Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Persistent Malware - tammgf119 [Solved]

Started by rwalker03 , May 04 2015 06:15 PM

This topic is locked

#1
rwalker03

Posted 04 May 2015 - 06:15 PM

New Member

Member
5 posts

Hi,

I would really appreciate some help. I have a computer on which MalwareBytes detects malware, but I can't get it to go away. It keeps launching popups on boot up, and the program I see in Task Manager when they're on the screen is "mohqdban". I've tried running tools in safe mode and deleting the files themselves. I've attached a log from mbam as well as the results from frst. Here is my log from MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/4/2015
Scan Time: 3:47:25 PM
Logfile: scanlog.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.04.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 483676
Time Elapsed: 6 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tammgF119, Quarantined, [1690c2cd9dedb680ae201f414bbac739],
Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tammgR119, Quarantined, [3076ade2dfabdc5ae2ec3b2519ec23dd],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Rootkit.Agent.A, C:\Windows\System32\drivers\tammgF119.sys, Delete-on-Reboot, [f171f17fc9fd2a27fda741de0337cb72],
Rootkit.Agent.A, C:\Windows\System32\drivers\tammgR119.sys, Delete-on-Reboot, [f94f58dfab029109e165aed164866260],

Physical Sectors: 0
(No malicious items detected)

(end)

Here are the results of FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by admin (administrator) on TSUTTON-XPS12 on 04-05-2015 16:56:50
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: tsutton & rwalker-admin & admin & localAdmin)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\boostwebapp\1.1.0.31\mohqwban.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\boostwebapp\1.1.0.31\GaaflaCoce.exe
(HP) C:\Program Files (x86)\Hp\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
() C:\ProgramData\boostwebapp\1.1.0.31\mohqaban.EXE
() C:\Windows\mtnj.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\ProgramData\boostwebapp\1.1.0.31\Zutadye.EXE
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Compal Electronics, INC.) C:\Program Files\Dell\QuickSet\ResetTouch.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\StatusAlerts\bin\HPStatusAlerts.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
() C:\ProgramData\boostwebapp\1.1.0.31\mohqdban.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-09-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-09-06] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ResetTouch] => c:\Program Files\Dell\QuickSet\ResetTouch.exe [2345808 2013-03-04] (Compal Electronics, INC.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5777224 2013-09-02] (Dell Inc.)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3707120 2014-08-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49904 2014-08-13] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3769467500-3583379074-2392525900-1002\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2013-11-16]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\tsutton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-04]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{e1453844-7f13-c9fa-e145-538447f1e111}\hqghumeaylnlf.exe (No File)
Startup: C:\Users\tsutton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2014-08-12]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\tsutton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-11-25]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3769467500-3583379074-2392525900-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3769467500-3583379074-2392525900-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3769467500-3583379074-2392525900-1002 -> {A4F5764F-B525-4DF1-AE89-CDA72EE8CDBD} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-29] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-29] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 172.16.8.200 172.16.8.207

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\dmcoy4or.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-09-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-09-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-09-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-09-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-09-12] (Apple Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "esegixy" service could not be unlocked. <===== ATTENTION
Locked "HowgazJuldo" service could not be unlocked. <===== ATTENTION
Locked "mespelcamm" service could not be unlocked. <===== ATTENTION
Locked "tammgF119" service could not be unlocked. <===== ATTENTION
Locked "tammgR119" service could not be unlocked. <===== ATTENTION

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-05] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-08] (Intel Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-11] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 mtnj; c:\windows\mtnj.exe [408576 2015-05-04] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-09-06] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1911312 2013-08-30] (SoftThinks SAS)
S4 tnj; c:\windows\tnj.exe [417792 2015-05-04] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
R3 Zutadye; C:\ProgramData\boostwebapp\1.1.0.31\Zutadye.exe [0 ] () <==== ATTENTION (zero size file/folder)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [83960 2013-08-08] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [129528 2013-08-08] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
S3 LAN7500; C:\Windows\system32\DRIVERS\lan7500-x64-n630f.sys [95744 2014-12-04] (SMSC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-11] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3440096 2014-04-16] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2013-08-27] (Synaptics Incorporated)
R5 tammgF119; C:\Windows\System32\Drivers\tammgF119.sys [34952 2015-05-04] () [File not signed]
R5 tammgR119; C:\Windows\System32\Drivers\tammgR119.sys [36488 2015-05-04] () [File not signed]
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [29952 2013-09-12] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-04 16:56 - 2015-05-04 16:57 - 00021200 _____ () C:\Users\admin\Desktop\FRST.txt
2015-05-04 16:56 - 2015-05-04 16:56 - 00000000 ____D () C:\FRST
2015-05-04 16:55 - 2015-05-04 16:55 - 02101248 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-05-04 16:32 - 2015-05-04 12:02 - 00036488 _____ () C:\Windows\system32\Drivers\tammgR119.sys
2015-05-04 16:32 - 2015-05-04 12:02 - 00034952 _____ () C:\Windows\system32\Drivers\tammgF119.sys
2015-05-04 16:17 - 2015-05-04 16:17 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3203721793-3198379332-896013655-5752
2015-05-04 15:23 - 2015-05-04 15:23 - 00001376 _____ () C:\Users\admin\Desktop\JRT.txt
2015-05-04 15:21 - 2015-05-04 15:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TSUTTON-XPS12-Windows-8.1-Pro-with-Media-Center-(64-bit).dat
2015-05-04 15:21 - 2015-05-04 15:21 - 00000000 ____D () C:\RegBackup
2015-05-04 15:20 - 2015-05-04 15:20 - 00000954 _____ () C:\Users\admin\Downloads\ccsetup505.exe
2015-05-04 15:19 - 2015-05-04 15:19 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2015-05-04 15:19 - 2015-05-04 15:19 - 00000000 ____D () C:\Users\admin\AppData\Local\Mozilla
2015-05-04 15:06 - 2015-05-04 15:06 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-04 15:04 - 2015-05-04 16:53 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2015-05-04 15:04 - 2015-05-04 15:04 - 00002775 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-04 15:04 - 2015-05-04 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-04 15:04 - 2015-05-04 15:04 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-04 14:56 - 2015-05-04 16:35 - 00000000 ____D () C:\AdwCleaner
2015-05-04 14:56 - 2015-05-04 14:55 - 119275136 _____ (Sophos Limited) C:\Users\admin\Desktop\Sophos Virus Removal Tool.exe
2015-05-04 14:56 - 2015-05-04 14:53 - 02716306 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2015-05-04 14:55 - 2015-05-04 14:44 - 02204160 _____ () C:\Users\admin\Desktop\adwcleaner_4.203.exe
2015-05-04 13:37 - 2015-05-04 13:37 - 00001399 _____ () C:\Users\tsutton\Desktop\ForRyan.txt
2015-05-04 13:28 - 2015-05-04 14:09 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-05-04 13:28 - 2015-05-04 13:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lan7500-x64-n630f_01011.Wdf
2015-05-04 13:27 - 2015-05-04 13:27 - 00000000 ____D () C:\ProgramData\f8e5ba700002823
2015-05-04 13:21 - 2015-05-04 16:36 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-04 13:20 - 2015-05-04 13:20 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\tsutton\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-04 13:20 - 2015-05-04 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-04 13:20 - 2015-05-04 13:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-04 13:20 - 2015-05-04 13:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-04 13:20 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-04 13:20 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-04 13:20 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-04 13:19 - 2015-05-04 13:19 - 00001020 _____ () C:\Windows\Tasks\eWIXeY4wGiRJ.job
2015-05-04 13:18 - 2015-05-04 13:18 - 00000000 ____D () C:\Users\tsutton\AppData\Local\Bypass
2015-05-04 13:18 - 2015-05-04 13:18 - 00000000 ____D () C:\ProgramData\o
2015-05-04 13:18 - 2015-05-04 13:18 - 00000000 ____D () C:\Program Files (x86)\S5
2015-05-04 13:06 - 2015-05-04 14:04 - 00000000 ___HD () C:\ProgramData\tnj
2015-05-04 13:03 - 2015-05-04 13:03 - 00631296 _____ () C:\Windows\tnj.dat
2015-05-04 13:03 - 2015-05-04 13:03 - 00417792 _____ () C:\Windows\tnj.exe
2015-05-04 13:03 - 2015-05-04 13:03 - 00408576 _____ () C:\Windows\mtnj.exe
2015-05-04 12:07 - 2015-05-04 12:07 - 00000000 ____D () C:\Users\tsutton\Documents\Optimizer Pro
2015-05-04 12:02 - 2015-05-04 16:51 - 00004720 _____ () C:\Windows\SysWOW64\Zutadye.ini
2015-05-04 12:02 - 2015-05-04 16:51 - 00002624 _____ () C:\Windows\SysWOW64\ZutadyeOff.ini
2015-05-04 12:02 - 2015-05-04 16:51 - 00002624 _____ () C:\Windows\system32\ZutadyeOff.ini
2015-05-04 12:02 - 2015-05-04 12:02 - 00000000 ____D () C:\ProgramData\boostwebapp
2015-05-04 12:02 - 2015-05-04 11:08 - 00398336 _____ () C:\Windows\system32\Zutadye64.dll
2015-05-04 12:02 - 2015-05-04 11:08 - 00329216 _____ () C:\Windows\SysWOW64\Zutadye.dll
2015-05-04 12:01 - 2015-05-04 12:01 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-05-04 12:01 - 2015-05-04 12:01 - 00000000 ____D () C:\Users\tsutton\AppData\Local\Zeoinsight
2015-05-04 12:01 - 2015-05-04 12:01 - 00000000 ____D () C:\Users\tsutton\AppData\Local\ZBAnalyticsCore
2015-04-30 00:01 - 2015-04-30 00:01 - 00023200 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys
2015-04-27 12:43 - 2015-04-27 12:43 - 00162414 _____ () C:\Users\tsutton\Downloads\logo.eps
2015-04-21 10:57 - 2015-04-21 10:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-17 10:31 - 2015-05-04 14:57 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{80A22C86-A9B5-4717-B7FF-507CEBE527EA}
2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieUserList
2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieSiteList
2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieBrowserModeList
2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Macromedia
2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Hewlett-Packard Company
2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Apple Computer
2015-04-16 10:59 - 2015-04-16 10:59 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 08:08 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 08:08 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 08:08 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 08:08 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 08:08 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-16 08:08 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-16 08:07 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 08:07 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 08:07 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 08:07 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 14:37 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 14:37 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 14:37 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-15 14:37 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 14:37 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-15 14:37 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-15 14:37 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 14:37 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 14:37 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-15 14:37 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-15 14:37 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-15 14:37 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-15 14:37 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 14:37 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 14:37 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 14:37 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 14:37 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 14:37 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 14:37 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 14:37 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 14:37 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 14:37 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-15 14:37 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-15 14:37 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 14:37 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 14:37 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 14:37 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 14:37 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 14:37 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 14:37 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 14:37 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 14:37 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 14:37 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 14:37 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 14:37 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 14:37 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 14:37 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 14:37 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 14:37 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 14:37 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-15 14:37 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 14:37 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 14:37 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 14:37 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 14:37 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-15 14:37 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-15 14:37 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 14:37 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 14:37 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 14:37 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-15 14:37 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 14:37 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 14:37 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 14:37 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 14:37 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 14:37 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 14:37 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-15 14:37 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 14:37 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 14:37 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 14:37 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-14 11:28 - 2015-04-14 11:28 - 00004387 _____ () C:\Users\tsutton\AppData\Roaming\eWIXeY4wGiRJ
2015-04-05 02:47 - 2015-04-05 02:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 02:47 - 2015-04-05 02:47 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-04 16:56 - 2013-11-16 06:23 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-04 16:53 - 2013-11-16 06:20 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-04 16:53 - 2013-11-16 06:17 - 01766701 _____ () C:\Windows\WindowsUpdate.log
2015-05-04 16:52 - 2015-02-01 16:53 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-04 16:52 - 2013-11-16 06:18 - 00003282 _____ () C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2015-05-04 16:51 - 2014-11-05 16:18 - 00019879 _____ () C:\Windows\setupact.log
2015-05-04 16:51 - 2013-11-25 13:59 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2015-05-04 16:51 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-04 16:29 - 2013-11-16 06:08 - 00197468 _____ () C:\Windows\PFRO.log
2015-05-04 16:28 - 2013-08-22 08:25 - 01310720 ___SH () C:\Windows\system32\config\BBI
2015-05-04 16:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-04 16:14 - 2013-11-26 11:22 - 00000000 ___DO () C:\Users\tsutton\SkyDrive
2015-05-04 16:12 - 2015-01-15 15:48 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CREDERA-tsutton TSutton-XPS12.credera.com
2015-05-04 15:56 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Web
2015-05-04 15:04 - 2015-02-01 16:53 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-04 15:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-04 14:59 - 2013-11-16 05:21 - 00000000 ____D () C:\Windows\Panther
2015-05-04 14:23 - 2013-11-25 15:48 - 00000000 ____D () C:\Users\tsutton
2015-05-04 14:19 - 2013-11-25 13:54 - 00000000 ____D () C:\Windows\CSC
2015-05-04 14:09 - 2013-12-16 15:36 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {a3a8717c-255a-4d6b-88be-a62a6f2ceb41} TSutton-XPS12.credera.com
2015-05-04 13:37 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\TAPI
2015-05-04 12:33 - 2013-11-25 15:57 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{379F1CB6-A3E1-42DB-9780-5444B557C917}
2015-05-04 12:32 - 2014-05-15 09:06 - 00000590 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3203721793-3198379332-896013655-5752.job
2015-05-04 12:01 - 2013-11-25 17:13 - 00000000 ____D () C:\Users\tsutton\AppData\Local\CrashDumps
2015-05-01 16:23 - 2013-11-25 15:48 - 00000000 ____D () C:\Users\tsutton\AppData\Local\Packages
2015-05-01 13:41 - 2013-11-26 06:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-30 14:15 - 2010-05-24 20:48 - 00000000 ___RD () C:\Users\tsutton\Documents\Personal
2015-04-29 11:05 - 2014-07-14 17:32 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-29 11:04 - 2014-07-14 17:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-29 11:03 - 2014-07-14 17:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-17 10:32 - 2013-11-25 14:12 - 00000000 ____D () C:\Users\admin\AppData\Local\Packages
2015-04-17 09:47 - 2013-08-22 09:44 - 00487752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-17 09:45 - 2013-11-25 14:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-17 09:45 - 2013-11-25 14:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-04-17 09:45 - 2013-11-25 14:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-17 09:44 - 2013-08-22 14:12 - 00000000 ____D () C:\Windows\ShellNew
2015-04-17 09:41 - 2013-08-22 08:25 - 00000199 _____ () C:\Windows\win.ini
2015-04-17 04:57 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-04-16 13:40 - 2014-05-15 09:06 - 00003592 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3203721793-3198379332-896013655-5752
2015-04-16 11:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 10:59 - 2015-03-17 07:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 08:48 - 2013-11-25 14:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 08:45 - 2013-11-25 14:05 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-16 08:44 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-15 14:22 - 2014-11-12 09:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-13 18:24 - 2013-08-22 10:38 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-13 18:24 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-11-16 06:09 - 2013-11-16 06:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\rwalker-admin\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-02 11:35

