Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

iexplore.exe*32 and chrome.exe*32 multiple processes in task manager [


  • This topic is locked This topic is locked

#1
badgerduck

badgerduck

    New Member

  • Member
  • Pip
  • 8 posts

I am running Win 7 64 bit and IE 8.  System running very slow when on internet.  Task manager reveals multiple iexplore.exe*32 using lots of memory when on IE.  When I open to the internet with Google I get multiple chrome.exe*32 processes.  When I am off the internet no issues in task manager.  I have Malwarebytes actively protecting my system as well as MS Security Essentials.  Neither program indicates a problem. I occasionally use Java but do not leave it on the computer after use.  I did accidentally leave it on after using it a couple weeks ago.  I uninstalled it and incinerated it with System Mechanic just now.  I've read multiple posting on this and other sites concerning these issues with ie and chrome exe*32 processes but do not know how to proceed.  I would be very grateful for assistance.  Below are the FRST64 logs.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by Randy (administrator) on OFFICE on 28-04-2015 23:28:23
Running from C:\Users\Randy\Desktop
Loaded Profiles: Randy (Available profiles: Randy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Seagate Technology LLC) J:\SEAGATE\Sync\FreeAgentService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\SystemGuardAlerter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Cisco Consumer Products LLC) C:\Program Files\CiscoVUSB\CiscoVUSB.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Seagate LLC) J:\SEAGATE\FreeAgent Status\stxmenumgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] => J:\SEAGATE\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-26] (Seagate LLC)
HKLM-x32\...\Run: [ioloLiveBoost] => C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe [5482104 2015-02-12] (iolo technologies, LLC)
HKU\S-1-5-21-4283896459-4070683001-661046522-1000\...\RunOnce: [Adobe Speed Launcher] => 1430227738
HKU\S-1-5-21-4283896459-4070683001-661046522-1000\...\MountPoints2: {496223ac-cd40-11e3-9e9e-001aa094bc0c} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4283896459-4070683001-661046522-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2012-09-15] (Microsoft Corporation)
Startup: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cisco VUSB.lnk [2013-03-07]
ShortcutTarget: Cisco VUSB.lnk -> C:\Program Files\CiscoVUSB\CiscoVUSB.exe (Cisco Consumer Products LLC)
BootExecute: autocheck autochk * ⱽ뫠ౖፉ῔ጔ吠ొ䡐ፊ覠౗覠౗

