Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser.exe (chrome) popping up windows. Chrome is not installed.


  • This topic is locked This topic is locked
6 replies to this topic

#1 p0rks0da

p0rks0da

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 27 August 2014 - 11:04 AM

Getting Random Pop-up's from chrome browser.   based on other topics i've run FRST and am posting the logs below:
 
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by codyb (administrator) on YAK3446 on 27-08-2014 08:52:13
Running from C:\Users\codyb\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\net.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-12-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2230608 2012-12-07] (Trend Micro Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1415580972-807877903-1734353810-8992\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1415580972-807877903-1734353810-8992\...\Run: [ValidatorJoint] => C:\Windows\system32\rundll32.exe "C:\Users\codyb\AppData\Local\ValidatorJoint\ValidatorJoint.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-1415580972-807877903-1734353810-8992\...\Policies\system: [LogonHoursAction] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-02-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-02-02] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yakima-intranet.corp.yakima.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yakima-intranet.corp.yakima.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKCU - {517FAD47-56CD-44D0-A5BA-E98B3127B562} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=97E9E110-456C-43AA-AA3D-E4C588C17633&apn_sauid=C352A135-CA2A-4B09-8DA8-A639D4C6E08B
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.7.0_17\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.7.0_17\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0D221D00-A6ED-477C-8A91-41F3B660A832} http://astro/Reports$SQL05/Reserved.ReportViewerWebControl.axd?ReportSession=wzi51z45feqqjl553u0eiy32&ControlID=9f39db7775654d2f8a3c3cb6b0eb3d74&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.yakima.com/CACHE/stc/1/binaries/vpnweb.cab
Hosts: 184.9.153.66 sslvpn.yakima.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.104 10.0.0.106
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre1.7.0_17\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-05-29]
 