==================== End Of Log ============================

Here is Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by admin at 2015-05-04 16:57:17
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

admin (S-1-5-21-3769467500-3583379074-2392525900-1002 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3769467500-3583379074-2392525900-500 - Administrator - Disabled)
Guest (S-1-5-21-3769467500-3583379074-2392525900-501 - Limited - Disabled)
localAdmin (S-1-5-21-3769467500-3583379074-2392525900-1003 - Limited - Enabled) => C:\Users\localAdmin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
boostwebapp (HKLM-x32\...\{B89F2F80-17D7-471B-b091-05DF6A9039CA}) (Version: 1.1.0.31 - boostwebapp)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.0.3 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.0.3 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.11.2 - Synaptics Incorporated)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.14057.1503 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1056 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.13 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.5.2.0 - NXP Semiconductors)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pentair ScreenLogic (HKLM-x32\...\{D10B9BEF-B4DF-4719-8617-E23B1994A9D7}) (Version: 5.2.580.0 - Pentair)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.001 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

23-04-2015 15:31:47 Scheduled Checkpoint
02-05-2015 12:27:03 Scheduled Checkpoint
04-05-2015 12:01:42 Installed Amazon Unbox Video

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {098FB0E7-6BC9-4777-80A9-508686258A06} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: {1DF918A7-C1C1-4771-AFBC-E8EB183FEF6A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {21E42583-F5C7-40F2-859B-56C15A426F07} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-09-08] (Intel)
Task: {2E6A42AF-0A8D-4096-ADC2-07168D178054} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {41A5D631-D35D-4D6C-A4A8-3BA3B402CE28} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {51C75D18-2A83-4C3D-89BB-D1821CBCBF6E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {58F5A3A8-562D-49BB-A3F5-8C9EDBBC5231} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5E64357F-6C43-4A29-9DE1-38BB098B62EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-01] (Google Inc.)
Task: {6063545E-FBA8-4673-A041-83C0812D2041} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {6761C8E6-7247-4921-8E00-737545C10468} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {75A901B4-90BA-42FB-A281-FFD164326B1E} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: {7E408E18-A48B-4006-AE95-040E858BFF4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-01] (Google Inc.)
Task: {8417F500-DF9C-4BBE-BFF9-E100D1C6BD6B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {867B7131-C103-4CDE-A7CB-404919AA396C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-27] (Synaptics Incorporated)
Task: {8804CF7D-2557-4F56-B288-9121E59B0D15} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {90679CE6-87FE-4CE7-B24C-BD689AB191B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {99456ABE-2322-400B-96AE-FA9C7D641401} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9E28E560-E85A-4711-AA60-419E89C8840E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {AABA3FA7-6D8F-41E5-A268-481811E08430} - \Optimize Start Menu Cache Files-S-1-5-21-3769467500-3583379074-2392525900-1002 No Task File <==== ATTENTION
Task: {B1D0C745-1E4C-4301-B702-7AD2FB6AA01D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {B2336F9C-2C46-46D0-A9F1-91351DEBD662} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B37A962E-C8F7-47C3-9694-7D32B7015C36} - \Optimize Start Menu Cache Files-S-1-5-21-3203721793-3198379332-896013655-6197 No Task File <==== ATTENTION
Task: {B6CC475F-0B16-44A3-BB05-12D188819577} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {C04F3477-8263-4F39-8271-4EBF704587BF} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {C69E6A07-0922-4626-8C16-931C588045C8} - \Optimize Start Menu Cache Files-S-1-5-21-3769467500-3583379074-2392525900-1001 No Task File <==== ATTENTION
Task: {CE10F1A3-D676-4E25-A041-B09505A238B3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CREDERA-tsutton TSutton-XPS12.credera.com => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {DD47A643-9ED1-4547-BE23-B2DE08922958} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {E6FDDE11-B8E2-42A3-8C69-1B73B766B08F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {E7444820-D0D9-4ECA-A124-1958883F8D28} - System32\Tasks\G2MUpdateTask-S-1-5-21-3203721793-3198379332-896013655-5752 => C:\Users\tsutton\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EC23A670-2905-48A4-BC50-A8F3708A077D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-16] (Microsoft Corporation)
Task: {ECD111C8-6F1A-456E-A854-BA12C57F694D} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {EFF143AB-15DF-497A-92D5-9B898D4092A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {F270CD14-D6D4-4695-9B6A-93F9BD7BAC5B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {a3a8717c-255a-4d6b-88be-a62a6f2ceb41} TSutton-XPS12.credera.com => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\eWIXeY4wGiRJ.job => C:\Users\tsutton\AppData\Roaming\eWIXeY4wGiRJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3203721793-3198379332-896013655-5752.job => C:\Users\tsutton\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\tsutton\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Zutadye => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3769467500-3583379074-2392525900-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Murcielago_FINAL_RGB.JPG
DNS Servers: 172.16.8.200 - 172.16.8.207