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4283896459-4070683001-661046522-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-09-14] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-09-14] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-19]
CHR Extension: (Google Docs) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-19]
CHR Extension: (Google Drive) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-19]
CHR Extension: (YouTube) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-19]
CHR Extension: (Google Search) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-19]
CHR Extension: (Google Sheets) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-19]
CHR Extension: (Bookmark Manager) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-19]
CHR Extension: (Gmail) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 FreeAgentGoNext Service; J:\SEAGATE\Sync\FreeAgentService.exe [189736 2009-09-26] (Seagate Technology LLC)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4702920 2015-02-12] (iolo technologies, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
R3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [304480 2013-03-31] (silex technology, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 23:28 - 2015-04-28 23:28 - 00010485 ____C () C:\Users\Randy\Desktop\FRST.txt
2015-04-28 23:28 - 2015-04-28 23:28 - 00000000 ___DC () C:\FRST
2015-04-28 23:27 - 2015-04-28 23:27 - 02100736 ____C (Farbar) C:\Users\Randy\Desktop\FRST64.exe
2015-04-28 21:22 - 2015-04-28 21:22 - 00037888 ____C () C:\Users\Randy\Documents\May 4-10.xls
2015-04-24 13:57 - 2015-04-25 11:08 - 00037376 ____C () C:\Users\Randy\Documents\April 27th- May 3rd.xls
2015-04-20 18:17 - 2015-04-20 18:17 - 00036864 ____C () C:\Users\Randy\Documents\April 20th-26th.xls
2015-04-14 17:54 - 2015-04-14 18:33 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 17:54 - 2015-04-14 18:33 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 17:54 - 2015-04-14 18:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 17:54 - 2015-04-14 18:33 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 17:54 - 2015-04-14 18:33 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 17:54 - 2015-04-14 18:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 17:54 - 2015-04-14 18:27 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 17:54 - 2015-04-14 18:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 17:54 - 2015-04-14 18:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 17:54 - 2015-04-14 18:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 17:54 - 2015-04-14 18:26 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 17:54 - 2015-04-14 18:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 17:54 - 2015-04-14 18:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 17:54 - 2015-04-14 18:26 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 17:53 - 2015-04-14 18:26 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 17:53 - 2015-04-14 18:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 17:53 - 2015-04-14 18:25 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 17:53 - 2015-04-14 18:24 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 17:53 - 2015-04-14 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 17:53 - 2015-04-14 18:24 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 17:53 - 2015-04-14 18:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 17:53 - 2015-04-14 18:24 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 17:53 - 2015-04-14 18:24 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 17:53 - 2015-04-14 18:24 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 17:53 - 2015-04-14 18:24 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 17:53 - 2015-04-14 18:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 17:53 - 2015-04-14 18:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 17:53 - 2015-04-14 18:24 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 17:53 - 2015-04-14 18:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 17:53 - 2015-04-14 18:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 17:50 - 2015-04-14 18:24 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 17:50 - 2015-04-14 18:24 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 17:50 - 2015-04-14 18:23 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-10 14:43 - 2015-04-10 14:43 - 00036864 ____C () C:\Users\Randy\Documents\April 13th-19th.xls
2015-04-05 20:23 - 2015-04-05 20:23 - 00036864 ____C () C:\Users\Randy\Desktop\April 13th-19th.xls
2015-04-05 20:22 - 2015-04-05 20:22 - 00038400 ____C () C:\Users\Randy\Desktop\April 6th-12th.xls
2015-04-05 19:25 - 2015-04-05 19:24 - 00038400 ____C () C:\Users\Randy\Documents\April 6th-12th.xls
2015-04-05 00:13 - 2015-04-05 00:13 - 00000000 __SDC () C:\Windows\SysWOW64\GWX
2015-04-05 00:13 - 2015-04-05 00:13 - 00000000 __SDC () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 23:11 - 2012-09-13 18:59 - 00000830 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-28 22:42 - 2009-07-13 23:45 - 00022768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-28 22:42 - 2009-07-13 23:45 - 00022768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-28 22:30 - 2012-09-13 12:04 - 01348569 ____C () C:\Windows\WindowsUpdate.log
2015-04-28 22:29 - 2014-11-19 23:17 - 00000898 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-28 15:29 - 2014-11-19 23:17 - 00000894 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-28 13:41 - 2014-11-19 23:19 - 00002183 ____C () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-28 07:46 - 2014-11-03 10:43 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-28 07:45 - 2009-07-14 00:13 - 00786578 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-04-28 07:41 - 2014-10-27 15:21 - 00022996 ____C () C:\Windows\setupact.log
2015-04-28 07:41 - 2009-07-14 00:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-04-20 16:21 - 2012-09-13 12:05 - 00000000 ___DC () C:\Users\Randy
2015-04-19 21:39 - 2009-07-14 00:08 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-16 22:08 - 2012-09-13 18:59 - 00778416 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 22:08 - 2012-09-13 18:59 - 00142512 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 22:08 - 2012-09-13 18:59 - 00003768 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 17:35 - 2012-09-30 21:13 - 00000000 ___DC () C:\Users\Randy\.epaysol
2015-04-16 17:32 - 2013-10-02 06:54 - 00000000 ___DC () C:\ProgramData\Oracle
2015-04-16 08:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 08:24 - 2009-07-13 22:20 - 00000000 ___DC () C:\Windows\AppCompat
2015-04-14 18:39 - 2014-12-10 14:50 - 00000000 ___DC () C:\Windows\system32\appraiser
2015-04-14 18:39 - 2014-05-06 09:40 - 00000000 __SDC () C:\Windows\system32\CompatTel
2015-04-14 18:39 - 2009-07-13 22:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions
2015-04-14 18:35 - 2012-09-13 13:14 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2015-04-14 18:34 - 2012-09-13 12:56 - 00778700 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 18:32 - 2013-08-14 11:32 - 00000000 ___DC () C:\Windows\system32\MRT
2015-04-14 18:27 - 2012-09-13 23:11 - 128913832 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-13 22:30 - 2014-04-13 08:33 - 00000000 ___DC () C:\Users\Randy\Documents\TurboTax
2015-04-07 09:29 - 2012-09-13 18:55 - 00788456 ____C () C:\Windows\PFRO.log
2015-04-07 09:01 - 2009-07-14 00:09 - 00000000 ___DC () C:\Windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2013-01-02 16:48 - 2013-01-02 16:48 - 0000017 ____C () C:\Users\Randy\AppData\Local\resmon.resmoncfg
2014-05-17 10:27 - 2014-05-17 10:27 - 2440206 ____C () C:\Users\Randy\AppData\Local\[j0012]-[p01].bmp
2014-05-17 10:27 - 2014-05-17 10:27 - 2440206 ____C () C:\Users\Randy\AppData\Local\[j0012]-[p02].bmp
2014-05-17 10:27 - 2014-05-17 10:27 - 2440206 ____C () C:\Users\Randy\AppData\Local\[j0012]-[p03].bmp
2014-05-17 10:27 - 2014-05-17 10:27 - 2440206 ____C () C:\Users\Randy\AppData\Local\[j0012]-[p04].bmp
2013-03-07 18:20 - 2013-03-07 18:21 - 0000638 ____C () C:\ProgramData\hpzinstall.log
2013-02-16 13:07 - 2015-02-16 15:40 - 0000935 ____C () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some zero byte size files/folders:
==========================
C:\Windows\System32\ahmkun.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-24 13:48

