Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with CloudScolut all link redirect in IE


  • This topic is locked This topic is locked
2 replies to this topic

#1 trentglover

trentglover

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 16 June 2015 - 03:55 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by tglover (administrator) on TGLOVER-PC on 15-06-2015 16:48:15
Running from C:\Users\tglover\Downloads
Loaded Profiles: tglover & hadoop & MSSQL$TGLOVER & MsDtsServer110 & MsDtsServer120 & MSSQLFDLauncher$TGLOVER (Available Profiles: keld & KMatson & tglover & test & hadoop & Administrator & MSSQL$TGLOVER & MsDtsServer110 & MsDtsServer120 & MSSQLFDLauncher$TGLOVER & SQLAgent$TGLOVER)
Platform: Windows 8.1 Enterprise (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft) C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\datanode.exe
(International Business Machines Corporation) C:\Program Files (x86)\Quest Software\Toad for Data Analysis 2.0\DB2 Client\BIN\db2mgmtsvc.exe
(Azul Systems Inc.) C:\Azul\zulu1.7.0_65-7.6.0.1-win64\bin\java.exe
(Microsoft) C:\hdp\hive-0.13.0.2.1.3.0-1981\bin\derbyserver.exe
(Microsoft) C:\hdp\hive-0.13.0.2.1.3.0-1981\bin\hiveserver2.exe
(Azul Systems Inc.) C:\Azul\zulu1.7.0_65-7.6.0.1-win64\bin\java.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Azul Systems Inc.) C:\Azul\zulu1.7.0_65-7.6.0.1-win64\bin\java.exe
(Microsoft) C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\jobhistoryserver.exe
(Azul Systems Inc.) C:\Azul\zulu1.7.0_65-7.6.0.1-win64\bin\java.exe
(Microsoft) C:\hdp\hive-0.13.0.2.1.3.0-1981\bin\metastore.exe
(Azul Systems Inc.) C:\Azul\zulu1.7.0_65-7.6.0.1-win64\bin\java.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.TGLOVER\MSSQL\Binn\sqlservr.exe
(Microsoft) C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\namenode.exe
(Azul Systems Inc.) C:\Azul\zulu1.7.0_65-7.6.0.1-win64\bin\java.exe
(Microsoft) C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\nodemanager.exe
(Azul Systems Inc.) C:\Azul\zulu1.7.0_65-7.6.0.1-win64\bin\java.exe
(Microsoft Corporation) C:\hdp\oozie-4.0.0.2.1.3.0-1981\Service\oozieservice.exe
(Microsoft) C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\resourcemanager.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Azul Systems Inc.) C:\Azul\zulu1.7.0_65-7.6.0.1-win64\bin\java.exe
(Microsoft) C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\secondarynamenode.exe
(Azul Systems Inc.) C:\Azul\zulu1.7.0_65-7.6.0.1-win64\bin\java.exe
(Azul Systems Inc.) C:\Azul\zulu1.7.0_65-7.6.0.1-win64\bin\java.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft) C:\hdp\hive-0.13.0.2.1.3.0-1981\hcatalog\bin\templeton.exe
(Azul Systems Inc.) C:\Azul\zulu1.7.0_65-7.6.0.1-win64\bin\java.exe
() C:\Windows\wnavga.exe
(Microsoft Corporation) C:\hdp\zookeeper-3.4.5.2.1.3.0-1981\bin\zkServer.exe
(Azul Systems Inc.) C:\Azul\zulu1.7.0_65-7.6.0.1-win64\bin\java.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.TGLOVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.TGLOVER\MSSQL\Binn\fdhost.exe
() C:\Windows\System32\nvwmi64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft) C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\timelineserver.exe
(Azul Systems Inc.) C:\Azul\zulu1.7.0_65-7.6.0.1-win64\bin\java.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsComProviderSvr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\lync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\tglover\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\tglover\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\tglover\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\tglover\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\tglover\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\NAMECONTROLSERVER.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1437064 2011-10-29] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2727568 2015-04-26] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [Client Access Service] => C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [14336 2010-01-15] (IBM Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.shs <====== ATTENTION
HKLM Group Policy restriction on software: *.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.php <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %SystemRoot%\System32\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ShadownOn.vbs <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Cafe.ApplicationEngine.Gui.exe <====== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27748520 2015-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\...\Run: [GoogleChromeAutoLaunch_A40A9BCA4AD0F5B9B9633849CB8C0E60] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.)
HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\...\Run: [Amazon Music] => C:\Users\tglover\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] ()
HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\...\Run: [Spotify Web Helper] => C:\Users\tglover\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-12] (Spotify Ltd)
HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\...\Run: [Spotify] => C:\Users\tglover\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-06-12] (Spotify Ltd)
HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 1
Startup: C:\Users\tglover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-11-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [TfsOverlayAdd] -> {D4DD7FC6-066F-442a-A200-DD21649CF378} => C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.DLL [2011-12-06] ()
ShellIconOverlayIdentifiers: [TfsOverlayControlled] -> {EFF5DF4C-7662-4ed7-B533-837D3319D311} => C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.DLL [2011-12-06] ()
ShellIconOverlayIdentifiers: [TfsOverlayEdit] -> {FF529703-3398-4c98-B88D-13F784CB10A2} => C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.DLL [2011-12-06] ()
ShellIconOverlayIdentifiers: [TfsOverlayLock] -> {EAB6FC01-3462-4dc9-8C94-75582E3DC3CA} => C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.DLL [2011-12-06] ()
ShellIconOverlayIdentifiers: [TfsOverlayRename] -> {F15E94B9-9522-42bd-8A73-569BCBE5A5EA} => C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.DLL [2011-12-06] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mwi/IS/Lists/Tasks/PersonalViews.aspx?PageView=Personal&ShowWebPart={BEB2F14D-5487-481B-8FE9-C2CF13302A02}
URLSearchHook: [S-1-5-21-2210049890-4252281374-3614404233-1028] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-1177830468-1670515343-1518423175-1077028120-2924655340] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-3642287774-1615985598-572449333-1370030010-3123895339] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-3663238608-2594041704-2628201136-4104037510-1393234070] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2210049890-4252281374-3614404233-1028 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-3642287774-1615985598-572449333-1370030010-3123895339 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-09] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-27] (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-09] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-30] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-27] (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-30] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-27] (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {9E616C9F-0300-44D0-B409-EF2ACA075B3B} http://sawtoothtest/CPMActiveX.CAB
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.16.6.1 172.16.32.140
 
