Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

is my computer toast??! Remote Acces Hacker, Backdoor, virus? Help!


  • This topic is locked This topic is locked
37 replies to this topic

#1 Mistnic

Mistnic

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:36 AM

Posted 12 August 2015 - 10:59 AM

I'm not tech savvy so for some time I've noticed a second network and homegroup on my computer with a strange K drive but overlooked it. I clicked on it two weeks ago and was shocked to find an exact replica of my c: drive along with programs ive never seen or used, Visual C++, tons of remote access and homefeoup logs (Ive never set that up!), 11,000 copies of my search history, and other seemingly spy-logs. I found someone in my shared folders with my login and repeatedly had to close their open folders and session every few seconds, minutes, or hours, even after leaving the network and homegroup. I honestly just thought my husband was running survalience stuff on me, and was annoyed. Over a few days, they took control of my mouse a few times, opened windows, disabled the external drive I had just plugged in, etc..., One day, i watched them set up an internet gateway, and deactivate my internet (though the connection was still there with a good signal) before they removed the security panel of my Computer management console that I was just using.

I've mostly only been in safe mode since then and I'm at a loss. I've downloaded MSE, CCcleaner, RougeKiller, & MalwareBytes, but the logs/history and or .exe progeams are being corrupted or removed.

In searching my c:drive Im finding tons of files, programs, and VITAL .exe functions gone. Countless files are all over the place in random spots - all files have holes, or are chaotically disorganized (ie: system32 functions hidden in extremely remote Silverlight files). Phishing files are hidden in remote areas. Ive found files I cannot access despite repeatedly taking ownership and changing permissions. MS config is gone, system recocery .exes are gone or misplaced, much of my control panel is missing or i get permission errors (sole-computer owner, run as admin) my drivers are disabled (so i cant upload new anti-malware programs from a USB), my registry keys have holes, I lost software licenses, and as of yesterday, I noticed I no longer have the installer.exe to re-download those programs. Ive also lost the ability to uninstall programs, and my command line functions stopped working last night.

Please tell me there may be some kind of hope!! Aside from programs and important business files, I have like 23,000 pictures of the last 10 years on this computer with very few backed up elsewhere.

Computer info: Windows 7. Dell XPS 8500.

Edited by Mistnic, 12 August 2015 - 11:14 AM.


BC AdBot (Login to Remove)

 


#2 Mistnic

Mistnic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:36 AM

Posted 12 August 2015 - 11:01 AM

Please forgive the that first paragraph that doesnt make sense. Im on my phone, couldnt see much of the screen, and apparently deleted a few sentences.

*Cant find the edit post key...if nothing else than to change that bothersome heading typo, LOL!

#3 Mistnic

Mistnic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:36 AM

Posted 12 August 2015 - 12:11 PM

Ps. If it helps, I was able to download Recovera not long before my installer was disabled. After a 6 hour deep scan, it found around 250,000 files. Please let me know which .exe, files, or software to look for and recover and I can do that.

Also, I have a 32GB SD card I bought last night for my phone. If we can figure out a way to get the computer to reconize the phone and USB drive in general, I can download Fabar and all needed software you recommend and transfer it.

Lastly, I do have access to some of the logs from previous anti-malware/virus software if we can just figure out how to open the files (especially seeing as I no longer have access to certain file viewers, and my license for Microsoft Word was removed (I do have a hard copy of my license number if someone can tell me where to type it in).


Sorry for the novel and THANKS in advance for this INVALABLE (free!!) service!!

#4 Mistnic

Mistnic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:36 AM

Posted 14 August 2015 - 12:04 AM

Should I find a different forum to help me access my driver or installer before running Fabar and requesting help here?

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 AM

Posted 14 August 2015 - 11:44 AM

Greetings Mistnic and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Based on your description it sounds like your computer is so corrupted/infected that you might seriously consider reformatting and reinstalling the operating system. Do you have Installation disks or a Recovery Partition?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Mistnic

Mistnic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:36 AM

Posted 16 August 2015 - 12:16 PM

Please forgive the delay, my phone has been locked in a kindergarten classroom since Friday; on a borrowed tablet now.

Some hope has been re-instilled since I last wrote. Apparently, MANY of the.exe programs that I was looking for are there, just relocated. My search now works after taking ownership and changing Permissions for a lot of files. My name/admin has been removed from most. I also have access to over 200,000 recovered files, just in case some needed programs were really deleted.

While I cannot turn on MSE real-time protection still (I'm wondering if the registry for them were changed but don't want to touch any of it until I am 100% sure what I am doing), I was able to get it scanning just fine, and it found/deleted a Trojan:

Win32/JPgiframe.A.

1. File: C: users\Townsend\desktop\pictures\C:$recycle.bin\S 1 5213955 5172473422824997294 80685511001\$rE07psa\j5ak1\13id4Qo.jpg

2. File C:\users\townsend\pictures\2014-11-28\new folder.$recycle.bin... (Same name)

This is was found on my c drive too C:$recycle.bin\S 1 5213955 5172473422824997294 80685511001.

I'll attach some pictures I took of my desktop before I left home yesterday of strange things found (aside from desktop.ini files everywhere, but not sure if that's expected with hidden files revealed) in case they make any sense to you. Please let me know if you are unable to read it and I will type it up.

Thanks!!!!!

-Misti

Edited by Mistnic, 16 August 2015 - 12:24 PM.


#7 Mistnic

Mistnic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:36 AM

Posted 16 August 2015 - 12:20 PM

Here are the Attachments...

Oh! And in response to your question, I do have one installation disk, but I'm not sure if it is a complete recovery disk. I want to say it is for drivers though. I will have to go check when I get back home tomorrow or Tuesday. I can also look on my Dell.com account since I ordered it through them. Unless you really believe it is about to crash indefinitely, I would like to continue tinkering in safe mode to get the usb drive or installer working. You're more than welcome to assist other people until I find a way to install and run Fabar if you would like. I'm sure this issue is likely difficult without being at the computer or seeing Fabar logs.

Attached Files


Edited by Mistnic, 16 August 2015 - 12:34 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 AM

Posted 16 August 2015 - 02:22 PM

FRST is a standalone program and does not need to be installed. If you can attempt to run it in Normal Boot please do so. Otherwise run it in Safe Mode with Networking.

Please attempt these things.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Mistnic

Mistnic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:36 AM

Posted 18 August 2015 - 05:59 AM

just checking in... I am still not home (in the process of moving; I've been painting/working on the new home the last few days). I'll update you later with the items you've requested.

Thanks!

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 AM

Posted 18 August 2015 - 12:50 PM

Thanks for letting me know Misti. See you when you get a chance.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Mistnic

Mistnic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:36 AM

Posted 21 August 2015 - 03:51 PM

Hey Gary, I just wanted to pop in and let you know I am still here and working on your list now (Fabar is scanning... any rough estimate on the typical scan time length - ie: an hour... 5+ hours?). It does keep giving a "not responding" warning here and there, but seems to recover itself fairly fast.

I also received an error when opening Internet Explorer that I am not running a genuine Windows and it offered to Resolve the issue online. I wont touch anything without your consent, so I just wanted to give you a heads up.

