Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Google Chrome Virus
Message
<blockquote data-quote="Joe Johns" data-source="post: 336345" data-attributes="member: 33331"><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015</p><p>Ran by Danny Burkhart (administrator) on DANNYBURKHART on 19-01-2015 23:12:00</p><p>Running from C:\Users\Danny Burkhart\Downloads</p><p>Loaded Profiles: Danny Burkhart (Available profiles: Danny Burkhart)</p><p>Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe</p><p>(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe</p><p>(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe</p><p>(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe</p><p>(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p>(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE</p><p>(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE</p><p>(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe</p><p>(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe</p><p>(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe</p><p>(O2Micro International) C:\Windows\System32\o2flash.exe</p><p>() C:\Windows\SysWOW64\srvany.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe</p><p>(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe</p><p>(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe</p><p>(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe</p><p>(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE</p><p>(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe</p><p>(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe</p><p>(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe</p><p>(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE</p><p>(Microsoft Corporation) C:\Windows\splwow64.exe</p><p>(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)</p><p>HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)</p><p>HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [] => [X]</p><p>HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2128944 2014-06-07] (Juniper Networks, Inc.)</p><p>HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)</p><p>HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Run: [Spotify Web Helper] => C:\Users\Danny Burkhart\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-23] (Spotify Ltd)</p><p>HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Policies\Explorer: [NoChangeStartMenu] 0</p><p>HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Policies\Explorer: [NoLogOff] 0</p><p>HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\MountPoints2: {83183463-e7fc-11e1-bf65-446d57cb4999} - E:\SETUP.EXE</p><p>HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\MountPoints2: {c251d053-746b-11e2-8fbd-446d57cb4999} - E:\setup.exe -a</p><p>Lsa: [Authentication Packages] msv1_0 wvauth</p><p>Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk</p><p>ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)</p><p>Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk</p><p>ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)</p><p>ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)</p><p>ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)</p><p>GroupPolicy: Group Policy on Chrome detected <======= ATTENTION</p><p>CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://g.msn.com/USREL/1" target="_blank">http://g.msn.com/USREL/1</a></p><p>SearchScopes: HKLM -> {1C860C60-22E7-4ECE-9E35-315EB4B71553} URL = <a href="http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox" target="_blank">http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox</a></p><p>SearchScopes: HKLM-x32 -> {1C860C60-22E7-4ECE-9E35-315EB4B71553} URL = <a href="http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox" target="_blank">http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox</a></p><p>SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-21-3028118035-3150881808-3893125504-1000 -> {1C860C60-22E7-4ECE-9E35-315EB4B71553} URL = </p><p>BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)</p><p>DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} <a href="https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab" target="_blank">https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab</a></p><p>DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} <a href="https://sslvpn.jmu.edu/dana-cached/sc/JuniperSetupClient.cab" target="_blank">https://sslvpn.jmu.edu/dana-cached/sc/JuniperSetupClient.cab</a></p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Danny Burkhart\AppData\Roaming\Mozilla\Firefox\Profiles\t2768g95.default</p><p>FF DefaultSearchEngine: </p><p>FF DefaultSearchEngine,S: </p><p>FF DefaultSearchUrl: </p><p>FF SearchEngineOrder.1: </p><p>FF SearchEngineOrder.1,S: </p><p>FF SelectedSearchEngine: </p><p>FF SelectedSearchEngine,S: </p><p>FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()</p><p>FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</p><p>FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</p><p>FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</p><p>FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</p><p>FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin HKU\S-1-5-21-3028118035-3150881808-3893125504-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Danny Burkhart\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin HKU\S-1-5-21-3028118035-3150881808-3893125504-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Danny Burkhart\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Users\Danny Burkhart\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:quickprint@hp.com">quickprint@hp.com</a>] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension</p><p>FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-12]</p><p>FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext</p><p>FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-11]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR dev: Chrome dev build detected! <======= ATTENTION</p><p>CHR Profile: C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Docs) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-24]</p><p>CHR Extension: (Google Drive) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-24]</p><p>CHR Extension: (YouTube) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-24]</p><p>CHR Extension: (Google Search) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-24]</p><p>CHR Extension: (AdBlock) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-24]</p><p>CHR Extension: (Google Wallet) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]</p><p>CHR Extension: (Gmail) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-24]</p><p>CHR Extension: (GoSave) - C:\ProgramData\flgohgifencnahkmalcgiojjgjbnapcp\ [2014-04-24]</p><p>CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-09-11]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]</p><p>R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280952 2013-01-22] (Dell Inc.)