FireFox:
========
FF ProfilePath: C:\Users\tglover\AppData\Roaming\Mozilla\Firefox\Profiles\gyy1gkuo.default
FF NetworkProxy: "user_pref("extensions.enableScopes", 15);type", 4);user_pref("extensions.autoDisableScopes", 0
FF NetworkProxy: "user_pref("extensions.enableScopes", 15);type", 4
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1848361099-3947739595-4097488237-6457: @citrixonline.com/appdetectorplugin -> C:\Users\tglover\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-10-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-1848361099-3947739595-4097488237-6457: LWAPlugin15.8 -> C:\Users\tglover\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\tglover\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Extension: Firefox Security Update - C:\Users\tglover\AppData\Roaming\Mozilla\Firefox\Profiles\gyy1gkuo.default\Extensions\jid1-sXWNoXABeFqKYg@jetpack.xpi [2015-05-20]
FF Extension: Firefox Security Update - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-sXWNoXABeFqKYg@jetpack.xpi [2015-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-06-02]
FF Extension: No Name - C:\Users\tglover\AppData\Roaming\Mozilla\Firefox\Profiles\gyy1gkuo.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\tglover\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\tglover\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-30]
CHR Extension: (Google Drive) - C:\Users\tglover\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-30]
CHR Extension: (YouTube) - C:\Users\tglover\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]
CHR Extension: (Google Search) - C:\Users\tglover\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]
CHR Extension: (AdBlock) - C:\Users\tglover\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-30]
CHR Extension: (Kindle Cloud Reader) - C:\Users\tglover\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-09-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\tglover\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Dealz) - C:\Users\tglover\AppData\Local\Google\Chrome\User Data\Default\Extensions\manaobgbdfpjjjnheogfghmjbikhjnlf [2015-06-12]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\tglover\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-07-29]
CHR Extension: (Google Wallet) - C:\Users\tglover\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Transcribe: transcribe audio/interviews fast!) - C:\Users\tglover\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm [2015-01-19]
CHR Extension: (Gmail) - C:\Users\tglover\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
CHR Extension: (Extutil) - C:\Users\tglover\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2015-06-05]
CHR Extension: (Managera) - C:\Users\tglover\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2015-06-05]
CHR HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eeafbffkmccheohnooflcnppngmobeoe] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ellbonkjdmgdghkojcjmomekmjpdffde] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fllgpcmelbfhcligbphaaplminjpbiad] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hpjocjloojeicikiokfiekcdpojgfefc] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jmnkgjdfgnjhmnopgmkcpigenfhgajdj] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfbhfniohjdklgcmbmemnpaimpdaikea] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [manaobgbdfpjjjnheogfghmjbikhjnlf] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oaobejgaaiojgggjojlcpbembaoajbmc] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eeafbffkmccheohnooflcnppngmobeoe] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ellbonkjdmgdghkojcjmomekmjpdffde] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fllgpcmelbfhcligbphaaplminjpbiad] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hpjocjloojeicikiokfiekcdpojgfefc] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmnkgjdfgnjhmnopgmkcpigenfhgajdj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfbhfniohjdklgcmbmemnpaimpdaikea] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [manaobgbdfpjjjnheogfghmjbikhjnlf] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oaobejgaaiojgggjojlcpbembaoajbmc] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-06-09] (Microsoft Corporation)
S3 Cwbrxd; C:\WINDOWS\cwbrxd.exe [94208 2010-01-15] (IBM Corporation) [File not signed]
R2 datanode; C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\datanode.exe [13824 2014-07-15] (Microsoft) [File not signed]
R2 DB2MGMTSVC_TACOM20; C:\Program Files (x86)\Quest Software\Toad for Data Analysis 2.0\DB2 Client\BIN\db2mgmtsvc.exe [35616 2007-07-23] (International Business Machines Corporation)
S3 DB2NTSECSERVER_TACOM20; C:\Program Files (x86)\Quest Software\Toad for Data Analysis 2.0\DB2 Client\BIN\db2sec.exe [14112 2007-07-23] (International Business Machines Corporation)
R2 derbyserver; C:\hdp\hive-0.13.0.2.1.3.0-1981\bin\derbyserver.exe [13824 2014-03-18] (Microsoft) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 hiveserver2; C:\hdp\hive-0.13.0.2.1.3.0-1981\bin\hiveserver2.exe [13824 2014-03-18] (Microsoft) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jobhistoryserver; C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\jobhistoryserver.exe [13824 2014-07-15] (Microsoft) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 metastore; C:\hdp\hive-0.13.0.2.1.3.0-1981\bin\metastore.exe [13824 2014-03-18] (Microsoft) [File not signed]
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218816 2014-05-15] (Microsoft Corporation)
R2 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [216736 2014-07-26] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12768 2011-09-02] (Microsoft Corporation)
R2 MSSQL$TGLOVER; C:\Program Files\Microsoft SQL Server\MSSQL12.TGLOVER\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation)
R3 MSSQLFDLauncher$TGLOVER; C:\Program Files\Microsoft SQL Server\MSSQL12.TGLOVER\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
R2 namenode; C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\namenode.exe [13824 2014-07-15] (Microsoft) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288256 2011-09-02] (Microsoft Corporation)
R2 nodemanager; C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\nodemanager.exe [13824 2014-07-15] (Microsoft) [File not signed]
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2693448 2015-04-26] ()
R2 oozieservice; C:\hdp\oozie-4.0.0.2.1.3.0-1981\Service\oozieservice.exe [33280 2014-07-15] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 resourcemanager; C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\resourcemanager.exe [13824 2014-07-15] (Microsoft) [File not signed]
R2 secondarynamenode; C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\secondarynamenode.exe [13824 2014-07-15] (Microsoft) [File not signed]
S3 SQLAgent$TGLOVER; C:\Program Files\Microsoft SQL Server\MSSQL12.TGLOVER\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5490448 2015-06-01] (TeamViewer GmbH)
R2 templeton; C:\hdp\hive-0.13.0.2.1.3.0-1981\hcatalog\bin\templeton.exe [13824 2014-03-18] (Microsoft) [File not signed]
R2 timelineserver; C:\hdp\hadoop-2.4.0.2.1.3.0-1981\bin\timelineserver.exe [13824 2014-07-15] (Microsoft) [File not signed]
R2 vmms; C:\Windows\system32\vmms.exe [13784064 2015-03-31] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WinGraph; C:\WINDOWS\wnavga.exe [7680 2015-05-14] () [File not signed]
R2 zkServer; C:\hdp\zookeeper-3.4.5.2.1.3.0-1981\bin\zkServer.exe [29184 2014-07-15] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2014-06-04] (Microsoft Corporation)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2014-06-04] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189424 2011-10-05] (Microsoft Corporation)
S1 NEOFLTR_740_30611; C:\WINDOWS\system32\Drivers\NEOFLTR_740_30611.SYS [108344 2014-04-09] (Juniper Networks)
R3 NisDrv; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [84864 2011-10-05] (Microsoft Corporation)
S1 omci; C:\Windows\System32\drivers\omci.sys [31744 2006-03-01] (Dell Inc)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2014-06-04] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2014-06-04] (Microsoft Corporation)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R0 SI3132; C:\Windows\System32\drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2014-06-04] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S4 RsFx0201; system32\DRIVERS\RsFx0201.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-15 16:48 - 2015-06-15 16:48 - 00036132 _____ C:\Users\tglover\Downloads\FRST.txt
2015-06-15 16:48 - 2015-06-15 16:48 - 00000000 ____D C:\FRST
2015-06-15 16:47 - 2015-06-15 16:47 - 02109952 _____ (Farbar) C:\Users\tglover\Downloads\FRST64.exe
2015-06-15 16:36 - 2015-06-15 16:36 - 02057008 _____ C:\Users\tglover\Downloads\Adaware_Installer.exe
2015-06-15 16:36 - 2015-06-15 16:36 - 00000000 ____D C:\ProgramData\Lavasoft
2015-06-15 16:25 - 2015-06-15 16:25 - 00001406 _____ C:\Users\tglover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-15 15:02 - 2015-06-15 15:02 - 00000268 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{5DB92695-3914-4B3F-8984-839D11D26CB5}.job
2015-06-15 09:42 - 2015-06-15 09:42 - 00000000 ____D C:\Program Files (x86)\excalabar