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{95556FD3-8EF3-4A1D-AD5C-2F07DBD159AE}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{23FF3FBE-B7AE-42C7-98D4-66343A1C4330}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{9AE2909C-2970-42D2-82D5-39B226B171F9}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{E2728452-2140-46C6-9062-DADA6864FBA6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0381D1C5-AAAD-4DC3-9950-BFBAC50F775D}] => (Allow) LPort=2869
FirewallRules: [{C758A127-4891-4633-9C29-E2C2768DEE32}] => (Allow) LPort=1900
FirewallRules: [{5A992B7F-B104-410E-A922-C972C66139FF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D1BA8276-EEC3-4A36-9B22-CEC5F04DCD8E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{84509367-EEB0-492A-BF60-A7D883E61C94}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{B58AC0EB-BBA2-40B2-B89E-6DC753DF916B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{B41160AB-0C63-4C4C-A79C-B15BB9A249C9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0A35A761-60CB-4E46-B67A-52961205C3CE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{29F1EC5A-4A6D-49FE-BFE8-E3273CD9A9D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\outlook.exe
FirewallRules: [{B993F407-BFDE-4E22-AC6E-5FFE22F71804}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D1175C85-E274-47C9-A1FF-65C0D9D46464}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{533B0C90-13CC-4E4A-B0AD-18EEABD98778}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F53CC382-F9DE-4505-9F6E-0EC4E26F345B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{29765901-2430-4E5B-8452-1BC783F9D576}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{04512D54-743C-4E7F-859D-A7C37470F283}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{BE282F58-843B-4F96-A10E-33966667E393}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1158CF74-C093-462E-92FA-3B15903BC2D7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{59B4F5E6-E2E8-47E3-9681-C42FACDD5A97}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{476791AB-63CA-4F99-BF2D-4503CF84B1F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{858F1D0F-15DA-42FC-B92B-38057F76D7CE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3BC1B3AC-4B1A-4B5F-A10D-A47FB5C48454}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0F4C34FA-DC21-44AF-8DFA-3EF4B12B8994}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe
FirewallRules: [{F218B951-A7AE-4195-983D-6786D02B425E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{FECF8AB7-C6AD-4768-A8F2-2245650024F5}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\FaxApplications.exe
FirewallRules: [{CA37D98F-740C-4729-9662-223A1905B8C3}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\DigitalWizards.exe
FirewallRules: [{C19F3741-F90B-4B46-8C3D-ECAFB4AF8364}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DA1B8049-DA1A-42F7-A2DE-0EE001E56BA3}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\EWSProxy.exe
FirewallRules: [{C0FCAA8A-FD3F-4427-8E4D-EA7411E9ABA1}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{33BA5678-B76C-4114-8382-C507CE1D7220}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C13324E-89A3-4B9C-B3FB-AB4526875CF6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{41285E9F-7455-4BCC-9507-F5A4AAE6BBFA}C:\program files (x86)\airport\aputil.exe] => (Block) C:\program files (x86)\airport\aputil.exe
FirewallRules: [UDP Query User{BD995F1D-E380-4A53-9F34-65F903DD068F}C:\program files (x86)\airport\aputil.exe] => (Block) C:\program files (x86)\airport\aputil.exe
FirewallRules: [TCP Query User{899A5A33-9ED4-444A-B524-8A7DC9EE89F8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BD549235-2FBD-4165-9809-FDE717898D3B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F1BE8176-C14C-4F99-85AA-86F3CF0D8A53}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\mohqaban.EXE
FirewallRules: [{552B8AD2-7BE8-456C-9B23-177460D67ABF}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\mohqaban.EXE
FirewallRules: [{41A75781-82B4-486C-9F88-236303C9DA9D}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\mohqaban.EXE
FirewallRules: [{FB276827-B226-47C3-988A-7E60A0BCCE8D}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\mohqaban.EXE
FirewallRules: [{CBA1867D-88AB-4AD7-800F-074C70EAAF25}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\mohqaban.EXE

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/04/2015 04:53:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mohqdban.exe, version: 0.0.0.0, time stamp: 0x5547996f
Faulting module name: mohqdbanu.dll, version: 0.0.0.0, time stamp: 0x55479934
Exception code: 0xc0000005
Fault offset: 0x0000a176
Faulting process id: 0x10d0
Faulting application start time: 0xmohqdban.exe0
Faulting application path: mohqdban.exe1
Faulting module path: mohqdban.exe2
Report Id: mohqdban.exe3
Faulting package full name: mohqdban.exe4
Faulting package-relative application ID: mohqdban.exe5

Error: (05/04/2015 04:53:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mohqdban.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10d0

Start Time: 01d086b48b80eaa8

Termination Time: 4294967295

Application Path: C:\ProgramData\boostwebapp\1.1.0.31\mohqdban.exe

Report Id: 0d194d92-f2a8-11e4-82d4-5c514f501355

Faulting package full name:

Faulting package-relative application ID:

Error: (05/04/2015 04:32:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Explorer.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 00007FFEE828B179

Error: (05/04/2015 03:22:21 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (05/04/2015 03:06:14 PM) (Source: MsiInstaller) (EventID: 11606) (User: TSutton-XPS12)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (05/04/2015 03:06:12 PM) (Source: MsiInstaller) (EventID: 11606) (User: TSutton-XPS12)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (05/04/2015 03:04:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mohqdban.exe, version: 0.0.0.0, time stamp: 0x5547996f
Faulting module name: mohqdbanu.dll, version: 0.0.0.0, time stamp: 0x55479934
Exception code: 0xc0000005
Fault offset: 0x0000a176
Faulting process id: 0x1584
Faulting application start time: 0xmohqdban.exe0
Faulting application path: mohqdban.exe1
Faulting module path: mohqdban.exe2
Report Id: mohqdban.exe3
Faulting package full name: mohqdban.exe4
Faulting package-relative application ID: mohqdban.exe5

Error: (05/04/2015 01:01:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program unbox-video-player-2.2.0.153-en.exe version 12.0.0.49974 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10d4

Start Time: 01d08693ee027a9d

Termination Time: 4294967295

Application Path: C:\Users\tsutton\Desktop\unbox-video-player-2.2.0.153-en.exe

Report Id: a2a21a49-f287-11e4-82bd-5c514f501355

Faulting package full name:

Faulting package-relative application ID:

Error: (05/04/2015 00:57:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program unbox-video-player-2.2.0.153-en.exe version 12.0.0.49974 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bc0

Start Time: 01d0868bfc20ca66

Termination Time: 4294967295

Application Path: C:\Users\tsutton\Desktop\unbox-video-player-2.2.0.153-en.exe

Report Id: 184dd6c8-f287-11e4-82bd-5c514f501355

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (05/04/2015 04:51:49 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (05/04/2015 04:51:27 PM) (Source: DCOM) (EventID: 10005) (User: TSutton-XPS12)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/04/2015 04:47:39 PM) (Source: DCOM) (EventID: 10005) (User: TSutton-XPS12)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/04/2015 04:47:38 PM) (Source: DCOM) (EventID: 10005) (User: TSutton-XPS12)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/04/2015 04:47:32 PM) (Source: DCOM) (EventID: 10005) (User: TSutton-XPS12)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/04/2015 04:47:30 PM) (Source: DCOM) (EventID: 10005) (User: TSutton-XPS12)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Microsoft Office Sessions:
=========================
Error: (05/04/2015 04:53:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mohqdban.exe0.0.0.05547996fmohqdbanu.dll0.0.0.055479934c00000050000a17610d001d086b48b80eaa8C:\ProgramData\boostwebapp\1.1.0.31\mohqdban.exeC:\ProgramData\boostwebapp\1.1.0.31\mohqdbanu.dll0dc26340-f2a8-11e4-82d4-5c514f501355

Error: (05/04/2015 04:53:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mohqdban.exe0.0.0.010d001d086b48b80eaa84294967295C:\ProgramData\boostwebapp\1.1.0.31\mohqdban.exe0d194d92-f2a8-11e4-82d4-5c514f501355