</p><p>R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-19] (SurfRight B.V.)</p><p>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)</p><p>R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)</p><p>R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)</p><p>R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)</p><p>R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)</p><p>R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]</p><p>S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]</p><p>R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]</p><p>S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)</p><p>R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-15] (Dell Inc.) [File not signed]</p><p>S2 ef65f95a; "C:\Windows\system32\rundll32.exe" "c:\progra~3\intele~1\IntelewinfilterSvc.dll",service</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-09] (O2Micro)</p><p>S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)</p><p>R3 JNPRNA; C:\Windows\System32\DRIVERS\jnprna6.sys [522544 2014-05-20] (Juniper Networks)</p><p>S4 jnprTdi_7411_47145; C:\Windows\system32\Drivers\jnprTdi_7411_47145.sys [108344 2014-06-06] (Juniper Networks, Inc.)</p><p>R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2014-05-20] (Juniper Networks, Inc.)</p><p>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)</p><p>R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation)</p><p>R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)</p><p>R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)</p><p>R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)</p><p>S3 PsSdk41; C:\Windows\system32\Drivers\pssdk41.sys [51776 2013-07-23] (microOLAP Technologies LTD)</p><p>U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-01-19] ()</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-01-19 23:12 - 2015-01-19 23:12 - 00019502 _____ () C:\Users\Danny Burkhart\Downloads\FRST.txt</p><p>2015-01-19 23:11 - 2015-01-19 23:12 - 00000000 ____D () C:\FRST</p><p>2015-01-19 23:11 - 2015-01-19 23:11 - 02126848 _____ (Farbar) C:\Users\Danny Burkhart\Downloads\FRST64.exe</p><p>2015-01-19 18:51 - 2015-01-19 18:51 - 00001950 _____ () C:\Windows\system32\.crusader</p><p>2015-01-19 18:46 - 2015-01-19 18:46 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2015-01-19 18:46 - 2015-01-19 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2015-01-19 18:46 - 2015-01-19 18:46 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2015-01-19 18:45 - 2015-01-19 18:52 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2015-01-19 18:38 - 2015-01-19 18:43 - 11225840 _____ (SurfRight B.V.) C:\Users\Danny Burkhart\Downloads\HitmanPro_x64.exe</p><p>2015-01-19 18:34 - 2015-01-19 18:34 - 00000914 _____ () C:\Users\Danny Burkhart\Desktop\JRT.txt</p><p>2015-01-19 18:31 - 2015-01-19 18:31 - 00000000 ____D () C:\Windows\ERUNT</p><p>2015-01-19 18:30 - 2015-01-19 18:31 - 01707939 _____ (Thisisu) C:\Users\Danny Burkhart\Downloads\JRT.exe</p><p>2015-01-19 16:19 - 2015-01-19 18:53 - 00000112 _____ () C:\Windows\setupact.log</p><p>2015-01-19 16:19 - 2015-01-19 16:19 - 00000000 _____ () C:\Windows\setuperr.log</p><p>2015-01-19 16:18 - 2015-01-19 16:18 - 00000376 _____ () C:\Windows\PFRO.log</p><p>2015-01-19 15:57 - 2015-01-19 15:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2015-01-19 15:57 - 2015-01-19 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2015-01-19 15:56 - 2015-01-19 15:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2015-01-19 15:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2015-01-19 15:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys</p><p>2015-01-19 15:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys</p><p>2015-01-19 15:48 - 2015-01-19 15:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Danny Burkhart\Downloads\mbam-setup-2.0.4.1028.exe</p><p>2015-01-19 15:35 - 2015-01-19 15:36 - 00000000 ____D () C:\AdwCleaner</p><p>2015-01-19 15:34 - 2015-01-19 15:34 - 02186752 _____ () C:\Users\Danny Burkhart\Downloads\adwcleaner_4.108.exe</p><p>2015-01-19 15:32 - 2015-01-19 15:35 - 00002018 _____ () C:\freefallprotection.log</p><p>2015-01-19 15:01 - 2015-01-19 15:01 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys</p><p>2015-01-19 15:01 - 2015-01-19 15:01 - 00000000 ____D () C:\ProgramData\RogueKiller</p><p>2015-01-19 15:00 - 2015-01-19 15:00 - 18570328 _____ () C:\Users\Danny Burkhart\Downloads\RogueKillerX64.exe</p><p>2015-01-19 14:46 - 2015-01-19 14:46 - 00000000 ____D () C:\Users\Danny Burkhart\AppData\Local\BVRP Software</p><p>2015-01-15 00:45 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll</p><p>2015-01-13 20:32 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys</p><p>2015-01-13 20:32 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe</p><p>2015-01-13 20:32 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll</p><p>2015-01-13 20:32 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe</p><p>2015-01-13 20:32 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll</p><p>2015-01-13 20:32 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</p><p>2015-01-13 20:32 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</p><p>2015-01-13 20:32 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll</p><p>2015-01-13 20:32 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe</p><p>2015-01-13 20:32 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll</p><p>2015-01-13 20:32 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll</p><p>2015-01-13 20:32 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll</p><p>2015-01-13 20:26 - 2015-01-13 20:26 - 00015886 _____ () C:\Users\Danny Burkhart\Downloads\Baker Hughes - Halliburton.xlsx</p><p>2015-01-12 17:42 - 2015-01-12 17:42 - 00009299 _____ () C:\Users\Danny Burkhart\Downloads\Scott.xlsx</p><p>2015-01-11 22:13 - 2015-01-11 22:13 - 00008990 _____ () C:\Users\Danny Burkhart\Downloads\S&P info.xlsx</p><p>2015-01-10 19:35 - 2015-01-10 19:35 - 00028160 _____ () C:\Users\Danny Burkhart\Downloads\dcf-analysis.xls</p><p>2015-01-10 00:52 - 2015-01-15 00:53 - 00055503 _____ () C:\Users\Danny Burkhart\Downloads\LBO Advanced Model(1) (1).xlsx</p><p>2015-01-06 13:57 - 2015-01-15 00:53 - 02138827 _____ () C:\Users\Danny Burkhart\Downloads\MSCI Index Tickers v2.xlsx</p><p>2015-01-04 00:08 - 2015-01-19 19:27 - 00000000 ____D () C:\Users\Danny Burkhart\AppData\Local\CrashDumps</p><p>2015-01-03 13:44 - 2015-01-03 13:44 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task</p><p>2014-12-29 14:13 - 2014-12-29 14:13 - 00000165 ____H () C:\Users\Danny Burkhart\Downloads\~$Industrials Spreadsheet.xlsx</p><p>2014-12-29 13:56 - 2014-12-29 13:56 - 00095309 _____ () C:\Users\Danny Burkhart\Downloads\Industrials