I am running Win 7 64 bit and IE 8. System running very slow when on internet. Task manager reveals multiple iexplore.exe*32 using lots of memory when on IE. When I open to the internet with Google I get multiple chrome.exe*32 processes. When I am off the internet no issues in task manager. I have Malwarebytes actively protecting my system as well as MS Security Essentials. Neither program indicates a problem. I occasionally use Java but do not leave it on the computer after use. I did accidentally leave it on after using it a couple weeks ago. I uninstalled it and incinerated it with System Mechanic just now. I've read multiple posting on this and other sites concerning these issues with ie and chrome exe*32 processes but do not know how to proceed. I would be very grateful for assistance. Below are the FRST64 logs.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by Randy (administrator) on OFFICE on 28-04-2015 23:28:23
Running from C:\Users\Randy\Desktop
Loaded Profiles: Randy (Available profiles: Randy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Seagate Technology LLC) J:\SEAGATE\Sync\FreeAgentService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\SystemGuardAlerter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Cisco Consumer Products LLC) C:\Program Files\CiscoVUSB\CiscoVUSB.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Seagate LLC) J:\SEAGATE\FreeAgent Status\stxmenumgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] => J:\SEAGATE\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-26] (Seagate LLC)
HKLM-x32\...\Run: [ioloLiveBoost] => C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe [5482104 2015-02-12] (iolo technologies, LLC)
HKU\S-1-5-21-4283896459-4070683001-661046522-1000\...\RunOnce: [Adobe Speed Launcher] => 1430227738
HKU\S-1-5-21-4283896459-4070683001-661046522-1000\...\MountPoints2: {496223ac-cd40-11e3-9e9e-001aa094bc0c} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4283896459-4070683001-661046522-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2012-09-15] (Microsoft Corporation)
Startup: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cisco VUSB.lnk [2013-03-07]
ShortcutTarget: Cisco VUSB.lnk -> C:\Program Files\CiscoVUSB\CiscoVUSB.exe (Cisco Consumer Products LLC)
BootExecute: autocheck autochk * ⱽ뫠ౖፉጔ吠ొ䡐ፊ覠覠
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4283896459-4070683001-661046522-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-09-14] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-09-14] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-19]
CHR Extension: (Google Docs) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-19]
CHR Extension: (Google Drive) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-19]
CHR Extension: (YouTube) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-19]
CHR Extension: (Google Search) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-19]
CHR Extension: (Google Sheets) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-19]
CHR Extension: (Bookmark Manager) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-19]
CHR Extension: (Gmail) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-19]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 FreeAgentGoNext Service; J:\SEAGATE\Sync\FreeAgentService.exe [189736 2009-09-26] (Seagate Technology LLC)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4702920 2015-02-12] (iolo technologies, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-10] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
R3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [304480 2013-03-31] (silex technology, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-28 23:28 - 2015-04-28 23:28 - 00010485 ____C () C:\Users\Randy\Desktop\FRST.txt
2015-04-28 23:28 - 2015-04-28 23:28 - 00000000 ___DC () C:\FRST
2015-04-28 23:27 - 2015-04-28 23:27 - 02100736 ____C (Farbar) C:\Users\Randy\Desktop\FRST64.exe
2015-04-28 21:22 - 2015-04-28 21:22 - 00037888 ____C () C:\Users\Randy\Documents\May 4-10.xls
2015-04-24 13:57 - 2015-04-25 11:08 - 00037376 ____C () C:\Users\Randy\Documents\April 27th- May 3rd.xls
2015-04-20 18:17 - 2015-04-20 18:17 - 00036864 ____C () C:\Users\Randy\Documents\April 20th-26th.xls
2015-04-14 17:54 - 2015-04-14 18:33 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 17:54 - 2015-04-14 18:33 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 17:54 - 2015-04-14 18:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 17:54 - 2015-04-14 18:33 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 17:54 - 2015-04-14 18:27 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 17:54 - 2015-04-14 18:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 17:54 - 2015-04-14 18:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 17:54 - 2015-04-14 18:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 17:54 - 2015-04-14 18:26 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 17:54 - 2015-04-14 18:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 17:53 - 2015-04-14 18:26 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 17:53 - 2015-04-14 18:25 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 17:53 - 2015-04-14 18:24 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 17:53 - 2015-04-14 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 17:53 - 2015-04-14 18:24 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 17:53 - 2015-04-14 18:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 17:53 - 2015-04-14 18:24 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 17:53 - 2015-04-14 18:24 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 17:53 - 2015-04-14 18:24 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 17:53 - 2015-04-14 18:24 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 17:53 - 2015-04-14 18:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 17:53 - 2015-04-14 18:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 17:53 - 2015-04-14 18:24 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 17:53 - 2015-04-14 18:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 17:50 - 2015-04-14 18:24 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 17:50 - 2015-04-14 18:24 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 17:50 - 2015-04-14 18:23 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-10 14:43 - 2015-04-10 14:43 - 00036864 ____C () C:\Users\Randy\Documents\April 13th-19th.xls