Error: (05/04/2015 03:06:14 PM) (Source: MsiInstaller) (EventID: 11606) (User: TSutton-XPS12)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/04/2015 03:06:12 PM) (Source: MsiInstaller) (EventID: 11606) (User: TSutton-XPS12)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/04/2015 03:04:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mohqdban.exe0.0.0.05547996fmohqdbanu.dll0.0.0.055479934c00000050000a176158401d086a579e9a635C:\ProgramData\boostwebapp\1.1.0.31\mohqdban.exeC:\ProgramData\boostwebapp\1.1.0.31\mohqdbanu.dllc338db78-f298-11e4-82cb-5c514f501355

Error: (05/04/2015 01:01:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: unbox-video-player-2.2.0.153-en.exe12.0.0.4997410d401d08693ee027a9d4294967295C:\Users\tsutton\Desktop\unbox-video-player-2.2.0.153-en.exea2a21a49-f287-11e4-82bd-5c514f501355

Error: (05/04/2015 00:57:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: unbox-video-player-2.2.0.153-en.exe12.0.0.49974bc001d0868bfc20ca664294967295C:\Users\tsutton\Desktop\unbox-video-player-2.2.0.153-en.exe184dd6c8-f287-11e4-82bd-5c514f501355

CodeIntegrity Errors:
===================================
Date: 2015-05-04 06:23:00.192
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-04 06:22:59.521
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-04 06:22:58.849
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-04 06:22:58.111
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-04 06:22:57.280
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-04 06:22:56.561
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-04 06:22:55.778
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-04 06:22:55.090
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-04 06:22:54.449
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-04 06:22:53.824
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 20%
Total physical RAM: 8097.38 MB
Available physical RAM: 6403.29 MB
Total Pagefile: 9377.38 MB
Available Pagefile: 7683.56 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:222.71 GB) (Free:29.25 GB) NTFS
Drive d: (My Passport) (Fixed) (Total:931.48 GB) (Free:910.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: DDB755BC)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 6ECC7482)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

What should I do?

Thank you!

Attached Thumbnails

Attached Files

FRST.txt 40.74KB 191 downloads
Addition.txt 38.57KB 318 downloads
scanlog.txt 1.42KB 223 downloads

#2
BrianDrab

Posted 04 May 2015 - 07:42 PM

Trusted Helper

Malware Removal
3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.

- General Instructions -

Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
Any fixes provided by myself are for this log file only and should not be used on any other systems.
Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.

Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.

Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser.

Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

- Finally Before We Start-

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

I'm reviewing your logs now and will post a fix shortly.

#3
BrianDrab

Posted 04 May 2015 - 08:11 PM

Trusted Helper

Malware Removal
3,591 posts

OK, let's kill this thing. One thing I wanted to note is that you are low on disk space. It's recommended to have at least 15% free disk space to operate problem free and still have the benefits of auto defragging, restore points, etc. You are currently at 13%.

Step#1 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

boostwebapp

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. fixlist.txt 4.18KB 278 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Step#3 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

Step#5 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.

Items for your next post

1. FRST Fix log

2. Rootkit Scan log

3. AdwCleaner log
4. FRST and Addition logs

#4
rwalker03

Posted 05 May 2015 - 09:02 AM

New Member

Topic Starter
Member
5 posts

Thank you for your help Brian! Below are the updated logs.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2015
Ran by admin at 2015-05-05 09:26:17 Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: tsutton & rwalker-admin & admin & localAdmin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
() C:\ProgramData\boostwebapp\1.1.0.31\mohqwban.EXE
() C:\ProgramData\boostwebapp\1.1.0.31\GaaflaCoce.exe
() C:\ProgramData\boostwebapp\1.1.0.31\mohqaban.EXE
() C:\ProgramData\boostwebapp\1.1.0.31\Zutadye.EXE
() C:\ProgramData\boostwebapp\1.1.0.31\mohqdban.exe
C:\ProgramData\boostwebapp
() C:\Windows\mtnj.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3769467500-3583379074-2392525900-1002\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
C:\Program Files\Kromtech
Startup: C:\Users\tsutton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-04]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{e1453844-7f13-c9fa-e145-538447f1e111}\hqghumeaylnlf.exe (No File)
C:\ProgramData\{e1453844-7f13-c9fa-e145-538447f1e111}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Locked "esegixy" service could not be unlocked. <===== ATTENTION
Locked "HowgazJuldo" service could not be unlocked. <===== ATTENTION
Locked "mespelcamm" service could not be unlocked. <===== ATTENTION
Locked "tammgF119" service could not be unlocked. <===== ATTENTION
Locked "tammgR119" service could not be unlocked. <===== ATTENTION
R2 mtnj; c:\windows\mtnj.exe [408576 2015-05-04] () [File not signed]
S4 tnj; c:\windows\tnj.exe [417792 2015-05-04] () [File not signed]
c:\windows\tnj.exe
R3 Zutadye; C:\ProgramData\boostwebapp\1.1.0.31\Zutadye.exe [0 ] () <==== ATTENTION (zero size file/folder)
R5 tammgF119; C:\Windows\System32\Drivers\tammgF119.sys [34952 2015-05-04] () [File not signed]
R5 tammgR119; C:\Windows\System32\Drivers\tammgR119.sys [36488 2015-05-04] () [File not signed]
C:\Windows\System32\Drivers\tammgF119.sys
C:\Windows\System32\Drivers\tammgR119.sys
2015-05-04 13:19 - 2015-05-04 13:19 - 00001020 _____ () C:\Windows\Tasks\eWIXeY4wGiRJ.job
2015-05-04 13:18 - 2015-05-04 13:18 - 00000000 ____D () C:\Users\tsutton\AppData\Local\Bypass
2015-05-04 13:18 - 2015-05-04 13:18 - 00000000 ____D () C:\ProgramData\o
2015-05-04 13:18 - 2015-05-04 13:18 - 00000000 ____D () C:\Program Files (x86)\S5
2015-05-04 13:06 - 2015-05-04 14:04 - 00000000 ___HD () C:\ProgramData\tnj
2015-05-04 13:03 - 2015-05-04 13:03 - 00631296 _____ () C:\Windows\tnj.dat
2015-05-04 13:03 - 2015-05-04 13:03 - 00417792 _____ () C:\Windows\tnj.exe
2015-05-04 13:03 - 2015-05-04 13:03 - 00408576 _____ () C:\Windows\mtnj.exe
2015-05-04 12:07 - 2015-05-04 12:07 - 00000000 ____D () C:\Users\tsutton\Documents\Optimizer Pro
2015-05-04 12:02 - 2015-05-04 16:51 - 00004720 _____ () C:\Windows\SysWOW64\Zutadye.ini
2015-05-04 12:02 - 2015-05-04 16:51 - 00002624 _____ () C:\Windows\SysWOW64\ZutadyeOff.ini
2015-05-04 12:02 - 2015-05-04 16:51 - 00002624 _____ () C:\Windows\system32\ZutadyeOff.ini
2015-05-04 12:02 - 2015-05-04 12:02 - 00000000 ____D () C:\ProgramData\boostwebapp
2015-05-04 12:02 - 2015-05-04 11:08 - 00398336 _____ () C:\Windows\system32\Zutadye64.dll
2015-05-04 12:02 - 2015-05-04 11:08 - 00329216 _____ () C:\Windows\SysWOW64\Zutadye.dll
2015-05-04 12:01 - 2015-05-04 12:01 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-05-04 12:01 - 2015-05-04 12:01 - 00000000 ____D () C:\Users\tsutton\AppData\Local\Zeoinsight
2015-05-04 12:01 - 2015-05-04 12:01 - 00000000 ____D () C:\Users\tsutton\AppData\Local\ZBAnalyticsCore
Task: {098FB0E7-6BC9-4777-80A9-508686258A06} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: {AABA3FA7-6D8F-41E5-A268-481811E08430} - \Optimize Start Menu Cache Files-S-1-5-21-3769467500-3583379074-2392525900-1002 No Task File <==== ATTENTION
Task: {B37A962E-C8F7-47C3-9694-7D32B7015C36} - \Optimize Start Menu Cache Files-S-1-5-21-3203721793-3198379332-896013655-6197 No Task File <==== ATTENTION
Task: {C04F3477-8263-4F39-8271-4EBF704587BF} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {C69E6A07-0922-4626-8C16-931C588045C8} - \Optimize Start Menu Cache Files-S-1-5-21-3769467500-3583379074-2392525900-1001 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\eWIXeY4wGiRJ.job => C:\Users\tsutton\AppData\Roaming\eWIXeY4wGiRJ.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Zutadye => ""="service"
EmptyTemp:

*****************

Restore point was successfully created.
[1856] C:\ProgramData\boostwebapp\1.1.0.31\mohqwban.EXE => Process closed successfully.
[1936] C:\ProgramData\boostwebapp\1.1.0.31\GaaflaCoce.exe => Process closed successfully.
[2292] C:\ProgramData\boostwebapp\1.1.0.31\mohqaban.EXE => Process closed successfully.
[3956] C:\ProgramData\boostwebapp\1.1.0.31\Zutadye.EXE => Process closed successfully.
[6156] C:\ProgramData\boostwebapp\1.1.0.31\mohqdban.exe => Process closed successfully.

"C:\ProgramData\boostwebapp" directory move:

Could not move "C:\ProgramData\boostwebapp" directory. => Scheduled to move on reboot.