#12 Mistnic

Mistnic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:36 AM

Posted 21 August 2015 - 04:22 PM

***FABAR SCAN****

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-08-2015 02
Ran by Townsend (administrator) on TOWNSENDFAMILY- (21-08-2015 14:51:01)
Running from C:\Users\Townsend\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E8FURIS3
Loaded Profiles: Townsend (Available Profiles: Townsend & MistNic)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_188_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\Wat\WatUX.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-06-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-25] (Intuit Inc. All rights reserved.)
HKU\S-1-5-21-3955517247-3422824997-2948068551-1001\...\Run: [GoogleChromeAutoLaunch_F068E32BB356728CAEF8F50695C81A2E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-31] (Google Inc.)
HKU\S-1-5-21-3955517247-3422824997-2948068551-1001\...\Run: [OneDrive] => C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-21] (Microsoft Corporation)
HKU\S-1-5-21-3955517247-3422824997-2948068551-1001\...\Run: [CCleaner Monitoring] => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKU\S-1-5-21-3955517247-3422824997-2948068551-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3955517247-3422824997-2948068551-1001\...\RunOnce: [Uninstall C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-3955517247-3422824997-2948068551-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_188_ActiveX.exe [623792 2015-05-25] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2012-05-09]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2012-05-09]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2012-05-09]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2012-10-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2012-10-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2012-10-16] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3955517247-3422824997-2948068551-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> {8C916A47-E39C-47A2-8873-0F47833C4698} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {8C916A47-E39C-47A2-8873-0F47833C4698} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001 -> {8C916A47-E39C-47A2-8873-0F47833C4698} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2012-10-16] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SPFS Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-16] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SPFS Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2012-10-16] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2012-12-06] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2012-10-16] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E710D641-150A-4DCF-B5F9-ED8ECEEA6B63}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll [2012-11-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll [2012-11-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-16]
CHR Extension: (YouTube) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-16]
CHR Extension: (Google Search) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
CHR Extension: (Gmail) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-16]
CHR Profile: C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-22]
CHR Extension: (Google Docs) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-22]
CHR Extension: (Google Drive) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-22]
CHR Extension: (YouTube) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-22]
CHR Extension: (Google Search) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Google Sheets) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28]
CHR Extension: (Google Wallet) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-22]
CHR Extension: (Gmail) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-22]
CHR Profile: C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-22]
CHR Extension: (Google Docs) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-22]
CHR Extension: (Google Drive) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-22]
CHR Extension: (Leapforce Extension) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\belncckcaakhmonmcfmegbglccbjlebc [2014-12-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-22]
CHR Extension: (YouTube) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-22]
CHR Extension: (Google Search) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Google Sheets) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-22]
CHR Extension: (Google Wallet) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-22]
CHR Extension: (Gmail) - C:\Users\Townsend\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2015-03-03] (Microsoft Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2015-02-02] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [70656 2015-06-15] (Microsoft Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680960 2015-02-02] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680960 2015-02-02] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation) [File not signed]
R2 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [188416 2015-04-27] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [143872 2015-04-27] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation) [File not signed]
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1255424 2015-05-25] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2012-05-03] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [31232 2015-07-01] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation) [File not signed]
S2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [1179136 2015-04-19] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2015-06-20] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-11] (Microsoft Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-21] ()
R2 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [31232 2015-07-01] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2015-06-15] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2015-06-15] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2015-07-01] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2014-12-05] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation) [File not signed]
U2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1494144 2012-09-11] (Microsoft Corporation)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [188416 2015-02-02] (Microsoft Corporation) [File not signed]
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2012-05-03] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2012-05-03] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [210432 2014-12-18] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2015-07-01] (Microsoft Corporation) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-12-06] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-03-14] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-03-14] (Intuit Inc.) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [31232 2015-07-01] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S2 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation) [File not signed]
R3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation) [File not signed]
S2 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed]
S2 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [683520 2014-10-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation) [File not signed]
R3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2015-07-01] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2020352 2014-10-02] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1177088 2014-10-02] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2012-05-03] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2012-05-03] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2606080 2015-07-20] (Microsoft Corporation) [File not signed]
R3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation) [File not signed]
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed]
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2014-05-30] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2012-05-03] (Advanced Micro Devices)
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2015-02-02] (Microsoft Corporation) [File not signed]
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-12-29] (Atheros) [File not signed]
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2797056 2011-12-13] (Atheros Communications, Inc.) [File not signed]
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-22] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 Bridge; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation) [File not signed]
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed]
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [338592 2011-12-29] (Atheros) [File not signed]
R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [110752 2011-12-29] (Atheros) [File not signed]
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [30368 2011-12-29] (Atheros) [File not signed]
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [167584 2011-12-29] (Atheros) [File not signed]
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [68256 2011-12-29] (Atheros) [File not signed]
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [280992 2011-12-29] (Atheros) [File not signed]
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [548000 2011-12-29] (Atheros) [File not signed]
R3 BthEnum; C:\Windows\System32\DRIVERS\BthEnum.sys [41984 2009-07-13] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation) [File not signed]
R3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552960 2012-07-06] (Microsoft Corporation) [File not signed]
R3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [80384 2012-05-03] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-13] (Microsoft Corporation) [File not signed]
R5 CLFS; C:\Windows\System32\CLFS.sys [367552 2015-03-03] (Microsoft Corporation)
S3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation) [File not signed]
R5 CNG; C:\Windows\System32\Drivers\cng.sys [459336 2015-01-30] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
R5 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-13] (Microsoft Corporation)
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation) [File not signed]
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-13] (Microsoft Corporation) [File not signed]
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog) [File not signed]
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] (Microsoft Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
R3 HidBth; C:\Windows\System32\DRIVERS\hidbth.sys [100864 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [754688 2015-02-24] (Microsoft Corporation) [File not signed]
R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] (Microsoft Corporation)