2015-04-05 20:23 - 2015-04-05 20:23 - 00036864 ____C () C:\Users\Randy\Desktop\April 13th-19th.xls
2015-04-05 20:22 - 2015-04-05 20:22 - 00038400 ____C () C:\Users\Randy\Desktop\April 6th-12th.xls
2015-04-05 19:25 - 2015-04-05 19:24 - 00038400 ____C () C:\Users\Randy\Documents\April 6th-12th.xls
2015-04-05 00:13 - 2015-04-05 00:13 - 00000000 __SDC () C:\Windows\SysWOW64\GWX
2015-04-05 00:13 - 2015-04-05 00:13 - 00000000 __SDC () C:\Windows\system32\GWX
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-28 23:11 - 2012-09-13 18:59 - 00000830 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-28 22:42 - 2009-07-13 23:45 - 00022768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-28 22:42 - 2009-07-13 23:45 - 00022768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-28 22:30 - 2012-09-13 12:04 - 01348569 ____C () C:\Windows\WindowsUpdate.log
2015-04-28 22:29 - 2014-11-19 23:17 - 00000898 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-28 15:29 - 2014-11-19 23:17 - 00000894 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-28 13:41 - 2014-11-19 23:19 - 00002183 ____C () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-28 07:46 - 2014-11-03 10:43 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-28 07:45 - 2009-07-14 00:13 - 00786578 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-04-28 07:41 - 2014-10-27 15:21 - 00022996 ____C () C:\Windows\setupact.log
2015-04-28 07:41 - 2009-07-14 00:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-04-20 16:21 - 2012-09-13 12:05 - 00000000 ___DC () C:\Users\Randy
2015-04-19 21:39 - 2009-07-14 00:08 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-16 22:08 - 2012-09-13 18:59 - 00778416 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 22:08 - 2012-09-13 18:59 - 00142512 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 22:08 - 2012-09-13 18:59 - 00003768 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 17:35 - 2012-09-30 21:13 - 00000000 ___DC () C:\Users\Randy\.epaysol
2015-04-16 17:32 - 2013-10-02 06:54 - 00000000 ___DC () C:\ProgramData\Oracle
2015-04-16 08:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 08:24 - 2009-07-13 22:20 - 00000000 ___DC () C:\Windows\AppCompat
2015-04-14 18:39 - 2014-12-10 14:50 - 00000000 ___DC () C:\Windows\system32\appraiser
2015-04-14 18:39 - 2014-05-06 09:40 - 00000000 __SDC () C:\Windows\system32\CompatTel
2015-04-14 18:39 - 2009-07-13 22:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions
2015-04-14 18:35 - 2012-09-13 13:14 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2015-04-14 18:34 - 2012-09-13 12:56 - 00778700 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 18:32 - 2013-08-14 11:32 - 00000000 ___DC () C:\Windows\system32\MRT
2015-04-14 18:27 - 2012-09-13 23:11 - 128913832 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-13 22:30 - 2014-04-13 08:33 - 00000000 ___DC () C:\Users\Randy\Documents\TurboTax
2015-04-07 09:29 - 2012-09-13 18:55 - 00788456 ____C () C:\Windows\PFRO.log
2015-04-07 09:01 - 2009-07-14 00:09 - 00000000 ___DC () C:\Windows\System32\Tasks\WPD
==================== Files in the root of some directories =======
2013-01-02 16:48 - 2013-01-02 16:48 - 0000017 ____C () C:\Users\Randy\AppData\Local\resmon.resmoncfg
2014-05-17 10:27 - 2014-05-17 10:27 - 2440206 ____C () C:\Users\Randy\AppData\Local\[j0012]-[p01].bmp
2014-05-17 10:27 - 2014-05-17 10:27 - 2440206 ____C () C:\Users\Randy\AppData\Local\[j0012]-[p02].bmp
2014-05-17 10:27 - 2014-05-17 10:27 - 2440206 ____C () C:\Users\Randy\AppData\Local\[j0012]-[p03].bmp
2014-05-17 10:27 - 2014-05-17 10:27 - 2440206 ____C () C:\Users\Randy\AppData\Local\[j0012]-[p04].bmp
2013-03-07 18:20 - 2013-03-07 18:21 - 0000638 ____C () C:\ProgramData\hpzinstall.log
2013-02-16 13:07 - 2015-02-16 15:40 - 0000935 ____C () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some zero byte size files/folders:
==========================
C:\Windows\System32\ahmkun.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-24 13:48
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by Randy at 2015-04-28 23:29:03
Running from C:\Users\Randy\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4283896459-4070683001-661046522-500 - Administrator - Disabled)
Guest (S-1-5-21-4283896459-4070683001-661046522-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4283896459-4070683001-661046522-1002 - Limited - Enabled)
Randy (S-1-5-21-4283896459-4070683001-661046522-1000 - Administrator - Enabled) => C:\Users\Randy
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
ATI AVIVO64 Codecs (Version: 11.6.0.50527 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{EDA9E418-06E0-1FCB-1210-838F1ED5FBE6}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Canon CanoScan 8800F User Registration (HKLM-x32\...\Canon CanoScan 8800F User Registration) (Version: - )
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CanoScan 8800F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805) (Version: - )
Carbonite Online Backup Setup (HKLM-x32\...\Carbonite Setup Lite) (Version: 3.8.0 - Carbonite Inc.)