[2336] C:\Windows\mtnj.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-3769467500-3583379074-2392525900-1002\Software\Microsoft\Windows\CurrentVersion\Run\\PCKeeper2 => value deleted successfully.
"C:\Program Files\Kromtech" => File/Directory not found.
C:\Users\tsutton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk => Moved successfully.
C:\ProgramData\{e1453844-7f13-c9fa-e145-538447f1e111}\hqghumeaylnlf.exe not found.
"C:\ProgramData\{e1453844-7f13-c9fa-e145-538447f1e111}" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Locked "esegixy" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
Locked "HowgazJuldo" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
Locked "mespelcamm" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
Locked "tammgF119" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
Locked "tammgR119" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
mtnj => Service deleted successfully.
tnj => Service deleted successfully.
"c:\windows\tnj.exe" => File/Directory not found.
Zutadye => Service deleted successfully.
tammgF119 => Unable to stop service
tammgF119 => Error deleting Service
tammgR119 => Unable to stop service
tammgR119 => Error deleting Service
Could not move "C:\Windows\System32\Drivers\tammgF119.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Drivers\tammgR119.sys" => Scheduled to move on reboot.
C:\Windows\Tasks\eWIXeY4wGiRJ.job => Moved successfully.
C:\Users\tsutton\AppData\Local\Bypass => Moved successfully.
C:\ProgramData\o => Moved successfully.
C:\Program Files (x86)\S5 => Moved successfully.
C:\ProgramData\tnj => Moved successfully.
C:\Windows\tnj.dat => Moved successfully.
"C:\Windows\tnj.exe" => File/Directory not found.
C:\Windows\mtnj.exe => Moved successfully.
C:\Users\tsutton\Documents\Optimizer Pro => Moved successfully.
C:\Windows\SysWOW64\Zutadye.ini => Moved successfully.
C:\Windows\SysWOW64\ZutadyeOff.ini => Moved successfully.
C:\Windows\system32\ZutadyeOff.ini => Moved successfully.

"C:\ProgramData\boostwebapp" directory move:

Could not move "C:\ProgramData\boostwebapp" directory. => Scheduled to move on reboot.

C:\Windows\system32\Zutadye64.dll => Moved successfully.
C:\Windows\SysWOW64\Zutadye.dll => Moved successfully.
C:\Windows\Downloaded Installations => Moved successfully.
C:\Users\tsutton\AppData\Local\Zeoinsight => Moved successfully.
C:\Users\tsutton\AppData\Local\ZBAnalyticsCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{098FB0E7-6BC9-4777-80A9-508686258A06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{098FB0E7-6BC9-4777-80A9-508686258A06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AABA3FA7-6D8F-41E5-A268-481811E08430} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3769467500-3583379074-2392525900-1002" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B37A962E-C8F7-47C3-9694-7D32B7015C36}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B37A962E-C8F7-47C3-9694-7D32B7015C36}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3203721793-3198379332-896013655-6197" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C04F3477-8263-4F39-8271-4EBF704587BF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C04F3477-8263-4F39-8271-4EBF704587BF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C69E6A07-0922-4626-8C16-931C588045C8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C69E6A07-0922-4626-8C16-931C588045C8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3769467500-3583379074-2392525900-1001" => Key deleted successfully.
C:\Windows\Tasks\eWIXeY4wGiRJ.job not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Zutadye" => Key deleted successfully.
EmptyTemp: => Removed 1.9 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-05-05 09:30:14)<=

C:\ProgramData\boostwebapp => Is moved successfully.
C:\Windows\System32\Drivers\tammgF119.sys => Is moved successfully.
C:\Windows\System32\Drivers\tammgR119.sys => Is moved successfully.
C:\ProgramData\boostwebapp => Is moved successfully.

==== End of Fixlog 09:30:14 ====

ROOTKIT SCAN LOG

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-05-05 09:38:28
-----------------------------
09:38:28.382    OS Version: Windows x64 6.2.9200
09:38:28.382    Number of processors: 4 586 0x4501
09:38:28.382    ComputerName: TSUTTON-XPS12 UserName: admin
09:38:28.632    Initialize success
09:38:28.710    VM: initialized successfully
09:38:28.710    VM: Intel CPU supported
09:38:32.571    VM: disk I/O iaStorA.sys
09:40:04.603    AVAST engine defs: 15050500
09:41:37.567    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
09:41:37.567    Disk 0 Vendor: SAMSUNG_SSD_SM841_mSATA_256GB DXM43D0Q Size: 244198MB BusType: 11
09:41:37.583    Disk 0 MBR read successfully
09:41:37.583    Disk 0 MBR scan
09:41:37.583    Disk 0 unknown MBR code
09:41:37.599    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
09:41:37.614    Disk 0 scanning C:\Windows\system32\drivers
09:41:53.367    Service scanning
09:42:07.384    Service TmFilter C:\Program Files (x86)\Trend Micro\Security Agent\TmXPFlt.sys **LOCKED** 32
09:42:07.587    Service TmPreFilter C:\Program Files (x86)\Trend Micro\Security Agent\TmPreFlt.sys **LOCKED** 32
09:42:09.288    Service VSApiNt C:\Program Files (x86)\Trend Micro\Security Agent\VSApiNt.sys **LOCKED** 32
09:42:12.616    Modules scanning
09:42:12.616    Disk 0 trace - called modules:
09:42:12.647    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
09:42:12.647    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001331f6450]
09:42:12.663    3 CLASSPNP.SYS[fffff800fef81170] -> nt!IofCallDriver -> [0xffffe001325cce50]
09:42:12.679    5 ACPI.sys[fffff800fe493c21] -> nt!IofCallDriver -> [0xffffe001325ccbe0]
09:42:12.679    7 ACPI.sys[fffff800fe493c21] -> nt!IofCallDriver -> \Device\00000038[0xffffe001323e51b0]
09:42:12.913    AVAST engine scan C:\Windows
09:42:14.180    AVAST engine scan C:\Windows\system32
09:45:49.443    AVAST engine scan C:\Windows\system32\drivers
09:46:06.591    AVAST engine scan C:\Users\admin
09:46:23.473    AVAST engine scan C:\ProgramData
09:47:08.915    Disk 0 statistics 3379860/0/0 @ 2402.22 MB/s
09:47:08.931    Scan finished successfully
09:47:48.713    Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
09:47:48.721    The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"

AdwCleaner Log

# AdwCleaner v4.203 - Logfile created 05/05/2015 at 09:51:13
# Updated 30/04/2015 by Xplode
# Database : 2015-05-02.1 [Server]
# Operating system : Windows 8.1 Pro with Media Center (x64)
# Username : admin - TSUTTON-XPS12
# Running from : C:\Users\admin\Desktop\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : tammgF119
Service Deleted : tammgR119

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v37.0.2 (x86 en-US)

*************************

AdwCleaner[R0].txt - [4384 bytes] - [04/05/2015 14:56:48]
AdwCleaner[R1].txt - [1000 bytes] - [04/05/2015 15:01:18]
AdwCleaner[R2].txt - [1261 bytes] - [04/05/2015 15:55:32]
AdwCleaner[R3].txt - [1169 bytes] - [04/05/2015 16:00:49]
AdwCleaner[R4].txt - [1341 bytes] - [04/05/2015 16:29:58]
AdwCleaner[R5].txt - [1459 bytes] - [04/05/2015 16:35:23]
AdwCleaner[R6].txt - [1407 bytes] - [05/05/2015 09:48:59]
AdwCleaner[S0].txt - [4519 bytes] - [04/05/2015 14:58:55]
AdwCleaner[S1].txt - [1072 bytes] - [04/05/2015 15:03:33]
AdwCleaner[S2].txt - [1335 bytes] - [04/05/2015 15:56:08]
AdwCleaner[S3].txt - [1417 bytes] - [04/05/2015 16:32:16]
AdwCleaner[S4].txt - [1340 bytes] - [05/05/2015 09:51:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1399 bytes] ##########

FRST and ADDITION LOGS

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by admin (administrator) on TSUTTON-XPS12 on 05-05-2015 09:54:01
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: tsutton & rwalker-admin & admin & localAdmin)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Program Files (x86)\Hp\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\NTRTScan.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\TmListen.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\TmCCSF.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Compal Electronics, INC.) C:\Program Files\Dell\QuickSet\ResetTouch.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\StatusAlerts\bin\HPStatusAlerts.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\PccNTMon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-09-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-09-06] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ResetTouch] => c:\Program Files\Dell\QuickSet\ResetTouch.exe [2345808 2013-03-04] (Compal Electronics, INC.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5777224 2013-09-02] (Dell Inc.)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3707120 2014-08-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49904 2014-08-13] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\Security Agent\pccntmon.exe [1800544 2014-09-17] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2013-11-16]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\tsutton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2014-08-12]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\tsutton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-11-25]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3769467500-3583379074-2392525900-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3769467500-3583379074-2392525900-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3769467500-3583379074-2392525900-1002 -> {A4F5764F-B525-4DF1-AE89-CDA72EE8CDBD} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Security Agent\TmopIEPlg.dll [2014-01-22] (Trend Micro Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Security Agent\TmopIEPlg32.dll [2014-01-22] (Trend Micro Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-29] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-29] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.24.0.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Security Agent\TmopIEPlg.dll [2014-01-22] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Security Agent\TmopIEPlg32.dll [2014-01-22] (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 172.16.8.200 172.16.8.207

