Google Chrome Virus

J

Joe Johns

New Member
Thread author
Jan 19, 2015
1
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Danny Burkhart (administrator) on DANNYBURKHART on 19-01-2015 23:12:00
Running from C:\Users\Danny Burkhart\Downloads
Loaded Profiles: Danny Burkhart (Available profiles: Danny Burkhart)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2128944 2014-06-07] (Juniper Networks, Inc.)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Run: [Spotify Web Helper] => C:\Users\Danny Burkhart\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-23] (Spotify Ltd)
HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\MountPoints2: {83183463-e7fc-11e1-bf65-446d57cb4999} - E:\SETUP.EXE
HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\MountPoints2: {c251d053-746b-11e2-8fbd-446d57cb4999} - E:\setup.exe -a
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
SearchScopes: HKLM -> {1C860C60-22E7-4ECE-9E35-315EB4B71553} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {1C860C60-22E7-4ECE-9E35-315EB4B71553} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3028118035-3150881808-3893125504-1000 -> {1C860C60-22E7-4ECE-9E35-315EB4B71553} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sslvpn.jmu.edu/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Danny Burkhart\AppData\Roaming\Mozilla\Firefox\Profiles\t2768g95.default
FF DefaultSearchEngine:
FF DefaultSearchEngine,S:
FF DefaultSearchUrl:
FF SearchEngineOrder.1:
FF SearchEngineOrder.1,S:
FF SelectedSearchEngine:
FF SelectedSearchEngine,S:
FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3028118035-3150881808-3893125504-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Danny Burkhart\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3028118035-3150881808-3893125504-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Danny Burkhart\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Danny Burkhart\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-12]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-11]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-24]
CHR Extension: (Google Drive) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-24]
CHR Extension: (YouTube) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-24]
CHR Extension: (Google Search) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-24]
CHR Extension: (AdBlock) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-24]
CHR Extension: (Google Wallet) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-24]
CHR Extension: (GoSave) - C:\ProgramData\flgohgifencnahkmalcgiojjgjbnapcp\ [2014-04-24]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-09-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280952 2013-01-22] (Dell Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-19] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-15] (Dell Inc.) [File not signed]
S2 ef65f95a; "C:\Windows\system32\rundll32.exe" "c:\progra~3\intele~1\IntelewinfilterSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-09] (O2Micro)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
R3 JNPRNA; C:\Windows\System32\DRIVERS\jnprna6.sys [522544 2014-05-20] (Juniper Networks)
S4 jnprTdi_7411_47145; C:\Windows\system32\Drivers\jnprTdi_7411_47145.sys [108344 2014-06-06] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2014-05-20] (Juniper Networks, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 PsSdk41; C:\Windows\system32\Drivers\pssdk41.sys [51776 2013-07-23] (microOLAP Technologies LTD)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-01-19] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 23:12 - 2015-01-19 23:12 - 00019502 _____ () C:\Users\Danny Burkhart\Downloads\FRST.txt
2015-01-19 23:11 - 2015-01-19 23:12 - 00000000 ____D () C:\FRST