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by Randy at 2015-04-28 23:29:03
Running from C:\Users\Randy\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4283896459-4070683001-661046522-500 - Administrator - Disabled)
Guest (S-1-5-21-4283896459-4070683001-661046522-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4283896459-4070683001-661046522-1002 - Limited - Enabled)
Randy (S-1-5-21-4283896459-4070683001-661046522-1000 - Administrator - Enabled) => C:\Users\Randy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
ATI AVIVO64 Codecs (Version: 11.6.0.50527 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{EDA9E418-06E0-1FCB-1210-838F1ED5FBE6}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Canon CanoScan 8800F User Registration (HKLM-x32\...\Canon CanoScan 8800F User Registration) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CanoScan 8800F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805) (Version:  - )
Carbonite Online Backup Setup (HKLM-x32\...\Carbonite Setup Lite) (Version: 3.8.0 - Carbonite Inc.)
ccc-core-static (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
Cisco VUSB (HKLM\...\Cisco VUSB) (Version: 1.2.0 - Cisco Consumer Products LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Homeworld (HKLM-x32\...\Homeworld) (Version:  - )
HydraVision (x32 Version: 4.2.166.0 - ATI Technologies Inc.) Hidden
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.5.0 - iolo technologies, LLC)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mavis Beacon Teaches Typing Deluxe 20 (HKLM-x32\...\{23B591D7-1C20-44FB-97C2-6953AE67DE18}) (Version: 20.00.0000 - Broderbund)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Presto! PageManager 7.15.16 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) Hidden
System Mechanic 12 Professional (x32 Version: 14.5.0 - ) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4283896459-4070683001-661046522-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> No File Path