Spreadsheet.xlsx</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-01-19 23:10 - 2014-04-24 11:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2015-01-19 22:53 - 2012-09-11 19:55 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2015-01-19 22:53 - 2012-08-10 16:03 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000UA.job</p><p>2015-01-19 22:53 - 2012-07-27 10:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2015-01-19 22:53 - 2012-07-27 10:41 - 01414632 _____ () C:\Windows\WindowsUpdate.log</p><p>2015-01-19 19:01 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2015-01-19 19:01 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2015-01-19 18:58 - 2009-07-14 00:13 - 00787576 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2015-01-19 18:53 - 2014-11-23 10:33 - 00003368 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3028118035-3150881808-3893125504-1000</p><p>2015-01-19 18:53 - 2014-11-23 10:33 - 00003252 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3028118035-3150881808-3893125504-1000</p><p>2015-01-19 18:53 - 2012-09-11 19:55 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-01-19 18:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2015-01-19 15:33 - 2012-07-27 10:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information</p><p>2015-01-19 15:27 - 2012-08-06 17:25 - 00000000 ____D () C:\Users\Danny Burkhart</p><p>2015-01-19 14:42 - 2014-11-13 20:29 - 00000000 ____D () C:\Users\Danny Burkhart\Desktop\banking prep</p><p>2015-01-19 14:38 - 2014-12-03 14:55 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\A - MIF</p><p>2015-01-19 14:30 - 2012-08-10 16:03 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000Core.job</p><p>2015-01-16 18:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF</p><p>2015-01-15 03:20 - 2012-08-28 20:33 - 00000000 ____D () C:\Users\Danny Burkhart\AppData\Roaming\Spotify</p><p>2015-01-15 03:12 - 2013-08-23 02:02 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2015-01-15 03:00 - 2012-08-06 17:43 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2015-01-15 00:54 - 2014-11-11 08:05 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\Goldman</p><p>2015-01-15 00:54 - 2014-09-01 22:16 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\Internship Prep</p><p>2015-01-15 00:51 - 2012-07-27 10:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2015-01-15 00:51 - 2012-07-27 10:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2015-01-15 00:51 - 2012-07-27 10:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2015-01-13 20:21 - 2012-08-28 20:34 - 00000000 ____D () C:\Users\Danny Burkhart\AppData\Local\Spotify</p><p>2015-01-12 21:29 - 2013-12-01 23:53 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\MIF</p><p>2015-01-05 21:46 - 2014-07-15 14:11 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\RBA</p><p>2015-01-05 21:46 - 2014-05-12 20:51 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\WSO</p><p>2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe</p><p></p><p>==================== Files in the root of some directories =======</p><p>2012-05-21 14:00 - 2012-05-21 14:00 - 0020984 _____ (Intel Corporation) C:\Users\Danny Burkhart\AppData\Roaming\JomCap.dll</p><p>2013-07-11 00:04 - 2013-07-13 13:50 - 0000005 _____ () C:\Users\Danny Burkhart\AppData\Roaming\WBPU-TTL.DAT</p><p>2012-08-12 12:24 - 2012-08-12 12:24 - 0000057 _____ () C:\ProgramData\Ament.ini</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\Danny Burkhart\AppData\Local\Temp\dllnt_dump.dll</p><p>C:\Users\Danny Burkhart\AppData\Local\Temp\Quarantine.exe</p><p>C:\Users\Danny Burkhart\AppData\Local\Temp\sqlite3.dll</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-01-14 08:49</p><p></p><p>==================== End Of Log ============================</p><p></p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015</p><p>Ran by Danny Burkhart at 2015-01-19 23:13:14</p><p>Running from C:\Users\Danny Burkhart\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}</p><p>AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}</p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)</p><p>Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)</p><p>Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden</p><p>BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)</p><p>Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version: - )</p><p>CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)</p><p>Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden</p><p>Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden</p><p>Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden</p><p>Cisco WebEx Meetings (HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)</p><p>Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden</p><p>CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)</p><p>Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)</p><p>Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)</p><p>Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden</p><p>Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)</p><p>Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)</p><p>Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)</p><p>Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)</p><p>Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)</p><p>Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)</p><p>DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden</p><p>DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden</p><p>DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)</p><p>EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden</p><p>Google Chrome (HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)</p><p>Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden</p><p>HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)</p><p>HP Officejet 4620 series Basic Device Software (HKLM\...\{A2E836B3-59A6-486B-82DC-1EA3878BCDEA}) (Version: 26.0.784.0 - Hewlett-Packard Co.)</p><p>HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)</p><p>HP Officejet 4620 series Product Improvement Study (HKLM\...\{3CF97AC1-219E-44DA-B3DE-32FCAD606231}) (Version: 26.0.784.0 - Hewlett-Packard Co.)</p><p>HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)</p><p>I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)</p><p>Intel(R) Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)</p><p>Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)</p><p>iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)</p><p>Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)</p><p>Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.)</p><p>Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)</p><p>Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Junos Pulse (Version: 4.0.47145 - Juniper Networks) Hidden</p><p>Junos Pulse 4.0 (HKLM-x32\...\Junos Pulse 4.0) (Version: 4.0.47145 - Juniper Networks, Inc.)</p><p>Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)</p><p>Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft Access 2010 (HKLM-x32\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)</p><p>Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)</p><p>Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)</p><p>Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)</p><p>Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)</p><p>Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)</p><p>Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)</p><p>Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)</p><p>Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)</p><p>MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p>Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)</p><p>NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden</p><p>O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{938A412F-78C1-4158-8590-038A1D670A57}) (Version: 3.0.07.47 - O2Micro International LTD.)</p><p>O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.47 - O2Micro International LTD.) Hidden</p><p>O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}) (Version: 2.1.4.210GS - O2Micro)</p><p>O2Micro OZ776 SCR Driver (Version: 2.1.4.210GS - O2Micro) Hidden</p><p>Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)</p><p>PC-CCID (Version: 2.0.0 - Gemalto) Hidden</p><p>PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden</p><p>Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden</p><p>Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden</p><p>QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)</p><p>RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden</p><p>RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden</p><p>RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)</p><p>RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden</p><p>Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)</p><p>Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)</p><p>Roxio File Backup (Version: 1.3.2 - Roxio) Hidden</p><p>Secure Download Manager (HKLM-x32\...\{6CEF2BC6-8929-44EE-8360-175513E1A49A}) (Version: 3.0.5 - e-academy Inc.)</p><p>Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)</p><p>Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)</p><p>Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden</p><p>SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden</p><p>Spotify (HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)</p><p>TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)</p><p>Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden</p><p>Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)</p><p>Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden</p><p>Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden</p><p>Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden</p><p>WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)</p><p>Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)</p><p>Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p></p><p>==================== Restore Points =========================</p><p></p><p>22-12-2014 17:49:28 Windows Update</p><p>26-12-2014 21:25:35 Windows Update</p><p>03-01-2015 13:52:49 Windows Update</p><p>07-01-2015 11:42:30 Windows Update</p><p>11-01-2015 10:29:45 Windows Update</p><p>15-01-2015 00:50:10 Windows Update</p><p>15-01-2015 03:00:20 Windows Update</p><p>19-01-2015 14:14:16 Windows Update</p><p>19-01-2015 18:28:39 Removed Bonjour</p><p>19-01-2015 18:50:50 Checkpoint by HitmanPro</p><p>19-01-2015 18:51:21 Checkpoint by HitmanPro</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {06C4089E-582A-4D89-9D23-426B1900305D} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18] (Hewlett-Packard Co.)</p><p>Task: {0BD52C36-BAE4-4F70-9C65-84F3441BB724} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3028118035-3150881808-3893125504-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)</p><p>Task: {23B808D9-C6B7-4FBB-80D3-86F6FB43BA10} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)</p><p>Task: {3F7A3793-ED8B-4D2A-A8DA-136F0144813E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc</p><p>Task: {4EC3BBD8-12FE-44E3-9793-CF3492A4E6EF} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION</p><p>Task: {6F6820CA-0A09-4A4C-AE3A-B47511DC4D3E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000UA => C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.)</p><p>Task: {7A350166-819A-4968-917E-23A21511397D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3028118035-3150881808-3893125504-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)</p><p>Task: {7FE41B4C-B1C6-46C4-8A93-14E1B483AD03} - System32\Tasks\4800 => Wscript.exe C:\Users\DANNYB~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION</p><p>Task: {94DAEE4C-2D1B-40CE-B553-8A6EB5E1F0DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000Core => C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.)</p><p>Task: {A5BA6504-B6E8-428C-B335-C420F4EAD432} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2012-10-11] (Dell Inc.)</p><p>Task: {B71856E2-5550-4BDC-A70A-1F41CA4AE91F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)</p><p>Task: {B93307CC-ECFE-406E-ABED-2FE1C659BC3C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11] (Google Inc.)</p><p>Task: {E022B102-C5BA-46ED-97A0-EE0A71C3719F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)</p><p>Task: {EF155124-929D-4E50-A57C-D76BAB664006} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11] (Google Inc.)</p><p>Task: {F702CBB1-2A01-4FF2-AA78-114AC3F14DDD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000Core.job => C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000UA.job => C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2014-05-10 23:29 - 2003-04-18 19:06 - 00008192 _____ () c:\Windows\SysWOW64\srvany.exe</p><p>2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2013-12-05 14:01 - 2013-12-03 21:47 - 00702416 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll</p><p>2013-12-05 14:01 - 2013-12-03 21:47 - 00099792 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll</p><p>2013-12-05 14:01 - 2013-12-03 21:48 - 04055504 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll</p><p>2013-12-05 14:01 - 2013-12-03 21:48 - 00399312 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll</p><p>2013-12-05 14:01 - 2013-12-03 21:47 - 01619408 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll</p><p>2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL</p><p>2013-12-05 14:01 - 2013-12-03 21:48 - 13586896 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"</p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup</p><p>MSCONFIG\startupfolder: C:^Users^Danny