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation) [File not signed]
R5 iaStor; C:\Windows\System32\drivers\iaStor.sys [568600 2011-11-29] (Intel Corporation)
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-06] (Intel® Corporation) [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R5 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16152 2012-01-27] (Intel Corporation)
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation) [File not signed]
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2015-07-01] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155584 2015-07-01] (Microsoft Corporation)
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-08-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-08-12] (Malwarebytes Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation) [File not signed]
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-02-02] (Microsoft Corporation)
R5 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [141312 2014-12-18] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [159232 2015-07-01] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [290816 2015-07-01] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [129024 2015-07-01] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation) [File not signed]
R5 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] (Microsoft Corporation)
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation) [File not signed]
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-13] (Microsoft Corporation) [File not signed]
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663552 2015-02-02] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] (Microsoft Corporation)
R3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-13] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation) [File not signed]
R5 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2012-05-03] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2012-05-03] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2012-05-03] (Microsoft Corporation) [File not signed]
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-04] (Microsoft Corporation)
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-16] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2014-11-10] (Microsoft Corporation) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-12] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-07-16] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2013-10-01] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-26] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\system32\drivers\usbprint.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2012-05-03] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-26] (Microsoft Corporation) [File not signed]
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] (Microsoft Corporation)
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation) [File not signed]
S3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] (Microsoft Corporation)
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WSDScan; C:\Windows\system32\drivers\WSDScan.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]
S3 zghsmdm; system32\DRIVERS\zghsmdm.sys [X]
S3 zghsnmea; system32\DRIVERS\zghsnmea.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-21 15:16 - 2015-08-21 15:16 - 00001503 _____ C:\Users\Townsend\Desktop\fr.txt
2015-08-21 14:49 - 2015-08-21 14:51 - 00000000 ____D C:\FRST
2015-08-21 14:21 - 2015-08-21 14:21 - 00000000 ___RD C:\Users\Townsend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-08-12 22:44 - 2015-08-12 22:44 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-12 22:44 - 2015-08-12 22:44 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-12 22:43 - 2015-08-12 22:43 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-12 15:12 - 2015-08-12 15:39 - 02394768 _____ C:\tree.txt
2015-08-12 13:33 - 2015-08-12 13:33 - 00000000 ___RD C:\Users\Townsend\Documents\Notes
2015-08-12 13:23 - 2015-08-13 00:35 - 00001480 _____ C:\Users\Townsend\Desktop\8.12.15.txt
2015-08-12 03:34 - 2015-08-12 09:50 - 00000000 ____D C:\Users\Townsend\Desktop\mbar
2015-08-11 19:19 - 2015-08-11 19:19 - 00000585 _____ C:\Users\Townsend\Desktop\misti stuff.txt
2015-08-11 17:53 - 2015-08-11 17:57 - 00000000 _____ C:\sfc
2015-08-11 17:33 - 2015-08-11 17:33 - 00000000 ____D C:\Users\Townsend\Desktop\temp internet files
2015-08-11 17:20 - 2015-08-11 17:21 - 00000000 ____D C:\Users\Townsend\Desktop\pics
2015-08-11 13:57 - 2015-08-11 13:57 - 00506955 _____ C:\Users\Townsend\Documents\Get back to the root directory of a Windows drive (like c)  commandlinefu_com.mht
2015-08-11 13:57 - 2015-08-11 13:57 - 00290272 _____ C:\Users\Townsend\Documents\HOW TO REMOVE TROJAN FROM COMPUTER MANUALLY - Google Search.htm
2015-08-11 13:57 - 2015-08-11 13:57 - 00000000 ____D C:\Users\Townsend\Documents\HOW TO REMOVE TROJAN FROM COMPUTER MANUALLY - Google Search_files
2015-08-11 13:34 - 2015-06-09 13:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-11 13:34 - 2015-06-09 13:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-08-11 13:34 - 2015-06-03 15:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-08-11 13:34 - 2014-01-08 21:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 13:34 - 2014-01-03 17:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 01:50 - 2015-08-11 01:50 - 00000170 _____ C:\Users\Townsend\Desktop\notes to self.txt
2015-08-10 18:16 - 2015-08-10 18:16 - 00000082 _____ C:\Users\Townsend\Documents\cc-cleaner back up to changes.reg
2015-08-10 15:05 - 2015-08-13 00:30 - 00000000 ____D C:\Program Files\Recuva
2015-08-10 14:31 - 2015-08-10 14:31 - 00278190 _____ C:\Users\Townsend\Downloads\trojan that my anti virus cant delete - Am I infected_ What do I do_.html
2015-08-10 14:31 - 2015-08-10 14:31 - 00153402 _____ C:\Users\Townsend\Downloads\(SOLVED) - Can't open pictures or documents _ MalwareTips.com.html
2015-08-10 14:31 - 2015-08-10 14:31 - 00000000 ____D C:\Users\Townsend\Downloads\trojan that my anti virus cant delete - Am I infected_ What do I do__files
2015-08-10 14:31 - 2015-08-10 14:31 - 00000000 ____D C:\Users\Townsend\Downloads\(SOLVED) - Can't open pictures or documents _ MalwareTips.com_files
2015-08-10 14:11 - 2015-08-10 14:11 - 00000000 ___RD C:\Users\MistNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-08-10 11:49 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-08-08 15:00 - 2015-08-08 15:05 - 00053316 _____ C:\Windows\iis7.log
2015-08-08 14:43 - 2015-08-08 14:43 - 00000000 ___RD C:\Users\MistNic\OneDrive
2015-08-08 12:46 - 2015-08-08 12:46 - 00000103 _____ C:\Users\Townsend\Documents\mark crandall.txt
2015-08-08 12:46 - 2015-08-08 12:46 - 00000000 ____D C:\Users\Townsend\AppData\Roaming\EncryptStick
2015-08-08 12:45 - 2015-08-08 12:46 - 07773176 _____ (ENC Security Systems LLC) C:\Users\Townsend\Downloads\SanDiskSecureAccessV2_win.exe
2015-08-07 16:55 - 2015-08-07 16:55 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-08-07 16:55 - 2015-08-07 16:55 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-08-07 16:55 - 2015-08-07 16:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2015-08-07 16:55 - 2015-08-07 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-08-07 16:54 - 2015-08-07 16:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2015-08-07 16:53 - 2015-08-07 16:54 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2015-08-07 16:45 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-08-07 16:45 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-08-07 16:45 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-08-07 16:45 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-08-07 16:45 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-08-07 16:45 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-07 16:45 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-08-07 16:45 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-07 16:45 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-08-07 16:45 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-08-07 16:45 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-07 16:45 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-07 16:45 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-08-07 16:45 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-07 16:45 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-08-07 16:44 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-08-07 16:44 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-08-07 16:44 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-08-07 16:44 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-08-07 16:43 - 2015-08-07 16:43 - 00000000 ____D C:\Program Files\AMD
2015-08-07 16:36 - 2015-08-07 16:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2015-08-07 16:27 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-07 16:27 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-07 16:27 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-07 16:27 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-07 16:27 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-07 16:27 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-07 16:27 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-07 16:27 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-07 16:26 - 2015-07-20 13:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-07 16:26 - 2015-07-20 13:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-07 16:26 - 2015-07-20 13:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-07 16:26 - 2015-07-20 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-07 16:26 - 2015-07-20 13:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-07 16:26 - 2015-07-20 13:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-07 16:26 - 2015-07-20 13:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-07 16:26 - 2015-07-20 13:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-07 16:26 - 2015-07-20 13:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-07 16:26 - 2015-07-20 13:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-07 16:26 - 2015-07-20 13:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-07 16:26 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-07 16:26 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-07 16:26 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-07 16:26 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-07 16:26 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-07 16:24 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-07 16:21 - 2013-09-11 22:21 - 00863344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2015-08-07 16:15 - 2011-05-09 16:13 - 00001409 _____ C:\Users\Townsend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-08-07 16:15 - 2010-11-21 02:16 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-08-07 16:12 - 2015-08-07 16:15 - 00326484 _____ C:\Users\Townsend\Downloads\win7-x64-sm-reset.exe