Chrome: 
=======
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [3015992 2012-12-06] (Trend Micro Inc.)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-03] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [572464 2012-10-30] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [3116160 2012-12-06] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-15] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-27 08:52 - 2014-08-27 08:52 - 00017519 _____ () C:\Users\codyb\Desktop\FRST.txt
2014-08-27 08:52 - 2014-08-27 08:52 - 00000000 ____D () C:\FRST
2014-08-27 08:51 - 2014-08-27 08:51 - 02103296 _____ (Farbar) C:\Users\codyb\Desktop\FRST64.exe
2014-08-20 13:58 - 2014-08-20 13:58 - 00000080 _____ () C:\Users\codyb\AppData\Roaming\mbam.context.scan
2014-08-20 13:57 - 2014-08-26 16:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 13:54 - 2014-08-20 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 13:54 - 2014-08-20 13:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 13:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-20 13:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-19 16:32 - 2014-08-19 16:32 - 00000000 ____D () C:\Users\codyb\AppData\Local\ValidatorJoint
2014-08-19 09:27 - 2014-08-19 09:29 - 00000000 ____D () C:\44bac4426703bac5f09a309f9f
2014-08-13 03:03 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 03:03 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 03:03 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 03:03 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 03:02 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 03:02 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 03:01 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 03:01 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 11:45 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 11:45 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 11:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 11:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 11:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 11:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 11:45 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 11:45 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 11:45 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 11:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 11:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 11:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 11:45 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 11:45 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 11:45 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 11:45 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 11:45 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 11:45 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 11:45 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 11:45 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 11:45 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 11:44 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 11:44 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 11:44 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 11:44 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 11:44 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 11:44 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 11:44 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 11:44 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 11:44 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 11:44 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 11:44 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 11:44 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 11:44 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 11:44 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 11:44 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 11:44 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 11:44 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 11:44 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 11:44 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 11:44 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 11:44 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 11:44 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 11:44 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 11:44 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 11:44 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 11:44 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 11:44 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 11:44 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 11:44 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 11:44 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 11:44 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 11:44 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 11:44 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 11:44 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 11:44 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 11:44 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 11:44 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 11:44 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 11:44 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 11:44 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 11:44 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 11:44 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 11:44 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 11:44 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 11:44 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 11:44 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 11:44 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 11:44 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 11:44 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 11:44 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 11:44 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 11:44 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 11:44 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 11:44 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 11:44 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 11:44 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 11:44 - 2014-07-15 20:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-12 11:44 - 2014-07-15 19:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-12 11:44 - 2014-07-15 19:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-12 11:44 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 11:44 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 11:44 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 11:43 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-12 11:43 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 11:43 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 11:43 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-07 14:49 - 2014-08-11 15:15 - 00161280 _____ () C:\Users\codyb\Desktop\Cost Statement July 2014.xls
2014-08-01 08:57 - 2014-08-01 08:57 - 00000000 __SHD () C:\Users\codyb\AppData\Local\EmieUserList
2014-08-01 08:57 - 2014-08-01 08:57 - 00000000 __SHD () C:\Users\codyb\AppData\Local\EmieSiteList
2014-07-31 03:06 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-07-31 03:04 - 2014-07-31 03:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-07-31 03:03 - 2014-07-31 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-07-31 03:03 - 2014-07-31 03:03 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-31 03:03 - 2014-07-31 03:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-07-31 03:03 - 2014-07-31 03:03 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-07-31 03:03 - 2014-07-31 03:03 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-07-31 03:03 - 2014-07-31 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-31 03:00 - 2014-07-31 03:06 - 00008344 _____ () C:\Windows\IE11_main.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-27 08:52 - 2014-08-27 08:52 - 00017519 _____ () C:\Users\codyb\Desktop\FRST.txt
2014-08-27 08:52 - 2014-08-27 08:52 - 00000000 ____D () C:\FRST
2014-08-27 08:51 - 2014-08-27 08:51 - 02103296 _____ (Farbar) C:\Users\codyb\Desktop\FRST64.exe
2014-08-27 08:47 - 2011-07-13 09:31 - 00009601 _____ () C:\Windows\cfgall.ini
2014-08-27 08:47 - 2011-07-13 09:14 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-08-27 08:46 - 2013-01-10 09:48 - 07151108 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-08-27 08:46 - 2011-07-13 09:31 - 03976922 _____ () C:\Windows\system32\TmInstall.log
2014-08-27 08:46 - 2009-07-13 22:10 - 01708943 _____ () C:\Windows\WindowsUpdate.log
2014-08-27 08:44 - 2012-11-09 20:47 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-26 18:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-26 16:27 - 2014-08-20 13:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 08:48 - 2013-02-20 14:33 - 00050431 _____ () C:\Windows\setupact.log
2014-08-25 12:08 - 2013-05-06 10:16 - 00040543 _____ () C:\Users\codyb\Desktop\Weekly AP Back-up.xlsx
2014-08-25 12:01 - 2013-07-03 17:58 - 00005097 _____ () C:\Windows\TMFilter.log
2014-08-25 08:45 - 2013-01-07 10:06 - 00094153 _____ () C:\Users\codyb\Desktop\Weekly AR Back-up.xlsx
2014-08-24 20:56 - 2009-07-13 22:13 - 00813698 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-21 15:19 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 15:19 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-20 13:58 - 2014-08-20 13:58 - 00000080 _____ () C:\Users\codyb\AppData\Roaming\mbam.context.scan
2014-08-20 13:54 - 2014-08-20 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 13:54 - 2014-08-20 13:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 13:54 - 2013-12-26 13:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-20 13:54 - 2013-02-18 13:28 - 00000000 ____D () C:\Users\codyb\AppData\Roaming\Malwarebytes
2014-08-20 13:54 - 2013-02-18 13:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-20 13:24 - 2011-05-29 09:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-20 13:24 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-20 13:23 - 2013-03-13 08:29 - 00243922 _____ () C:\Windows\PFRO.log
2014-08-19 16:32 - 2014-08-19 16:32 - 00000000 ____D () C:\Users\codyb\AppData\Local\ValidatorJoint
2014-08-19 09:29 - 2014-08-19 09:27 - 00000000 ____D () C:\44bac4426703bac5f09a309f9f
2014-08-13 22:10 - 2011-05-29 08:24 - 00000000 ____D () C:\ProgramData\Sonic
2014-08-13 16:52 - 2009-07-13 21:45 - 00462920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-13 16:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 03:34 - 2011-07-13 09:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 03:24 - 2013-08-14 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 03:17 - 2011-07-13 10:22 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 03:01 - 2014-04-22 17:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-11 15:15 - 2014-08-07 14:49 - 00161280 _____ () C:\Users\codyb\Desktop\Cost Statement July 2014.xls
2014-08-06 19:06 - 2014-08-12 11:43 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-12 11:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2011-07-13 09:34 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-01 08:57 - 2014-08-01 08:57 - 00000000 __SHD () C:\Users\codyb\AppData\Local\EmieUserList
2014-08-01 08:57 - 2014-08-01 08:57 - 00000000 __SHD () C:\Users\codyb\AppData\Local\EmieSiteList
2014-08-01 08:54 - 2011-07-13 10:31 - 00001415 _____ () C:\Users\codyb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 08:54 - 2011-07-13 10:30 - 00005528 __RSH () C:\Users\codyb\ntuser.pol
2014-08-01 08:54 - 2011-07-13 10:30 - 00000000 ____D () C:\Users\codyb
2014-07-31 16:41 - 2014-08-12 11:44 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 16:16 - 2014-08-12 11:44 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 03:06 - 2014-07-31 03:00 - 00008344 _____ () C:\Windows\IE11_main.log
2014-07-31 03:04 - 2014-07-31 03:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-07-31 03:03 - 2014-07-31 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-07-31 03:03 - 2014-07-31 03:03 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-31 03:03 - 2014-07-31 03:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-07-31 03:03 - 2014-07-31 03:03 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-07-31 03:03 - 2014-07-31 03:03 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-07-31 03:03 - 2014-07-31 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
 
