Jump to content

jayclarkster

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by jayclarkster

    Possibly infected

    in Resolved Malware Removal Logs

    Posted

    Over the last few weeks while browsing items on the net I have had many sites not formatting correctly (Particularly banking sites) and so have not been using them on this PC. Today I was having issues logging into Dropbox and so decided to go the the task manager and see if I could figure out the problem. I came across some interesting processes so decided to use CCleaner to check start up programs. I did not find anything there but when I went on to check the registry (also using CCleaner) I found a suspicious looking item. When I went to google to look up this item I found many site refering to the process as part of a Back Door Trojan. The items were:

    URLRedirection.URLRedirectionBHO

    URLRedirection.URLRedirectionBHO(1)

     

    I decided to start scanning for issues.
    I used my Anti-Virus (Webroot) and Malwarebytes (free version) and have not found anything with either

    I've read that this could be a backdoor infection? I am unsure what to do... I've read that ComboFix could help, but I've been reluctant to try it since I've also read that it can be dangerous when used by non-professionals. Any help anyone could give me would be most appreciated!

    I'm by no means computer illiterate, but when I start to read about hidden files and rootkits in drivers, I find myself a bit lost.

     

    Thanks in advance,

     

    Also here is some information to help get things started

     

    FRST

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
    Ran by Jason (administrator) on HOME on 28-04-2014 20:50:53
    Running from C:\Users\Jason\Downloads
    Windows 8.1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Webroot) C:\Program Files\Webroot\WRSA.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
    (Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Webroot) C:\Program Files\Webroot\WRSA.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
    HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions, Inc.)
    HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
    HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [766040 2014-04-19] (Webroot)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [Agomo] => C:\Program Files (x86)\Agomo\Agomo.exe [2111256 2014-04-28] (Piriform)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [DellNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFind] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKLM\...\Policies\Explorer: [NoDesktop] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Run: [Fitbit Connect] => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-818747085-208782630-2158677018-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20548256 2013-10-21] (Skype Technologies S.A.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
    ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
    ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\Users\Carley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.broadviewsoftware.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.broadviewsoftware.com%2fowa&reason=0
    SearchScopes: HKLM - {F40D7961-40C2-440A-B1BA-EA5D4BA4613D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
    SearchScopes: HKLM-x32 - {F40D7961-40C2-440A-B1BA-EA5D4BA4613D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
    SearchScopes: HKCU - {04FCE88C-BD9D-4874-B7F0-916B3262C605} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCA&apn_uid=20C79B1A-D45F-4C84-819B-8306A4E7B202&apn_sauid=6F4E98A5-32C4-4826-948E-4ED390E8D9E4
    BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
    BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
    BHO-x32: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
    Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
    Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: 127.0.0.1 mpa.one.microsoft.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\lcqfrels.default
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
    FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-12-02]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
    CHR Extension: (Media Hint) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-12-05]
    CHR Extension: (Google Docs) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-06]
    CHR Extension: (Google Drive) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-06]
    CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-06]
    CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-06]
    CHR Extension: (Hola Better Internet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-12-05]
    CHR Extension: (Webroot Filtering Extension) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-02-05]
    CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Webroot Password Manager) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2013-06-28]
    CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-06]
    CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-01-30]
    CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2013-06-28]