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-05] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-08] (Intel Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-11] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\Security Agent\ntrtscan.exe [3763784 2014-09-17] (Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-09-06] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1911312 2013-08-30] (SoftThinks SAS)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [575024 2014-04-09] (Trend Micro Inc.)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\TmCCSF.exe [707232 2014-09-17] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\Security Agent\tmlisten.exe [4132728 2014-09-17] (Trend Micro Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
S2 esegixy; "C:\ProgramData\boostwebapp\1.1.0.31\mohqwban.exe" -cms [X]
S2 HowgazJuldo; "C:\ProgramData\boostwebapp\1.1.0.31\GaaflaCoce.exe" -cmd [X]
S2 mespelcamm; "C:\ProgramData\boostwebapp\1.1.0.31\mohqaban.exe" /ts2=1 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [83960 2013-08-08] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [129528 2013-08-08] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
S3 LAN7500; C:\Windows\system32\DRIVERS\lan7500-x64-n630f.sys [95744 2014-12-04] (SMSC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-11] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3440096 2014-04-16] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2013-08-27] (Synaptics Incorporated)
R2 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [106000 2014-04-09] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [297592 2014-04-09] (Trend Micro Inc.)
R2 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [101152 2013-08-15] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [69480 2014-04-09] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\Security Agent\TmXPFlt.sys [351032 2014-08-30] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Security Agent\TmPreFlt.sys [44856 2014-08-30] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [92448 2013-12-20] (Trend Micro Inc.)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [29952 2013-09-12] (Intel Corporation)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\Security Agent\VSApiNt.sys [2316600 2014-08-30] (Trend Micro Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 09:52 - 2015-05-05 09:52 - 00001479 _____ () C:\Users\admin\Desktop\AdwCleaner[S4].txt
2015-05-05 09:47 - 2015-05-05 09:47 - 00002416 _____ () C:\Users\admin\Desktop\aswMBR.txt
2015-05-05 09:47 - 2015-05-05 09:47 - 00000512 _____ () C:\Users\admin\Desktop\MBR.dat
2015-05-05 09:32 - 2015-05-05 09:34 - 05198336 _____ (AVAST Software) C:\Users\admin\Desktop\aswMBR.exe
2015-05-04 18:39 - 2015-05-04 18:39 - 00003448 ____N () C:\bootsqm.dat
2015-05-04 17:22 - 2015-05-04 19:02 - 00240176 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-05-04 17:14 - 2015-05-05 09:51 - 00021860 _____ () C:\Windows\system32\TmInstall.log
2015-05-04 17:08 - 2015-05-05 09:54 - 00012299 _____ () C:\Windows\cfgall.ini
2015-05-04 17:08 - 2015-05-05 09:53 - 00000704 _____ () C:\Windows\TMFilter.log
2015-05-04 17:08 - 2015-05-04 17:17 - 00000463 _____ () C:\Windows\system32\LESDebug.log
2015-05-04 17:07 - 2015-05-05 09:54 - 00069578 _____ () C:\Windows\SysWOW64\TmInstall.log
2015-05-04 17:07 - 2015-05-04 17:08 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2015-05-04 17:07 - 2015-05-04 17:07 - 00000000 ____D () C:\Windows\system32\log
2015-05-04 17:07 - 2015-05-04 17:07 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-05-04 17:07 - 2015-05-04 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Worry-Free Business Security Agent
2015-05-04 17:07 - 2015-05-04 17:07 - 00000000 _____ () C:\Windows\system32\diagnostic.log
2015-05-04 17:05 - 2015-05-04 17:05 - 00000000 ____D () C:\Users\admin\Desktop\sysclean
2015-05-04 17:04 - 2015-05-04 17:04 - 05228804 _____ () C:\Users\admin\Desktop\sysclean.zip
2015-05-04 16:57 - 2015-05-05 09:36 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3769467500-3583379074-2392525900-1002
2015-05-04 16:57 - 2015-05-04 16:57 - 00039491 _____ () C:\Users\admin\Desktop\Addition.txt
2015-05-04 16:56 - 2015-05-05 09:54 - 00022568 _____ () C:\Users\admin\Desktop\FRST.txt
2015-05-04 16:56 - 2015-05-05 09:54 - 00000000 ____D () C:\FRST
2015-05-04 16:55 - 2015-05-04 16:55 - 02101248 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-05-04 16:17 - 2015-05-04 17:22 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3203721793-3198379332-896013655-5752
2015-05-04 15:23 - 2015-05-04 15:23 - 00001376 _____ () C:\Users\admin\Desktop\JRT.txt
2015-05-04 15:21 - 2015-05-04 15:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TSUTTON-XPS12-Windows-8.1-Pro-with-Media-Center-(64-bit).dat
2015-05-04 15:21 - 2015-05-04 15:21 - 00000000 ____D () C:\RegBackup
2015-05-04 15:20 - 2015-05-04 15:20 - 00000954 _____ () C:\Users\admin\Downloads\ccsetup505.exe
2015-05-04 15:19 - 2015-05-04 15:19 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2015-05-04 15:19 - 2015-05-04 15:19 - 00000000 ____D () C:\Users\admin\AppData\Local\Mozilla
2015-05-04 15:06 - 2015-05-04 15:06 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-04 15:04 - 2015-05-04 17:16 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2015-05-04 15:04 - 2015-05-04 15:04 - 00002775 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-04 15:04 - 2015-05-04 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-04 15:04 - 2015-05-04 15:04 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-04 14:56 - 2015-05-05 09:51 - 00000000 ____D () C:\AdwCleaner
2015-05-04 14:56 - 2015-05-04 14:55 - 119275136 _____ (Sophos Limited) C:\Users\admin\Desktop\Sophos Virus Removal Tool.exe
2015-05-04 14:56 - 2015-05-04 14:53 - 02716306 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2015-05-04 14:55 - 2015-05-04 14:44 - 02204160 _____ () C:\Users\admin\Desktop\adwcleaner_4.203.exe
2015-05-04 13:37 - 2015-05-04 13:37 - 00001399 _____ () C:\Users\tsutton\Desktop\ForRyan.txt
2015-05-04 13:28 - 2015-05-04 14:09 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-05-04 13:28 - 2015-05-04 13:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lan7500-x64-n630f_01011.Wdf
2015-05-04 13:27 - 2015-05-04 13:27 - 00000000 ____D () C:\ProgramData\f8e5ba700002823
2015-05-04 13:21 - 2015-05-04 18:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-04 13:20 - 2015-05-04 13:20 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\tsutton\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-04 13:20 - 2015-05-04 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-04 13:20 - 2015-05-04 13:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-04 13:20 - 2015-05-04 13:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-04 13:20 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-04 13:20 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-04 13:20 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-30 00:01 - 2015-04-30 00:01 - 00023200 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys
2015-04-27 12:43 - 2015-04-27 12:43 - 00162414 _____ () C:\Users\tsutton\Downloads\logo.eps
2015-04-21 10:57 - 2015-04-21 10:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-17 10:31 - 2015-05-05 09:34 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{80A22C86-A9B5-4717-B7FF-507CEBE527EA}
2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieUserList
2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieSiteList
2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieBrowserModeList
2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Macromedia
2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Hewlett-Packard Company
2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Apple Computer
2015-04-16 10:59 - 2015-04-16 10:59 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 08:08 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 08:08 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 08:08 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 08:08 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 08:08 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-16 08:08 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-16 08:07 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 08:07 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 08:07 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 08:07 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 14:37 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 14:37 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 14:37 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-15 14:37 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 14:37 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-15 14:37 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-15 14:37 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 14:37 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 14:37 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-15 14:37 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-15 14:37 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-15 14:37 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-15 14:37 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 14:37 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 14:37 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 14:37 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 14:37 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 14:37 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 14:37 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 14:37 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 14:37 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 14:37 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-15 14:37 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-15 14:37 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 14:37 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 14:37 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 14:37 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 14:37 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 14:37 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 14:37 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 14:37 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 14:37 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 14:37 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 14:37 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 14:37 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 14:37 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 14:37 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 14:37 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 14:37 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 14:37 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-15 14:37 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 14:37 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 14:37 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 14:37 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 14:37 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-15 14:37 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-15 14:37 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 14:37 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 14:37 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 14:37 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-15 14:37 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 14:37 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 14:37 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 14:37 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 14:37 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 14:37 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 14:37 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-15 14:37 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 14:37 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 14:37 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 14:37 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-14 11:28 - 2015-04-14 11:28 - 00004387 _____ () C:\Users\tsutton\AppData\Roaming\eWIXeY4wGiRJ
2015-04-05 02:47 - 2015-04-05 02:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 02:47 - 2015-04-05 02:47 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 09:53 - 2013-11-16 06:20 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-05 09:52 - 2015-02-01 16:53 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-05 09:52 - 2013-11-16 06:18 - 00003278 _____ () C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2015-05-05 09:52 - 2013-11-16 06:17 - 01413334 _____ () C:\Windows\WindowsUpdate.log
2015-05-05 09:51 - 2014-11-05 16:18 - 00023523 _____ () C:\Windows\setupact.log
2015-05-05 09:51 - 2013-11-25 13:59 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2015-05-05 09:51 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-05 09:34 - 2013-11-16 06:23 - 00891864 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-05 09:32 - 2014-05-15 09:06 - 00000590 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3203721793-3198379332-896013655-5752.job
2015-05-05 09:30 - 2013-11-16 06:08 - 00198078 _____ () C:\Windows\PFRO.log
2015-05-05 09:28 - 2013-08-22 08:25 - 01310720 ___SH () C:\Windows\system32\config\BBI
2015-05-05 09:04 - 2015-02-01 16:53 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-05 09:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-04 18:09 - 2013-12-16 15:36 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {a3a8717c-255a-4d6b-88be-a62a6f2ceb41} TSutton-XPS12.credera.com
2015-05-04 17:17 - 2013-11-26 11:22 - 00000000 ___DO () C:\Users\tsutton\SkyDrive
2015-05-04 17:06 - 2013-11-16 06:17 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-04 16:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-04 16:12 - 2015-01-15 15:48 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CREDERA-tsutton TSutton-XPS12.credera.com
2015-05-04 15:56 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Web
2015-05-04 14:59 - 2013-11-16 05:21 - 00000000 ____D () C:\Windows\Panther
2015-05-04 14:23 - 2013-11-25 15:48 - 00000000 ____D () C:\Users\tsutton
2015-05-04 14:19 - 2013-11-25 13:54 - 00000000 ____D () C:\Windows\CSC
2015-05-04 13:37 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\TAPI
2015-05-04 12:33 - 2013-11-25 15:57 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{379F1CB6-A3E1-42DB-9780-5444B557C917}
2015-05-04 12:01 - 2013-11-25 17:13 - 00000000 ____D () C:\Users\tsutton\AppData\Local\CrashDumps
2015-05-01 16:23 - 2013-11-25 15:48 - 00000000 ____D () C:\Users\tsutton\AppData\Local\Packages
2015-05-01 13:41 - 2013-11-26 06:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-30 14:15 - 2010-05-24 20:48 - 00000000 ___RD () C:\Users\tsutton\Documents\Personal
2015-04-29 11:05 - 2014-07-14 17:32 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-29 11:04 - 2014-07-14 17:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-29 11:03 - 2014-07-14 17:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-17 10:32 - 2013-11-25 14:12 - 00000000 ____D () C:\Users\admin\AppData\Local\Packages
2015-04-17 09:47 - 2013-08-22 09:44 - 00487752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-17 09:45 - 2013-11-25 14:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-17 09:45 - 2013-11-25 14:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-04-17 09:45 - 2013-11-25 14:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-17 09:44 - 2013-08-22 14:12 - 00000000 ____D () C:\Windows\ShellNew
2015-04-17 09:41 - 2013-08-22 08:25 - 00000199 _____ () C:\Windows\win.ini
2015-04-17 04:57 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-04-16 13:40 - 2014-05-15 09:06 - 00003592 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3203721793-3198379332-896013655-5752
2015-04-16 11:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 10:59 - 2015-03-17 07:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 08:48 - 2013-11-25 14:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 08:45 - 2013-11-25 14:05 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-16 08:44 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-15 14:22 - 2014-11-12 09:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-13 18:24 - 2013-08-22 10:38 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-13 18:24 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-11-16 06:09 - 2013-11-16 06:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2015-05-02 11:35