ccc-core-static (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
Cisco VUSB (HKLM\...\Cisco VUSB) (Version: 1.2.0 - Cisco Consumer Products LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Homeworld (HKLM-x32\...\Homeworld) (Version: - )
HydraVision (x32 Version: 4.2.166.0 - ATI Technologies Inc.) Hidden
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.5.0 - iolo technologies, LLC)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mavis Beacon Teaches Typing Deluxe 20 (HKLM-x32\...\{23B591D7-1C20-44FB-97C2-6953AE67DE18}) (Version: 20.00.0000 - Broderbund)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Presto! PageManager 7.15.16 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) Hidden
System Mechanic 12 Professional (x32 Version: 14.5.0 - ) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4283896459-4070683001-661046522-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> No File Path
==================== Restore Points =========================
28-04-2015 07:48:13 Removed Java 8 Update 45
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ___AC C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {129667F0-2999-42D8-9BDB-3DB96C70AA15} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2015-02-12] (iolo technologies, LLC)
Task: {29107762-E81F-4D8A-A30A-BB6E5C1C67B1} - System32\Tasks\{895E9983-8CBC-4A6A-9BBF-2672A00F0563} => pcalua.exe -a D:\setup.exe -d D:\
Task: {526CBB5E-60BC-465C-B8E8-69B827C3C9B2} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-05] (Microsoft Corporation)
Task: {57BE99C2-0C3F-49D8-8CF4-6F5CB83A6E04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-19] (Google Inc.)
Task: {95579A3D-0375-4EF1-8F13-489B31C6B36C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-19] (Google Inc.)
Task: {A3324054-DDA7-4E3E-9B74-8BE109C0D7BA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-05] (Microsoft Corporation)
Task: {A9DDAFF4-7143-4ADC-8CF8-36A10BCB16B0} - System32\Tasks\{DEAD6DCD-77EE-41E7-2BA8-B150E9B7DC91} => C:\Windows\system32\zhnzron.dll/s "C:\Windows\system32\zhnzron.dll"
Task: {B0B3C9DA-FDE8-41E8-99D2-3477086AD487} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-05] (Microsoft Corporation)
Task: {C0BE6949-B2AC-4F8D-8A7A-78107C02C863} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {C34243EF-4121-47FD-A443-CC793C743E83} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-04-05] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2012-09-13 19:24 - 2006-09-20 08:35 - 00020480 ____C () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2013-03-07 18:40 - 2013-03-31 18:31 - 00281600 ____C () C:\Program Files\CiscoVUSB\Svlscapi.dll
2012-09-13 19:24 - 2006-10-30 16:59 - 00024576 ____C () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2010-04-16 14:20 - 2010-04-16 14:20 - 00016384 ___RC () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-27 12:40 - 2010-05-27 12:40 - 00270336 ____C () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4283896459-4070683001-661046522-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{50C7F3E8-6E60-423A-B46F-3DC214994230}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\outlook.exe
FirewallRules: [TCP Query User{F817796F-D1BE-40E8-B850-34C469C4BFE7}J:\sierra\homeworld\homeworld.exe] => (Block) J:\sierra\homeworld\homeworld.exe
FirewallRules: [UDP Query User{53907F0C-1430-4707-B20A-8B839660B27F}J:\sierra\homeworld\homeworld.exe] => (Block) J:\sierra\homeworld\homeworld.exe
FirewallRules: [{60BED522-7048-4614-A78E-CEE1492E8F48}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{69CB5957-64B5-4E65-A9AB-C55E7742DB41}] => (Allow) C:\Program Files\CiscoVUSB\CiscoVUSB.exe
FirewallRules: [{C66CB724-A04B-45C8-B936-3B576666210D}] => (Allow) LPort=19540
FirewallRules: [{CC76641C-E18A-40AE-B2FC-7F0920CD8EEA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{748D493A-95EB-4424-8DE6-5C07E143350D}] => (Allow) LPort=2869
FirewallRules: [{A2CE4B7E-55F0-45D9-9255-1EE477A1F083}] => (Allow) LPort=1900
FirewallRules: [{3582C34E-3B5A-45B3-B772-D7E18A6752D6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{02BC4CDA-F5AF-4981-90B2-04F564D80BDE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{C7679190-61CF-4020-9C31-3E19D963D107}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CBEADF5F-FEEA-42A4-833A-8F8C23E10831}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{AC0A33DB-757F-427B-807E-917F418AB5F2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8CC6AA64-B6AF-43B2-B712-0D939947C86C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{79344B3E-9170-49B1-8EFE-5B9A323A4915}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6B6B82DE-02C8-4D9C-A132-9D1B366F529F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/28/2015 07:58:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: tapisrv.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c9d7
Exception code: 0xc0000005
Fault offset: 0x000007fef92fbaa8
Faulting process id: 0xf94
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3
Error: (04/28/2015 02:00:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: tapisrv.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c9d7