    ==================== Services (Whitelisted) =================

    S2 AgomoService; C:\Program Files (x86)\Agomo\AgomoClient.exe [13562136 2014-04-28] (Piriform)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-08-14] (Western Digital Technologies, Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
    R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [766040 2014-04-19] (Webroot)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
    S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
    S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
    S4 DNE; C:\Windows\system32\DRIVERS\dne64x.sys [161368 2011-08-04] (Citrix Systems, Inc.)
    S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
    S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
    S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
    R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-29] (Microsoft Corporation)
    S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
    R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
    S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
    R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
    S3 NxDrv; C:\Windows\system32\DRIVERS\NxDrv.sys [24264 2012-11-04] (SonicWALL Inc.)
    S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
    S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-29] (Microsoft Corporation)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
    S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
    S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
    R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
    R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-04-19] (Webroot)
    R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
    R3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
    S3 SWVNIC; \SystemRoot\system32\DRIVERS\swvnic.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-04-28 20:50 - 2014-04-28 20:51 - 00026129 _____ () C:\Users\Jason\Downloads\FRST.txt
    2014-04-28 20:50 - 2014-04-28 20:50 - 00000000 ____D () C:\FRST
    2014-04-28 20:48 - 2014-04-28 20:48 - 02061824 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
    2014-04-28 20:31 - 2014-04-28 20:31 - 04745984 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup413.exe
    2014-04-28 20:29 - 2014-04-28 20:29 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
    2014-04-28 20:29 - 2014-04-28 20:29 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\CyberLink
    2014-04-28 20:20 - 2014-04-28 20:20 - 17931952 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2014-04-28 20:10 - 2014-04-28 20:10 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Oracle
    2014-04-28 20:07 - 2014-04-28 20:07 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
    2014-04-28 20:07 - 2014-04-28 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-04-28 20:07 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2014-04-28 20:07 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
    2014-04-28 20:07 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
    2014-04-28 20:07 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
    2014-04-21 19:31 - 2014-04-21 19:45 - 00000000 ____D () C:\Users\Jason\DesignerVista
    2014-04-21 19:30 - 2014-04-28 20:25 - 00000000 ____D () C:\Program Files (x86)\DesignerVista
    2014-04-21 19:23 - 2014-04-21 19:28 - 00000000 ____D () C:\Users\Jason\Desktop\BroadView Work Folder
    2014-04-19 21:45 - 2014-04-19 21:45 - 00000000 ____D () C:\Users\Jason\AppData\Local\Blizzard Entertainment
    2014-04-19 21:44 - 2014-04-24 22:41 - 00000000 ____D () C:\Users\Jason\AppData\Local\Battle.net
    2014-04-19 21:44 - 2014-04-19 21:45 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Battle.net
    2014-04-19 21:44 - 2014-04-19 21:44 - 00001160 _____ () C:\Users\Public\Desktop\Battle.net.lnk
    2014-04-19 21:44 - 2014-04-19 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
    2014-04-19 21:44 - 2014-04-19 21:44 - 00000000 ____D () C:\Program Files (x86)\Battle.net
    2014-04-19 21:40 - 2014-04-19 21:41 - 07583696 _____ (Blizzard Entertainment) C:\Users\Jason\Downloads\Diablo-III-Setup-enUS.exe
    2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-04-19 19:39 - 2014-04-19 19:43 - 00004876 _____ () C:\Users\Jason\Desktop\save.log
    2014-04-19 19:15 - 2014-04-19 19:15 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2014-04-19 19:15 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-04-19 19:15 - 2014-03-30 19:57 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-04-19 19:15 - 2014-03-10 06:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2014-04-19 19:15 - 2014-03-10 06:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2014-04-19 19:15 - 2014-03-06 05:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2014-04-19 19:15 - 2014-03-06 05:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2014-04-19 19:15 - 2014-03-06 02:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2014-04-19 19:15 - 2014-03-06 02:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2014-04-19 19:14 - 2014-04-19 19:14 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2014-04-05 00:09 - 2014-04-05 00:09 - 04787368 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup412.exe