2015-08-07 16:07 - 2015-08-11 17:02 - 00000000 ____D C:\Users\Townsend\Desktop\Spyware and Virus Busting
2015-08-07 14:24 - 2015-08-07 14:24 - 00001945 _____ C:\Windows\epplauncher.mif
2015-08-07 14:23 - 2015-08-07 14:23 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-08-07 14:23 - 2015-08-07 14:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-07 14:23 - 2015-08-07 14:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-08-07 14:12 - 2015-08-07 14:12 - 00000000 ____D C:\Users\MistNic\Documents\Add-in Express
2015-08-07 14:09 - 2015-08-07 14:09 - 14243008 _____ (Microsoft Corporation) C:\Users\MistNic\Downloads\Microsoft security.exe
2015-08-07 14:06 - 2015-08-07 14:06 - 00031667 _____ C:\Users\MistNic\Documents\security inbound rules.txt
2015-08-07 03:33 - 2015-08-07 03:33 - 00006832 _____ C:\bootsqm.dat
2015-08-06 20:24 - 2015-08-06 20:24 - 00000378 _____ C:\Program Files (x86)\temp995.bat
2015-08-06 19:59 - 2015-08-06 22:38 - 00000000 ____D C:\Users\Townsend\Documents\Security
2015-08-06 05:17 - 2015-08-06 05:17 - 00089560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00089560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00082720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00082720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 47795720 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 39725064 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 30762496 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 27544600 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 25310208 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 22327312 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 21635072 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-08-06 05:16 - 2015-08-06 05:16 - 15727104 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 14312456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 01196072 _____ C:\Windows\system32\amdocl_as64.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 01070624 _____ C:\Windows\system32\amdocl_ld64.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 01005584 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00936960 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00936960 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00876032 _____ (AMD) C:\Windows\system32\coinst_15.20.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00808984 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00673808 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-08-06 05:16 - 2015-08-06 05:16 - 00451088 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00375824 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00341520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00243736 _____ C:\Windows\system32\clinfo.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00215048 _____ C:\Windows\system32\amdgfxinfo64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00199696 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00198680 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00170496 _____ C:\Windows\system32\atieah64.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00165392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00154120 _____ C:\Windows\SysWOW64\atieah32.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00152072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00112640 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00111640 _____ C:\Windows\system32\hsa-thunk64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00083984 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00078360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00078360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00073752 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00071184 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00068120 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00066056 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00059920 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00059408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00059392 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00052248 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00048144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00039944 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00012824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00012824 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2015-08-05 19:35 - 2015-08-05 19:35 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-08-05 19:35 - 2015-08-05 19:35 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-08-05 19:35 - 2015-08-05 19:35 - 00737410 _____ C:\Windows\system32\atiicdxx.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00322868 _____ C:\Windows\system32\ativvaxy_vi.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00321200 _____ C:\Windows\system32\ativvaxy_vi_nd.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00255808 _____ C:\Windows\system32\ativvaxy_cz_nd.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00250884 _____ C:\Windows\system32\ativvaxy_FJ.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00249088 _____ C:\Windows\system32\ativvaxy_FJ_nd.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00234420 _____ C:\Windows\system32\ativvaxy_cik.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00232752 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00169152 _____ C:\Windows\system32\ativce03.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00100816 _____ C:\Windows\system32\ativce02.dat
2015-08-05 19:34 - 2015-08-05 19:34 - 00833798 _____ C:\Windows\system32\amdicdxx.dat
2015-08-05 19:34 - 2015-08-05 19:34 - 00660912 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-08-05 19:34 - 2015-08-05 19:34 - 00660912 _____ C:\Windows\system32\atiapfxx.blb
2015-08-05 19:34 - 2015-08-05 19:34 - 00167456 _____ C:\Windows\system32\amde31a.dat
2015-08-04 23:44 - 2015-08-04 23:44 - 00000000 ____D C:\Users\MistNic\AppData\Local\Adobe
2015-08-04 12:53 - 2015-08-04 12:53 - 00000000 ____D C:\Users\MistNic\AppData\Local\GWX
2015-08-04 04:55 - 2015-03-13 22:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-04 04:55 - 2015-03-13 22:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-08-04 04:55 - 2015-03-13 22:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-08-04 04:55 - 2015-03-13 22:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-08-04 04:16 - 2015-08-01 22:06 - 01118208 _____ C:\Users\Townsend\Desktop\TeminalServices LocalSessions.evtx
2015-08-04 02:49 - 2015-08-04 03:12 - 00000000 ____D C:\Users\Townsend\AppData\Roaming\Wireshark
2015-08-04 02:46 - 2015-08-13 01:02 - 00000000 ____D C:\Users\Townsend\Desktop\UndeleteMyFiles
2015-08-04 02:46 - 2015-08-06 19:40 - 00000000 ____D C:\Program Files (x86)\UndeleteMyFiles
2015-08-04 00:19 - 2015-08-04 00:19 - 00000387 _____ C:\Users\Townsend\Documents\Winkeyfinder-Encrypted.txt
2015-08-04 00:19 - 2015-08-04 00:19 - 00000219 _____ C:\Users\Townsend\Desktop\MSOfficeKey-Encrypted.txt
2015-08-03 22:40 - 2015-08-12 09:26 - 00000000 ____D C:\AdwCleaner
2015-08-03 21:33 - 2015-08-03 21:33 - 00000000 ____D C:\Users\MistNic\AppData\Roaming\Macromedia
2015-08-03 21:31 - 2015-08-08 14:43 - 00002130 _____ C:\Users\MistNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-08-03 21:31 - 2015-08-08 14:43 - 00000000 ____D C:\Users\MistNic
2015-08-03 21:31 - 2015-08-08 14:38 - 00116600 _____ C:\Users\MistNic\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-03 21:31 - 2015-08-04 23:44 - 00000000 ____D C:\Users\MistNic\AppData\Roaming\Adobe
2015-08-03 21:31 - 2015-08-03 21:41 - 00000000 ____D C:\Users\MistNic\Documents\Bluetooth Folder
2015-08-03 21:31 - 2015-08-03 21:32 - 00000000 ____D C:\Users\MistNic\AppData\Local\Intuit
2015-08-03 21:31 - 2015-08-03 21:31 - 00001419 _____ C:\Users\MistNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-03 21:31 - 2015-08-03 21:31 - 00000020 ___SH C:\Users\MistNic\ntuser.ini
2015-08-03 21:31 - 2015-08-03 21:31 - 00000000 ____D C:\Users\MistNic\AppData\Roaming\Intel Corporation
2015-08-03 21:31 - 2015-08-03 21:31 - 00000000 ____D C:\Users\MistNic\AppData\Roaming\ATI
2015-08-03 21:31 - 2015-08-03 21:31 - 00000000 ____D C:\Users\MistNic\AppData\Roaming\Atheros
2015-08-03 21:31 - 2015-08-03 21:31 - 00000000 ____D C:\Users\MistNic\AppData\Local\VirtualStore
2015-08-03 21:31 - 2015-08-03 21:31 - 00000000 ____D C:\Users\MistNic\AppData\Local\SoftThinks
2015-08-03 21:31 - 2015-08-03 21:31 - 00000000 ____D C:\Users\MistNic\AppData\Local\Google
2015-08-03 21:31 - 2015-08-03 21:31 - 00000000 ____D C:\Users\MistNic\AppData\Local\BMExplorer
2015-08-03 21:31 - 2015-08-03 21:31 - 00000000 ____D C:\Users\MistNic\AppData\Local\ATI
2015-08-03 21:31 - 2015-08-03 21:31 - 00000000 _____ C:\Users\MistNic\agent.log
2015-08-03 21:31 - 2015-07-30 16:35 - 00000000 ___RD C:\Users\MistNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-03 21:31 - 2015-07-30 16:35 - 00000000 ___RD C:\Users\MistNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-03 21:31 - 2013-03-13 03:03 - 00000000 ____D C:\Users\MistNic\AppData\Local\Microsoft Help
2015-08-03 21:31 - 2012-10-16 15:05 - 00002106 _____ C:\Users\MistNic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-08-03 17:35 - 2015-08-21 14:24 - 00000000 ____D C:\Users\Townsend\OneDrive
2015-08-03 17:35 - 2015-08-21 13:59 - 00002180 _____ C:\Users\Townsend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-08-03 17:35 - 2015-08-03 17:35 - 07676608 _____ (Microsoft Corporation) C:\Users\Townsend\Downloads\OneDriveSetup.exe
2015-08-03 17:35 - 2015-08-03 17:35 - 00002106 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-08-03 17:35 - 2015-08-03 17:35 - 00002106 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-08-03 17:35 - 2015-08-03 17:35 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-03 17:35 - 2015-08-03 17:35 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2015-08-02 12:00 - 2015-08-07 16:08 - 00000000 ____D C:\Users\Townsend\Documents\Software I've downloaded
2015-08-02 01:41 - 2015-08-02 01:41 - 00000049 _____ C:\Users\Townsend\ToasterLog.20150802014149.log
2015-08-01 23:12 - 2015-08-06 19:40 - 00000000 ____D C:\Program Files (x86)\Seagate
2015-08-01 23:12 - 2015-08-01 23:12 - 00001407 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2015-08-01 23:12 - 2015-08-01 23:12 - 00001407 _____ C:\ProgramData\Desktop\SeaTools for Windows.lnk
2015-08-01 23:12 - 2015-08-01 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-08-01 21:45 - 2015-08-01 21:45 - 00000000 ____H C:\Users\Townsend\Documents\Default.rdp
2015-08-01 14:34 - 2015-08-11 13:26 - 00000443 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-31 12:54 - 2015-08-02 12:04 - 00000000 ____D C:\Users\Townsend\Documents\Imp family Info & Docs (Medical, Social, etc)
2015-07-31 12:52 - 2015-08-02 12:59 - 00000000 ____D C:\Users\Townsend\Documents\Kids's folder