==================== End Of Log ============================

ADDITION LOG

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by admin at 2015-05-05 09:54:44
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Trend Micro Security Agent (Enabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Security Agent Anti-spyware (Enabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.0.3 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.0.3 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.11.2 - Synaptics Incorporated)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.14057.1503 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1056 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.13 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.5.2.0 - NXP Semiconductors)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pentair ScreenLogic (HKLM-x32\...\{D10B9BEF-B4DF-4719-8617-E23B1994A9D7}) (Version: 5.2.580.0 - Pentair)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.001 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 19.0.2166 - Trend Micro Inc.)
Trend Micro Worry-Free Business Security Agent (Version: 9.0 - Trend Micro Inc.) Hidden
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

23-04-2015 15:31:47 Scheduled Checkpoint
02-05-2015 12:27:03 Scheduled Checkpoint
04-05-2015 12:01:42 Installed Amazon Unbox Video
04-05-2015 18:24:53 Restore Operation
05-05-2015 08:51:28 Windows Backup
05-05-2015 08:55:14 Windows Backup
05-05-2015 09:26:18 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1DF918A7-C1C1-4771-AFBC-E8EB183FEF6A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {2E6A42AF-0A8D-4096-ADC2-07168D178054} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {41A5D631-D35D-4D6C-A4A8-3BA3B402CE28} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {51C75D18-2A83-4C3D-89BB-D1821CBCBF6E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {58F5A3A8-562D-49BB-A3F5-8C9EDBBC5231} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5E64357F-6C43-4A29-9DE1-38BB098B62EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-01] (Google Inc.)
Task: {6063545E-FBA8-4673-A041-83C0812D2041} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {6761C8E6-7247-4921-8E00-737545C10468} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {75A901B4-90BA-42FB-A281-FFD164326B1E} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: {7E408E18-A48B-4006-AE95-040E858BFF4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-01] (Google Inc.)
Task: {8417F500-DF9C-4BBE-BFF9-E100D1C6BD6B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {867B7131-C103-4CDE-A7CB-404919AA396C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-27] (Synaptics Incorporated)
Task: {8804CF7D-2557-4F56-B288-9121E59B0D15} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {90679CE6-87FE-4CE7-B24C-BD689AB191B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {99456ABE-2322-400B-96AE-FA9C7D641401} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9E28E560-E85A-4711-AA60-419E89C8840E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {B1D0C745-1E4C-4301-B702-7AD2FB6AA01D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {B2336F9C-2C46-46D0-A9F1-91351DEBD662} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B6CC475F-0B16-44A3-BB05-12D188819577} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {CE10F1A3-D676-4E25-A041-B09505A238B3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CREDERA-tsutton TSutton-XPS12.credera.com => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {DD47A643-9ED1-4547-BE23-B2DE08922958} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {E6FDDE11-B8E2-42A3-8C69-1B73B766B08F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {E7444820-D0D9-4ECA-A124-1958883F8D28} - System32\Tasks\G2MUpdateTask-S-1-5-21-3203721793-3198379332-896013655-5752 => C:\Users\tsutton\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EB7CE1FE-3657-4273-8FA2-CE8C225F5E0D} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {EFF143AB-15DF-497A-92D5-9B898D4092A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {F270CD14-D6D4-4695-9B6A-93F9BD7BAC5B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {a3a8717c-255a-4d6b-88be-a62a6f2ceb41} TSutton-XPS12.credera.com => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {F383B7AD-1299-455D-94CC-B4139D16030D} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-09-08] (Intel)
Task: {F9EA699A-67FA-44E5-AF40-12F9C0254BBC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-16] (Microsoft Corporation)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3203721793-3198379332-896013655-5752.job => C:\Users\tsutton\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-08-12 22:06 - 2013-08-12 22:06 - 00198120 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-08-12 22:06 - 2013-08-12 22:06 - 00054760 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-12 22:06 - 2013-08-12 22:06 - 00034792 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2011-08-31 13:55 - 2011-08-31 14:55 - 00801792 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\sqlite3.dll
2013-08-22 14:40 - 2013-08-22 14:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 14:40 - 2013-08-22 14:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 14:40 - 2013-08-22 14:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2009-07-02 16:32 - 2009-07-02 17:32 - 00089088 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\zlibwapi.dll
2010-04-22 23:54 - 2010-04-23 00:54 - 01719808 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\libprotobuf.dll
2013-01-16 10:19 - 2013-01-16 10:19 - 00048128 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\boost_date_time-vc110-mt-1_49.dll
2013-04-02 12:25 - 2013-04-02 12:25 - 00675840 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\sqlite3.dll
2013-01-16 10:23 - 2013-01-16 10:23 - 00058368 _____ () C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\boost_thread-vc110-mt-1_49.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-16 06:21 - 2013-08-19 13:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-11-16 06:21 - 2013-08-19 13:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-11-16 06:21 - 2013-08-19 13:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-24 12:39 - 2014-11-24 12:39 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-11-16 06:15 - 2013-09-11 16:58 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\tsutton\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3769467500-3583379074-2392525900-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 172.16.8.200 - 172.16.8.207

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2015 09:26:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service mespelcamm since QueryServiceConfig API failed

System Error:
Access is denied.
.

Error: (05/05/2015 09:26:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service HowgazJuldo since QueryServiceConfig API failed

System Error:
Access is denied.
.

Details:
AddWin32ServiceFiles: Unable to back up image of service esegixy since QueryServiceConfig API failed

System Error:
Access is denied.
.

Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgR119 service.

System Error:
Access is denied.
.

Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgF119 service.

System Error:
Access is denied.
.

Error: (05/05/2015 09:26:17 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4c4dd1d8-fdfb-4f43-af79-482ae7088e8c}

Error: (05/05/2015 08:55:50 AM) (Source: Microsoft-Windows-Backup) (EventID: 517) (User: NT AUTHORITY)
Description: The backup operation that started at '2015-05-05T13:55:14.146924600Z' has failed with following error code '0x80780166' (%%2155348326). Please review the event details for a solution, and then rerun the backup operation once the issue is resolved.

Error: (05/05/2015 08:55:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service mespelcamm since QueryServiceConfig API failed

System Error:
Access is denied.
.

Details:
AddWin32ServiceFiles: Unable to back up image of service HowgazJuldo since QueryServiceConfig API failed

System Error:
Access is denied.
.

Details:
AddWin32ServiceFiles: Unable to back up image of service esegixy since QueryServiceConfig API failed

System Error:
Access is denied.
.