2015-06-15 09:40 - 2015-06-15 09:40 - 00192188 _____ C:\Users\tglover\Downloads\excal32_200.zip
2015-06-15 09:38 - 2015-06-15 09:38 - 04892667 _____ (hewgill.com ) C:\Users\tglover\Downloads\HP15C-win32-install (3).exe
2015-06-15 09:37 - 2015-06-15 09:37 - 04892667 _____ (hewgill.com ) C:\Users\tglover\Downloads\HP15C-win32-install (2).exe
2015-06-15 09:36 - 2015-06-15 09:37 - 04892667 _____ (hewgill.com ) C:\Users\tglover\Downloads\HP15C-win32-install (1).exe
2015-06-15 09:36 - 2015-06-15 09:36 - 04892667 _____ (hewgill.com ) C:\Users\tglover\Downloads\HP15C-win32-install.exe
2015-06-12 10:20 - 2015-06-12 10:20 - 02918140 _____ C:\Users\tglover\Documents\swampPlanOrig.sqlplan
2015-06-12 10:03 - 2015-06-12 10:03 - 02462120 _____ C:\Users\tglover\Documents\swampPlan.sqlplan
2015-06-11 15:24 - 2015-06-11 15:25 - 3532521472 _____ C:\Users\tglover\Downloads\Windows.iso
2015-06-11 15:11 - 2015-06-11 15:35 - 00000000 __RHD C:\ESD
2015-06-11 15:05 - 2015-06-11 15:05 - 00000898 _____ C:\Users\tglover\Desktop\Documents - Shortcut.lnk
2015-06-10 16:11 - 2015-06-10 16:12 - 00000000 ____D C:\Java
2015-06-10 15:55 - 2015-06-10 15:55 - 00116384 _____ (Microsoft Corporation) C:\Users\tglover\Downloads\HDINSIGHT (1).exe
2015-06-10 15:21 - 2015-06-10 17:02 - 00000000 ____D C:\Tutorials
2015-06-10 14:55 - 2015-06-10 14:55 - 01111476 _____ C:\Users\tglover\Downloads\commons-lang3-3.4-src.zip
2015-06-10 14:50 - 2015-06-10 14:50 - 02561490 _____ C:\Users\tglover\Downloads\commons-lang3-3.4-bin.zip
2015-06-09 17:33 - 2015-06-09 17:33 - 00000000 ____D C:\Users\tglover\git
2015-06-09 16:12 - 2015-06-10 14:03 - 00000000 ____D C:\Users\tglover\AppData\Local\Eclipse
2015-06-09 16:11 - 2015-06-10 14:13 - 00000000 ____D C:\Users\tglover\workspace
2015-06-09 14:23 - 2015-06-10 14:33 - 00000000 ____D C:\Program Files (x86)\eclipse
2015-06-09 14:13 - 2015-02-19 04:26 - 00000000 ____D C:\Users\tglover\Downloads\eclipse
2015-06-09 14:02 - 2015-06-09 14:12 - 162162770 _____ C:\Users\tglover\Downloads\eclipse-java-luna-SR2-win32-x86_64.zip
2015-06-09 12:45 - 2015-06-09 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Hive ODBC Driver 1.1 (64-bit)
2015-06-09 12:41 - 2015-06-09 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Hive ODBC Driver 1.1 (32-bit)
2015-06-09 12:35 - 2015-06-09 12:35 - 00000000 ____D C:\Users\tglover\AppData\Local\dftmp
2015-06-09 12:32 - 2015-06-09 12:32 - 00000000 ____D C:\ProgramData\VsTelemetry
2015-06-09 12:28 - 2015-06-09 12:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Azure Tools
2015-06-09 12:23 - 2015-06-10 09:27 - 03342336 _____ C:\Users\tglover\AzureStorageEmulatorDb40.mdf
2015-06-09 12:23 - 2015-06-10 09:27 - 00851968 _____ C:\Users\tglover\AzureStorageEmulatorDb40_log.ldf
2015-06-09 12:23 - 2015-06-09 12:45 - 00000000 ____D C:\Program Files\Microsoft Hive ODBC Driver
2015-06-09 12:23 - 2015-06-09 12:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Hive ODBC Driver
2015-06-09 12:23 - 2015-06-09 12:35 - 00000000 ____D C:\Users\tglover\AppData\Local\AzureStorageEmulator
2015-06-09 12:23 - 2015-06-09 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Hive ODBC Driver 1.0 (64-bit)
2015-06-09 12:23 - 2015-06-09 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Hive ODBC Driver 1.0 (32-bit)
2015-06-09 12:23 - 2015-06-09 12:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Azure Quickstarts
2015-06-09 11:59 - 2015-06-09 11:59 - 00000000 ____D C:\ProgramData\Microsoft Team Foundation Local Workspaces
2015-06-09 11:27 - 2015-06-09 11:27 - 00000000 ____D C:\Program Files (x86)\Windows Phone Silverlight Kits
2015-06-09 11:26 - 2015-06-09 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
2015-06-09 11:25 - 2015-06-09 11:25 - 00000000 ____D C:\Program Files (x86)\Microsoft XDE
2015-06-09 11:21 - 2015-06-09 11:21 - 00000000 ____D C:\Program Files (x86)\ReleaseManagement
2015-06-09 11:21 - 2015-06-09 11:21 - 00000000 ____D C:\Program Files (x86)\AppInsights
2015-06-09 10:53 - 2015-06-09 10:53 - 00000000 ____D C:\Program Files\Microsoft Identity Extensions
2015-06-09 10:53 - 2015-06-09 10:53 - 00000000 ____D C:\Program Files (x86)\Workflow Manager Tools
2015-06-09 10:53 - 2015-06-09 10:53 - 00000000 ____D C:\Program Files (x86)\Open XML SDK
2015-06-09 10:51 - 2015-06-09 10:51 - 00000000 ____D C:\Program Files\Windows Identity Foundation
2015-06-09 10:47 - 2015-06-09 10:47 - 00000000 ____D C:\Program Files (x86)\Windows Phone Kits
2015-06-08 14:51 - 2015-06-08 14:51 - 00000000 ____D C:\apache-maven-3.3.3-bin
2015-06-08 14:44 - 2015-06-09 16:10 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-06-08 14:44 - 2015-06-08 14:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-06-08 14:44 - 2015-06-08 14:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-06-08 14:43 - 2015-06-08 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-06-08 14:42 - 2015-06-09 16:10 - 00000000 ____D C:\Program Files\Java
2015-06-08 13:59 - 2015-06-08 13:59 - 00058874 _____ C:\Users\tglover\Documents\scalelog.csv
2015-06-08 13:55 - 2015-06-08 13:55 - 00058874 _____ C:\Users\tglover\Downloads\scalelog.csv
2015-06-08 13:53 - 2015-06-08 13:53 - 00058874 _____ C:\Users\tglover\Downloads\scalelog.log
2015-06-08 13:21 - 2015-06-08 13:21 - 00000000 ___HD C:\$WINDOWS.~BT
2015-06-08 12:59 - 2015-06-08 12:35 - 4139163648 _____ C:\Users\tglover\Downloads\en_windows_8.1_enterprise_with_update_x64_dvd_6054382.iso
2015-06-08 11:42 - 2015-06-09 22:44 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-08 11:42 - 2015-06-08 11:42 - 00002120 _____ C:\Users\test\Desktop\Google Chrome.lnk
2015-06-08 11:09 - 2015-06-08 13:03 - 00000000 ____D C:\ProgramData\0f3b5471928b4fd3834dad205fba7597
2015-06-08 11:09 - 2015-06-08 11:09 - 00003556 _____ C:\WINDOWS\System32\Tasks\DFOZSNJILP
2015-06-08 11:09 - 2015-06-08 11:09 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-08 10:20 - 2015-06-08 10:38 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-08 10:18 - 2015-06-08 11:02 - 00004944 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MWI-tglover tglover-pc.mwi.internal
2015-06-05 15:34 - 2015-06-11 14:47 - 00000000 ____D C:\WINDOWS\pss
2015-06-05 14:50 - 2013-08-22 07:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-06-05 14:44 - 2015-06-08 12:00 - 00003460 _____ C:\WINDOWS\System32\Tasks\Kocajnaid
2015-06-05 14:39 - 2015-06-08 11:52 - 00000000 ____D C:\Program Files\13
2015-06-05 14:39 - 2015-06-08 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZiperFly
2015-06-05 14:39 - 2013-01-06 05:42 - 00131002 _____ C:\WINDOWS\wuappl.exe
2015-06-05 14:39 - 2013-01-06 05:42 - 00131002 _____ C:\WINDOWS\memupdate.exe
2015-06-05 14:37 - 2015-06-08 12:03 - 00000000 ____D C:\Program Files\015
2015-06-05 14:37 - 2015-06-05 14:37 - 00004216 _____ C:\WINDOWS\System32\Tasks\Winupdate
2015-06-05 14:37 - 2015-06-05 14:37 - 00004194 _____ C:\WINDOWS\System32\Tasks\EssentialUpdateMachine
2015-06-05 14:37 - 2015-06-05 14:37 - 00000000 ____D C:\WINDOWS\Lists
2015-06-05 14:37 - 2015-05-14 01:13 - 00018557 _____ C:\WINDOWS\default.cfg
2015-06-05 14:37 - 2015-05-14 01:03 - 00007680 _____ C:\WINDOWS\wnavga.exe
2015-06-05 14:37 - 2015-05-14 01:03 - 00007680 _____ C:\WINDOWS\cfsvc.exe
2015-06-05 14:37 - 2015-04-25 03:18 - 00295424 _____ (Groom-A-Zebu ™ ) C:\WINDOWS\system32\ysxja.exe
2015-06-05 14:37 - 2015-04-25 03:18 - 00295424 _____ (Groom-A-Zebu ™ ) C:\WINDOWS\cygavb.exe
2015-06-05 14:37 - 2015-04-25 03:18 - 00053248 _____ C:\WINDOWS\zlib.dll
2015-06-05 14:37 - 2013-12-05 05:36 - 00003542 _____ C:\WINDOWS\mstdcvtr.bat
2015-06-05 14:37 - 2013-06-05 06:38 - 00004122 _____ C:\WINDOWS\plofgye
2015-06-05 14:37 - 2013-06-05 06:37 - 00004194 _____ C:\WINDOWS\soxe
2015-06-05 14:37 - 2013-06-05 06:36 - 00000038 _____ C:\WINDOWS\initcvtr.bat
2015-06-05 14:37 - 2013-01-06 05:43 - 00000074 _____ C:\WINDOWS\system32\Drivers\healusb.sys
2015-06-05 14:37 - 2013-01-06 05:43 - 00000074 _____ C:\WINDOWS\system32\cygwin.sys
2015-06-05 14:37 - 2012-07-09 09:02 - 00279552 _____ (Eric Lawrence) C:\WINDOWS\FiddlerCore4.dll
2015-06-05 14:24 - 2015-06-05 14:24 - 00001609 _____ C:\Users\test\Desktop\hp12c Classic.lnk
2015-06-05 14:24 - 2015-06-05 14:24 - 00001609 _____ C:\Users\KMatson\Desktop\hp12c Classic.lnk
2015-06-05 14:24 - 2015-06-05 14:24 - 00001609 _____ C:\Users\keld\Desktop\hp12c Classic.lnk
2015-06-05 14:24 - 2015-06-05 14:24 - 00001609 _____ C:\Users\hadoop\Desktop\hp12c Classic.lnk
2015-06-05 14:24 - 2015-06-05 14:24 - 00001609 _____ C:\Users\Administrator\Desktop\hp12c Classic.lnk
2015-06-05 14:11 - 2015-06-05 14:24 - 00000000 ____D C:\RPNCalc
2015-06-05 14:09 - 2015-06-15 14:48 - 00186706 _____ C:\Users\tglover\AppData\Local\Excal32.dat
2015-06-05 12:08 - 2015-06-05 12:08 - 00000000 ____D C:\hotfix
2015-06-05 12:08 - 2015-04-13 22:30 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-06-05 12:08 - 2015-04-13 22:29 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-06-05 12:08 - 2015-04-13 22:29 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-06-05 12:07 - 2015-06-05 12:07 - 01185864 _____ C:\Users\tglover\Downloads\483816_intl_x64_zip (1).exe
2015-06-05 12:06 - 2015-06-05 12:06 - 01185864 _____ C:\Users\tglover\Downloads\483816_intl_x64_zip.exe
2015-06-05 11:51 - 2015-06-05 11:51 - 00318344 _____ C:\WINDOWS\Minidump\060515-22843-01.dmp