Files to move or delete:
====================
C:\Users\codyb\gotomypc_540.exe
 
 
Some content of TEMP:
====================
C:\Users\codyb\AppData\Local\Temp\3rrhumla.vtj.exe
C:\Users\codyb\AppData\Local\Temp\fbew4yf2.2mx.exe
C:\Users\codyb\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\codyb\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\codyb\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\codyb\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\codyb\AppData\Local\Temp\la5mlnpp.hbw.exe
C:\Users\codyb\AppData\Local\Temp\plyl5vy5.ri4.exe
C:\Users\codyb\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-18 22:15
 
==================== End Of Log ============================
 
Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by codyb at 2014-08-27 08:53:16
Running from C:\Users\codyb\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.22 - STMicroelectronics)
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Cisco AnyConnect VPN Client (HKLM-x32\...\{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}) (Version: 2.5.6005 - Cisco Systems, Inc.)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Custom (Version: 12.34.56.789 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3225 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Dell ControlVault Host Components Installer 64 bit (Version: 2.0.20.159 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00000.085 - Dell Inc.)
Dell Data Protection | Access (Version: 01.01.00.085 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.116 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
EMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
Fonality HUD 3.5 (HKLM-x32\...\HUD 3.5.0) (Version:  - Fonality)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GoToMeeting 4.8.0.723 (HKCU\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
Heroes of Might & Magic V: Hammers of Fate (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200091}) (Version:  - )
Heroes of Might and Magic (HKLM-x32\...\{BD18C262-3A6F-423C-9058-45683555879C}) (Version: 1.00.000 - Ubisoft)
Heroes of Might and Magic 2 (HKLM-x32\...\{4A782C5E-CCD3-44D1-A998-A05B845921B6}) (Version: 1.00.000 - Ubisoft)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\{E93C513B-4AEC-4432-86C7-65F82C141D54}) (Version: 1.00.000 - Ubisoft)
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version:  - )
Heroes of Might and Magic® III (HKLM-x32\...\Heroes of Might and Magic® III) (Version:  - )
HUDAddin (HKLM-x32\...\{E256EE2A-F0F4-4815-AD1C-1996F5D2F7C8}) (Version: 1.0.1 - Fonality)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 15.7.176.1 (HKLM\...\PROSetDX) (Version: 15.7.176.1 - Dell)
Intel® Network Connections 15.7.176.1 (Version: 15.7.176.1 - Dell) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2347 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017F0}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LeechFTP  (HKLM-x32\...\LeechFTP) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Monarch Pro 8.00 (HKLM-x32\...\{2480B3DF-5914-4DAA-8510-DCAB3F43C0C2}) (Version: 8.00 - Datawatch)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
NVIDIA 3D Vision Driver 266.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.96 - NVIDIA Corporation)
NVIDIA Control Panel 266.96 (Version: 266.96 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 266.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.96 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA nView 135.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.60 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13560 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.21 (Version: 1.0.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6696 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.21 - NVIDIA Corporation) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Trend Micro OfficeScan Client (HKLM-x32\...\OfficeScanNT) (Version: 10.6.3205 - Trend Micro)
Trusted Drive Manager (Version: 4.0.0.512 - Wave Systems Corp.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) Hidden
WebEx (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1415580972-807877903-1734353810-8992_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\ShellExtension.dll No File
CustomCLSID: HKU\S-1-5-21-1415580972-807877903-1734353810-8992_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points  =========================
 