2015-01-19 23:11 - 2015-01-19 23:11 - 02126848 _____ (Farbar) C:\Users\Danny Burkhart\Downloads\FRST64.exe
2015-01-19 18:51 - 2015-01-19 18:51 - 00001950 _____ () C:\Windows\system32\.crusader
2015-01-19 18:46 - 2015-01-19 18:46 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-19 18:46 - 2015-01-19 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-19 18:46 - 2015-01-19 18:46 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-19 18:45 - 2015-01-19 18:52 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-19 18:38 - 2015-01-19 18:43 - 11225840 _____ (SurfRight B.V.) C:\Users\Danny Burkhart\Downloads\HitmanPro_x64.exe
2015-01-19 18:34 - 2015-01-19 18:34 - 00000914 _____ () C:\Users\Danny Burkhart\Desktop\JRT.txt
2015-01-19 18:31 - 2015-01-19 18:31 - 00000000 ____D () C:\Windows\ERUNT
2015-01-19 18:30 - 2015-01-19 18:31 - 01707939 _____ (Thisisu) C:\Users\Danny Burkhart\Downloads\JRT.exe
2015-01-19 16:19 - 2015-01-19 18:53 - 00000112 _____ () C:\Windows\setupact.log
2015-01-19 16:19 - 2015-01-19 16:19 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-19 16:18 - 2015-01-19 16:18 - 00000376 _____ () C:\Windows\PFRO.log
2015-01-19 15:57 - 2015-01-19 15:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-19 15:57 - 2015-01-19 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-19 15:56 - 2015-01-19 15:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-19 15:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-19 15:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-19 15:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-19 15:48 - 2015-01-19 15:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Danny Burkhart\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-19 15:35 - 2015-01-19 15:36 - 00000000 ____D () C:\AdwCleaner
2015-01-19 15:34 - 2015-01-19 15:34 - 02186752 _____ () C:\Users\Danny Burkhart\Downloads\adwcleaner_4.108.exe
2015-01-19 15:32 - 2015-01-19 15:35 - 00002018 _____ () C:\freefallprotection.log
2015-01-19 15:01 - 2015-01-19 15:01 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-19 15:01 - 2015-01-19 15:01 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-19 15:00 - 2015-01-19 15:00 - 18570328 _____ () C:\Users\Danny Burkhart\Downloads\RogueKillerX64.exe
2015-01-19 14:46 - 2015-01-19 14:46 - 00000000 ____D () C:\Users\Danny Burkhart\AppData\Local\BVRP Software
2015-01-15 00:45 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 20:32 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 20:32 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 20:32 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 20:32 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 20:32 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 20:32 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 20:32 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 20:32 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 20:32 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 20:32 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 20:32 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 20:32 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 20:26 - 2015-01-13 20:26 - 00015886 _____ () C:\Users\Danny Burkhart\Downloads\Baker Hughes - Halliburton.xlsx
2015-01-12 17:42 - 2015-01-12 17:42 - 00009299 _____ () C:\Users\Danny Burkhart\Downloads\Scott.xlsx
2015-01-11 22:13 - 2015-01-11 22:13 - 00008990 _____ () C:\Users\Danny Burkhart\Downloads\S&P info.xlsx
2015-01-10 19:35 - 2015-01-10 19:35 - 00028160 _____ () C:\Users\Danny Burkhart\Downloads\dcf-analysis.xls
2015-01-10 00:52 - 2015-01-15 00:53 - 00055503 _____ () C:\Users\Danny Burkhart\Downloads\LBO Advanced Model(1) (1).xlsx