2015-06-05 10:49 - 2015-06-05 10:49 - 00000000 ____D C:\Users\tglover\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-05 10:28 - 2015-06-05 10:28 - 00318400 _____ C:\WINDOWS\Minidump\060515-21375-02.dmp
2015-06-05 08:57 - 2015-06-05 08:57 - 00318360 _____ C:\WINDOWS\Minidump\060515-21359-01.dmp
2015-06-04 09:21 - 2015-06-04 09:21 - 00318328 _____ C:\WINDOWS\Minidump\060415-35312-01.dmp
2015-06-03 13:44 - 2015-06-03 14:37 - 02770432 _____ C:\Users\tglover\Documents\Commissions Adjustment Detail May-15.xls
2015-06-03 13:44 - 2015-06-03 14:37 - 00111616 _____ C:\Users\tglover\Documents\Commissions Adjustment May-15.xls
2015-06-03 09:55 - 2015-06-03 09:55 - 00012903 _____ C:\Users\tglover\Documents\srosroDD.xlsx
2015-06-03 08:53 - 2015-06-03 08:53 - 00000000 _____ C:\WINDOWS\Minidump\060315-31671-01.dmp
2015-06-02 14:37 - 2015-06-02 14:38 - 00000000 ____D C:\Integration Services Project2
2015-06-02 11:45 - 2015-06-02 11:45 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2015-06-02 11:43 - 2015-06-11 14:33 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-06-02 11:43 - 2015-06-11 14:33 - 00001519 _____ C:\WINDOWS\LkmdfCoInst.log
2015-06-02 11:43 - 2015-06-02 11:45 - 00006565 _____ C:\WINDOWS\LDPINST.LOG
2015-06-02 11:43 - 2015-06-02 11:43 - 00000000 ____D C:\Program Files\Logitech
2015-06-02 11:42 - 2015-06-02 11:45 - 00000000 ____D C:\Users\tglover\AppData\Roaming\Logitech
2015-06-02 11:42 - 2015-06-02 11:42 - 00000000 ____D C:\Users\tglover\AppData\Roaming\Logishrd
2015-06-02 11:39 - 2015-06-02 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-06-02 11:39 - 2015-06-02 11:45 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2015-06-02 11:39 - 2015-06-02 11:43 - 00000000 ____D C:\ProgramData\LogiShrd
2015-06-02 08:50 - 2015-06-02 08:50 - 00318224 _____ C:\WINDOWS\Minidump\060215-21937-01.dmp
2015-06-01 08:32 - 2015-06-01 08:32 - 00318232 _____ C:\WINDOWS\Minidump\060115-20671-01.dmp
2015-05-30 09:12 - 2015-04-23 06:56 - 04373461 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-05-30 09:11 - 2015-04-26 13:10 - 31514312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 24200520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 22992072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 17559432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 15294280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 13916600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 13828032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 12893896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-05-30 09:11 - 2015-04-26 13:10 - 11272240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 11209192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 04245648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 03987784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 02824176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 01908552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434161.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434161.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 00945480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 00909632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 00902344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-05-30 09:11 - 2015-04-26 13:10 - 00869064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-05-30 09:10 - 2015-05-30 09:10 - 00000000 ____D C:\NVIDIA
2015-05-30 08:18 - 2015-05-30 08:18 - 00000000 ____D C:\Users\keld\AppData\Local\GroupPolicy
2015-05-30 08:03 - 2015-05-30 08:03 - 00000000 ____D C:\Program Files (x86)\Intel
2015-05-30 08:03 - 2009-12-14 13:33 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2015-05-30 08:01 - 2015-05-30 08:01 - 00000000 ____D C:\Intel
2015-05-30 07:55 - 2015-05-30 10:47 - 00000000 ____D C:\Users\keld\AppData\Local\Deployment
2015-05-30 07:55 - 2015-05-30 07:55 - 00000000 ____D C:\Users\keld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-05-30 07:55 - 2015-05-30 07:55 - 00000000 ____D C:\Users\keld\AppData\Local\Apps\2.0
2015-05-30 06:46 - 2015-05-30 06:46 - 00000000 __SHD C:\Users\keld\AppData\Local\EmieUserList
2015-05-30 06:46 - 2015-05-30 06:46 - 00000000 __SHD C:\Users\keld\AppData\Local\EmieSiteList
2015-05-30 06:46 - 2015-05-30 06:46 - 00000000 __SHD C:\Users\keld\AppData\Local\EmieBrowserModeList
2015-05-30 06:45 - 2015-05-30 06:45 - 00003902 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{38079060-1CF3-46F4-A45E-C70DE6FF14D2}
2015-05-30 06:44 - 2015-05-30 07:44 - 00000000 ____D C:\Users\keld\AppData\Roaming\Skype
2015-05-30 06:44 - 2015-05-30 06:44 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2015-05-30 06:44 - 2015-05-30 06:44 - 00000000 ____D C:\Users\keld\AppData\Local\Skype
2015-05-30 06:43 - 2015-05-30 06:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-30 06:43 - 2015-05-30 06:43 - 00000000 ____D C:\ProgramData\Skype
2015-05-30 06:43 - 2015-05-30 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-30 06:42 - 2015-05-30 06:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-30 06:42 - 2015-05-30 06:42 - 00001887 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Center 2012 Endpoint Protection.lnk
2015-05-30 06:42 - 2015-05-30 06:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-05-30 06:41 - 2015-04-24 15:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-30 06:41 - 2015-04-13 16:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-05-30 06:41 - 2015-04-13 16:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-05-30 06:41 - 2015-04-08 16:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-05-30 06:41 - 2015-04-08 16:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-05-30 06:41 - 2015-04-01 16:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-05-30 06:41 - 2015-04-01 16:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-05-30 06:41 - 2015-03-31 21:30 - 13784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2015-05-30 06:41 - 2015-03-19 21:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-05-30 06:41 - 2015-03-19 21:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-05-30 06:41 - 2015-03-19 20:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-05-30 06:41 - 2015-03-19 20:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-05-30 06:41 - 2015-03-04 17:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-30 06:41 - 2015-03-01 19:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-05-30 06:41 - 2015-03-01 19:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-05-30 06:41 - 2015-01-05 21:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-05-30 06:41 - 2015-01-05 20:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-05-30 06:41 - 2015-01-05 19:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-05-30 06:41 - 2015-01-05 19:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-05-30 06:41 - 2014-11-15 13:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-05-30 06:41 - 2014-11-15 00:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-05-30 06:41 - 2014-11-14 00:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-05-30 06:41 - 2014-11-13 23:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-05-30 06:41 - 2014-11-10 12:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-05-30 06:41 - 2014-11-10 12:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-05-30 06:41 - 2014-11-10 12:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-05-30 06:41 - 2014-11-10 12:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-05-30 06:41 - 2014-11-09 20:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-05-30 06:41 - 2014-11-09 19:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-05-30 06:41 - 2014-11-09 19:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-05-30 06:41 - 2014-11-09 19:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-05-30 06:41 - 2014-11-09 19:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-05-30 06:41 - 2014-11-09 19:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-05-30 06:41 - 2014-11-09 19:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-05-30 06:41 - 2014-11-09 19:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-05-30 06:41 - 2014-11-09 18:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-05-30 06:41 - 2014-11-09 18:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-05-30 06:41 - 2014-11-07 22:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-05-30 06:41 - 2014-11-07 21:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-05-30 06:41 - 2014-11-07 21:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-05-30 06:41 - 2014-11-07 21:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-05-30 06:41 - 2014-11-07 21:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-05-30 06:41 - 2014-11-07 20:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-05-30 06:41 - 2014-11-07 20:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-05-30 06:41 - 2014-11-07 20:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-05-30 06:41 - 2014-11-07 19:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-05-30 06:41 - 2014-11-07 19:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-05-30 06:41 - 2014-11-06 21:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-05-30 