==================== Restore Points  =========================

28-04-2015 07:48:13 Removed Java 8 Update 45

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ___AC C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {129667F0-2999-42D8-9BDB-3DB96C70AA15} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2015-02-12] (iolo technologies, LLC)
Task: {29107762-E81F-4D8A-A30A-BB6E5C1C67B1} - System32\Tasks\{895E9983-8CBC-4A6A-9BBF-2672A00F0563} => pcalua.exe -a D:\setup.exe -d D:\
Task: {526CBB5E-60BC-465C-B8E8-69B827C3C9B2} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-05] (Microsoft Corporation)
Task: {57BE99C2-0C3F-49D8-8CF4-6F5CB83A6E04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-19] (Google Inc.)
Task: {95579A3D-0375-4EF1-8F13-489B31C6B36C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-19] (Google Inc.)
Task: {A3324054-DDA7-4E3E-9B74-8BE109C0D7BA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-05] (Microsoft Corporation)
Task: {A9DDAFF4-7143-4ADC-8CF8-36A10BCB16B0} - System32\Tasks\{DEAD6DCD-77EE-41E7-2BA8-B150E9B7DC91} => C:\Windows\system32\zhnzron.dll/s "C:\Windows\system32\zhnzron.dll"
Task: {B0B3C9DA-FDE8-41E8-99D2-3477086AD487} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-05] (Microsoft Corporation)
Task: {C0BE6949-B2AC-4F8D-8A7A-78107C02C863} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {C34243EF-4121-47FD-A443-CC793C743E83} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-04-05] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-09-13 19:24 - 2006-09-20 08:35 - 00020480 ____C () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2013-03-07 18:40 - 2013-03-31 18:31 - 00281600 ____C () C:\Program Files\CiscoVUSB\Svlscapi.dll
2012-09-13 19:24 - 2006-10-30 16:59 - 00024576 ____C () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2010-04-16 14:20 - 2010-04-16 14:20 - 00016384 ___RC () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-27 12:40 - 2010-05-27 12:40 - 00270336 ____C () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4283896459-4070683001-661046522-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{50C7F3E8-6E60-423A-B46F-3DC214994230}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\outlook.exe
FirewallRules: [TCP Query User{F817796F-D1BE-40E8-B850-34C469C4BFE7}J:\sierra\homeworld\homeworld.exe] => (Block) J:\sierra\homeworld\homeworld.exe
FirewallRules: [UDP Query User{53907F0C-1430-4707-B20A-8B839660B27F}J:\sierra\homeworld\homeworld.exe] => (Block) J:\sierra\homeworld\homeworld.exe
FirewallRules: [{60BED522-7048-4614-A78E-CEE1492E8F48}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{69CB5957-64B5-4E65-A9AB-C55E7742DB41}] => (Allow) C:\Program Files\CiscoVUSB\CiscoVUSB.exe
FirewallRules: [{C66CB724-A04B-45C8-B936-3B576666210D}] => (Allow) LPort=19540
FirewallRules: [{CC76641C-E18A-40AE-B2FC-7F0920CD8EEA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{748D493A-95EB-4424-8DE6-5C07E143350D}] => (Allow) LPort=2869
FirewallRules: [{A2CE4B7E-55F0-45D9-9255-1EE477A1F083}] => (Allow) LPort=1900
FirewallRules: [{3582C34E-3B5A-45B3-B772-D7E18A6752D6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{02BC4CDA-F5AF-4981-90B2-04F564D80BDE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{C7679190-61CF-4020-9C31-3E19D963D107}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CBEADF5F-FEEA-42A4-833A-8F8C23E10831}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{AC0A33DB-757F-427B-807E-917F418AB5F2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8CC6AA64-B6AF-43B2-B712-0D939947C86C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{79344B3E-9170-49B1-8EFE-5B9A323A4915}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6B6B82DE-02C8-4D9C-A132-9D1B366F529F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2015 07:58:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: tapisrv.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c9d7
Exception code: 0xc0000005
Fault offset: 0x000007fef92fbaa8
Faulting process id: 0xf94
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3

