject) AMD
HPSupportSolutionsFrameworkService.exe       39,284 K   46,952 K   5784   (Verified) HP Inc.
hpqwmiex.exe       1,956 K   6,780 K   3376   (Verified) Hewlett-Packard
Fuel.Service.exe       1,984 K   6,316 K   1952   (No signature was present in the subject) Advanced Micro Devices, Inc.
firefox.exe       36,880 K   41,600 K   2124   (Verified) Mozilla Corporation
EvtEng.exe       5,868 K   13,516 K   1276   (Verified) Intel Corporation-Mobile Wireless Group
conhost.exe       1,096 K   3,220 K   1668   (Verified) Microsoft Windows
CLMSMonitorServicePDVD12.exe       892 K   3,096 K   2000   (Verified) CyberLink Corp.
audiodg.exe       21,096 K   22,784 K   4640   (Verified) Microsoft Windows
atiesrxx.exe       1,512 K   4,708 K   356   (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe       2,820 K   8,204 K   4728   (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe       1,228 K   4,308 K   1904   (Verified) Adobe Systems, Incorporated
AERTSr64.exe       1,260 K   3,204 K   1924   (Verified) Andrea Electronics

#6
RKinner

Posted 16 June 2019 - 02:15 PM

Malware Expert

Expert
24,625 posts

Process Explorer shows no problems with anything hogging the CPU. Latency Monitor seems happy with your PC.

You might running a defrag manually. Win 7 normally does it automatically but sometimes if the PC is off during the scheduled time it won't happen. Click on Computer then right click on the C: drive and select Properties then Tools. Then Defragment Now then Defragment Disk. Will take a while. Repeat for any other disks.

Let's also do SFC:

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt

notepad %UserProfile%\desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

Regardless of the sfc results do:

Reboot

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

#7
John Aukerman

Posted 16 June 2019 - 04:27 PM

Member

Topic Starter
Member
284 posts

I ran defrag

I did sfc. But when I did scannow, I got a message: 'SCANNOW' IS NOT RECOGNIZED. So I did findstr /c:"[SR]" \windows\logs\cbs\cbs.log > %UserProfile%\desktop\junk.txt notepad %UserProfile%\desktop\junk.txt. I got an empty notepad junk.txt.

I ran VEW:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/06/2019 6:20:13 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/06/2019 10:15:48 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_PNY&PROD_USB_2.0_FD&REV_1100#AA00000000014658&0#.

Log: 'System' Date/Time: 16/06/2019 10:14:22 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 16/06/2019 10:14:22 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll

I repeated VEW:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/06/2019 6:26:39 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/06/2019 10:17:35 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f20 Start Time: 01d5249116ab188b Termination Time: 63 Application Path: C:\Windows\Explorer.EXE Report Id: 851074b2-9084-11e9-881e-9cb654f71540

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#8
RKinner

Posted 16 June 2019 - 09:35 PM

Malware Expert

Expert
24,625 posts

Make sure you are in an Elevated Command prompt. (Prompt will show: c:\Windows\System32> )

Make sure you have a forward slash: sfc /scannow

If you don't get sfc /scannow to run there will never be anything in the junk.txt file.

#9
John Aukerman

Posted 17 June 2019 - 05:57 AM

Member

Topic Starter
Member
284 posts

Thank you. Ran the scan. It took a long time. It didn't a junk.txt file.It just said, "Windows Resource Protection did not find any integrity violations."

#10
RKinner

Posted 17 June 2019 - 11:06 AM

Malware Expert

Expert
24,625 posts

download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get the Explorer crashes.

#11
John Aukerman

Posted 17 June 2019 - 03:50 PM

Member

Topic Starter
Member
284 posts

Installed and ran ShellExView. Selected all NO items as instructed -- there were A LOT of them! Rebooted. But I don't understand what you mean by "see if you still get the Explorer crashes." I didn't know I was getting Explorer crashes.

#12
RKinner

Posted 17 June 2019 - 07:13 PM

Malware Expert

Expert
24,625 posts

Log: 'Application' Date/Time: 16/06/2019 10:17:35 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f20 Start Time: 01d5249116ab188b Termination Time: 63 Application Path: C:\Windows\Explorer.EXE Report Id: 851074b2-9084-11e9-881e-9cb654f71540

Above is a sign of an Explorer crash.

Reboot and run VEW again (for Applications only) Let's see if we have any new crashes since you ran ShellExView.

#13
John Aukerman

Posted 18 June 2019 - 09:20 AM

Member

Topic Starter
Member
284 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/06/2019 11:20:18 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/06/2019 10:17:35 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f20 Start Time: 01d5249116ab188b Termination Time: 63 Application Path: C:\Windows\Explorer.EXE Report Id: 851074b2-9084-11e9-881e-9cb654f71540

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/06/2019 9:44:39 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-2994528611-1495046117-1799070532-1003:
Process 924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2994528611-1495046117-1799070532-1003
Process 924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2994528611-1495046117-1799070532-1003
Process 924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2994528611-1495046117-1799070532-1003
Process 924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2994528611-1495046117-1799070532-1003
Process 924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2994528611-1495046117-1799070532-1003\Software\Microsoft\SystemCertificates\My
Process 924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2994528611-1495046117-1799070532-1003\Software\Microsoft\SystemCertificates\CA
Process 924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2994528611-1495046117-1799070532-1003\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2994528611-1495046117-1799070532-1003\Software\Microsoft\SystemCertificates\Disallowed
Process 924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2994528611-1495046117-1799070532-1003\Software\Microsoft\SystemCertificates\trust
Process 924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2994528611-1495046117-1799070532-1003\Software\Microsoft\SystemCertificates\TrustedPeople
Process 924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2994528611-1495046117-1799070532-1003\Software\Microsoft\SystemCertificates\Root