    ==================== One Month Modified Files and Folders =======

    2014-04-28 20:51 - 2014-04-28 20:50 - 00026129 _____ () C:\Users\Jason\Downloads\FRST.txt
    2014-04-28 20:50 - 2014-04-28 20:50 - 00000000 ____D () C:\FRST
    2014-04-28 20:50 - 2013-06-28 18:20 - 00000000 ____D () C:\ProgramData\WRData
    2014-04-28 20:48 - 2014-04-28 20:48 - 02061824 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
    2014-04-28 20:32 - 2013-08-13 19:09 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-04-28 20:32 - 2013-08-13 19:09 - 00000000 ____D () C:\Program Files\CCleaner
    2014-04-28 20:31 - 2014-04-28 20:31 - 04745984 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup413.exe
    2014-04-28 20:29 - 2014-04-28 20:29 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
    2014-04-28 20:29 - 2014-04-28 20:29 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\CyberLink
    2014-04-28 20:29 - 2013-06-06 22:42 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-818747085-208782630-2158677018-1002
    2014-04-28 20:27 - 2013-03-25 09:59 - 00000000 ____D () C:\ProgramData\CyberLink
    2014-04-28 20:26 - 2013-05-25 16:23 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-04-28 20:25 - 2014-04-21 19:30 - 00000000 ____D () C:\Program Files (x86)\DesignerVista
    2014-04-28 20:20 - 2014-04-28 20:20 - 17931952 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2014-04-28 20:20 - 2014-01-17 23:32 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2014-04-28 20:20 - 2014-01-17 23:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-04-28 20:18 - 2013-05-25 16:23 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-28 20:10 - 2014-04-28 20:10 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Oracle
    2014-04-28 20:08 - 2013-10-10 20:25 - 00000000 ____D () C:\ProgramData\Oracle
    2014-04-28 20:07 - 2014-04-28 20:07 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
    2014-04-28 20:07 - 2014-04-28 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-04-28 20:07 - 2013-10-10 20:24 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-04-28 20:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-04-28 19:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\security
    2014-04-28 19:53 - 2013-05-25 16:23 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-04-28 19:52 - 2013-12-06 10:39 - 00000000 ____D () C:\Program Files (x86)\Agomo
    2014-04-28 19:52 - 2013-05-25 16:23 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-24 22:41 - 2014-04-19 21:44 - 00000000 ____D () C:\Users\Jason\AppData\Local\Battle.net
    2014-04-21 21:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-04-21 20:55 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-04-21 19:45 - 2014-04-21 19:31 - 00000000 ____D () C:\Users\Jason\DesignerVista
    2014-04-21 19:45 - 2013-12-29 19:58 - 00000000 ____D () C:\Users\Jason
    2014-04-21 19:40 - 2013-08-13 20:54 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat
    2014-04-21 19:39 - 2013-12-29 20:09 - 00000761 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
    2014-04-21 19:39 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-04-21 19:28 - 2014-04-21 19:23 - 00000000 ____D () C:\Users\Jason\Desktop\BroadView Work Folder
    2014-04-21 19:27 - 2013-11-14 03:28 - 00820548 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-04-20 04:35 - 2013-12-29 19:58 - 00000000 ____D () C:\Users\Carley
    2014-04-20 04:33 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-04-19 21:45 - 2014-04-19 21:45 - 00000000 ____D () C:\Users\Jason\AppData\Local\Blizzard Entertainment
    2014-04-19 21:45 - 2014-04-19 21:44 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Battle.net
    2014-04-19 21:44 - 2014-04-19 21:44 - 00001160 _____ () C:\Users\Public\Desktop\Battle.net.lnk
    2014-04-19 21:44 - 2014-04-19 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
    2014-04-19 21:44 - 2014-04-19 21:44 - 00000000 ____D () C:\Program Files (x86)\Battle.net
    2014-04-19 21:41 - 2014-04-19 21:40 - 07583696 _____ (Blizzard Entertainment) C:\Users\Jason\Downloads\Diablo-III-Setup-enUS.exe
    2014-04-19 21:04 - 2013-06-29 12:49 - 00000000 ____D () C:\Program Files (x86)\Diablo III
    2014-04-19 20:35 - 2013-11-14 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2014-04-19 20:34 - 2013-06-06 22:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-04-19 19:52 - 2014-01-16 00:03 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\QuickScan
    2014-04-19 19:43 - 2014-04-19 19:39 - 00004876 _____ () C:\Users\Jason\Desktop\save.log
    2014-04-19 19:23 - 2013-06-28 18:20 - 00154248 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
    2014-04-19 19:23 - 2013-06-28 18:20 - 00115680 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
    2014-04-19 19:23 - 2013-06-28 18:20 - 00105320 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
    2014-04-19 19:17 - 2013-06-06 21:52 - 00000000 ___RD () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-04-19 19:17 - 2013-06-06 21:52 - 00000000 ___RD () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-04-19 19:15 - 2014-04-19 19:15 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2014-04-19 19:14 - 2014-04-19 19:14 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2014-04-19 19:13 - 2013-05-25 16:23 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-04-19 19:13 - 2013-05-25 16:23 - 00003644 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-04-19 19:04 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-04-14 20:13 - 2014-04-28 20:07 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2014-04-14 20:05 - 2014-04-28 20:07 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
    2014-04-14 20:05 - 2014-04-28 20:07 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
    2014-04-14 20:04 - 2014-04-28 20:07 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
    2014-04-05 00:09 - 2014-04-05 00:09 - 04787368 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup412.exe
    2014-04-05 00:03 - 2013-12-07 12:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-04-05 00:03 - 2013-12-07 12:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-04-04 20:38 - 2013-12-07 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-03-31 17:23 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-03-31 17:23 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-03-30 21:16 - 2014-04-19 19:15 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-03-30 19:57 - 2014-04-19 19:15 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