Burkhart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4620 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4620 series.lnk.Startup</p><p>MSCONFIG\startupfolder: C:^Users^Danny Burkhart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Smart Settings.lnk => C:\Windows\pss\Smart Settings.lnk.Startup</p><p>MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"</p><p>MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe</p><p>MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"</p><p>MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices</p><p>MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2</p><p>MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"</p><p>MSCONFIG\startupreg: DFEPApplication => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe</p><p>MSCONFIG\startupreg: Facebook Update => "C:\Users\Danny Burkhart\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver</p><p>MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe</p><p>MSCONFIG\startupreg: Google Update => "C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe" /c</p><p>MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe</p><p>MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe</p><p>MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe</p><p>MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"</p><p>MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"</p><p>MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe</p><p>MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime</p><p>MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"</p><p>MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"</p><p>MSCONFIG\startupreg: Spotify => "C:\Users\Danny Burkhart\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart</p><p>MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Danny Burkhart\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"</p><p>MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"</p><p>MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe</p><p>MSCONFIG\startupreg: TdmNotify => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe</p><p>MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot</p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-3028118035-3150881808-3893125504-500 - Administrator - Disabled)</p><p>Danny Burkhart (S-1-5-21-3028118035-3150881808-3893125504-1000 - Administrator - Enabled) => C:\Users\Danny Burkhart</p><p>Guest (S-1-5-21-3028118035-3150881808-3893125504-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-3028118035-3150881808-3893125504-1002 - Limited - Enabled)</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: </p><p>Description: </p><p>Class Guid: </p><p>Manufacturer: </p><p>Service: </p><p>Problem: : The drivers for this device are not installed. (Code 28)</p><p>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (01/19/2015 09:46:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 4633</p><p></p><p>Error: (01/19/2015 09:46:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 4633</p><p></p><p>Error: (01/19/2015 09:46:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (01/19/2015 09:46:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 3634</p><p></p><p>Error: (01/19/2015 09:46:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 3634</p><p></p><p>Error: (01/19/2015 09:46:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (01/19/2015 09:46:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 2542</p><p></p><p>Error: (01/19/2015 09:46:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 2542</p><p></p><p>Error: (01/19/2015 09:46:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (01/19/2015 09:46:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 1294</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (01/19/2015 06:54:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)</p><p></p><p>Error: (01/19/2015 06:53:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )</p><p>Description: A timeout was reached (30000 milliseconds) while waiting for the Intelewin filter service to connect.</p><p></p><p>Error: (01/19/2015 06:53:21 PM) (Source: Service Control Manager) (EventID: 7024) (User: )</p><p>Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.</p><p></p><p>Error: (01/19/2015 06:53:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error: </p><p>%%0</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (08/16/2014 02:29:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 381801 seconds with 2400 seconds of active time. This session ended with a crash.</p><p></p><p>Error: (05/09/2014 11:03:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 69007 seconds with 0 seconds of active time. This session ended with a crash.</p><p></p><p>Error: (05/03/2014 02:17:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )</p><p>Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1605 seconds with 1260 seconds of active time. This session ended with a crash.</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz</p><p>Percentage of memory in use: 32%</p><p>Total physical RAM: 8090.26 MB</p><p>Available physical RAM: 5480.48 MB</p><p>Total Pagefile: 16178.71 MB</p><p>Available Pagefile: 13293.91 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.83 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (OS) (Fixed) (Total:452.96 GB) (Free:353.88 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F1AF7B91)</p><p>Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)</p><p>Partition 2: (Active) - (Size=12.8 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Joe Johns, post: 336345, member: 33331"] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Danny Burkhart (administrator) on DANNYBURKHART on 19-01-2015 23:12:00 Running from C:\Users\Danny Burkhart\Downloads Loaded Profiles: Danny Burkhart (Available profiles: Danny Burkhart) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (O2Micro International) C:\Windows\System32\o2flash.exe () C:\Windows\SysWOW64\srvany.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.) HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2128944 2014-06-07] (Juniper Networks, Inc.) HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Run: [Spotify Web Helper] => C:\Users\Danny Burkhart\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-23] (Spotify Ltd) HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Policies\Explorer: [NoLogOff] 0 HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\MountPoints2: {83183463-e7fc-11e1-bf65-446d57cb4999} - E:\SETUP.EXE HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\MountPoints2: {c251d053-746b-11e2-8fbd-446d57cb4999} - E:\setup.exe -a Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.) ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://g.msn.com/USREL/1[/URL] SearchScopes: HKLM -> {1C860C60-22E7-4ECE-9E35-315EB4B71553} URL = [URL]http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox[/URL] SearchScopes: HKLM-x32 -> {1C860C60-22E7-4ECE-9E35-315EB4B71553} URL = [URL]http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox[/URL] SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3028118035-3150881808-3893125504-1000 -> {1C860C60-22E7-4ECE-9E35-315EB4B71553} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} [URL]https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab[/URL] DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [URL]https://sslvpn.jmu.edu/dana-cached/sc/JuniperSetupClient.cab[/URL] Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\Danny Burkhart\AppData\Roaming\Mozilla\Firefox\Profiles\t2768g95.default FF DefaultSearchEngine: FF DefaultSearchEngine,S: FF DefaultSearchUrl: FF SearchEngineOrder.1: FF SearchEngineOrder.1,S: FF SelectedSearchEngine: FF SelectedSearchEngine,S: FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home); FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3028118035-3150881808-3893125504-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Danny Burkhart\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3028118035-3150881808-3893125504-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Danny Burkhart\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Danny Burkhart\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF HKLM-x32\...\Firefox\Extensions: [[email]quickprint@hp.com[/email]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-12] FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-11] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-24] CHR Extension: (Google Drive) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-24] CHR Extension: (YouTube) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-24] CHR Extension: (Google Search) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-24] CHR Extension: (AdBlock) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-24] CHR Extension: (Google Wallet) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31] CHR Extension: (Gmail) - C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-24] CHR Extension: (GoSave) - C:\ProgramData\flgohgifencnahkmalcgiojjgjbnapcp\ [2014-04-24] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-09-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed] R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280952 2013-01-22] (Dell Inc.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-19] (SurfRight B.V.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International) R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed] S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed] R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-15] (Dell Inc.) [File not signed] S2 ef65f95a; "C:\Windows\system32\rundll32.exe" "c:\progra~3\intele~1\IntelewinfilterSvc.dll",service ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-09] (O2Micro) S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.) R3 JNPRNA; C:\Windows\System32\DRIVERS\jnprna6.sys [522544 2014-05-20] (Juniper Networks) S4 jnprTdi_7411_47145; C:\Windows\system32\Drivers\jnprTdi_7411_47145.sys [108344 2014-06-06] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2014-05-20] (Juniper Networks, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S3 PsSdk41; C:\Windows\system32\Drivers\pssdk41.sys [51776 2013-07-23] (microOLAP Technologies LTD) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-01-19] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-19 23:12 - 2015-01-19 23:12 - 00019502 _____ () C:\Users\Danny Burkhart\Downloads\FRST.txt 2015-01-19 23:11 - 2015-01-19 23:12 - 00000000 ____D () C:\FRST 2015-01-19 23:11 - 2015-01-19 23:11 - 02126848 _____ (Farbar) C:\Users\Danny Burkhart\Downloads\FRST64.exe 2015-01-19 18:51 - 2015-01-19 18:51 - 00001950 _____ () C:\Windows\system32\.crusader 2015-01-19 18:46 - 2015-01-19 18:46 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2015-01-19 18:46 - 2015-01-19 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-01-19 18:46 - 2015-01-19 18:46 - 00000000 ____D () C:\Program Files\HitmanPro 2015-01-19 18:45 - 2015-01-19 18:52 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-19 18:38 - 2015-01-19 18:43 - 11225840 _____ (SurfRight B.V.) C:\Users\Danny Burkhart\Downloads\HitmanPro_x64.exe 2015-01-19 18:34 - 2015-01-19 18:34 - 00000914 _____ () C:\Users\Danny Burkhart\Desktop\JRT.txt 2015-01-19 18:31 - 2015-01-19 18:31 - 00000000 ____D () C:\Windows\ERUNT 2015-01-19 18:30 - 2015-01-19 18:31 - 01707939 _____ (Thisisu) C:\Users\Danny Burkhart\Downloads\JRT.exe 2015-01-19 16:19 - 2015-01-19 18:53 - 00000112 _____ () C:\Windows\setupact.log 2015-01-19 16:19 - 2015-01-19 16:19 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-19 16:18 - 2015-01-19 16:18 - 00000376 _____ () C:\Windows\PFRO.log 2015-01-19 15:57 - 2015-01-19 15:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-01-19 15:57 - 2015-01-19 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-19 15:56 - 2015-01-19 15:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-19 15:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-19 15:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-19 15:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-19 15:48 - 2015-01-19 15:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Danny Burkhart\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-19 15:35 - 2015-01-19 15:36 - 00000000 ____D () C:\AdwCleaner 2015-01-19 15:34 - 2015-01-19 15:34 - 02186752 _____ () C:\Users\Danny Burkhart\Downloads\adwcleaner_4.108.exe 2015-01-19 15:32 - 2015-01-19 15:35 - 00002018 _____ () C:\freefallprotection.log 2015-01-19 15:01 - 2015-01-19 15:01 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-01-19 15:01 - 2015-01-19 15:01 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-01-19 15:00 - 2015-01-19 15:00 - 18570328 _____ () C:\Users\Danny Burkhart\Downloads\RogueKillerX64.exe 2015-01-19 14:46 - 2015-01-19 14:46 - 00000000 ____D () C:\Users\Danny Burkhart\AppData\Local\BVRP Software 2015-01-15 00:45 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-13 20:32 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-13 20:32 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-13 20:32 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-13 20:32 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-13 20:32 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-13 20:32 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-13 20:32 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-13 20:32 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-13 20:32 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-13 20:32 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-13 20:32 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-13 20:32 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 