06:41 - 2014-11-06 21:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-05-30 06:41 - 2014-11-04 20:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-05-30 06:41 - 2014-11-04 20:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-05-30 06:41 - 2014-11-04 20:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-05-30 06:41 - 2014-11-04 19:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-05-30 06:41 - 2014-11-04 19:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-05-30 06:41 - 2014-11-04 19:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-05-30 06:41 - 2014-11-04 19:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-05-30 06:41 - 2014-11-04 19:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-05-30 06:41 - 2014-11-04 19:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-05-30 06:41 - 2014-11-04 19:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-05-30 06:41 - 2014-11-04 19:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-05-30 06:41 - 2014-11-04 19:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-05-30 06:41 - 2014-11-04 19:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-05-30 06:41 - 2014-11-04 19:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-05-30 06:41 - 2014-11-04 13:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-05-30 06:41 - 2014-11-04 13:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-05-30 06:41 - 2014-11-04 13:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-05-30 06:41 - 2014-11-04 00:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-05-30 06:41 - 2014-11-04 00:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-05-30 06:41 - 2014-11-04 00:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-05-30 06:41 - 2014-11-04 00:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-05-30 06:41 - 2014-11-03 23:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-05-30 06:41 - 2014-10-30 18:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-05-30 06:41 - 2014-10-30 18:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-05-30 06:41 - 2014-10-28 21:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-05-30 06:41 - 2014-10-28 19:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-05-30 06:41 - 2014-10-28 19:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-05-30 06:41 - 2014-10-20 18:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-05-30 06:41 - 2014-10-20 18:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-05-30 06:41 - 2014-10-20 18:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-05-30 06:41 - 2014-10-20 18:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-05-30 06:41 - 2014-10-16 22:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-05-30 06:41 - 2014-10-16 21:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-05-30 06:40 - 2015-04-16 00:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-05-30 06:40 - 2015-04-09 18:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-05-30 06:40 - 2015-04-09 18:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-05-30 06:40 - 2015-03-31 22:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-05-30 06:40 - 2015-03-31 22:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-05-30 06:40 - 2015-03-31 22:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-05-30 06:40 - 2015-03-31 22:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-05-30 06:40 - 2015-03-31 21:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-05-30 06:40 - 2015-03-31 21:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-05-30 06:40 - 2015-03-31 21:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-05-30 06:40 - 2015-03-31 20:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-05-30 06:40 - 2015-03-31 20:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-05-30 06:40 - 2015-03-31 20:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-05-30 06:40 - 2015-03-31 20:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-05-30 06:40 - 2015-03-31 20:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-05-30 06:40 - 2015-03-31 20:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-05-30 06:40 - 2014-11-17 14:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-05-30 06:40 - 2014-11-17 14:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-05-30 06:40 - 2014-11-14 00:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-05-30 06:40 - 2014-11-14 00:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-05-30 06:40 - 2014-11-07 21:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-05-30 06:40 - 2014-11-07 21:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-05-30 06:40 - 2014-11-07 21:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-05-30 06:40 - 2014-11-07 21:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-05-30 06:40 - 2014-11-07 20:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-05-30 06:40 - 2014-11-04 00:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-05-30 06:40 - 2014-10-20 19:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-05-30 06:40 - 2014-10-20 19:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-05-30 06:40 - 2014-10-20 18:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-05-30 06:39 - 2015-05-30 10:26 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1848361099-3947739595-4097488237-14339
2015-05-30 06:34 - 2015-05-30 06:34 - 00000000 ____D C:\Users\keld\Documents\IBM
2015-05-30 06:34 - 2015-05-30 06:34 - 00000000 ____D C:\Users\keld\AppData\Roaming\IBM
2015-05-30 06:34 - 2015-05-30 06:34 - 00000000 ____D C:\Users\keld\AppData\Roaming\Apple Computer
2015-05-30 06:33 - 2015-06-10 10:45 - 00000000 ____D C:\Users\keld
2015-05-30 06:33 - 2015-05-30 06:35 - 00000000 ____D C:\Users\keld\AppData\Local\Packages
2015-05-30 06:33 - 2015-05-30 06:33 - 00005068 __RSH C:\Users\keld\ntuser.pol
2015-05-30 06:33 - 2015-05-30 06:33 - 00001406 _____ C:\Users\keld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-30 06:33 - 2015-05-30 06:33 - 00000020 ___SH C:\Users\keld\ntuser.ini
2015-05-30 06:33 - 2015-05-30 06:33 - 00000000 ____D C:\Users\keld\AppData\Roaming\Adobe
2015-05-30 06:33 - 2015-05-30 06:33 - 00000000 ____D C:\Users\keld\AppData\Local\VirtualStore
2015-05-30 06:33 - 2015-05-30 06:33 - 00000000 ____D C:\Users\keld\AppData\Local\Google
2015-05-30 06:33 - 2015-04-15 09:44 - 00000000 ___RD C:\Users\keld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-30 06:33 - 2015-03-06 16:21 - 00000000 ___RD C:\Users\keld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-30 06:33 - 2015-03-06 16:21 - 00000000 ___RD C:\Users\keld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-30 06:33 - 2014-02-21 22:37 - 00000369 _____ C:\Users\keld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-30 06:33 - 2014-02-21 22:37 - 00000369 _____ C:\Users\keld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-30 06:33 - 2013-11-05 10:48 - 00000000 ____D C:\Users\keld\AppData\Roaming\Macromedia
2015-05-30 06:33 - 2013-10-30 09:12 - 00000000 ____D C:\Users\keld\Documents\Visual Studio 2008
2015-05-30 06:33 - 2013-10-30 09:00 - 00000000 ____D C:\Users\keld\Documents\Visual Studio 2010
2015-05-30 06:33 - 2013-10-30 08:55 - 00000000 ____D C:\Users\keld\AppData\Local\Microsoft Help
2015-05-30 06:33 - 2013-10-30 08:47 - 00000000 ____D C:\Users\keld\Documents\Visual Studio 2012
2015-05-30 06:33 - 2013-08-22 09:36 - 00000000 ____D C:\Users\keld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-29 10:06 - 2015-05-29 10:07 - 00318224 _____ C:\WINDOWS\Minidump\052915-21218-01.dmp
2015-05-28 10:04 - 2015-05-28 10:04 - 00318216 _____ C:\WINDOWS\Minidump\052815-27562-01.dmp
2015-05-27 10:01 - 2015-05-27 10:01 - 00318216 _____ C:\WINDOWS\Minidump\052715-31046-01.dmp
2015-05-26 09:13 - 2015-05-26 09:13 - 00003896 _____ C:\Users\tglover\Downloads\DW_ValidationDetails (1).csv
2015-05-26 08:42 - 2015-06-04 09:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-05-26 08:42 - 2015-06-03 04:05 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10 Host.lnk
2015-05-26 08:42 - 2015-06-03 04:05 - 00000971 _____ C:\Users\Public\Desktop\TeamViewer 10 Host.lnk
2015-05-26 08:42 - 2015-05-26 08:42 - 08118272 _____ (TeamViewer) C:\Users\tglover\Downloads\TeamViewer_Host_Setup-idcjmr57v4.exe
2015-05-26 08:42 - 2015-05-26 08:42 - 00000000 ____D C:\Users\tglover\AppData\Roaming\TeamViewer
2015-05-26 08:27 - 2015-05-26 08:27 - 00318216 _____ C:\WINDOWS\Minidump\052615-22718-01.dmp
2015-05-22 11:36 - 2015-05-22 11:36 - 00318216 _____ C:\WINDOWS\Minidump\052215-29250-01.dmp
2015-05-20 12:40 - 2015-05-20 12:40 - 00000000 ____D C:\Users\tglover\Desktop\New folder (2)
2015-05-20 11:11 - 2015-04-30 14:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 11:11 - 2015-04-30 14:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 11:02 - 2015-05-20 11:02 - 00032169 _____ C:\Users\tglover\Downloads\M102 - Inches - Materials List - The statistics table for woodworking - EXCEL file.rar
