Jump to content

jayclarkster

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by jayclarkster

  1. Over the last few weeks while browsing items on the net I have had many sites not formatting correctly (Particularly banking sites) and so have not been using them on this PC. Today I was having issues logging into Dropbox and so decided to go the the task manager and see if I could figure out the problem. I came across some interesting processes so decided to use CCleaner to check start up programs. I did not find anything there but when I went on to check the registry (also using CCleaner) I found a suspicious looking item. When I went to google to look up this item I found many site refering to the process as part of a Back Door Trojan. The items were: URLRedirection.URLRedirectionBHO URLRedirection.URLRedirectionBHO(1) I decided to start scanning for issues. I used my Anti-Virus (Webroot) and Malwarebytes (free version) and have not found anything with either I've read that this could be a backdoor infection? I am unsure what to do... I've read that ComboFix could help, but I've been reluctant to try it since I've also read that it can be dangerous when used by non-professionals. Any help anyone could give me would be most appreciated! I'm by no means computer illiterate, but when I start to read about hidden files and rootkits in drivers, I find myself a bit lost. Thanks in advance, Also here is some information to help get things started FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014 Ran by Jason (administrator) on HOME on 28-04-2014 20:50:53 Running from C:\Users\Jason\Downloads Windows 8.1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Webroot) C:\Program Files\Webroot\WRSA.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Webroot) C:\Program Files\Webroot\WRSA.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.) HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [766040 2014-04-19] (Webroot) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Agomo] => C:\Program Files (x86)\Agomo\Agomo.exe [2111256 2014-04-28] (Piriform) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [DellNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Run: [Fitbit Connect] => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20548256 2013-10-21] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\Users\Carley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.broadviewsoftware.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.broadviewsoftware.com%2fowa&reason=0 SearchScopes: HKLM - {F40D7961-40C2-440A-B1BA-EA5D4BA4613D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS SearchScopes: HKLM-x32 - {F40D7961-40C2-440A-B1BA-EA5D4BA4613D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS SearchScopes: HKCU - {04FCE88C-BD9D-4874-B7F0-916B3262C605} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCA&apn_uid=20C79B1A-D45F-4C84-819B-8306A4E7B202&apn_sauid=6F4E98A5-32C4-4826-948E-4ED390E8D9E4 BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot) BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot) BHO-x32: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot) Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot) Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: 127.0.0.1 mpa.one.microsoft.com Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\lcqfrels.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-12-02] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File CHR Extension: (Media Hint) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-12-05] CHR Extension: (Google Docs) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-06] CHR Extension: (Google Drive) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-06] CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-06] CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-06] CHR Extension: (Hola Better Internet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-12-05] CHR Extension: (Webroot Filtering Extension) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-02-05] CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Webroot Password Manager) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2013-06-28] CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-06] CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-01-30] CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2013-06-28] ==================== Services (Whitelisted) ================= S2 AgomoService; C:\Program Files (x86)\Agomo\AgomoClient.exe [13562136 2014-04-28] (Piriform) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-08-14] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [766040 2014-04-19] (Webroot) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) S4 DNE; C:\Windows\system32\DRIVERS\dne64x.sys [161368 2011-08-04] (Citrix Systems, Inc.) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-29] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation) S3 NxDrv; C:\Windows\system32\DRIVERS\NxDrv.sys [24264 2012-11-04] (SonicWALL Inc.) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-29] (Microsoft Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-04-19] (Webroot) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider) R3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X] S3 SWVNIC; \SystemRoot\system32\DRIVERS\swvnic.