05-08-2014 07:12:21 Windows Update
12-08-2014 18:38:07 Windows Update
13-08-2014 10:00:32 Windows Update
19-08-2014 16:27:11 Windows Update
25-08-2014 15:36:13 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2014-08-24 20:39 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts
 
184.9.153.66 sslvpn.yakima.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1E3D325D-A82A-460A-B199-C57C1FF5AA60} - System32\Tasks\{E1BA75B1-55E0-473B-81EB-679816C88204} => C:\Program Files (x86)\Fonality\HUD3.5\HUD3.exe [2011-01-20] ()
Task: {4AFFA626-6F55-4436-BEC4-DAE735A086FA} - System32\Tasks\{5C8B1A02-5FA2-48A6-8F46-1C507C2E27F2} => Iexplore.exe http://ui.skype.com/ui/0/6.5.0.158/en/eula?source=lightinstaller
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-13 11:34 - 2011-01-20 01:53 - 00766464 _____ () C:\Windows\system32\hudtapi_x64.tsp
2008-01-31 16:24 - 2008-01-31 23:24 - 00014848 _____ () C:\Windows\System32\KOBZEA_L.dll
2011-05-29 08:01 - 2003-04-18 19:06 - 00008192 _____ () c:\Windows\SysWOW64\srvany.exe
2011-05-29 09:22 - 2010-12-30 03:11 - 00615016 _____ () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
2010-11-10 20:53 - 2010-11-10 20:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2011-05-29 10:03 - 2011-03-28 10:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-05-29 07:59 - 2010-12-17 08:24 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-05-13 08:42 - 2007-05-16 12:42 - 00089088 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll
2013-01-09 11:36 - 2011-04-01 14:16 - 00801792 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2007-04-05 13:54 - 2007-04-05 13:54 - 00020480 _____ () C:\Program Files (x86)\Fonality\HUDAddin\HUDAddin.dll
2013-09-03 06:54 - 2013-09-03 06:54 - 02897280 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Program Files (x86)\NetTerm:AFP_AfpInfo
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/27/2014 08:46:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"1".
Dependent Assembly 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/27/2014 08:46:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"1".
Dependent Assembly 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/26/2014 08:47:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 56145306
 
Error: (08/26/2014 08:47:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 56145306
 
Error: (08/26/2014 08:47:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/25/2014 05:12:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19563
 
Error: (08/25/2014 05:12:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19563
 
Error: (08/25/2014 05:12:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/25/2014 05:12:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18533
 
Error: (08/25/2014 05:12:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18533
 
 
System errors:
=============
Error: (08/27/2014 08:50:32 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (08/27/2014 08:48:19 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (08/27/2014 08:45:00 AM) (Source: ipnathlp) (EventID: 30005) (User: )
Description: 10.4.0.1192.168.137.1
 
Error: (08/27/2014 08:44:41 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (08/27/2014 08:43:14 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain YAKCORP due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/26/2014 06:52:44 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/26/2014 06:35:45 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{990decbc-8a0f-11e0-bbd7-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4771FE60-4F3B-4DA5-8213-CD37FC717D6F}
 
Error: (08/26/2014 06:05:46 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: YAKCORP)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/26/2014 06:05:45 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain YAKCORP due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/26/2014 05:22:48 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
 
Microsoft Office Sessions:
=========================
Error: (08/27/2014 08:46:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"C:\$Recycle.Bin\S-1-5-21-1415580972-807877903-1734353810-8992\$R0QL1VJ.exe
 
Error: (08/27/2014 08:46:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"C:\$Recycle.Bin\S-1-5-21-1415580972-807877903-1734353810-8992\$R8QTEOS.exe
 
