Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015 Ran by admin (administrator) on TSUTTON-XPS12 on 04-05-2015 16:56:50 Running from C:\Users\admin\Desktop Loaded Profiles: admin (Available profiles: tsutton & rwalker-admin & admin & localAdmin) Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\boostwebapp\1.1.0.31\mohqwban.EXE (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\ProgramData\boostwebapp\1.1.0.31\GaaflaCoce.exe (HP) C:\Program Files (x86)\Hp\HPLaserJetService\HPLaserJetService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe () C:\ProgramData\boostwebapp\1.1.0.31\mohqaban.EXE () C:\Windows\mtnj.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe (DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe () C:\ProgramData\boostwebapp\1.1.0.31\Zutadye.EXE (Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Compal Electronics, INC.) C:\Program Files\Dell\QuickSet\ResetTouch.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\StatusAlerts\bin\HPStatusAlerts.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe () C:\ProgramData\boostwebapp\1.1.0.31\mohqdban.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-06] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-09-06] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-09-06] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [] => [X] HKLM\...\Run: [ResetTouch] => c:\Program Files\Dell\QuickSet\ResetTouch.exe [2345808 2013-03-04] (Compal Electronics, INC.) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5777224 2013-09-02] (Dell Inc.) HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3707120 2014-08-13] (Hewlett-Packard Company) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49904 2014-08-13] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3769467500-3583379074-2392525900-1002\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2013-11-16] ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) Startup: C:\Users\tsutton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-04] ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{e1453844-7f13-c9fa-e145-538447f1e111}\hqghumeaylnlf.exe (No File) Startup: C:\Users\tsutton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2014-08-12] ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation) Startup: C:\Users\tsutton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-11-25] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3769467500-3583379074-2392525900-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-3769467500-3583379074-2392525900-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3769467500-3583379074-2392525900-1002 -> {A4F5764F-B525-4DF1-AE89-CDA72EE8CDBD} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-29] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-29] (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab Tcpip\Parameters: [DhcpNameServer] 172.16.8.200 172.16.8.207 FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\dmcoy4or.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-11] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-11] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-29] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-09-12] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-09-12] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-09-12] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-09-12] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-09-12] (Apple Inc.) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "esegixy" service could not be unlocked. <===== ATTENTION Locked "HowgazJuldo" service could not be unlocked. <===== ATTENTION Locked "mespelcamm" service could not be unlocked. <===== ATTENTION Locked "tammgF119" service could not be unlocked. <===== ATTENTION Locked "tammgR119" service could not be unlocked. <===== ATTENTION S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation) S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed] R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-05] (Intel Corporation) R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-08] (Intel Corporation) R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-11] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 mtnj; c:\windows\mtnj.exe [408576 2015-05-04] () [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] () R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-09-06] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1911312 2013-08-30] (SoftThinks SAS) S4 tnj; c:\windows\tnj.exe [417792 2015-05-04] () [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation) R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] () R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation) R3 Zutadye; C:\ProgramData\boostwebapp\1.1.0.31\Zutadye.exe [0 ] () <==== ATTENTION (zero size file/folder) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation) R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation) S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [83960 2013-08-08] (Intel Corporation) S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [129528 2013-08-08] (Intel Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] () R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation) R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] () S3 