System errors:
=============
Error: (05/05/2015 09:51:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mespelcamm service failed to start due to the following error:
%%2

Error: (05/05/2015 09:51:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HowgazJuldo service failed to start due to the following error:
%%2

Error: (05/05/2015 09:51:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The esegixy service failed to start due to the following error:
%%2

Error: (05/05/2015 09:51:39 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (05/05/2015 09:51:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (05/05/2015 09:51:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (05/05/2015 09:51:22 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (05/05/2015 09:51:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/05/2015 09:51:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BBUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (05/05/2015 09:51:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (05/05/2015 09:26:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service mespelcamm since QueryServiceConfig API failed

System Error:
Access is denied.

Error: (05/05/2015 09:26:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service HowgazJuldo since QueryServiceConfig API failed

System Error:
Access is denied.

Error: (05/05/2015 09:26:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service esegixy since QueryServiceConfig API failed

System Error:
Access is denied.

Error: (05/05/2015 09:26:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgR119 service.

System Error:
Access is denied.

Error: (05/05/2015 09:26:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgF119 service.

System Error:
Access is denied.

Error: (05/05/2015 09:26:17 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4c4dd1d8-fdfb-4f43-af79-482ae7088e8c}

Error: (05/05/2015 08:55:50 AM) (Source: Microsoft-Windows-Backup) (EventID: 517) (User: NT AUTHORITY)
Description: 2015-05-05T13:55:14.146924600Z0x80780166%%2155348326

Error: (05/05/2015 08:55:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service mespelcamm since QueryServiceConfig API failed

System Error:
Access is denied.

Error: (05/05/2015 08:55:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service HowgazJuldo since QueryServiceConfig API failed

System Error:
Access is denied.

Error: (05/05/2015 08:55:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service esegixy since QueryServiceConfig API failed

System Error:
Access is denied.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 20%
Total physical RAM: 8097.38 MB
Available physical RAM: 6423.38 MB
Total Pagefile: 9377.38 MB
Available Pagefile: 7811.16 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:222.71 GB) (Free:28.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: DDB755BC)

Partition: GPT Partition Type.

==================== End Of Log ============================

#5
BrianDrab

Posted 05 May 2015 - 06:58 PM

Trusted Helper

Malware Removal
3,591 posts

How's your machine doing? A little more to clean up and then a final check. Please do the following.

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. fixlist.txt 716bytes 266 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Step#2 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

Please go here and click on
Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
Please accept the ESET Online Scanner EULA and click Start.
If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
Make sure Enable detection of potentially unwanted applications is selected.
Click the Advanced Settings link.
Make sure Remove found threats is NOT checked.
Make sure Scan archives IS checked.
Make sure Scan for potentially unsafe applications IS checked.
Make sure Enable Anti-Stealth technology IS checked
Click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed, if anything was detected please click the List of found threats link.
Then click the Copy to Clipboard link and paste this information into your next reply.
Then you may click the Back button.
Check Uninstall Application on Close before clicking finish.

Items for your next post

1. FRST Fix log
2. Contents of the ESET log file

#6
rwalker03

Posted 06 May 2015 - 10:17 AM

New Member

Topic Starter
Member
5 posts

Things seem better. I'm not seeing the popups like I was.

FRST Fix Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015
Ran by admin at 2015-05-06 10:07:27 Run:2
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: tsutton & rwalker-admin & admin & localAdmin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
S2 esegixy; "C:\ProgramData\boostwebapp\1.1.0.31\mohqwban.exe" -cms [X]
S2 HowgazJuldo; "C:\ProgramData\boostwebapp\1.1.0.31\GaaflaCoce.exe" -cmd [X]
S2 mespelcamm; "C:\ProgramData\boostwebapp\1.1.0.31\mohqaban.exe" /ts2=1 [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"
CMD: netsh advfirewall reset
Cmd: wevtutil cl application
Cmd: wevtutil cl system
Cmd: wevtutil cl security
EmptyTemp:

*****************

Restore point was successfully created.
esegixy => Service deleted successfully.
HowgazJuldo => Service deleted successfully.
mespelcamm => Service deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys" => Key deleted successfully.

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= wevtutil cl application =========

========= End of CMD: =========

========= wevtutil cl system =========

========= End of CMD: =========

========= wevtutil cl security =========

========= End of CMD: =========

EmptyTemp: => Removed 366.5 MB temporary data.

The system needed a reboot.

==== End of Fixlog 10:08:02 ====

ESET Results:

C:\AdwCleaner\Quarantine\C\ProgramData\{e1453844-7f13-c9fa-e145-538447f1e111}\hqghumeaylnlf.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\tammgf119.sys.vir Win64/Adware.PennyBee.G application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\GaaflaCoce.exe a variant of Win32/Adware.PennyBee.N application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\mohqaban.EXE a variant of Win32/Adware.PennyBee.O application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\mohqdbanu.dll a variant of Win32/Adware.PennyBee.M application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\mohqwban.EXE a variant of Win32/Adware.PennyBee.O application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\tammgF.sys Win64/Adware.PennyBee.G application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\tammgFd.sys Win64/Adware.PennyBee.G application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\utils.exe a variant of Win32/Adware.PennyBee.P application
C:\FRST\Quarantine\C\ProgramData\tnj\D1582A821F3440FB8CB878BB51433C93\setup.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\FRST\Quarantine\C\Windows\System32\Drivers\tammgF119.sys.xBAD Win64/Adware.PennyBee.G application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\tammgF119.sys-u.mbam Win64/Adware.PennyBee.G application
C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\tammgF119.sys-u.mbam Win64/Adware.PennyBee.G application
C:\Users\tsutton\AppData\Roaming\eWIXeY4wGiRJ JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\tsutton\Downloads\ccsetup312.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

#7
BrianDrab

Posted 06 May 2015 - 11:31 AM

Trusted Helper

Malware Removal
3,591 posts

Thanks. Things look good. Final few items. Please do the following.

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. fixlist.txt 47bytes 189 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Step#2 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Items for your next post

1. FRST Fix log

2. Security Check log

#8
rwalker03

Posted 06 May 2015 - 03:11 PM

New Member

Topic Starter
Member
5 posts

Thanks for your help, and the quick reply!

Contents of Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by admin at 2015-05-06 16:06:31 Run:3
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: tsutton & rwalker-admin & admin & localAdmin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\tsutton\AppData\Roaming\eWIXeY4wGiRJ

*****************

C:\Users\tsutton\AppData\Roaming\eWIXeY4wGiRJ => Moved successfully.

==== End of Fixlog 16:06:31 ====

Security Check Log:

Results of screen317's Security Check version 1.001
   x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Trend Micro Security Agent
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 45
Adobe Reader XI
Mozilla Firefox (37.0.2)
````````Process Check: objlist.exe by Laurent````````
Trend Micro OfficeScan Client pccntmon.exe
Trend Micro Security Agent ntrtscan.exe
Trend Micro Security Agent tmlisten.exe
Trend Micro Security Agent CCSF TmCCSF.exe
Trend Micro BM TMBMSRV.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

#9
BrianDrab

Posted 06 May 2015 - 06:12 PM

Trusted Helper

Malware Removal
3,591 posts

Excellent, if there is nothing else I'll leave you with the following.

OK! Well done, your computer is clean again! :thumbsup: Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.

1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

2. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.

3. Antimalware- Preventative
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.

4. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.

Download CryptoPrevent free for home use here following the instructions below.
Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
Click the Apply button to set Default protection.
You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

UpdatesV7.4.11.JPG

For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing

OK, all the best, and stay safe!

Items for your next post
1. Contents of the delfix log

#10
rwalker03

Posted 08 May 2015 - 06:52 AM

New Member

Topic Starter
Member
5 posts

Thank you for your help with this! Much appreciated!

delfix:

# DelFix v1.010 - Logfile created 08/05/2015 at 07:51:47
# Updated 26/04/2015 by Xplode
# Username : admin - TSUTTON-XPS12
# Operating System : Windows 8.1 Pro with Media Center (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\admin\Desktop\FRST-OlderVersion
Deleted : C:\Users\admin\Desktop\Addition.txt
Deleted : C:\Users\admin\Desktop\AdwCleaner[S4].txt
Deleted : C:\Users\admin\Desktop\adwcleaner_4.203.exe
Deleted : C:\Users\admin\Desktop\aswMBR.exe
Deleted : C:\Users\admin\Desktop\aswMBR.txt
Deleted : C:\Users\admin\Desktop\Fixlog-old.txt
Deleted : C:\Users\admin\Desktop\Fixlog.txt
Deleted : C:\Users\admin\Desktop\FRST.txt
Deleted : C:\Users\admin\Desktop\FRST64.exe
Deleted : C:\Users\admin\Desktop\JRT.exe
Deleted : C:\Users\admin\Desktop\JRT.txt
Deleted : C:\Users\admin\Desktop\MBR.dat
Deleted : C:\Users\admin\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #98 [Windows Modules Installer | 05/06/2015 22:00:15]
Deleted : RP #99 [Windows Modules Installer | 05/06/2015 22:12:16]
Deleted : RP #100 [Removed Sophos Virus Removal Tool. | 05/07/2015 13:58:17]
Deleted : RP #101 [Removed Java 8 Update 45 | 05/07/2015 14:09:59]
Deleted : RP #102 [Windows Modules Installer | 05/07/2015 16:37:31]
Deleted : RP #103 [Windows Modules Installer | 05/07/2015 16:54:40]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

#11
BrianDrab

Posted 08 May 2015 - 07:48 PM

Trusted Helper

Malware Removal
3,591 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.