20:26 - 2015-01-13 20:26 - 00015886 _____ () C:\Users\Danny Burkhart\Downloads\Baker Hughes - Halliburton.xlsx 2015-01-12 17:42 - 2015-01-12 17:42 - 00009299 _____ () C:\Users\Danny Burkhart\Downloads\Scott.xlsx 2015-01-11 22:13 - 2015-01-11 22:13 - 00008990 _____ () C:\Users\Danny Burkhart\Downloads\S&P info.xlsx 2015-01-10 19:35 - 2015-01-10 19:35 - 00028160 _____ () C:\Users\Danny Burkhart\Downloads\dcf-analysis.xls 2015-01-10 00:52 - 2015-01-15 00:53 - 00055503 _____ () C:\Users\Danny Burkhart\Downloads\LBO Advanced Model(1) (1).xlsx 2015-01-06 13:57 - 2015-01-15 00:53 - 02138827 _____ () C:\Users\Danny Burkhart\Downloads\MSCI Index Tickers v2.xlsx 2015-01-04 00:08 - 2015-01-19 19:27 - 00000000 ____D () C:\Users\Danny Burkhart\AppData\Local\CrashDumps 2015-01-03 13:44 - 2015-01-03 13:44 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-29 14:13 - 2014-12-29 14:13 - 00000165 ____H () C:\Users\Danny Burkhart\Downloads\~$Industrials Spreadsheet.xlsx 2014-12-29 13:56 - 2014-12-29 13:56 - 00095309 _____ () C:\Users\Danny Burkhart\Downloads\Industrials Spreadsheet.xlsx ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-19 23:10 - 2014-04-24 11:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-19 22:53 - 2012-09-11 19:55 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-19 22:53 - 2012-08-10 16:03 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000UA.job 2015-01-19 22:53 - 2012-07-27 10:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-19 22:53 - 2012-07-27 10:41 - 01414632 _____ () C:\Windows\WindowsUpdate.log 2015-01-19 19:01 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-19 19:01 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-19 18:58 - 2009-07-14 00:13 - 00787576 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-19 18:53 - 2014-11-23 10:33 - 00003368 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3028118035-3150881808-3893125504-1000 2015-01-19 18:53 - 2014-11-23 10:33 - 00003252 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3028118035-3150881808-3893125504-1000 2015-01-19 18:53 - 2012-09-11 19:55 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-19 18:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-19 15:33 - 2012-07-27 10:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-19 15:27 - 2012-08-06 17:25 - 00000000 ____D () C:\Users\Danny Burkhart 2015-01-19 14:42 - 2014-11-13 20:29 - 00000000 ____D () C:\Users\Danny Burkhart\Desktop\banking prep 2015-01-19 14:38 - 2014-12-03 14:55 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\A - MIF 2015-01-19 14:30 - 2012-08-10 16:03 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000Core.job 2015-01-16 18:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-15 03:20 - 2012-08-28 20:33 - 00000000 ____D () C:\Users\Danny Burkhart\AppData\Roaming\Spotify 2015-01-15 03:12 - 2013-08-23 02:02 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 03:00 - 2012-08-06 17:43 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-15 00:54 - 2014-11-11 08:05 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\Goldman 2015-01-15 00:54 - 2014-09-01 22:16 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\Internship Prep 2015-01-15 00:51 - 2012-07-27 10:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-15 00:51 - 2012-07-27 10:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-15 00:51 - 2012-07-27 10:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-13 20:21 - 2012-08-28 20:34 - 00000000 ____D () C:\Users\Danny Burkhart\AppData\Local\Spotify 2015-01-12 21:29 - 2013-12-01 23:53 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\MIF 2015-01-05 21:46 - 2014-07-15 14:11 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\RBA 2015-01-05 21:46 - 2014-05-12 20:51 - 00000000 ____D () C:\Users\Danny Burkhart\Documents\WSO 2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2012-05-21 14:00 - 2012-05-21 14:00 - 0020984 _____ (Intel Corporation) C:\Users\Danny Burkhart\AppData\Roaming\JomCap.dll 2013-07-11 00:04 - 2013-07-13 13:50 - 0000005 _____ () C:\Users\Danny Burkhart\AppData\Roaming\WBPU-TTL.DAT 2012-08-12 12:24 - 2012-08-12 12:24 - 0000057 _____ () C:\ProgramData\Ament.ini Some content of TEMP: ==================== C:\Users\Danny Burkhart\AppData\Local\Temp\dllnt_dump.dll C:\Users\Danny Burkhart\AppData\Local\Temp\Quarantine.exe C:\Users\Danny Burkhart\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 08:49 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015 Ran by Danny Burkhart at 2015-01-19 23:13:14 Running from C:\Users\Danny Burkhart\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation) Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden Cisco WebEx Meetings (HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.) Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.) Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.) Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.) Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd) DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.) EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden Google Chrome (HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.) HP Officejet 4620 series Basic Device Software (HKLM\...\{A2E836B3-59A6-486B-82DC-1EA3878BCDEA}) (Version: 26.0.784.0 - Hewlett-Packard Co.) HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard) HP Officejet 4620 series Product Improvement Study (HKLM\...\{3CF97AC1-219E-44DA-B3DE-32FCAD606231}) (Version: 26.0.784.0 - Hewlett-Packard Co.) HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.) Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Junos Pulse (Version: 4.0.47145 - Juniper Networks) Hidden Junos Pulse 4.0 (HKLM-x32\...\Junos Pulse 4.0) (Version: 4.0.47145 - Juniper Networks, Inc.) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Access 2010 (HKLM-x32\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell) Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc) NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{938A412F-78C1-4158-8590-038A1D670A57}) (Version: 3.0.07.47 - O2Micro International LTD.) O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.47 - O2Micro International LTD.) Hidden O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}) (Version: 2.1.4.210GS - O2Micro) O2Micro OZ776 SCR Driver (Version: 2.1.4.210GS - O2Micro) Hidden Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC) PC-CCID (Version: 2.0.0 - Gemalto) Hidden PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.) Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Secure Download Manager (HKLM-x32\...