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-28 20:50 - 2014-04-28 20:51 - 00026129 _____ () C:\Users\Jason\Downloads\FRST.txt 2014-04-28 20:50 - 2014-04-28 20:50 - 00000000 ____D () C:\FRST 2014-04-28 20:48 - 2014-04-28 20:48 - 02061824 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe 2014-04-28 20:31 - 2014-04-28 20:31 - 04745984 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup413.exe 2014-04-28 20:29 - 2014-04-28 20:29 - 00000000 ____D () C:\Users\Public\Documents\CyberLink 2014-04-28 20:29 - 2014-04-28 20:29 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\CyberLink 2014-04-28 20:20 - 2014-04-28 20:20 - 17931952 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2014-04-28 20:10 - 2014-04-28 20:10 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Oracle 2014-04-28 20:07 - 2014-04-28 20:07 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-28 20:07 - 2014-04-28 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-28 20:07 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-04-28 20:07 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-04-28 20:07 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-04-28 20:07 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-04-21 19:31 - 2014-04-21 19:45 - 00000000 ____D () C:\Users\Jason\DesignerVista 2014-04-21 19:30 - 2014-04-28 20:25 - 00000000 ____D () C:\Program Files (x86)\DesignerVista 2014-04-21 19:23 - 2014-04-21 19:28 - 00000000 ____D () C:\Users\Jason\Desktop\BroadView Work Folder 2014-04-19 21:45 - 2014-04-19 21:45 - 00000000 ____D () C:\Users\Jason\AppData\Local\Blizzard Entertainment 2014-04-19 21:44 - 2014-04-24 22:41 - 00000000 ____D () C:\Users\Jason\AppData\Local\Battle.net 2014-04-19 21:44 - 2014-04-19 21:45 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Battle.net 2014-04-19 21:44 - 2014-04-19 21:44 - 00001160 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-04-19 21:44 - 2014-04-19 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-04-19 21:44 - 2014-04-19 21:44 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-04-19 21:40 - 2014-04-19 21:41 - 07583696 _____ (Blizzard Entertainment) C:\Users\Jason\Downloads\Diablo-III-Setup-enUS.exe 2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-19 19:39 - 2014-04-19 19:43 - 00004876 _____ () C:\Users\Jason\Desktop\save.log 2014-04-19 19:15 - 2014-04-19 19:15 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-04-19 19:15 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-04-19 19:15 - 2014-03-30 19:57 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-04-19 19:15 - 2014-03-10 06:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2014-04-19 19:15 - 2014-03-10 06:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2014-04-19 19:15 - 2014-03-06 05:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2014-04-19 19:15 - 2014-03-06 05:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-04-19 19:15 - 2014-03-06 02:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-04-19 19:15 - 2014-03-06 02:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2014-04-19 19:14 - 2014-04-19 19:14 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-04-05 00:09 - 2014-04-05 00:09 - 04787368 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup412.exe ==================== One Month Modified Files and Folders ======= 2014-04-28 20:51 - 2014-04-28 20:50 - 00026129 _____ () C:\Users\Jason\Downloads\FRST.txt 2014-04-28 20:50 - 2014-04-28 20:50 - 00000000 ____D () C:\FRST 2014-04-28 20:50 - 2013-06-28 18:20 - 00000000 ____D () C:\ProgramData\WRData 2014-04-28 20:48 - 2014-04-28 20:48 - 02061824 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe 2014-04-28 20:32 - 2013-08-13 19:09 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-04-28 20:32 - 2013-08-13 19:09 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-28 20:31 - 2014-04-28 20:31 - 04745984 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup413.exe 2014-04-28 20:29 - 2014-04-28 20:29 - 00000000 ____D () C:\Users\Public\Documents\CyberLink 2014-04-28 20:29 - 2014-04-28 20:29 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\CyberLink 2014-04-28 20:29 - 2013-06-06 22:42 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-818747085-208782630-2158677018-1002 2014-04-28 20:27 - 2013-03-25 09:59 - 00000000 ____D () C:\ProgramData\CyberLink 2014-04-28 20:26 - 2013-05-25 16:23 - 00000000 ____D () C:\Program Files (x86)\Google 2014-04-28 20:25 - 2014-04-21 19:30 - 00000000 ____D () C:\Program Files (x86)\DesignerVista 2014-04-28 20:20 - 2014-04-28 20:20 - 17931952 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2014-04-28 20:20 - 2014-01-17 23:32 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-04-28 20:20 - 2014-01-17 23:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-04-28 20:18 - 2013-05-25 16:23 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-28 20:10 - 2014-04-28 20:10 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Oracle 2014-04-28 20:08 - 2013-10-10 20:25 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-28 20:07 - 2014-04-28 20:07 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-28 20:07 - 2014-04-28 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-28 20:07 - 2013-10-10 20:24 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-28 20:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-04-28 19:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\security 2014-04-28 19:53 - 2013-05-25 16:23 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-28 19:52 - 2013-12-06 10:39 - 00000000 ____D () C:\Program Files (x86)\Agomo 2014-04-28 19:52 - 2013-05-25 16:23 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-24 22:41 - 2014-04-19 21:44 - 00000000 ____D () C:\Users\Jason\AppData\Local\Battle.net 2014-04-21 21:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-04-21 20:55 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-04-21 19:45 - 2014-04-21 19:31 - 00000000 ____D () C:\Users\Jason\DesignerVista 2014-04-21 19:45 - 2013-12-29 19:58 - 00000000 ____D () C:\Users\Jason 2014-04-21 19:40 - 2013-08-13 20:54 