2015-05-20 10:36 - 2015-04-09 18:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-20 10:36 - 2015-04-09 18:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-20 10:36 - 2015-03-17 11:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-20 10:36 - 2015-03-08 20:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-20 10:35 - 2015-04-30 17:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-20 10:35 - 2015-04-30 16:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-20 10:35 - 2015-04-13 16:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-20 10:35 - 2015-04-09 19:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-20 10:35 - 2015-04-09 18:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-20 10:35 - 2015-04-09 18:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-20 10:35 - 2015-04-02 18:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-20 10:35 - 2015-04-02 18:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-20 10:35 - 2015-04-01 16:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-20 10:35 - 2015-04-01 16:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-20 10:35 - 2015-03-31 21:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-20 10:35 - 2015-03-31 20:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-20 10:35 - 2015-03-19 19:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-20 10:35 - 2015-03-12 19:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-20 10:35 - 2015-03-12 18:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-20 10:35 - 2015-03-03 19:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-20 10:35 - 2015-03-03 19:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-20 10:35 - 2015-01-29 18:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-20 10:35 - 2014-11-14 00:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-20 10:34 - 2015-04-08 16:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-20 10:34 - 2015-03-29 23:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-20 10:34 - 2015-03-26 21:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-20 10:34 - 2015-03-26 20:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-20 10:34 - 2015-03-26 20:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-20 10:34 - 2015-03-12 22:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-20 10:34 - 2015-03-12 22:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-20 10:34 - 2015-03-12 20:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-20 10:34 - 2015-03-10 19:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-20 10:34 - 2015-03-10 19:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-20 10:34 - 2015-03-05 21:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-20 10:34 - 2015-03-05 20:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-20 10:34 - 2015-03-05 20:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-20 10:34 - 2015-02-17 17:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-20 10:33 - 2015-04-21 11:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-20 10:33 - 2015-04-21 10:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-20 10:33 - 2015-04-21 10:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-20 10:33 - 2015-04-21 10:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-20 10:33 - 2015-04-21 10:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-20 10:33 - 2015-04-21 10:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-20 10:33 - 2015-04-21 10:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-20 10:33 - 2015-04-21 10:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-20 10:33 - 2015-04-21 10:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-20 10:33 - 2015-04-21 10:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-20 10:33 - 2015-04-21 10:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-20 10:33 - 2015-04-21 10:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-20 10:33 - 2015-04-21 10:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-20 10:33 - 2015-04-21 10:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-20 10:33 - 2015-04-21 10:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-20 10:33 - 2015-04-21 09:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-20 10:33 - 2015-04-21 09:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-20 10:33 - 2015-04-21 09:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-20 10:33 - 2015-04-21 09:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-20 10:33 - 2015-04-21 09:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-20 10:33 - 2015-04-21 09:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-20 10:33 - 2015-04-21 09:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-20 10:33 - 2015-04-21 09:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-20 10:33 - 2015-04-21 09:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-20 10:33 - 2015-04-21 09:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-20 10:33 - 2015-04-21 09:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-20 10:33 - 2015-04-21 09:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-20 10:33 - 2015-04-21 09:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-20 10:33 - 2015-04-21 09:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-20 10:33 - 2015-04-21 09:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-20 10:33 - 2015-04-21 09:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-20 10:33 - 2015-04-21 09:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-20 10:33 - 2015-04-21 09:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-20 10:33 - 2015-04-21 09:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-20 10:33 - 2015-04-21 09:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-20 10:33 - 2015-04-21 09:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-20 10:33 - 2015-04-21 09:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-20 10:33 - 2015-04-21 08:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-20 10:33 - 2015-04-21 08:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-18 10:50 - 2015-05-20 10:28 - 00000331 _____ C:\Users\tglover\Documents\Edit4
2015-05-18 10:50 - 2015-05-18 10:50 - 00005113 _____ C:\Users\tglover\Documents\Edit4.bak
2015-05-17 13:05 - 2015-05-17 13:05 - 00040244 _____ C:\Users\tglover\Downloads\DW_ValidationDetails.csv
2015-05-17 13:03 - 2015-05-17 13:03 - 00171904 _____ C:\Users\tglover\Downloads\DW_ValidationDetails.xls
2015-05-16 07:22 - 2015-05-16 07:22 - 00131666 _____ C:\Users\tglover\Documents\Invalid Order Shipments 20150515.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-15 16:47 - 2013-09-30 04:12 - 01867902 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-15 16:42 - 2013-09-30 15:44 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 16:37 - 2013-10-10 15:28 - 00004946 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for {ba45f0b4-d0f3-4c82-a35b-8ab68a720e93} tglover-pc.mwi.internal
2015-06-15 16:30 - 2013-09-30 04:41 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1848361099-3947739595-4097488237-6457
2015-06-15 16:28 - 2014-06-04 13:03 - 27590656 _____ C:\WINDOWS\system32\vmguest.iso
2015-06-15 16:27 - 2013-09-30 04:37 - 00000000 ___DO C:\Users\tglover\SkyDrive
2015-06-15 16:26 - 2014-08-21 09:53 - 00000000 ___RD C:\Users\tglover\Google Drive
2015-06-15 16:26 - 2014-04-24 14:07 - 00000000 ____D C:\Users\tglover\AppData\Roaming\Spotify
2015-06-15 16:26 - 2014-04-24 14:07 - 00000000 ____D C:\Users\tglover\AppData\Local\Spotify
2015-06-15 16:26 - 2013-09-30 15:44 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 16:25 - 2013-09-30 13:47 - 00000000 ____D C:\Program Files\Dell
2015-06-15 16:24 - 2013-09-30 04:12 - 00000472 _____ C:\WINDOWS\system32\config\netlogon.ftl
2015-06-15 16:24 - 2013-08-22 08:46 - 00003515 _____ C:\WINDOWS\setupact.log
2015-06-15 16:24 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-15 16:21 - 2013-08-22 09:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-15 16:00 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-15 15:58 - 2013-01-08 09:43 - 00002328 ____H C:\Users\tglover\Documents\Default.rdp
2015-06-15 15:19 - 2014-12-09 10:07 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-15 15:16 - 2013-09-30 12:14 - 00074125 __RSH C:\ProgramData\ntuser.pol
2015-06-15 15:16 - 2013-09-30 04:14 - 00011570 __RSH C:\Users\tglover\ntuser.pol
2015-06-15 15:16 - 2013-09-30 04:12 - 00000000 ____D C:\Users\tglover
2015-06-15 15:03 - 2013-08-22 07:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-15 15:00 - 2013-09-30 04:08 - 00227762 _____ C:\WINDOWS\PFRO.log
2015-06-15 14:48 - 2013-01-08 13:02 - 00000000 ____D C:\Users\tglover\Documents\Visual Studio 2008
2015-06-15 14:48 - 2013-01-08 09:36 - 00000000 ____D C:\Users\tglover\Documents\SQL Server Management Studio
2015-06-15 12:15 - 2013-09-30 04:47 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5DB92695-3914-4B3F-8984-839D11D26CB5}
2015-06-13 23:44 - 2014-08-21 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-13 06:49 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-12 14:13 - 2013-01-21 11:39 - 00000000 ____D C:\Users\tglover\Documents\Visual Studio 2012
2015-06-12 08:16 - 2014-08-28 14:42 - 00020104 _____ C:\Users\tglover\Documents\myblocked.txt
2015-06-12 08:16 - 2013-01-09 14:31 - 00016409 ____H C:\Users\tglover\_viminfo
2015-06-12 08:13 - 2014-08-28 14:42 - 00020606 _____ C:\Users\tglover\Documents\myblocked.txt~
2015-06-11 15:38 - 2013-09-30 04:14 - 00000000 ____D C:\Users\tglover\AppData\Local\Packages
2015-06-11 11:17 - 2012-10-16 10:12 - 00000000 ____D C:\Temp
2015-06-10 17:20 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-10 14:51 - 2015-04-23 14:37 - 00000000 ____D C:\hdp