\{6CEF2BC6-8929-44EE-8360-175513E1A49A}) (Version: 3.0.5 - e-academy Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden Spotify (HKU\S-1-5-21-3028118035-3150881808-3893125504-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer) Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation) Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 22-12-2014 17:49:28 Windows Update 26-12-2014 21:25:35 Windows Update 03-01-2015 13:52:49 Windows Update 07-01-2015 11:42:30 Windows Update 11-01-2015 10:29:45 Windows Update 15-01-2015 00:50:10 Windows Update 15-01-2015 03:00:20 Windows Update 19-01-2015 14:14:16 Windows Update 19-01-2015 18:28:39 Removed Bonjour 19-01-2015 18:50:50 Checkpoint by HitmanPro 19-01-2015 18:51:21 Checkpoint by HitmanPro ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06C4089E-582A-4D89-9D23-426B1900305D} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18] (Hewlett-Packard Co.) Task: {0BD52C36-BAE4-4F70-9C65-84F3441BB724} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3028118035-3150881808-3893125504-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {23B808D9-C6B7-4FBB-80D3-86F6FB43BA10} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {3F7A3793-ED8B-4D2A-A8DA-136F0144813E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {4EC3BBD8-12FE-44E3-9793-CF3492A4E6EF} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {6F6820CA-0A09-4A4C-AE3A-B47511DC4D3E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000UA => C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.) Task: {7A350166-819A-4968-917E-23A21511397D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3028118035-3150881808-3893125504-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {7FE41B4C-B1C6-46C4-8A93-14E1B483AD03} - System32\Tasks\4800 => Wscript.exe C:\Users\DANNYB~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {94DAEE4C-2D1B-40CE-B553-8A6EB5E1F0DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000Core => C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.) Task: {A5BA6504-B6E8-428C-B335-C420F4EAD432} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2012-10-11] (Dell Inc.) Task: {B71856E2-5550-4BDC-A70A-1F41CA4AE91F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated) Task: {B93307CC-ECFE-406E-ABED-2FE1C659BC3C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11] (Google Inc.) Task: {E022B102-C5BA-46ED-97A0-EE0A71C3719F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {EF155124-929D-4E50-A57C-D76BAB664006} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11] (Google Inc.) Task: {F702CBB1-2A01-4FF2-AA78-114AC3F14DDD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000Core.job => C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3028118035-3150881808-3893125504-1000UA.job => C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-05-10 23:29 - 2003-04-18 19:06 - 00008192 _____ () c:\Windows\SysWOW64\srvany.exe 2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-12-05 14:01 - 2013-12-03 21:47 - 00702416 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll 2013-12-05 14:01 - 2013-12-03 21:47 - 00099792 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll 2013-12-05 14:01 - 2013-12-03 21:48 - 04055504 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll 2013-12-05 14:01 - 2013-12-03 21:48 - 00399312 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll 2013-12-05 14:01 - 2013-12-03 21:47 - 01619408 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll 2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2013-12-05 14:01 - 2013-12-03 21:48 - 13586896 _____ () C:\Users\Danny Burkhart\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Danny Burkhart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4620 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4620 series.lnk.Startup MSCONFIG\startupfolder: C:^Users^Danny Burkhart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Smart Settings.lnk => C:\Windows\pss\Smart Settings.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: DFEPApplication => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe MSCONFIG\startupreg: Facebook Update => "C:\Users\Danny Burkhart\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MSCONFIG\startupreg: Google Update => "C:\Users\Danny Burkhart\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" MSCONFIG\startupreg: Spotify => "C:\Users\Danny Burkhart\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Danny Burkhart\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe MSCONFIG\startupreg: TdmNotify => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot ========================= Accounts: ========================== Administrator (S-1-5-21-3028118035-3150881808-3893125504-500 - Administrator - Disabled) Danny Burkhart (S-1-5-21-3028118035-3150881808-3893125504-1000 - Administrator - Enabled) => C:\Users\Danny Burkhart Guest (S-1-5-21-3028118035-3150881808-3893125504-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3028118035-3150881808-3893125504-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/19/2015 09:46:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4633 Error: (01/19/2015 09:46:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4633 Error: (01/19/2015 09:46:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/19/2015 09:46:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3634 Error: (01/19/2015 09:46:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3634 Error: (01/19/2015 09:46:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/19/2015 09:46:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2542 Error: (01/19/2015 09:46:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2542 Error: (01/19/2015 09:46:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/19/2015 09:46:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1294 System errors: ============= Error: (01/19/2015 06:54:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/19/2015 06:53:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Intelewin filter service to connect. Error: (01/19/2015 06:53:21 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0. Error: (01/19/2015 06:53:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Microsoft Office Sessions: ========================= Error: (08/16/2014 02:29:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 381801 seconds with 2400 seconds of active time. This session ended with a crash. Error: (05/09/2014 11:03:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 69007 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/03/2014 02:17:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1605 seconds with 1260 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz Percentage of memory in use: 32% Total physical RAM: 8090.26 MB Available physical RAM: 5480.48 MB Total Pagefile: 16178.71 MB Available Pagefile: 13293.91 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:452.96 GB) (Free:353.88 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F1AF7B91) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=12.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top