2015-07-31 12:40 - 2015-07-31 12:40 - 00000000 ____D C:\Users\Townsend\AppData\OICE_15_974FA576_32C1D314_2365
2015-07-31 12:39 - 2015-08-10 15:38 - 00000000 ____D C:\Users\Townsend\Documents\Misti Personal
2015-07-31 12:38 - 2015-08-02 12:27 - 00000000 ____D C:\Users\Townsend\Documents\Misti Townsend Taxes and Finances
2015-07-31 04:25 - 2015-07-31 04:25 - 00000485 _____ C:\Users\Townsend\Desktop\Administrative Tools - Shortcut.lnk
2015-07-31 03:45 - 2015-07-31 03:45 - 00000000 ____D C:\Users\Townsend\AppData\OICE_15_974FA576_32C1D314_635
2015-07-31 03:35 - 2015-07-31 03:35 - 00000000 ____D C:\Users\Townsend\AppData\Local\GWX
2015-07-31 03:20 - 2015-08-12 16:54 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-31 03:20 - 2015-07-31 03:36 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-31 03:05 - 2015-08-12 09:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-31 03:05 - 2015-08-12 09:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-31 03:05 - 2015-08-12 03:34 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-31 03:05 - 2015-07-31 03:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-30 19:13 - 2015-08-12 16:56 - 00007607 _____ C:\Users\Townsend\AppData\Local\resmon.resmoncfg
2015-07-30 14:14 - 2015-07-30 18:16 - 00002890 _____ C:\Users\Townsend\Desktop\unhide.txt
2015-07-30 13:54 - 2015-07-30 14:46 - 00033280 ___SH C:\Users\Townsend\AppData\Roaming\Thumbs.db
2015-07-30 13:12 - 2015-07-30 18:34 - 00000134 _____ C:\Users\Townsend\Desktop\Microsoft Fix it.url
2015-07-30 12:42 - 2015-07-30 12:42 - 00000000 ____D C:\Users\Townsend\AppData\Roaming\PeerNetworking
2015-07-30 01:28 - 2015-07-30 01:28 - 00000000 ____D C:\Users\Townsend\AppData\Local\Microsoft Games
2015-07-30 01:26 - 2015-07-30 01:26 - 00000000 ____D C:\Users\Public\Documents\atheros
2015-07-30 01:26 - 2015-07-30 01:26 - 00000000 ____D C:\ProgramData\Documents\atheros
2015-07-30 00:41 - 2015-07-30 00:43 - 00004096 ___SH C:\Users\Townsend\Thumbs.db
2015-07-30 00:08 - 2015-07-30 00:08 - 00000000 ____D C:\Users\Townsend\AppData\OICE_15_974FA576_32C1D314_36F5
2015-07-30 00:07 - 2015-07-30 00:07 - 00000000 ____D C:\Users\Townsend\AppData\OICE_15_974FA576_32C1D314_38F8
2015-07-30 00:07 - 2015-07-30 00:07 - 00000000 ____D C:\Users\Townsend\AppData\OICE_15_974FA576_32C1D314_312E
2015-07-30 00:07 - 2015-07-30 00:07 - 00000000 ____D C:\Users\Townsend\AppData\OICE_15_974FA576_32C1D314_1BFC
2015-07-30 00:06 - 2015-07-30 00:06 - 00000000 ____D C:\Users\Townsend\AppData\OICE_15_974FA576_32C1D314_2973
2015-07-30 00:06 - 2015-07-30 00:06 - 00000000 ____D C:\Users\Townsend\AppData\OICE_15_974FA576_32C1D314_21DF
2015-07-29 22:59 - 2015-07-29 22:59 - 00000000 ____D C:\Users\Townsend\AppData\Roaming\Windows Live Writer
2015-07-29 22:59 - 2015-07-29 22:59 - 00000000 ____D C:\Users\Townsend\AppData\Local\Windows Live Writer
2015-07-29 17:28 - 2015-08-06 19:38 - 00000000 ____D C:\Users\Townsend\AppData\Roaming\U3
2015-07-28 06:28 - 2015-07-28 06:29 - 00375320 _____ C:\Windows\Minidump\072815-18345-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-21 16:05 - 2012-05-08 19:29 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-08-21 16:02 - 2012-05-08 19:29 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-08-21 15:57 - 2012-05-03 22:06 - 01973931 _____ C:\Windows\WindowsUpdate.log
2015-08-21 15:52 - 2012-07-06 13:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-21 14:33 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-21 14:33 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-21 14:21 - 2012-07-06 13:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-21 14:21 - 2012-05-03 22:37 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-08-21 14:21 - 2012-05-03 22:37 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-08-21 14:21 - 2012-05-03 22:26 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-08-21 14:21 - 2012-05-03 22:20 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-08-21 14:17 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-21 14:16 - 2009-07-13 23:51 - 00316189 _____ C:\Windows\setupact.log
2015-08-21 14:02 - 2012-10-21 01:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-21 14:02 - 2009-07-13 21:34 - 00000510 _____ C:\Windows\win.ini
2015-08-21 13:48 - 2009-07-13 23:45 - 00558344 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-18 08:04 - 2012-07-08 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-18 08:03 - 2012-07-08 23:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-18 08:03 - 2012-07-08 23:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 01:02 - 2010-11-10 22:25 - 00483760 _____ () C:\Users\Townsend\Desktop\setup.exe
2015-08-12 22:43 - 2009-07-14 00:32 - 00000000 ___RD C:\Program Files\MSBuild
2015-08-12 20:30 - 2015-02-11 04:08 - 00000000 ____D C:\3c1a130dbccbc293350e83dd96
2015-08-12 03:08 - 2013-04-22 00:20 - 00000000 ____D C:\Users\Townsend\Desktop\other
2015-08-12 03:08 - 2012-05-08 19:26 - 00000000 ____D C:\Users\Townsend
2015-08-11 17:41 - 2012-05-09 18:32 - 00000000 ____D C:\ProgramData\EPSON
2015-08-11 14:08 - 2013-08-16 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-08-11 14:00 - 2012-07-19 02:24 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 13:43 - 2012-05-09 12:10 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-08-11 13:24 - 2010-11-20 22:47 - 00254592 _____ C:\Windows\PFRO.log
2015-08-10 23:11 - 2012-05-16 18:52 - 00000000 ____D C:\Users\Townsend\AppData\Roaming\SoftGrid Client
2015-08-10 16:36 - 2012-05-03 22:26 - 00000000 ____D C:\Temp
2015-08-10 14:27 - 2012-05-08 19:31 - 00000000 ____D C:\Users\Townsend\Documents\Bluetooth Folder
2015-08-08 15:05 - 2011-02-10 11:10 - 00824452 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-08-08 15:05 - 2009-07-14 00:13 - 00868054 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-08 15:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-08-08 15:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\inetsrv
2015-08-07 16:59 - 2012-05-08 19:27 - 00116600 _____ C:\Users\Townsend\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-07 16:58 - 2009-07-13 22:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-07 16:55 - 2014-12-11 04:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-07 16:55 - 2014-05-06 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-07 16:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-07 16:54 - 2012-05-09 20:57 - 00000000 ____D C:\Users\Townsend\AppData\Local\CrashDumps
2015-08-07 13:54 - 2012-12-09 00:29 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-07 13:54 - 2012-12-09 00:29 - 00002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2015-08-06 20:24 - 2015-05-20 15:04 - 00000000 ____D C:\Program Files (x86)\PDF995
2015-08-06 20:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-06 19:44 - 2012-10-16 14:20 - 00000000 ____D C:\Users\Townsend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Store
2015-08-06 19:41 - 2015-05-20 21:24 - 00000000 ____D C:\Users\Townsend\AppData\Roaming\pdf995
2015-08-06 19:41 - 2015-04-27 11:58 - 00000000 ____D C:\Users\Townsend\Documents\CCCC Dr Green CE
2015-08-06 19:41 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-06 19:41 - 2014-10-02 08:23 - 00000000 ____D C:\Users\Townsend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Toolbar for Chrome and Firefox
2015-08-06 19:41 - 2014-10-02 08:22 - 00000000 ____D C:\Users\Townsend\AppData\Local\Package Cache
2015-08-06 19:41 - 2013-03-20 22:57 - 00000000 ____D C:\Users\Townsend\AppData\Local\Powerteq
2015-08-06 19:41 - 2012-10-16 15:05 - 00000000 ___RD C:\Users\Townsend\SkyDrive
2015-08-06 19:41 - 2012-09-13 03:00 - 00000000 ____D C:\Users\Townsend\AppData\Roaming\Skype
2015-08-06 19:41 - 2012-05-17 18:39 - 00000000 ____D C:\Users\Townsend\Documents\Local Roofing, Inc
2015-08-06 19:41 - 2012-05-08 19:31 - 00000000 ____D C:\Users\Townsend\AppData\Local\VirtualStore
2015-08-06 19:41 - 2009-07-13 22:20 - 00000000 ___RD C:\Users\Public\Libraries
2015-08-06 19:40 - 2015-05-20 21:24 - 00000000 ____D C:\ProgramData\pdf995
2015-08-06 19:40 - 2015-05-20 15:04 - 00000000 ____D C:\Program Files (x86)\HRBlock2013
2015-08-06 19:40 - 2015-04-28 14:50 - 00000000 ____D C:\Users\Townsend\.android
2015-08-06 19:40 - 2014-12-22 14:46 - 00000000 ____D C:\Program Files (x86)\Leapforce
2015-08-06 19:40 - 2013-03-20 22:49 - 00000000 ____D C:\Users\Townsend\AppData\Local\FusionClient
2015-08-06 19:40 - 2013-02-01 02:15 - 00000000 ____D C:\Users\Townsend\AppData\Local\Adams Business Forms
2015-08-06 19:40 - 2012-12-09 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-06 19:40 - 2012-11-01 19:39 - 00000000 ____D C:\Program Files\Adobe
2015-08-06 19:40 - 2012-10-21 01:11 - 00000000 ____D C:\Users\Townsend\AppData\Local\Microsoft Help
2015-08-06 19:40 - 2012-10-16 15:05 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2015-08-06 19:40 - 2012-10-16 14:20 - 00000000 ____D C:\Users\Townsend\AppData\Local\Apps\Dmc
2015-08-06 19:40 - 2012-10-16 14:20 - 00000000 ____D C:\Users\Townsend\AppData\Local\Applications
2015-08-06 19:40 - 2012-10-16 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-06 19:40 - 2012-10-16 13:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-06 19:40 - 2012-05-09 23:59 - 00000000 ____D C:\Users\Townsend\AppData\Local\Intuit_Inc
2015-08-06 19:40 - 2012-05-09 19:07 - 00000000 ____D C:\Users\Townsend\AppData\Local\Intuit
2015-08-06 19:40 - 2012-05-03 22:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-08-06 19:40 - 2012-05-03 22:29 - 00000000 ____D C:\Program Files (x86)\eBay
2015-08-06 19:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-08-06 19:38 - 2015-05-20 15:06 - 00000000 ____D C:\Users\Townsend\AppData\Roaming\TaxCut
2015-08-06 19:38 - 2014-12-22 14:46 - 00000000 ____D C:\Users\Townsend\AppData\Roaming\Leapforce
2015-08-06 19:38 - 2012-05-08 19:32 - 00000000 ____D C:\Users\Townsend\AppData\Roaming\Adobe
2015-08-06 19:35 - 2012-07-06 13:31 - 00000000 ____D C:\Users\Townsend\AppData\Local\Google
2015-08-06 19:35 - 2012-05-09 19:04 - 00000000 ____D C:\Users\Public\Documents\Intuit
2015-08-06 19:35 - 2012-05-09 19:04 - 00000000 ____D C:\ProgramData\Intuit
2015-08-06 19:35 - 2012-05-09 19:04 - 00000000 ____D C:\ProgramData\Documents\Intuit
2015-08-06 19:35 - 2012-05-03 22:35 - 00000000 ____D C:\ProgramData\Adobe
2015-08-06 19:35 - 2012-05-03 22:20 - 00000000 ____D C:\ProgramData\Intel