2015-01-06 13:57 - 2015-01-15 00:53 - 02138827 _____ () C:\Users\Danny Burkhart\Downloads\MSCI Index Tickers v2.xlsx
2015-01-04 00:08 - 2015-01-19 19:27 - 00000000 ____D () C:\Users\Danny Burkhart\AppData\Local\CrashDumps
2015-01-03 13:44 - 2015-01-03 13:44 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-29 14:13 - 2014-12-29 14:13 - 00000165 ____H () C:\Users\Danny Burkhart\Downloads\~$Industrials Spreadsheet.xlsx
2014-12-29 13:56 - 2014-12-29 13:56 - 00095309 _____ () C:\Users\Danny Burkhart\Downloads\Industrials Spreadsheet.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 23:10 - 2014-04-24 11:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 22:53 - 2012-09-11 19:55 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 22:53 - 2012-08-10 16:03 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000UA.job
2015-01-19 22:53 - 2012-07-27 10:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 22:53 - 2012-07-27 10:41 - 01414632 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 19:01 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 19:01 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 18:58 - 2009-07-14 00:13 - 00787576 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 18:53 - 2014-11-23 10:33 - 00003368 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3028118035-3150881808-3893125504-1000
2015-01-19 18:53 - 2014-11-23 10:33 - 00003252 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3028118035-3150881808-3893125504-1000
2015-01-19 18:53 - 2012-09-11 19:55 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 18:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 15:33 - 2012-07-27 10:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-19 15:27 - 2012-08-06 17:25 - 00000000 ____D () C:\Users\Danny Burkhart
2015-01-19 14:42 - 2014-11-13 20:29 - 00000000 ____D () C:\Users\Danny Burkhart\Desktop\banking prep
2015-01-19 14:38 - 2014-12-03 14:55 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\A - MIF
2015-01-19 14:30 - 2012-08-10 16:03 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000Core.job
2015-01-16 18:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-15 03:20 - 2012-08-28 20:33 - 00000000 ____D () C:\Users\Danny Burkhart\AppData\Roaming\Spotify
2015-01-15 03:12 - 2013-08-23 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:00 - 2012-08-06 17:43 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 00:54 - 2014-11-11 08:05 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\Goldman
2015-01-15 00:54 - 2014-09-01 22:16 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\Internship Prep
2015-01-15 00:51 - 2012-07-27 10:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 00:51 - 2012-07-27 10:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 00:51 - 2012-07-27 10:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 20:21 - 2012-08-28 20:34 - 00000000 ____D () C:\Users\Danny Burkhart\AppData\Local\Spotify
2015-01-12 21:29 - 2013-12-01 23:53 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\MIF
2015-01-05 21:46 - 2014-07-15 14:11 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\RBA
2015-01-05 21:46 - 2014-05-12 20:51 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\WSO
2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2012-05-21 14:00 - 2012-05-21 14:00 - 0020984 _____ (Intel Corporation) C:\Users\Danny Burkhart\AppData\Roaming\JomCap.dll
2013-07-11 00:04 - 2013-07-13 13:50 - 0000005 _____ () C:\Users\Danny Burkhart\AppData\Roaming\WBPU-TTL.DAT
2012-08-12 12:24 - 2012-08-12 12:24 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Danny Burkhart\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Danny Burkhart\AppData\Local\Temp\Quarantine.exe
C:\Users\Danny Burkhart\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 08:49