2015-06-10 10:45 - 2015-04-23 15:20 - 00000000 ____D C:\Users\hadoop
2015-06-10 10:45 - 2015-04-21 09:52 - 00000000 ____D C:\Users\MsDtsServer120
2015-06-10 10:45 - 2014-03-20 11:36 - 00000000 ____D C:\Users\test
2015-06-10 10:45 - 2014-02-03 15:46 - 00000000 ____D C:\Users\MSSQLFDLauncher$TGLOVER
2015-06-10 10:45 - 2013-10-18 12:55 - 00000000 ____D C:\Users\MSSQL$TGLOVER
2015-06-10 10:45 - 2013-09-30 04:11 - 00000000 ____D C:\Users\MsDtsServer110
2015-06-10 09:39 - 2014-06-10 15:32 - 00000000 ____D C:\AdwCleaner
2015-06-09 12:54 - 2013-11-05 14:49 - 00000000 ____D C:\Users\tglover\Documents\Visual Studio 2013
2015-06-09 12:28 - 2013-09-30 13:21 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-09 12:27 - 2013-12-02 18:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2015-06-09 12:25 - 2015-04-23 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure
2015-06-09 12:23 - 2015-04-23 12:23 - 03342336 _____ C:\Users\tglover\WAStorageEmulatorDb34.mdf
2015-06-09 12:23 - 2015-04-23 12:23 - 00851968 _____ C:\Users\tglover\WAStorageEmulatorDb34_log.ldf
2015-06-09 11:50 - 2013-09-30 04:17 - 01066348 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-09 11:43 - 2013-08-22 08:44 - 00499152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-09 11:25 - 2013-09-30 12:40 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-06-09 11:23 - 2014-03-20 10:48 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2015-06-09 11:22 - 2013-09-30 13:25 - 00000000 ____D C:\Program Files\IIS Express
2015-06-09 11:22 - 2013-09-30 13:25 - 00000000 ____D C:\Program Files (x86)\IIS Express
2015-06-09 11:16 - 2013-11-05 14:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-06-09 11:00 - 2013-09-30 13:26 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-06-09 10:55 - 2013-12-02 18:40 - 00000000 ____D C:\Program Files (x86)\NuGet
2015-06-09 10:55 - 2013-09-30 13:25 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2015-06-09 10:54 - 2013-11-05 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-06-09 10:49 - 2013-09-30 12:51 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2015-06-09 10:46 - 2013-09-30 13:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2015-06-09 10:45 - 2013-09-30 12:40 - 00000000 ____D C:\WINDOWS\system32\1033
2015-06-09 10:35 - 2013-09-30 12:47 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-08 14:50 - 2015-04-23 16:45 - 00000000 ____D C:\apache-maven-3.3.1-bin
2015-06-08 14:45 - 2013-10-09 13:50 - 00000000 ____D C:\ProgramData\Oracle
2015-06-08 13:22 - 2013-09-30 04:12 - 00001908 _____ C:\WINDOWS\diagwrn.xml
2015-06-08 13:22 - 2013-09-30 04:12 - 00001908 _____ C:\WINDOWS\diagerr.xml
2015-06-08 13:21 - 2013-08-22 08:46 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-08 13:11 - 2013-08-22 09:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-06-08 12:12 - 2014-09-22 12:24 - 00000000 ____D C:\Users\tglover\AppData\Local\Citrix
2015-06-08 12:11 - 2014-09-22 12:19 - 00000000 ____D C:\Users\tglover\AppData\Roaming\Juniper Networks
2015-06-08 12:03 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Speech
2015-06-08 11:43 - 2013-10-01 11:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-08 11:42 - 2013-09-30 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-08 04:12 - 2014-12-04 15:06 - 00000000 ____D C:\Users\KMatson
2015-06-08 04:12 - 2013-10-18 13:04 - 00000000 ____D C:\Users\SQLAgent$TGLOVER
2015-06-08 04:12 - 2013-10-18 11:24 - 00000000 ____D C:\Users\MSSQLSERVER
2015-06-08 04:12 - 2013-09-30 04:12 - 00000000 ____D C:\Users\DefaultAppPool
2015-06-08 04:12 - 2013-09-30 04:11 - 00000000 ____D C:\Users\Administrator
2015-06-08 04:08 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\registration
2015-06-05 14:37 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-06-05 14:37 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-05 12:15 - 2013-01-14 14:01 - 00000000 ___SD C:\Users\tglover\Documents\My Data Sources
2015-06-05 12:06 - 2013-09-30 04:14 - 00000000 ____D C:\Users\tglover\AppData\Local\VirtualStore
2015-06-05 11:51 - 2014-09-11 13:51 - 972956270 _____ C:\WINDOWS\MEMORY.DMP
2015-06-05 11:51 - 2014-09-11 13:51 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-05 10:49 - 2013-09-30 15:44 - 00000000 ____D C:\Users\tglover\AppData\Local\Deployment
2015-06-03 03:12 - 2012-10-16 10:06 - 00000000 __SHD C:\Recovery
2015-06-01 13:13 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-05-30 10:26 - 2014-12-09 10:06 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-30 10:26 - 2014-12-09 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-30 10:26 - 2014-12-09 10:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-30 09:12 - 2013-09-30 04:37 - 00000000 ____D C:\ProgramData\NVIDIA
2015-05-30 09:11 - 2013-09-30 04:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-05-30 08:57 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-05-30 08:57 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-05-30 08:57 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\setup
2015-05-30 08:56 - 2013-09-30 13:05 - 00000000 ____D C:\ProgramData\Embarcadero
2015-05-30 08:01 - 2012-10-16 11:53 - 00000000 ____D C:\dell
2015-05-30 06:49 - 2013-10-09 13:49 - 00000000 ____D C:\Program Files (x86)\Java
2015-05-30 06:47 - 2014-09-18 06:52 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-05-30 06:42 - 2015-03-13 13:30 - 01020744 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-05-30 06:42 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-05-30 06:34 - 2013-09-30 04:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-05-30 06:33 - 2013-09-30 12:14 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-05-29 10:20 - 2013-10-16 13:22 - 00048000 _____ C:\Users\tglover\licenseSelectionWiz.log
2015-05-29 10:20 - 2013-09-30 13:05 - 00000000 ____D C:\Users\tglover\AppData\Roaming\Embarcadero
2015-05-29 10:20 - 2013-01-28 11:04 - 00052680 _____ C:\Users\tglover\sanct.log
2015-05-20 12:40 - 2013-08-22 13:11 - 00000000 ____D C:\APPL
2015-05-20 11:30 - 2013-10-03 16:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-20 11:30 - 2013-10-03 16:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-20 11:26 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-20 11:26 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-05-20 11:18 - 2013-09-30 04:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-20 11:17 - 2013-09-30 04:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-20 11:12 - 2013-09-30 05:08 - 00000039 _____ C:\WINDOWS\vbaddin.ini
2015-05-20 11:11 - 2013-12-01 10:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-05-20 11:00 - 2013-12-01 10:01 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-20 10:49 - 2013-10-03 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-20 10:40 - 2013-08-22 15:01 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-20 10:28 - 2014-07-11 16:41 - 00006897 _____ C:\Users\tglover\Documents\Edit2
2015-05-20 10:28 - 2014-07-11 16:41 - 00000851 _____ C:\Users\tglover\Documents\Edit3
2015-05-20 10:28 - 2013-01-11 17:45 - 00002350 _____ C:\Users\tglover\Documents\Edit1
2015-05-20 10:27 - 2014-07-11 16:41 - 00003467 _____ C:\Users\tglover\Documents\Edit2.bak
2015-05-18 10:50 - 2014-07-11 16:41 - 00002158 _____ C:\Users\tglover\Documents\Edit3.bak
2015-05-18 10:50 - 2013-01-11 17:45 - 00205053 _____ C:\Users\tglover\Documents\Edit1.bak
2015-05-16 11:37 - 2013-09-30 15:44 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 11:37 - 2013-09-30 15:44 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2014-06-09 16:54 - 2014-08-14 12:36 - 0000309 _____ () C:\Users\tglover\AppData\Roaming\burnaware.ini
2014-06-09 16:55 - 2014-06-09 16:55 - 0000031 _____ () C:\Users\tglover\AppData\Local\burnaware.ini
2015-06-05 14:09 - 2015-06-15 14:48 - 0186706 _____ () C:\Users\tglover\AppData\Local\Excal32.dat
2015-03-16 13:47 - 2015-03-16 14:29 - 0000600 _____ () C:\Users\tglover\AppData\Local\PUTTY.RND
2014-07-14 12:02 - 2014-09-11 12:49 - 0007603 _____ () C:\Users\tglover\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\tglover\AppData\Local\Temp\00fbdmgy.dll
C:\Users\tglover\AppData\Local\Temp\8evohrcv.dll
C:\Users\tglover\AppData\Local\Temp\beddhhfhca.exe
C:\Users\tglover\AppData\Local\Temp\bg_by7gw.dll
C:\Users\tglover\AppData\Local\Temp\bsbfnplz.dll
C:\Users\tglover\AppData\Local\Temp\CloudBackup1993.exe
C:\Users\tglover\AppData\Local\Temp\e9x56pir.dll
C:\Users\tglover\AppData\Local\Temp\hrodbxsc.dll
C:\Users\tglover\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\tglover\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\tglover\AppData\Local\Temp\l3h6fgi4.dll
C:\Users\tglover\AppData\Local\Temp\LMkRstPt.exe
C:\Users\tglover\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\tglover\AppData\Local\Temp\nvk8z_zb.dll
C:\Users\tglover\AppData\Local\Temp\Procmon64.exe
C:\Users\tglover\AppData\Local\Temp\s3jhwaf3.dll
C:\Users\tglover\AppData\Local\Temp\sdf6942.exe
C:\Users\tglover\AppData\Local\Temp\sdfA7C7.exe
C:\Users\tglover\AppData\Local\Temp\sqlite3.dll
C:\Users\tglover\AppData\Local\Temp\Uninstall.exe
C:\Users\tglover\AppData\Local\Temp\UninstallModule.exe
C:\Users\tglover\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-13 05:29
 