2015-08-06 05:18 - 2012-05-03 23:43 - 08009376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-08-06 05:17 - 2012-05-03 23:43 - 12063592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-08-06 05:17 - 2012-05-03 23:43 - 10192816 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-08-06 05:17 - 2012-05-03 23:43 - 08981304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-08-06 05:17 - 2012-05-03 23:43 - 08866472 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-08-06 05:17 - 2012-05-03 23:43 - 07483600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-08-06 05:17 - 2012-05-03 23:43 - 01468832 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-08-06 05:17 - 2012-05-03 23:43 - 01213224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-08-06 05:17 - 2012-05-03 23:43 - 00163792 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-08-06 05:17 - 2012-05-03 23:43 - 00144608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-08-06 05:17 - 2012-05-03 23:43 - 00131632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-08-06 05:17 - 2012-05-03 23:43 - 00112400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-08-06 05:16 - 2012-05-03 23:43 - 01256472 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-08-06 05:16 - 2012-05-03 23:43 - 00681488 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-08-06 05:16 - 2012-05-03 23:43 - 00255504 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-08-03 21:37 - 2012-05-03 22:46 - 00000000 ____D C:\ProgramData\Atheros
2015-08-02 12:59 - 2014-03-22 00:00 - 00000000 ____D C:\Users\Townsend\Documents\soulspark
2015-07-31 12:23 - 2015-04-14 19:54 - 00000000 ____D C:\Users\Townsend\Documents\2014 taxes personal and business
2015-07-30 18:48 - 2011-02-10 09:02 - 00000000 ____D C:\Windows\panther
2015-07-30 18:43 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-07-30 17:02 - 2012-05-08 19:29 - 00003460 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-07-30 16:38 - 2012-10-21 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-07-30 16:38 - 2012-05-03 22:22 - 00000000 ____D C:\Program Files (x86)\Dell Wireless
2015-07-30 16:38 - 2012-05-03 22:21 - 00000000 ____D C:\Program Files (x86)\Multimedia Card Reader(9106)
2015-07-30 16:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2015-07-30 16:35 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-30 16:35 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-30 16:35 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-07-30 16:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-07-30 16:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-07-30 16:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-07-30 16:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-30 16:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-07-30 16:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-07-30 16:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-07-30 16:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Setup
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\oobe
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\migwiz
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\icsxml
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\com
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors
2015-07-30 16:35 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-30 16:34 - 2013-03-04 20:04 - 00000000 ____D C:\Windows\Minidump
2015-07-30 16:34 - 2012-05-16 18:52 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-07-30 16:34 - 2012-05-09 19:02 - 00000000 ____D C:\Windows\Intuit
2015-07-30 16:34 - 2012-05-04 00:01 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-07-30 16:34 - 2012-05-03 22:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-07-30 16:34 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew
2015-07-30 16:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\restore
2015-07-30 16:34 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-30 16:34 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup
2015-07-30 16:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2015-07-30 16:33 - 2012-05-03 22:33 - 00000000 ____D C:\Windows\en
2015-07-30 16:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Branding
2015-07-30 16:32 - 2015-05-20 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2013
2015-07-30 16:32 - 2015-04-15 03:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-30 16:32 - 2015-04-15 03:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-30 16:32 - 2014-05-14 03:03 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-07-30 16:32 - 2013-03-20 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fusion
2015-07-30 16:32 - 2013-02-01 02:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tax Forms Helper 2012
2015-07-30 16:32 - 2012-11-13 13:14 - 00000000 ____D C:\Program Files\DIFX
2015-07-30 16:32 - 2012-07-06 13:29 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-30 16:32 - 2012-07-06 13:29 - 00000000 ____D C:\Program Files (x86)\Safari
2015-07-30 16:32 - 2012-07-06 13:24 - 00000000 ____D C:\ProgramData\Apple
2015-07-30 16:32 - 2012-05-09 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2015-07-30 16:32 - 2012-05-09 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-07-30 16:32 - 2012-05-03 22:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
2015-07-30 16:32 - 2012-05-03 22:34 - 00000000 ____D C:\Program Files\Dell Support Center
2015-07-30 16:32 - 2012-05-03 22:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-07-30 16:32 - 2012-05-03 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe Online
2015-07-30 16:32 - 2012-05-03 22:32 - 00000000 ____D C:\Program Files\Windows Live
2015-07-30 16:32 - 2012-05-03 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-07-30 16:32 - 2012-05-03 22:28 - 00000000 ____D C:\ProgramData\Skype
2015-07-30 16:32 - 2012-05-03 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2015-07-30 16:32 - 2012-05-03 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot
2015-07-30 16:32 - 2012-05-03 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-30 16:32 - 2012-05-03 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-07-30 16:32 - 2012-05-03 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Smart Net
2015-07-30 16:32 - 2012-05-03 22:25 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-07-30 16:32 - 2012-05-03 22:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2015-07-30 16:32 - 2012-05-03 22:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-07-30 16:32 - 2012-05-03 22:19 - 00000000 ____D C:\Program Files\Intel
2015-07-30 16:32 - 2012-05-03 22:17 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2015-07-30 16:32 - 2012-05-03 22:08 - 00000000 ____D C:\Program Files\Dell Inc
2015-07-30 16:32 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-07-30 16:32 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-30 16:31 - 2014-06-24 22:47 - 00000000 ____D C:\Netgear
2015-07-30 16:31 - 2012-07-06 13:24 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-07-30 16:31 - 2012-05-03 22:33 - 00000000 ____D C:\Program Files (x86)\Dell
2015-07-30 16:31 - 2012-05-03 22:30 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2015-07-30 16:31 - 2012-05-03 22:25 - 00000000 ____D C:\Program Files (x86)\AMD APP
2015-07-30 16:30 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-30 16:28 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-30 16:25 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2015-07-30 16:25 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-07-30 16:25 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2015-07-30 16:25 - 2010-11-21 02:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-07-30 16:25 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2015-07-30 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Web
2015-07-30 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Vss
2015-07-30 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2015-07-30 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2015-07-30 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList
2015-07-30 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2015-07-30 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2015-07-30 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2015-07-30 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2015-07-30 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-07-30 16:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com
2015-07-30 16:17 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Performance
2015-07-30 16:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Speech
2015-07-30 16:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2015-07-30 16:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2015-07-30 16:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA
2015-07-30 16:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2015-07-30 16:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Globalization
2015-07-30 16:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-30 16:00 - 2015-06-07 17:51 - 00000000 ____D C:\ProgramData\Oracle
2015-07-30 16:00 - 2015-05-20 15:03 - 00000000 ____D C:\ProgramData\TaxCut
2015-07-30 16:00 - 2009-07-13 22:20 - 00000000 ___RD C:\Users\Default
2015-07-30 15:59 - 2012-11-13 13:10 - 00000000 ____D C:\ProgramData\Leapfrog
2015-07-30 15:59 - 2012-05-03 22:21 - 00000000 ____D C:\ProgramData\Dell
2015-07-30 15:58 - 2012-05-04 00:01 - 00000000 ____D C:\Program Files\Realtek
2015-07-30 15:58 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Windows NT
2015-07-30 15:57 - 2012-10-21 01:11 - 00000000 ____D C:\Program Files\Microsoft Office
2015-07-30 15:55 - 2012-10-21 01:11 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-07-30 15:55 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-07-30 15:54 - 2013-03-20 22:42 - 00000000 ____D C:\Program Files (x86)\Powerteq
2015-07-30 15:54 - 2012-05-09 18:32 - 00000000 ____D C:\Program Files\Common Files\EPSON
2015-07-30 15:54 - 2012-05-03 22:25 - 00000000 ____D C:\Program Files\ATI
2015-07-30 15:54 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-07-30 15:54 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-07-30 15:53 - 2012-10-21 01:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-07-30 15:53 - 2012-05-03 22:32 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-07-30 15:52 - 2012-05-09 19:04 - 00000000 ____D C:\Program Files (x86)\Intuit
2015-07-30 15:52 - 2012-05-03 22:17 - 00000000 ____D C:\Program Files (x86)\Intel
2015-07-30 15:51 - 2012-07-06 13:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-30 15:50 - 2012-05-03 22:35 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-30 15:50 - 2012-05-03 22:25 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-07-30 15:50 - 2012-05-03 22:22 - 00000000 ____D C:\Program Files (x86)\Cisco
2015-07-30 15:49 - 2013-02-01 02:17 - 00000000 ____D C:\Adams Business Forms
2015-07-30 15:49 - 2012-10-20 22:56 - 00000000 ___RD C:\MSOCache
2015-07-30 15:49 - 2011-02-10 09:01 - 00000000 ____D C:\dell
2015-07-30 00:21 - 2012-12-09 01:03 - 00033792 ___SH C:\Users\Townsend\Documents\Thumbs.db
2015-07-29 22:59 - 2014-07-05 14:10 - 00000000 ____D C:\Users\Townsend\AppData\Local\Windows Live
2015-07-29 20:18 - 2012-12-09 01:03 - 00035328 ___SH C:\Users\Townsend\Desktop\Thumbs.db
2015-07-28 06:28 - 2013-03-04 20:04 - 633551378 _____ C:\Windows\MEMORY.DMP
2015-07-27 15:22 - 2012-05-03 22:20 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