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat 2014-04-21 19:39 - 2013-12-29 20:09 - 00000761 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk 2014-04-21 19:39 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-21 19:28 - 2014-04-21 19:23 - 00000000 ____D () C:\Users\Jason\Desktop\BroadView Work Folder 2014-04-21 19:27 - 2013-11-14 03:28 - 00820548 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-20 04:35 - 2013-12-29 19:58 - 00000000 ____D () C:\Users\Carley 2014-04-20 04:33 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-04-19 21:45 - 2014-04-19 21:45 - 00000000 ____D () C:\Users\Jason\AppData\Local\Blizzard Entertainment 2014-04-19 21:45 - 2014-04-19 21:44 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Battle.net 2014-04-19 21:44 - 2014-04-19 21:44 - 00001160 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-04-19 21:44 - 2014-04-19 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-04-19 21:44 - 2014-04-19 21:44 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-04-19 21:41 - 2014-04-19 21:40 - 07583696 _____ (Blizzard Entertainment) C:\Users\Jason\Downloads\Diablo-III-Setup-enUS.exe 2014-04-19 21:04 - 2013-06-29 12:49 - 00000000 ____D () C:\Program Files (x86)\Diablo III 2014-04-19 20:35 - 2013-11-14 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-04-19 20:34 - 2013-06-06 22:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-19 19:52 - 2014-01-16 00:03 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\QuickScan 2014-04-19 19:43 - 2014-04-19 19:39 - 00004876 _____ () C:\Users\Jason\Desktop\save.log 2014-04-19 19:23 - 2013-06-28 18:20 - 00154248 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll 2014-04-19 19:23 - 2013-06-28 18:20 - 00115680 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys 2014-04-19 19:23 - 2013-06-28 18:20 - 00105320 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll 2014-04-19 19:17 - 2013-06-06 21:52 - 00000000 ___RD () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-19 19:17 - 2013-06-06 21:52 - 00000000 ___RD () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-19 19:15 - 2014-04-19 19:15 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-04-19 19:14 - 2014-04-19 19:14 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-04-19 19:13 - 2013-05-25 16:23 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-19 19:13 - 2013-05-25 16:23 - 00003644 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-19 19:04 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-04-14 20:13 - 2014-04-28 20:07 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 20:05 - 2014-04-28 20:07 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-04-14 20:05 - 2014-04-28 20:07 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-04-14 20:04 - 2014-04-28 20:07 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-04-05 00:09 - 2014-04-05 00:09 - 04787368 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup412.exe 2014-04-05 00:03 - 2013-12-07 12:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-05 00:03 - 2013-12-07 12:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-04 20:38 - 2013-12-07 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-03-31 17:23 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-03-31 17:23 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-30 21:16 - 2014-04-19 19:15 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-03-30 19:57 - 2014-04-19 19:15 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll Files to move or delete: ==================== C:\Users\Carley\CTX.DAT ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-12 00:34 ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014 Ran by Jason at 2014-04-28 20:51:40 Running from C:\Users\Jason\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated) Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Agomo (HKLM-x32\...\Agomo) (Version: 1.0.0.5302 - Piriform) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 5.0 - Bastien Mensink - A Must in Every Office BV) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software) CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP) Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation) Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation) Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel) Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 6.10 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.10.104 - Skype Technologies S.A.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WD Quick View (HKLM-x32\...\{455EC32F-4157-438D-9E3A-40E93B09FC3C}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{01b19ee2-f793-4fda-8aab-60fa495c4869}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.) Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.70 - Webroot) Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 05-04-2014 00:38:45 Windows Modules Installer 18-04-2014 15:18:45 Windows Update 21-04-2014 23:29:44 Installed DesignerVista 29-04-2014 00:06:48 Installed Java 7 Update 55 ==================== Hosts content: ========================== 2012-07-26 01:26 - 2013-11-14 10:16 - 00000857 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 mpa.one.microsoft.com ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {33C91E20-82F7-48CE-BA1C-91E948B6974C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.) Task: {34A47C74-6E77-44D1-AF08-8C3D6D30CA10} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {40FCE3AA-36BD-423B-B6AD-420B1C692E1F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-04-19] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {5114689A-8C50-4887-B1DA-25B195C5969C} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-21] (Synaptics Incorporated) Task: {52351A25-7DFA-4F3F-9158-68BBBB1A7EB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-04-19] (Microsoft Corporation) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {73C921C1-D44F-4593-BE1B-A3AD6CFCCFE7} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.) Task: {753AE097-3E31-489B-9FA8-43863A9F99A1} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {830EE15C-824E-419E-A013-C46DED12DCAC} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMMJJMNJKJNJPMJJJJCNHMIMHMLMCNLMIMHMOJCNNJMJJJMMCNMMIMLMNMLJJMIMPMNJLMIMLMJNJICMIMCNGMCNOMFMGMCNOMPMCNGMNMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMPMFMFMOMMMJNHICMEKMICNJJCKJNBJCMFLOJMIAJBJPNMLDJOJNIEJJNKJCMJNNICMJNDJCMKJBJ" Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A0929775-F303-4633-AB3F-D45404DFE6D1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-19] (Microsoft Corporation) Task: {A1EDD439-C521-44FB-A2A2-97E0EC86FDB9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated) Task: {A8F65224-685E-49DF-8E72-19F7C9CA6AF7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {AEDFDF6D-6944-4A0F-A038-F47B4EA07EFA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation) Task: {B91370F7-8614-4605-8A14-E88A394911D3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd) Task: {C9912E22-5B72-4CFE-A972-4C85419BB900} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {ED54EC6F-A39A-45C0-B784-3B2C5586127F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-19 20:32 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-06-06 22:47 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2013-03-25 10:02 - 2012-04-24 22:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2014-03-19 20:34 - 2014-04-19 20:10 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-03-12 02:52 - 2014-03-12 02:52 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\16d775b1ea12cb97ca0cc77cde8e9fd8\PSIClient.ni.dll 2013-03-25 09:52 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2014-04-19 19:58 - 2014-04-19 19:58 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Syst06DF097A:$WIMMOUNTDATA AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade AlternateDataStreams: C:\Users\Jason\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D Description: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbehci Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (04/28/2014 08:23:18 PM) (Source: Application Hang) (User: ) Description: The program firefox.exe version 28.0.0.5186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1264 Start Time: 01cf633fa728c17a Termination Time: 62 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 72901b54-cf34-11e3-beb3-606c66166da8 Faulting package full name: Faulting package-relative application ID: Error: (04/28/2014 07:52:48 PM) (Source: Perflib) (User: ) Description: rdyboost4 Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8375 Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8375 Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/24/2014 09:03:55 PM) (Source: Perflib) (User: ) Description: rdyboost4 Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7484 Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7484 Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/22/2014 09:44:01 PM) (Source: Perflib) (User: ) Description: rdyboost4 System errors: ============= Error: (04/28/2014 08:19:11 PM) (Source: Service Control Manager) (User: ) Description: The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (04/28/2014 08:17:36 PM) (Source: Service Control Manager) (User: ) Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (04/28/2014 08:13:13 PM) (Source: Service Control Manager) (User: ) Description: The Agomo service terminated unexpectedly. It has done this 2 time(s). Error: (04/28/2014 07:55:16 PM) (Source: DCOM) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (04/28/2014 07:51:16 PM) (Source: Service Control Manager) (User: ) Description: The Agomo service terminated unexpectedly. It has done this 1 time(s). Error: (04/24/2014 09:06:59 PM) (Source: DCOM) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (04/22/2014 09:47:02 PM) (Source: DCOM) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (04/22/2014 09:43:48 PM) (Source: BTHUSB) (User: ) Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (04/21/2014 07:42:03 PM) (Source: Service Control Manager) (User: ) Description: The Dell Digital Delivery Service service failed to start due to the following error: %%1053 Error: (04/21/2014 07:42:03 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect. Microsoft Office Sessions: ========================= Error: (04/28/2014 08:23:18 PM) (Source: Application Hang)(User: ) Description: firefox.exe28.0.0.5186126401cf633fa728c17a62C:\Program Files (x86)\Mozilla Firefox\firefox.exe72901b54-cf34-11e3-beb3-606c66166da8 Error: (04/28/2014 07:52:48 PM) (Source: Perflib)(User: ) Description: rdyboost4 Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8375 Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8375 Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/24/2014 09:03:55 PM) (Source: Perflib)(User: ) Description: rdyboost4 Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7484 Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7484 Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/22/2014 09:44:01 PM) (Source: Perflib)(User: ) Description: rdyboost4 ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 8061.27 MB Available physical RAM: 6072.64 MB Total Pagefile: 16253.27 MB Available Pagefile: 14232.25 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:916.19 GB) (Free:534.99 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: FAAC2938) Partition: GPT Partition Type. ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.