Error: (08/26/2014 08:47:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 56145306
 
Error: (08/26/2014 08:47:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 56145306
 
Error: (08/26/2014 08:47:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/25/2014 05:12:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19563
 
Error: (08/25/2014 05:12:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19563
 
Error: (08/25/2014 05:12:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/25/2014 05:12:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18533
 
Error: (08/25/2014 05:12:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18533
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2540M CPU @ 2.60GHz
Percentage of memory in use: 58%
Total physical RAM: 3976.9 MB
Available physical RAM: 1636.45 MB
Total Pagefile: 7951.98 MB
Available Pagefile: 4577.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:139.75 GB) NTFS
Drive h: (Data) (Network) (Total:3499.87 GB) (Free:1290.21 GB) NTFS
Drive l: (Archive) (Network) (Total:499.87 GB) (Free:367.94 GB) NTFS
Drive m: (Data) (Network) (Total:3499.87 GB) (Free:1290.21 GB) NTFS
Drive p: (Data) (Network) (Total:3499.87 GB) (Free:1290.21 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 2C9E0C71)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Thanks for your help.  Wish Malwarebytes would get on top of this one!
 
Mod Edit:  Merged posts - Hamluis.
 
Sorry for multiple posts your site keeps telling me there was an error.  Unfortunately there is no option to delete the other posts =/
I have found a quick fix that stops the pop ups.  It doesnt remove the problem but does stop the annoying pop ups.
find the directory that browser.exe is in.  kill all the processes using task manager.
delete the file browser.exe.  quickly create a text file, save it as browser.exe then set it to read only.
this prevents the executable from re-spawning and stops the pop ups.  still hoping for a permanent solution from someone.

Edited by hamluis, 27 August 2014 - 12:45 PM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 27 August 2014 - 02:15 PM

Hi there,

neat quick fix. :)
How is your computer running after the following steps?


Step 1

Please download this attached Attached File  fixlist.txt   318bytes   4 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#3 p0rks0da

p0rks0da
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 28 August 2014 - 11:44 AM

Thank you so much for your help!

 

Eset log:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b2e0d0a80773dc4ba699579a8fee8e70
# engine=19873
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-27 10:36:05
# local_time=2014-08-27 03:36:05 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 160722415 0 0
# scanned=218518
# found=2
# cleaned=0
# scan_time=9022
sh=D4FABB54E41AFC4FD6D305828B218CD01FC4B303 ft=1 fh=a9436332578ab92e vn="a variant of Win32/Kryptik.CJGL trojan" ac=I fn="C:\FRST\Quarantine\C\Users\codyb\AppData\Local\ValidatorJoint\ValidatorJoint.dll"
sh=D4FABB54E41AFC4FD6D305828B218CD01FC4B303 ft=1 fh=a9436332578ab92e vn="a variant of Win32/Kryptik.CJGL trojan" ac=I fn="C:\Users\codyb\AppData\LocalLow\rswnwae.dll"
 
 
FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by codyb (administrator) on YAK3446 on 28-08-2014 09:36:18
Running from C:\Users\codyb\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\net.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-12-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2230608 2012-12-07] (Trend Micro Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1415580972-807877903-1734353810-8992\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1415580972-807877903-1734353810-8992\...\Policies\system: [LogonHoursAction] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-02-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-02-02] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yakima-intranet.corp.yakima.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yakima-intranet.corp.yakima.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.7.0_17\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.7.0_17\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.yakima.com/CACHE/stc/1/binaries/vpnweb.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.104 10.0.0.106
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre1.7.0_17\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-05-29]
 