==================== Files in the root of some directories =======

2012-10-16 13:54 - 2012-10-16 13:53 - 0461464 _____ (Microsoft Corporation) C:\Program Files\integrator.exe
2015-08-06 20:24 - 2015-08-06 20:24 - 0000378 _____ () C:\Program Files (x86)\temp995.bat
2015-07-30 13:54 - 2015-07-30 14:46 - 0033280 ___SH () C:\Users\Townsend\AppData\Roaming\Thumbs.db
2015-07-30 12:42 - 2015-07-30 12:43 - 0027128 _____ () C:\Users\Townsend\AppData\Roaming\UserTile.png
2015-07-13 14:09 - 2015-07-13 14:09 - 0023552 _____ () C:\Users\Townsend\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-30 19:13 - 2015-08-12 16:56 - 0007607 _____ () C:\Users\Townsend\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Townsend\AppData\Local\Temp\cct.dll
C:\Users\Townsend\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Townsend\AppData\Local\Temp\JavaIC.dll
C:\Users\Townsend\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Townsend\AppData\Local\Temp\msscct32.dll
C:\Users\Townsend\AppData\Local\Temp\Quarantine.exe
C:\Users\Townsend\AppData\Local\Temp\sqlite3.dll
C:\Users\Townsend\AppData\Local\Temp\YSearchUtil.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-21 15:55

==================== End of log ============================

 

 

 

 

 

*****ADDITIONAL SCAN****

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-08-2015 02
Ran by Townsend (2015-08-21 16:10:58)
Running from C:\Users\Townsend\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E8FURIS3
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3955517247-3422824997-2948068551-500 - Administrator - Disabled)
Guest (S-1-5-21-3955517247-3422824997-2948068551-501 - Limited - Enabled)
MistNic (S-1-5-21-3955517247-3422824997-2948068551-1003 - Administrator - Enabled) => C:\Users\MistNic
Townsend (S-1-5-21-3955517247-3422824997-2948068551-1001 - Administrator - Enabled) => C:\Users\Townsend