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Danny Burkhart at 2015-01-19 23:13:14
Running from C:\Users\Danny Burkhart\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden
Google Chrome (HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Officejet 4620 series Basic Device Software (HKLM\...\{A2E836B3-59A6-486B-82DC-1EA3878BCDEA}) (Version: 26.0.784.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Officejet 4620 series Product Improvement Study (HKLM\...\{3CF97AC1-219E-44DA-B3DE-32FCAD606231}) (Version: 26.0.784.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Junos Pulse (Version: 4.0.47145 - Juniper Networks) Hidden
Junos Pulse 4.0 (HKLM-x32\...\Junos Pulse 4.0) (Version: 4.0.47145 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access 2010 (HKLM-x32\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{938A412F-78C1-4158-8590-038A1D670A57}) (Version: 3.0.07.47 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.47 - O2Micro International LTD.) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}) (Version: 2.1.4.210GS - O2Micro)
O2Micro OZ776 SCR Driver (Version: 2.1.4.210GS - O2Micro) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Secure Download Manager (HKLM-x32\...\{6CEF2BC6-8929-44EE-8360-175513E1A49A}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Spotify (HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

22-12-2014 17:49:28 Windows Update
26-12-2014 21:25:35 Windows Update
03-01-2015 13:52:49 Windows Update
07-01-2015 11:42:30 Windows Update
11-01-2015 10:29:45 Windows Update
15-01-2015 00:50:10 Windows Update
15-01-2015 03:00:20 Windows Update
19-01-2015 14:14:16 Windows Update
19-01-2015 18:28:39 Removed Bonjour
19-01-2015 18:50:50 Checkpoint by HitmanPro
19-01-2015 18:51:21 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06C4089E-582A-4D89-9D23-426B1900305D} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18] (Hewlett-Packard Co.)
Task: {0BD52C36-BAE4-4F70-9C65-84F3441BB724} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3028118035-3150881808-3893125504-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {23B808D9-C6B7-4FBB-80D3-86F6FB43BA10} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3F7A3793-ED8B-4D2A-A8DA-136F0144813E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4EC3BBD8-12FE-44E3-9793-CF3492A4E6EF} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {6F6820CA-0A09-4A4C-AE3A-B47511DC4D3E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000UA => C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.)
Task: {7A350166-819A-4968-917E-23A21511397D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3028118035-3150881808-3893125504-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {7FE41B4C-B1C6-46C4-8A93-14E1B483AD03} - System32\Tasks\4800 => Wscript.exe C:\Users\DANNYB~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {94DAEE4C-2D1B-40CE-B553-8A6EB5E1F0DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000Core => C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.)
Task: {A5BA6504-B6E8-428C-B335-C420F4EAD432} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2012-10-11] (Dell Inc.)
Task: {B71856E2-5550-4BDC-A70A-1F41CA4AE91F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {B93307CC-ECFE-406E-ABED-2FE1C659BC3C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11] (Google Inc.)
Task: {E022B102-C5BA-46ED-97A0-EE0A71C3719F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {EF155124-929D-4E50-A57C-D76BAB664006} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11] (Google Inc.)
Task: {F702CBB1-2A01-4FF2-AA78-114AC3F14DDD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000Core.job => C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000UA.job => C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-10 23:29 - 2003-04-18 19:06 - 00008192 _____ () c:\Windows\SysWOW64\srvany.exe
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-05 14:01 - 2013-12-03 21:47 - 00702416 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 14:01 - 2013-12-03 21:47 - 00099792 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 14:01 - 2013-12-03 21:48 - 04055504 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 14:01 - 2013-12-03 21:48 - 00399312 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 14:01 - 2013-12-03 21:47 - 01619408 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-12-05 14:01 - 2013-12-03 21:48 - 13586896 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Danny Burkhart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4620 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4620 series.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Danny Burkhart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Smart Settings.lnk => C:\Windows\pss\Smart Settings.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DFEPApplication => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Danny Burkhart\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Danny Burkhart\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Danny Burkhart\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TdmNotify => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

========================= Accounts: ==========================

Administrator (S-1-5-21-3028118035-3150881808-3893125504-500 - Administrator - Disabled)
Danny Burkhart (S-1-5-21-3028118035-3150881808-3893125504-1000 - Administrator - Enabled) => C:\Users\Danny Burkhart
Guest (S-1-5-21-3028118035-3150881808-3893125504-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3028118035-3150881808-3893125504-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 09:46:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4633

Error: (01/19/2015 09:46:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4633

Error: (01/19/2015 09:46:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 09:46:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3634

Error: (01/19/2015 09:46:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3634

Error: (01/19/2015 09:46:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 09:46:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2542

Error: (01/19/2015 09:46:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2542

Error: (01/19/2015 09:46:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 09:46:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1294


System errors:
=============
Error: (01/19/2015 06:54:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/19/2015 06:53:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intelewin filter service to connect.

Error: (01/19/2015 06:53:21 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.

Error: (01/19/2015 06:53:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0


Microsoft Office Sessions:
=========================
Error: (08/16/2014 02:29:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 381801 seconds with 2400 seconds of active time. This session ended with a crash.

Error: (05/09/2014 11:03:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 69007 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/03/2014 02:17:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1605 seconds with 1260 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 32%
Total physical RAM: 8090.26 MB
Available physical RAM: 5480.48 MB
Total Pagefile: 16178.71 MB
Available Pagefile: 13293.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.96 GB) (Free:353.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F1AF7B91)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




warning.gif
Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.




51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code: 
    createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 

Similar threads

F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
1,856
Windows Malware Removal Help & Support
nasdaq
nasdaq
K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
1,995
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
1,847
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top