Chrome: 
=======
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [3015992 2012-12-06] (Trend Micro Inc.)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-03] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [572464 2012-10-30] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [3116160 2012-12-06] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-15] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-27 13:02 - 2014-08-27 13:02 - 02347384 _____ (ESET) C:\Users\codyb\Desktop\esetsmartinstaller_enu.exe
2014-08-27 13:02 - 2014-08-27 13:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-27 08:53 - 2014-08-27 08:54 - 00038593 _____ () C:\Users\codyb\Desktop\Addition.txt
2014-08-27 08:52 - 2014-08-28 09:36 - 00017309 _____ () C:\Users\codyb\Desktop\FRST.txt
2014-08-27 08:52 - 2014-08-28 09:36 - 00000000 ____D () C:\FRST
2014-08-27 08:51 - 2014-08-27 08:51 - 02103296 _____ (Farbar) C:\Users\codyb\Desktop\FRST64.exe
2014-08-20 13:58 - 2014-08-20 13:58 - 00000080 _____ () C:\Users\codyb\AppData\Roaming\mbam.context.scan
2014-08-20 13:57 - 2014-08-27 09:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 13:54 - 2014-08-20 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 13:54 - 2014-08-20 13:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 13:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-20 13:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-19 09:27 - 2014-08-19 09:29 - 00000000 ____D () C:\44bac4426703bac5f09a309f9f
2014-08-13 03:03 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 03:03 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 03:03 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 03:03 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 03:02 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 03:02 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 03:01 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 03:01 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 11:45 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 11:45 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 11:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 11:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 11:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 11:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 11:45 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 11:45 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 11:45 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 11:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 11:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 11:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 11:45 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 11:45 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 11:45 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 11:45 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 11:45 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 11:45 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 11:45 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 11:45 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 11:45 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 11:44 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 11:44 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 11:44 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 11:44 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 11:44 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 11:44 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 11:44 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 11:44 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 11:44 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 11:44 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 11:44 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 11:44 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 11:44 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 11:44 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 11:44 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 11:44 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 11:44 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 11:44 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 11:44 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 11:44 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 11:44 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 11:44 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 11:44 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 11:44 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 11:44 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 11:44 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 11:44 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 11:44 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 11:44 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 11:44 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 11:44 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 11:44 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 11:44 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 11:44 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 11:44 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 11:44 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 11:44 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 11:44 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 11:44 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 11:44 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 11:44 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 11:44 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 11:44 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 11:44 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 11:44 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 11:44 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 11:44 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 11:44 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 11:44 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 11:44 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 11:44 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 11:44 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 11:44 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 11:44 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 11:44 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 11:44 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 11:44 - 2014-07-15 20:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-12 11:44 - 2014-07-15 19:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-12 11:44 - 2014-07-15 19:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-12 11:44 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 11:44 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 11:44 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 11:43 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-12 11:43 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 11:43 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 11:43 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-07 14:49 - 2014-08-11 15:15 - 00161280 _____ () C:\Users\codyb\Desktop\Cost Statement July 2014.xls