LAN7500; C:\Windows\system32\DRIVERS\lan7500-x64-n630f.sys [95744 2014-12-04] (SMSC) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-04] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-11] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3440096 2014-04-16] (Intel Corporation) R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation) R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation) R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation) R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2013-08-27] (Synaptics Incorporated) R5 tammgF119; C:\Windows\System32\Drivers\tammgF119.sys [34952 2015-05-04] () [File not signed] R5 tammgR119; C:\Windows\System32\Drivers\tammgR119.sys [36488 2015-05-04] () [File not signed] R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [29952 2013-09-12] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-04 16:56 - 2015-05-04 16:57 - 00021200 _____ () C:\Users\admin\Desktop\FRST.txt 2015-05-04 16:56 - 2015-05-04 16:56 - 00000000 ____D () C:\FRST 2015-05-04 16:55 - 2015-05-04 16:55 - 02101248 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe 2015-05-04 16:32 - 2015-05-04 12:02 - 00036488 _____ () C:\Windows\system32\Drivers\tammgR119.sys 2015-05-04 16:32 - 2015-05-04 12:02 - 00034952 _____ () C:\Windows\system32\Drivers\tammgF119.sys 2015-05-04 16:17 - 2015-05-04 16:17 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3203721793-3198379332-896013655-5752 2015-05-04 15:23 - 2015-05-04 15:23 - 00001376 _____ () C:\Users\admin\Desktop\JRT.txt 2015-05-04 15:21 - 2015-05-04 15:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TSUTTON-XPS12-Windows-8.1-Pro-with-Media-Center-(64-bit).dat 2015-05-04 15:21 - 2015-05-04 15:21 - 00000000 ____D () C:\RegBackup 2015-05-04 15:20 - 2015-05-04 15:20 - 00000954 _____ () C:\Users\admin\Downloads\ccsetup505.exe 2015-05-04 15:19 - 2015-05-04 15:19 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla 2015-05-04 15:19 - 2015-05-04 15:19 - 00000000 ____D () C:\Users\admin\AppData\Local\Mozilla 2015-05-04 15:06 - 2015-05-04 15:06 - 00000000 ____D () C:\ProgramData\Sophos 2015-05-04 15:04 - 2015-05-04 16:53 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps 2015-05-04 15:04 - 2015-05-04 15:04 - 00002775 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2015-05-04 15:04 - 2015-05-04 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2015-05-04 15:04 - 2015-05-04 15:04 - 00000000 ____D () C:\Program Files (x86)\Sophos 2015-05-04 14:56 - 2015-05-04 16:35 - 00000000 ____D () C:\AdwCleaner 2015-05-04 14:56 - 2015-05-04 14:55 - 119275136 _____ (Sophos Limited) C:\Users\admin\Desktop\Sophos Virus Removal Tool.exe 2015-05-04 14:56 - 2015-05-04 14:53 - 02716306 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe 2015-05-04 14:55 - 2015-05-04 14:44 - 02204160 _____ () C:\Users\admin\Desktop\adwcleaner_4.203.exe 2015-05-04 13:37 - 2015-05-04 13:37 - 00001399 _____ () C:\Users\tsutton\Desktop\ForRyan.txt 2015-05-04 13:28 - 2015-05-04 14:09 - 00000000 ____D () C:\Windows\LastGood.Tmp 2015-05-04 13:28 - 2015-05-04 13:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lan7500-x64-n630f_01011.Wdf 2015-05-04 13:27 - 2015-05-04 13:27 - 00000000 ____D () C:\ProgramData\f8e5ba700002823 2015-05-04 13:21 - 2015-05-04 16:36 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-04 13:20 - 2015-05-04 13:20 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\tsutton\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-04 13:20 - 2015-05-04 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-04 13:20 - 2015-05-04 13:20 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-04 13:20 - 2015-05-04 13:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-05-04 13:20 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-04 13:20 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-04 13:20 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-04 13:19 - 2015-05-04 13:19 - 00001020 _____ () C:\Windows\Tasks\eWIXeY4wGiRJ.job 2015-05-04 13:18 - 2015-05-04 13:18 - 00000000 ____D () C:\Users\tsutton\AppData\Local\Bypass 2015-05-04 13:18 - 2015-05-04 13:18 - 00000000 ____D () C:\ProgramData\o 2015-05-04 13:18 - 2015-05-04 13:18 - 00000000 ____D () C:\Program Files (x86)\S5 2015-05-04 13:06 - 2015-05-04 14:04 - 00000000 ___HD () C:\ProgramData\tnj 2015-05-04 13:03 - 2015-05-04 13:03 - 00631296 _____ () C:\Windows\tnj.dat 2015-05-04 13:03 - 2015-05-04 13:03 - 00417792 _____ () C:\Windows\tnj.exe 2015-05-04 13:03 - 2015-05-04 13:03 - 00408576 _____ () C:\Windows\mtnj.exe 2015-05-04 12:07 - 2015-05-04 12:07 - 00000000 ____D () C:\Users\tsutton\Documents\Optimizer Pro 2015-05-04 12:02 - 2015-05-04 16:51 - 00004720 _____ () C:\Windows\SysWOW64\Zutadye.ini 2015-05-04 12:02 - 2015-05-04 16:51 - 00002624 _____ () C:\Windows\SysWOW64\ZutadyeOff.ini 2015-05-04 12:02 - 2015-05-04 16:51 - 00002624 _____ () C:\Windows\system32\ZutadyeOff.ini 2015-05-04 12:02 - 2015-05-04 12:02 - 00000000 ____D () C:\ProgramData\boostwebapp 2015-05-04 12:02 - 2015-05-04 11:08 - 00398336 _____ () C:\Windows\system32\Zutadye64.dll 2015-05-04 12:02 - 2015-05-04 11:08 - 00329216 _____ () C:\Windows\SysWOW64\Zutadye.dll 2015-05-04 12:01 - 2015-05-04 12:01 - 00000000 ____D () C:\Windows\Downloaded Installations 2015-05-04 12:01 - 2015-05-04 12:01 - 00000000 ____D () C:\Users\tsutton\AppData\Local\Zeoinsight 2015-05-04 12:01 - 2015-05-04 12:01 - 00000000 ____D () C:\Users\tsutton\AppData\Local\ZBAnalyticsCore 2015-04-30 00:01 - 2015-04-30 00:01 - 00023200 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys 2015-04-27 12:43 - 2015-04-27 12:43 - 00162414 _____ () C:\Users\tsutton\Downloads\logo.eps 2015-04-21 10:57 - 2015-04-21 10:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-17 10:31 - 2015-05-04 14:57 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{80A22C86-A9B5-4717-B7FF-507CEBE527EA} 2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieUserList 2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieSiteList 2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieBrowserModeList 2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Macromedia 2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Hewlett-Packard Company 2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Apple Computer 2015-04-16 10:59 - 2015-04-16 10:59 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-16 08:08 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-16 08:08 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-16 08:08 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-16 08:08 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-16 08:08 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-04-16 08:08 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-04-16 08:07 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-16 08:07 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-16 08:07 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-16 08:07 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-15 14:37 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-15 14:37 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-15 14:37 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-04-15 14:37 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-15 14:37 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-04-15 14:37 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll 2015-04-15 14:37 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-15 14:37 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-15 14:37 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-04-15 14:37 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-04-15 14:37 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-04-15 14:37 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-04-15 14:37 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-15 14:37 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-15 14:37 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-15 14:37 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-15 14:37 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-15 14:37 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-15 14:37 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-15 14:37 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-15 14:37 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-15 14:37 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2015-04-15 14:37 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-04-15 14:37 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-15 14:37 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-15 14:37 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-15 14:37 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-15 14:37 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-15 14:37 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-15 14:37 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-15 14:37 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-15 14:37 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-15 14:37 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-15 14:37 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-04-15 14:37 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-15 14:37 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-15 14:37 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-15 14:37 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-15 14:37 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-15 14:37 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-04-15 14:37 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-04-15 14:37 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-15 14:37 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-15 14:37 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-15 14:37 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2015-04-15 14:37 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-04-15 14:37 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-15 14:37 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-15 14:37 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-15 14:37 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2015-04-15 14:37 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-15 14:37 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-15 14:37 