Exception code: 0xc0000005
Fault offset: 0x000007fef68cbaa8
Faulting process id: 0x434
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3
Error: (04/27/2015 08:15:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000005
Fault offset: 0x000000000004f884
Faulting process id: 0xa48
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3
Error: (04/27/2015 07:14:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17728, time stamp: 0x55024724
Faulting module name: Flash32_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529d7e1
Exception code: 0xc0000005
Fault offset: 0x006aad14
Faulting process id: 0xd64
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (04/27/2015 01:35:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: tapisrv.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c9d7
Exception code: 0xc0000005
Fault offset: 0x000007fef960baa8
Faulting process id: 0x434
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3
Error: (04/26/2015 09:01:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: tapisrv.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c9d7
Exception code: 0xc0000005
Fault offset: 0x000007fef6d2baa8
Faulting process id: 0x12dc
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3
Error: (04/26/2015 09:59:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: tapisrv.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c9d7
Exception code: 0xc0000005
Fault offset: 0x000007feec56baa8
Faulting process id: 0x494
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3
Error: (04/24/2015 11:07:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17728, time stamp: 0x55024724
Faulting module name: Flash32_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529d7e1
Exception code: 0xc0000005
Fault offset: 0x006aacca
Faulting process id: 0xa48
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (04/24/2015 04:39:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17728, time stamp: 0x55024724
Faulting module name: Flash32_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529d7e1
Exception code: 0xc0000005
Fault offset: 0x006aacca
Faulting process id: 0x1114
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (04/22/2015 09:47:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: tapisrv.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c9d7
Exception code: 0xc0000005
Fault offset: 0x000007fef6ddbaa8
Faulting process id: 0x450
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3
System errors:
=============
Error: (04/28/2015 09:22:30 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error:
%%1056
Error: (04/28/2015 09:22:30 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Telephony service, but this action failed with the following error:
%%1056
Error: (04/28/2015 07:58:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Collector service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
Error: (04/28/2015 07:58:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Telephony service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
Error: (04/28/2015 07:58:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
Error: (04/28/2015 07:58:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (04/28/2015 07:58:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
Error: (04/28/2015 07:58:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
Error: (04/28/2015 02:02:39 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error:
%%1056
Error: (04/28/2015 02:00:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (01/19/2015 00:11:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 545 seconds with 420 seconds of active time. This session ended with a crash.
Error: (01/18/2015 11:22:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 74 seconds with 60 seconds of active time. This session ended with a crash.
Error: (09/09/2013 02:45:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/24/2013 11:04:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-07-08 09:58:14.197
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-08 08:33:46.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-08 07:25:33.152
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-04-12 17:04:06.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-04-12 16:50:52.377
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-04-12 16:37:11.758
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-04-12 16:20:02.810
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-04-12 14:26:50.612
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-04-12 13:45:32.893
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 33%
Total physical RAM: 4094.18 MB
Available physical RAM: 2703.33 MB
Total Pagefile: 8186.54 MB
Available Pagefile: 6273.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:233.88 GB) (Free:186.11 GB) NTFS
Drive j: (New Volume) (Fixed) (Total:231.78 GB) (Free:191.29 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3A2DFFDB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=231.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================