==================== End of log ============================


BC AdBot (Login to Remove)

 


m

#2 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:31 AM

Posted 17 June 2015 - 05:35 PM

hi,

 

We will use FRST to clean up somethings, then get a download. Iam only on this site once or twice per day so you may not het a reply back from me until the following day.

 

Copy/paste whats below, between the two lines-- into notepad. Save it as fixlist.txt in the same location you have FRST. Start FRST like before except this time click on the fix button once.

Machine may reboot to finish. when all done you will find a txt file on your desktop called fixlog.txt. Copy past the log in your reply.

 

-----------------------------------------------------------

 

HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.shs <====== ATTENTION
HKLM Group Policy restriction on software: *.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.php <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %SystemRoot%\System32\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ShadownOn.vbs <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Cafe.ApplicationEngine.Gui.exe <====== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1848361099-3947739595-4097488237-6457\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-2210049890-4252281374-3614404233-1028] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-1177830468-1670515343-1518423175-1077028120-2924655340] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-3642287774-1615985598-572449333-1370030010-3123895339] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-3663238608-2594041704-2628201136-4104037510-1393234070] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2210049890-4252281374-3614404233-1028 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-3642287774-1615985598-572449333-1370030010-3123895339 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
 
----------------------------------------------------------------------------
Next:
Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 

Post the two logs and we will go from there. Theres some questionable stuff left we might go back for.


How Can I Reduce My Risk to Malware?


#3 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:31 AM

Posted 12 July 2015 - 01:35 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users