    Files to move or delete:
    ====================
    C:\Users\Carley\CTX.DAT


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-03-12 00:34

    ==================== End Of Log ============================

     

     

     

     

     

     

    Addition:

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014
    Ran by Jason at 2014-04-28 20:51:40
    Running from C:\Users\Jason\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
    Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Agomo (HKLM-x32\...\Agomo) (Version: 1.0.0.5302 - Piriform)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 5.0 - Bastien Mensink - A Must in Every Office BV)
    Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
    CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
    CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
    Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
    Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
    DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
    Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
    Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
    Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
    Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
    Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
    iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skype™ 6.10 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.10.104 - Skype Technologies S.A.)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    WD Quick View (HKLM-x32\...\{455EC32F-4157-438D-9E3A-40E93B09FC3C}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM-x32\...\{01b19ee2-f793-4fda-8aab-60fa495c4869}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.)
    Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.70 - Webroot)
    Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

    ==================== Restore Points  =========================

    05-04-2014 00:38:45 Windows Modules Installer
    18-04-2014 15:18:45 Windows Update
    21-04-2014 23:29:44 Installed DesignerVista
    29-04-2014 00:06:48 Installed Java 7 Update 55

    ==================== Hosts content: ==========================

    2012-07-26 01:26 - 2013-11-14 10:16 - 00000857 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 mpa.one.microsoft.com

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {33C91E20-82F7-48CE-BA1C-91E948B6974C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
    Task: {34A47C74-6E77-44D1-AF08-8C3D6D30CA10} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
    Task: {40FCE3AA-36BD-423B-B6AD-420B1C692E1F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-04-19] (Microsoft Corporation)
    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {5114689A-8C50-4887-B1DA-25B195C5969C} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-21] (Synaptics Incorporated)
    Task: {52351A25-7DFA-4F3F-9158-68BBBB1A7EB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-04-19] (Microsoft Corporation)
    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {73C921C1-D44F-4593-BE1B-A3AD6CFCCFE7} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
    Task: {753AE097-3E31-489B-9FA8-43863A9F99A1} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {830EE15C-824E-419E-A013-C46DED12DCAC} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMMJJMNJKJNJPMJJJJCNHMIMHMLMCNLMIMHMOJCNNJMJJJMMCNMMIMLMNMLJJMIMPMNJLMIMLMJNJICMIMCNGMCNOMFMGMCNOMPMCNGMNMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMPMFMFMOMMMJNHICMEKMICNJJCKJNBJCMFLOJMIAJBJPNMLDJOJNIEJJNKJCMJNNICMJNDJCMKJBJ"
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {A0929775-F303-4633-AB3F-D45404DFE6D1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-19] (Microsoft Corporation)
    Task: {A1EDD439-C521-44FB-A2A2-97E0EC86FDB9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
    Task: {A8F65224-685E-49DF-8E72-19F7C9CA6AF7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {AEDFDF6D-6944-4A0F-A038-F47B4EA07EFA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
    Task: {B91370F7-8614-4605-8A14-E88A394911D3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
    Task: {C9912E22-5B72-4CFE-A972-4C85419BB900} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
    Task: {ED54EC6F-A39A-45C0-B784-3B2C5586127F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-04-19 20:32 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-06-06 22:47 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
    2013-03-25 10:02 - 2012-04-24 22:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2014-03-19 20:34 - 2014-04-19 20:10 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-03-12 02:52 - 2014-03-12 02:52 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\16d775b1ea12cb97ca0cc77cde8e9fd8\PSIClient.ni.dll
    2013-03-25 09:52 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
    2014-04-19 19:58 - 2014-04-19 19:58 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\Syst06DF097A:$WIMMOUNTDATA
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
    AlternateDataStreams: C:\Users\Jason\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============