Error: (04/28/2015 02:00:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: tapisrv.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c9d7
Exception code: 0xc0000005
Fault offset: 0x000007fef68cbaa8
Faulting process id: 0x434
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3

Error: (04/27/2015 08:15:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000005
Fault offset: 0x000000000004f884
Faulting process id: 0xa48
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3

Error: (04/27/2015 07:14:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17728, time stamp: 0x55024724
Faulting module name: Flash32_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529d7e1
Exception code: 0xc0000005
Fault offset: 0x006aad14
Faulting process id: 0xd64
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (04/27/2015 01:35:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: tapisrv.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c9d7
Exception code: 0xc0000005
Fault offset: 0x000007fef960baa8
Faulting process id: 0x434
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3

Error: (04/26/2015 09:01:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: tapisrv.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c9d7
Exception code: 0xc0000005
Fault offset: 0x000007fef6d2baa8
Faulting process id: 0x12dc
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3

Error: (04/26/2015 09:59:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: tapisrv.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c9d7
Exception code: 0xc0000005
Fault offset: 0x000007feec56baa8
Faulting process id: 0x494
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3

Error: (04/24/2015 11:07:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17728, time stamp: 0x55024724
Faulting module name: Flash32_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529d7e1
Exception code: 0xc0000005
Fault offset: 0x006aacca
Faulting process id: 0xa48
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (04/24/2015 04:39:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17728, time stamp: 0x55024724
Faulting module name: Flash32_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529d7e1
Exception code: 0xc0000005
Fault offset: 0x006aacca
Faulting process id: 0x1114
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (04/22/2015 09:47:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TapiSrv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: tapisrv.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7c9d7
Exception code: 0xc0000005
Fault offset: 0x000007fef6ddbaa8
Faulting process id: 0x450
Faulting application start time: 0xsvchost.exe_TapiSrv0
Faulting application path: svchost.exe_TapiSrv1
Faulting module path: svchost.exe_TapiSrv2
Report Id: svchost.exe_TapiSrv3

System errors:
=============
Error: (04/28/2015 09:22:30 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error:
%%1056

Error: (04/28/2015 09:22:30 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Telephony service, but this action failed with the following error:
%%1056

Error: (04/28/2015 07:58:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Collector service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (04/28/2015 07:58:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Telephony service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (04/28/2015 07:58:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Network Location Awareness service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (04/28/2015 07:58:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Workstation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/28/2015 07:58:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (04/28/2015 07:58:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cryptographic Services service terminated unexpectedly.  It has done this 2 time(s).

Error: (04/28/2015 02:02:39 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error:
%%1056

Error: (04/28/2015 02:00:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Collector service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (01/19/2015 00:11:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 545 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (01/18/2015 11:22:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 74 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (09/09/2013 02:45:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/24/2013 11:04:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2013-07-08 09:58:14.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-08 08:33:46.688
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-08 07:25:33.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-12 17:04:06.531
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-12 16:50:52.377
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-12 16:37:11.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-12 16:20:02.810
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-12 14:26:50.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-12 13:45:32.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 33%
Total physical RAM: 4094.18 MB
Available physical RAM: 2703.33 MB
Total Pagefile: 8186.54 MB
Available Pagefile: 6273.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:233.88 GB) (Free:186.11 GB) NTFS
Drive j: (New Volume) (Fixed) (Total:231.78 GB) (Free:191.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3A2DFFDB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=231.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

Let's get started.

 

You mentioned...

Task manager reveals multiple iexplore.exe*32 using lots of memory when on IE.  When I open to the internet with Google I get multiple chrome.exe*32 processes.

 

 

This is very normal. In each browser you can have many tabs open. Each tab in Internet Explorer will create a iexplore.exe*32 process and each tab in Chrome will create a chrome.exe*32. There appears to be some minor things in your log that will clean up however.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   467bytes   92 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

 

Items for your next post

1. FRST Fix Log

2. Adwcleaner log

 


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP