Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DCOM/PNP/Power Srvc - service terminated unexpectedly - forced reboot


  • This topic is locked This topic is locked
13 replies to this topic

#1 mcsiscm

mcsiscm

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 12 February 2014 - 05:07 PM

I would be grateful for your assistance.
As of this morning PC will not stay running in normal (non-safe) mode.
Boot machine and within 30-60 seconds it shows error such as  power service terminated unexpectedly or one of the above services terminated unexpectedly
 
It WILL run in safe mode w/ networking
 
It looks similar to ....
 
Note - I have been having occasional BSODs in the past month pointing to ATAPORT.SYS
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518
Run by Steve at 15:34:02 on 2014-02-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12279.10040 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\vds.exe
C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe
C:\Windows\System32\vdsldr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Android-Sync\AndroidSync.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Android-Sync\bin\adb.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Program Files\Alienware\Command Center\ThermalController.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
TB: DataVault Bar: {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie.dll
TB: DataVault Bar: {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [Plextool] C:\Program Files (x86)\Plextool\Plextool.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [SiHBAWakeupUtility] <no file>
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BUFFAL~1.LNK - C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NASSCH~1.LNK - C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CLOUDM~1.LNK - C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NOVABA~1.LNK - C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Save to DataVault - C:\Program Files (x86)\DataVault/iemenuext.htm
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
Trusted Zone: novastor.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://apmoller.webex.com/client/WBXclient-T29L10NSP3-17099/webex/ieatgpc1.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9BCB4A70-D37E-4CCA-B169-85416620874D} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: DataVault Bar: {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\5unu98a6.default\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DataVault\npapi.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-11-14 56336]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\symds64.sys [2014-1-24 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\symefa64.sys [2014-1-24 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-21 1526488]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccsetx64.sys [2014-1-24 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20140211.001\IDSviA64.sys [2014-2-12 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\ironx64.sys [2014-1-24 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2014-1-24 590936]
R2 Disaster Recovery Imaging;Disaster Recovery Imaging;C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe [2013-11-11 6256936]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-30 250712]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\n360.exe [2014-1-24 264360]
R2 NasPmService;NAS PM Service;C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=297 -dto=3 -dluc=0 -dmin=1 -dmax=2 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=292 -pmin=1 -pmax=2 -pflc=0 --> C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=297 -dto=3 -dluc=0 -dmin=1 -dmax=2 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=292 -pmin=1 -pmax=2 -pflc=0 [?]
R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [2013-11-11 613008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-10 15122208]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-8-13 1907896]
R2 SiHbaWakeupService;SiI31xx HBA Wakeup Utility;C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe [2009-7-27 62464]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-10-29 39200]
S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-6-18 14704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S3 Backup Client Agent Service;Backup Client Agent Service;C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [2013-11-11 403240]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-11-13 103448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-10 19456]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\Windows\System32\drivers\rcblan.sys [2014-2-4 46616]
S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2013-8-18 26856]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-11-13 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-10 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-10 1255736]
.
=============== Created Last 30 ================
.
2014-02-12 18:30:31 -------- d-----w- C:\9aa9ee789e5ff7f8851ac3
2014-02-12 17:44:13 -------- d-sh--w- C:\found.002
2014-02-12 08:48:17 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 08:48:17 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 07:20:05 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-12 07:20:04 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-12 07:20:04 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-12 07:20:04 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-10 21:25:44 -------- d-----w- C:\Users\Steve\AppData\Local\CrashDumps
2014-02-05 05:06:40 8576 ----a-w- C:\Windows\System32\drivers\VCdRom.sys
2014-02-04 23:06:56 -------- d-----w- C:\Users\Steve\Logitech
2014-02-04 23:05:41 -------- d-----w- C:\Program Files (x86)\Common Files\Remote Control Software Common
2014-02-04 23:05:28 46616 ----a-w- C:\Windows\System32\drivers\rcblan.sys
2014-02-04 23:05:28 -------- d-----w- C:\Program Files (x86)\Common Files\Remote Control USB Driver
2014-02-03 16:40:35 -------- d-----w- C:\Users\Steve\AppData\Roaming\webex
2014-02-03 15:30:52 -------- d-----w- C:\ProgramData\WebEx
2014-01-24 19:24:18 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-01-24 19:21:13 858200 ----a-w- C:\Windows\System32\drivers\N360x64\1501000.012\srtsp64.sys
2014-01-24 19:21:13 590936 ----a-w- C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys
2014-01-24 19:21:13 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\symds64.sys
2014-01-24 19:21:13 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtspx64.sys
2014-01-24 19:21:13 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\ironx64.sys
2014-01-24 19:21:13 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\symelam.sys
2014-01-24 19:21:13 162392 ----a-w- C:\Windows\System32\drivers\N360x64\1501000.012\ccsetx64.sys
2014-01-24 19:21:13 1147480 ----a-w- C:\Windows\System32\drivers\N360x64\1501000.012\symefa64.sys
2014-01-24 19:21:10 -------- d-----w- C:\Windows\System32\drivers\N360x64\1501000.012
2014-01-24 19:13:54 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-01-24 19:13:54 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2014-01-24 19:13:33 -------- d-----w- C:\Windows\System32\drivers\N360x64
2014-01-24 19:13:32 -------- d-----w- C:\Program Files (x86)\Norton 360
2014-01-24 19:13:30 -------- d-----w- C:\ProgramData\Norton
2014-01-24 19:04:47 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2014-01-24 19:01:00 -------- d-----w- C:\ProgramData\NortonInstaller
2014-01-15 09:00:20 -------- d-----w- C:\f5d5df41b109a7a190f086afe4ba
2014-01-15 05:42:10 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 05:42:10 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 05:42:09 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 05:42:09 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 05:42:09 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 05:42:09 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 05:42:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 05:42:08 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 05:42:07 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-15 01:21:41 -------- d-----w- C:\Users\Steve\AppData\Local\Nero_AG
2014-01-15 01:20:56 -------- d-----w- C:\Users\Steve\AppData\Local\Nero
2014-01-15 01:14:20 -------- d-----w- C:\Program Files (x86)\Nero
2014-01-15 01:14:12 -------- d-----w- C:\ProgramData\Nero
2014-01-15 01:04:05 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-01-15 01:03:59 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-01-15 01:03:49 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-01-15 01:03:42 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
.
==================== Find3M  ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 05:11:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 05:11:35 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
.
============= FINISH: 15:34:14.56 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 12 February 2014 - 07:59 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Edited by RPMcMurphy, 12 February 2014 - 08:00 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 mcsiscm