    Name: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
    Description: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
    Manufacturer: Intel
    Service: usbehci
    Problem: : Windows has stopped this device because it has reported problems. (Code 43)
    Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/28/2014 08:23:18 PM) (Source: Application Hang) (User: )
    Description: The program firefox.exe version 28.0.0.5186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1264

    Start Time: 01cf633fa728c17a

    Termination Time: 62

    Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Report Id: 72901b54-cf34-11e3-beb3-606c66166da8

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/28/2014 07:52:48 PM) (Source: Perflib) (User: )
    Description: rdyboost4

    Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8375

    Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8375

    Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/24/2014 09:03:55 PM) (Source: Perflib) (User: )
    Description: rdyboost4

    Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7484

    Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7484

    Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/22/2014 09:44:01 PM) (Source: Perflib) (User: )
    Description: rdyboost4


    System errors:
    =============
    Error: (04/28/2014 08:19:11 PM) (Source: Service Control Manager) (User: )
    Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (04/28/2014 08:17:36 PM) (Source: Service Control Manager) (User: )
    Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (04/28/2014 08:13:13 PM) (Source: Service Control Manager) (User: )
    Description: The Agomo service terminated unexpectedly.  It has done this 2 time(s).

    Error: (04/28/2014 07:55:16 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (04/28/2014 07:51:16 PM) (Source: Service Control Manager) (User: )
    Description: The Agomo service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/24/2014 09:06:59 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (04/22/2014 09:47:02 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (04/22/2014 09:43:48 PM) (Source: BTHUSB) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (04/21/2014 07:42:03 PM) (Source: Service Control Manager) (User: )
    Description: The Dell Digital Delivery Service service failed to start due to the following error:
    %%1053

    Error: (04/21/2014 07:42:03 PM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.


    Microsoft Office Sessions:
    =========================
    Error: (04/28/2014 08:23:18 PM) (Source: Application Hang)(User: )
    Description: firefox.exe28.0.0.5186126401cf633fa728c17a62C:\Program Files (x86)\Mozilla Firefox\firefox.exe72901b54-cf34-11e3-beb3-606c66166da8

    Error: (04/28/2014 07:52:48 PM) (Source: Perflib)(User: )
    Description: rdyboost4

    Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8375

    Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8375

    Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/24/2014 09:03:55 PM) (Source: Perflib)(User: )
    Description: rdyboost4

    Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7484

    Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7484

    Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/22/2014 09:44:01 PM) (Source: Perflib)(User: )
    Description: rdyboost4


    ==================== Memory info ===========================

    Percentage of memory in use: 24%
    Total physical RAM: 8061.27 MB
    Available physical RAM: 6072.64 MB
    Total Pagefile: 16253.27 MB
    Available Pagefile: 14232.25 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.81 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:916.19 GB) (Free:534.99 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 932 GB) (Disk ID: FAAC2938)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.