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-15 14:37 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-15 14:37 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-15 14:37 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-15 14:37 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2015-04-15 14:37 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-15 14:37 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-04-15 14:37 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-15 14:37 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll 2015-04-14 11:28 - 2015-04-14 11:28 - 00004387 _____ () C:\Users\tsutton\AppData\Roaming\eWIXeY4wGiRJ 2015-04-05 02:47 - 2015-04-05 02:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-05 02:47 - 2015-04-05 02:47 - 00000000 ___SD () C:\Windows\system32\GWX ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-04 16:56 - 2013-11-16 06:23 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-04 16:53 - 2013-11-16 06:20 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2015-05-04 16:53 - 2013-11-16 06:17 - 01766701 _____ () C:\Windows\WindowsUpdate.log 2015-05-04 16:52 - 2015-02-01 16:53 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-04 16:52 - 2013-11-16 06:18 - 00003282 _____ () C:\Windows\System32\Tasks\Intel(R) Rapid Start Technology Manager 2015-05-04 16:51 - 2014-11-05 16:18 - 00019879 _____ () C:\Windows\setupact.log 2015-05-04 16:51 - 2013-11-25 13:59 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl 2015-05-04 16:51 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-04 16:29 - 2013-11-16 06:08 - 00197468 _____ () C:\Windows\PFRO.log 2015-05-04 16:28 - 2013-08-22 08:25 - 01310720 ___SH () C:\Windows\system32\config\BBI 2015-05-04 16:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-05-04 16:14 - 2013-11-26 11:22 - 00000000 ___DO () C:\Users\tsutton\SkyDrive 2015-05-04 16:12 - 2015-01-15 15:48 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CREDERA-tsutton TSutton-XPS12.credera.com 2015-05-04 15:56 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Web 2015-05-04 15:04 - 2015-02-01 16:53 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-04 15:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru 2015-05-04 14:59 - 2013-11-16 05:21 - 00000000 ____D () C:\Windows\Panther 2015-05-04 14:23 - 2013-11-25 15:48 - 00000000 ____D () C:\Users\tsutton 2015-05-04 14:19 - 2013-11-25 13:54 - 00000000 ____D () C:\Windows\CSC 2015-05-04 14:09 - 2013-12-16 15:36 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {a3a8717c-255a-4d6b-88be-a62a6f2ceb41} TSutton-XPS12.credera.com 2015-05-04 13:37 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\TAPI 2015-05-04 12:33 - 2013-11-25 15:57 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{379F1CB6-A3E1-42DB-9780-5444B557C917} 2015-05-04 12:32 - 2014-05-15 09:06 - 00000590 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3203721793-3198379332-896013655-5752.job 2015-05-04 12:01 - 2013-11-25 17:13 - 00000000 ____D () C:\Users\tsutton\AppData\Local\CrashDumps 2015-05-01 16:23 - 2013-11-25 15:48 - 00000000 ____D () C:\Users\tsutton\AppData\Local\Packages 2015-05-01 13:41 - 2013-11-26 06:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-30 14:15 - 2010-05-24 20:48 - 00000000 ___RD () C:\Users\tsutton\Documents\Personal 2015-04-29 11:05 - 2014-07-14 17:32 - 00000000 ____D () C:\ProgramData\Oracle 2015-04-29 11:04 - 2014-07-14 17:31 - 00000000 ____D () C:\Program Files (x86)\Java 2015-04-29 11:03 - 2014-07-14 17:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-04-17 10:32 - 2013-11-25 14:12 - 00000000 ____D () C:\Users\admin\AppData\Local\Packages 2015-04-17 09:47 - 2013-08-22 09:44 - 00487752 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-17 09:45 - 2013-11-25 14:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-04-17 09:45 - 2013-11-25 14:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2015-04-17 09:45 - 2013-11-25 14:31 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-17 09:44 - 2013-08-22 14:12 - 00000000 ____D () C:\Windows\ShellNew 2015-04-17 09:41 - 2013-08-22 08:25 - 00000199 _____ () C:\Windows\win.ini 2015-04-17 04:57 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache 2015-04-16 13:40 - 2014-05-15 09:06 - 00003592 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3203721793-3198379332-896013655-5752 2015-04-16 11:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppCompat 2015-04-16 10:59 - 2015-03-17 07:59 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-16 08:48 - 2013-11-25 14:05 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-16 08:45 - 2013-11-25 14:05 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-16 08:44 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-04-15 14:22 - 2014-11-12 09:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2015-04-13 18:24 - 2013-08-22 10:38 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-04-13 18:24 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2013-11-16 06:09 - 2013-11-16 06:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\rwalker-admin\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-02 11:35 ==================== End Of Log ============================