2014-08-01 08:57 - 2014-08-01 08:57 - 00000000 __SHD () C:\Users\codyb\AppData\Local\EmieUserList
2014-08-01 08:57 - 2014-08-01 08:57 - 00000000 __SHD () C:\Users\codyb\AppData\Local\EmieSiteList
2014-07-31 03:06 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-07-31 03:04 - 2014-07-31 03:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-07-31 03:03 - 2014-07-31 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-07-31 03:03 - 2014-07-31 03:03 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-31 03:03 - 2014-07-31 03:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-07-31 03:03 - 2014-07-31 03:03 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-07-31 03:03 - 2014-07-31 03:03 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-07-31 03:03 - 2014-07-31 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-31 03:00 - 2014-07-31 03:06 - 00008344 _____ () C:\Windows\IE11_main.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-28 09:37 - 2014-08-27 08:52 - 00017309 _____ () C:\Users\codyb\Desktop\FRST.txt
2014-08-28 09:36 - 2014-08-27 08:52 - 00000000 ____D () C:\FRST
2014-08-28 08:38 - 2009-07-13 22:10 - 01813588 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 08:26 - 2012-11-09 20:47 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-28 08:26 - 2011-07-13 09:14 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-08-28 03:01 - 2013-01-10 09:48 - 07183288 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-08-28 03:01 - 2011-07-13 09:31 - 03994086 _____ () C:\Windows\system32\TmInstall.log
2014-08-28 03:01 - 2011-07-13 09:31 - 00009601 _____ () C:\Windows\cfgall.ini
2014-08-27 13:05 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-27 13:05 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-27 13:02 - 2014-08-27 13:02 - 02347384 _____ (ESET) C:\Users\codyb\Desktop\esetsmartinstaller_enu.exe
2014-08-27 13:02 - 2014-08-27 13:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-27 13:00 - 2013-07-03 17:58 - 00005164 _____ () C:\Windows\TMFilter.log
2014-08-27 12:59 - 2011-05-29 08:24 - 00000000 ____D () C:\ProgramData\Sonic
2014-08-27 12:58 - 2011-05-29 09:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-27 12:58 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 12:57 - 2013-03-13 08:29 - 00548936 _____ () C:\Windows\PFRO.log
2014-08-27 12:57 - 2013-02-20 14:33 - 00050487 _____ () C:\Windows\setupact.log
2014-08-27 12:57 - 2009-07-13 21:45 - 00462920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 09:24 - 2014-08-20 13:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 08:54 - 2014-08-27 08:53 - 00038593 _____ () C:\Users\codyb\Desktop\Addition.txt
2014-08-27 08:51 - 2014-08-27 08:51 - 02103296 _____ (Farbar) C:\Users\codyb\Desktop\FRST64.exe
2014-08-26 18:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-25 12:08 - 2013-05-06 10:16 - 00040543 _____ () C:\Users\codyb\Desktop\Weekly AP Back-up.xlsx
2014-08-25 08:45 - 2013-01-07 10:06 - 00094153 _____ () C:\Users\codyb\Desktop\Weekly AR Back-up.xlsx
2014-08-24 20:56 - 2009-07-13 22:13 - 00813698 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-20 13:58 - 2014-08-20 13:58 - 00000080 _____ () C:\Users\codyb\AppData\Roaming\mbam.context.scan
2014-08-20 13:54 - 2014-08-20 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 13:54 - 2014-08-20 13:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 13:54 - 2013-02-18 13:28 - 00000000 ____D () C:\Users\codyb\AppData\Roaming\Malwarebytes
2014-08-20 13:54 - 2013-02-18 13:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 09:29 - 2014-08-19 09:27 - 00000000 ____D () C:\44bac4426703bac5f09a309f9f
2014-08-13 16:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 03:34 - 2011-07-13 09:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 03:24 - 2013-08-14 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 03:17 - 2011-07-13 10:22 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 03:01 - 2014-04-22 17:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-11 15:15 - 2014-08-07 14:49 - 00161280 _____ () C:\Users\codyb\Desktop\Cost Statement July 2014.xls
2014-08-06 19:06 - 2014-08-12 11:43 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-12 11:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2011-07-13 09:34 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-01 08:57 - 2014-08-01 08:57 - 00000000 __SHD () C:\Users\codyb\AppData\Local\EmieUserList
2014-08-01 08:57 - 2014-08-01 08:57 - 00000000 __SHD () C:\Users\codyb\AppData\Local\EmieSiteList
2014-08-01 08:54 - 2011-07-13 10:31 - 00001415 _____ () C:\Users\codyb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 08:54 - 2011-07-13 10:30 - 00005528 __RSH () C:\Users\codyb\ntuser.pol
2014-08-01 08:54 - 2011-07-13 10:30 - 00000000 ____D () C:\Users\codyb
2014-07-31 16:41 - 2014-08-12 11:44 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 16:16 - 2014-08-12 11:44 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 03:06 - 2014-07-31 03:00 - 00008344 _____ () C:\Windows\IE11_main.log
2014-07-31 03:04 - 2014-07-31 03:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-07-31 03:03 - 2014-07-31 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-07-31 03:03 - 2014-07-31 03:03 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-31 03:03 - 2014-07-31 03:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-07-31 03:03 - 2014-07-31 03:03 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-07-31 03:03 - 2014-07-31 03:03 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-07-31 03:03 - 2014-07-31 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-07-31 03:03 - 2014-07-31 03:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-31 03:03 - 2014-07-31 03:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
 
Files to move or delete:
====================
C:\Users\codyb\gotomypc_540.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-18 22:15
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 28 August 2014 - 11:57 AM

Very good, this worked well. Let's remove one more remnant and we're done.


Please download this attached Attached File  fixlist.txt   43bytes   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • I don't need the log file.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 12 ActiveX
Java 7 Update 17
Java 6 Update 24




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#5 p0rks0da

p0rks0da
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 28 August 2014 - 12:01 PM

Thank You Sir! you rock!



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 28 August 2014 - 12:02 PM

You're very welcome!

#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 28 August 2014 - 12:02 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users