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.2 64-bit (HKLM\...\{A94AABAE-52F0-48C4-9F94-A4CA4B423576}) (Version: 3.2.1 - Adobe)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Toolbar for Chrome and Firefox (HKU\S-1-5-21-3955517247-3422824997-2948068551-1001\...\{48d64967-4bb5-43ed-ad26-e3736c179d64}) (Version: 3.0.5387.0 - DataTool Services)
Data Toolbar for Chrome and Firefox (x32 Version: 3.0.5387.0 - DataTool Services) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
Fusion (HKLM-x32\...\{B9932399-5955-45B5-A792-25FAAAA1EA70}) (Version: 2.1.60 - Powerteq)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
H&R Block Premium + Efile + State 2013 (HKLM-x32\...\{7304A91F-F4AF-41B3-85B6-C5923EDBF899}) (Version: 13.07.7601 - HRB Technology, LLC.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 365 Home Premium Preview - en-us (HKLM\...\Microsoft Office Professional 15 (Technical Preview) - en-us) (Version: 15.0.4128.1025 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3955517247-3422824997-2948068551-1001\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Store Download Manager (HKLM-x32\...\{8CB3ECF6-C914-4C54-A649-BA45E5BB5643}) (Version: 3.0.5617.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4128.1025 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4128.1022 - Microsoft Corporation) Hidden
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickBooks (x32 Version: 22.0.4012.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM-x32\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4012.2206 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Tax Forms Helper 2012 10.5 (HKLM-x32\...\Tax Forms Helper 2012_is1) (Version:  - )
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

07-08-2015 16:34:23 Windows Update
07-08-2015 16:52:56 DCInstallRestorePoint
10-08-2015 15:26:00 Windows Update
11-08-2015 13:59:12 Windows Update
18-08-2015 07:58:31 Windows Update
21-08-2015 13:52:44 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-08-12 17:41 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03DFB2BA-56F9-4913-85CB-DA770A7E5DB0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {3E26795B-2CFE-4B06-883E-E716CBD7C989} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {46A75144-B362-47BB-8D27-AC3AA9927AB4} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {486F11A3-48C9-4CA5-9BD0-AEB838C4243A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-11] (Microsoft Corporation)
Task: {5DC65BCE-65BC-46E6-8781-5416ADF2AA5E} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {679F3C7D-85E2-4180-8BEF-C45E980DA099} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {68CB77CA-3CC6-4B68-8C72-18FA530F8E5E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {87956520-1BBB-4109-95DD-19174909E32B} - System32\Tasks\{84D0761A-D84A-4B67-84F8-A5D1975AF60D} => pcalua.exe -a "C:\Users\Townsend\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\965HXTWM\JavaSetup8u45.exe" -d C:\Users\Townsend\Desktop
Task: {8DA4FBA4-2CB4-4F9D-B63E-678DE4E258D0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {B946B287-CA94-4129-B810-84B0EB04846E} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {C4CB22DF-CB0D-4111-83B4-3C4501121C16} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-16] (Microsoft Corporation)
Task: {D4FEF0EF-4170-41AC-AA93-C6CA48703B0C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E71F0F76-E11B-4F15-9EB9-21A0A4B0EBC1} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {F059D28E-BE84-4285-83EC-3844C72076DF} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {FA79940F-579D-4B09-990A-CB522EFC9C8B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (Whitelisted) ==============

2012-05-03 22:20 - 2012-01-21 11:35 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-10-16 13:43 - 2012-08-16 22:56 - 00266864 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2012-10-16 14:10 - 2012-10-16 14:31 - 06307952 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-17 03:36 - 2014-10-17 03:36 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-05-03 22:17 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-05-03 22:19 - 2012-01-21 06:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3955517247-3422824997-2948068551-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Townsend\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{613E2106-1200-49FA-9F3D-F37A120BFCC8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A11DA21E-CE5D-46F4-B825-7CF4EC6B0BAF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{62BDEACA-11C4-4AEC-94AF-38AAD0327D75}] => (Allow) LPort=2869
FirewallRules: [{B0BD660A-1F85-46BF-9A07-0EE75F42FA87}] => (Allow) LPort=1900
FirewallRules: [{34D1C339-BD96-4555-960E-58C7AD026B68}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F90E5834-6FDC-4AB7-A667-FB0F7766CC31}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{637387EA-2D46-4FF8-BC2E-03D02417DFB1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F793C211-D5D5-44BA-9364-22C75D4F26C2}] => (Allow) C:\Users\Townsend\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{3015D7BD-4F85-45FC-9710-037F28372078}] => (Allow) C:\Users\Townsend\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{449A005F-1FD2-4CC0-A20E-36098CE49797}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Could not start eventlog service, could not read events.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8156.8 MB
Available physical RAM: 5912.47 MB
Total Virtual: 16311.8 MB
Available Virtual: 14082.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:760.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 698858B4)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)

==================== End of log ============================



#13 Mistnic

Mistnic
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:36 AM

Posted 21 August 2015 - 04:22 PM

Forgive me...I hit the button to post a few times, worried it wasn't going through. :)

Attached Files

  • Attached File  Summ.zip   48.63KB   2 downloads

Edited by Mistnic, 21 August 2015 - 04:27 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 AM

Posted 21 August 2015 - 07:04 PM

Greetings Misti and welcome back.

Hold off on the Genuine Windows issue.

Please download FRST again and save it to your Desktop. This won't work for us.

Running from C:\Users\Townsend\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E8FURIS3


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001 -> {8C916A47-E39C-47A2-8873-0F47833C4698} URL =
Toolbar: HKU\S-1-5-21-3955517247-3422824997-2948068551-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]
S3 zghsmdm; system32\DRIVERS\zghsmdm.sys [X]
S3 zghsnmea; system32\DRIVERS\zghsnmea.sys [X]
C:\Users\Townsend\AppData\Local\Temp\cct.dll
C:\Users\Townsend\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Townsend\AppData\Local\Temp\JavaIC.dll
C:\Users\Townsend\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Townsend\AppData\Local\Temp\msscct32.dll
C:\Users\Townsend\AppData\Local\Temp\Quarantine.exe
C:\Users\Townsend\AppData\Local\Temp\sqlite3.dll
C:\Users\Townsend\AppData\Local\Temp\YSearchUtil.dll
Task: {87956520-1BBB-4109-95DD-19174909E32B} - System32\Tasks\{84D0761A-D84A-4B67-84F8-A5D1975AF60D} => pcalua.exe -a "C:\Users\Townsend\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\965HXTWM\JavaSetup8u45.exe" -d C:\Users\Townsend\Desktop
File: C:\Program Files (x86)\temp995.bat
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

CheckDiskGUI

--------------------
  • Download CheckDiskGUI and save it to your desktop
  • Double click the icon and select Run
  • Under the DirtyBit column please let me know if there is any indication of a Dirty Bit
  • Place a check mark in the C: drive box
  • Click Read Only
  • Once completed click File, then Save
  • Save the file to your desktop as CheckDiskGUI (should be default name)
  • Copy and paste the contents of the report in your reply
===================================================

MGADiag Tool

-------------------
  • Download MGADiag Tool and save it to your desktop
  • Double click the icon then if necessary click OK on the Executable File warning
  • Click Run, then Continue
  • Once completed a Microsoft Genuine Advantage Diagnostic Tool screen will open
  • Click Copy
  • Press the Windows Key + R at the same time
  • Type Notepad and press Enter
  • Save the file on your Desktop as WGA.txt
  • Upload the file here
  • Let me know when the file has been uploaded
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • CheckDiskGUI log
  • Uploaded MGA.txt file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 AM

Posted 24 August 2015 - 10:26 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users