mcsiscm
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 12 February 2014 - 08:57 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01
Ran by Steve (administrator) on ALIEN on 12-02-2014 19:49:40
Running from C:\Users\Steve\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Cloudmark, Inc.) C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(http://www.android-sync.com) C:\Program Files (x86)\Android-Sync\AndroidSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Android-Sync\bin\adb.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1063200 2013-10-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [SiHBAWakeupUtility] - [X]
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AndroidSync] - C:\Program Files (x86)\Android-Sync\AndroidSync.exe [6223792 2013-11-01] (http://www.android-sync.com)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1001126741-1943683864-3140619235-1001\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-1001126741-1943683864-3140619235-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-1001126741-1943683864-3140619235-1001\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1001126741-1943683864-3140619235-1001\...\Run: [Plextool] - C:\Program Files (x86)\Plextool\Plextool.exe [13804544 2013-08-23] ()
HKU\S-1-5-21-1001126741-1943683864-3140619235-1001\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1001126741-1943683864-3140619235-1003\...\Run: [Plextool] - C:\Program Files (x86)\Plextool\Plextool.exe [13804544 2013-08-23] ()
HKU\S-1-5-21-1001126741-1943683864-3140619235-1003\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-1001126741-1943683864-3140619235-1003\...\MountPoints2: {c6235b32-0189-11e3-8742-806e6f6e6963} - E:\setup_assist.exe
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5A0DEE4AD695CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {F9E0E4CC-9AFD-4104-87CB-B597E5D30C62} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie64.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie64.dll ()
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://apmoller.webex.com/client/WBXclient-T29L10NSP3-17099/webex/ieatgpc1.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\5unu98a6.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @ascendo-inc/DataVault;version=1 - C:\Program Files (x86)\DataVault\npapi.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-08-10]
FF HKLM-x32\...\Firefox\Extensions: [datavault@ascendo.inc] - C:\Program Files (x86)\DataVault\firefox
FF Extension: DataVault Toolbar - C:\Program Files (x86)\DataVault\firefox [2013-09-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF [2014-01-24]
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-10]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-10]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-10]
CHR Extension: (Adblock for Youtube™) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2013-11-10]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-10]
CHR Extension: (Google Calendar) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-20]
CHR Extension: (AdBlock) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-10]
CHR Extension: (DataVault Extension) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii [2013-09-29]
CHR Extension: (Norton Identity Protection) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-10]
CHR HKLM-x32\...\Chrome\Extension: [idbmmgcdhhiblollphopejjpnkpdgbii] - C:\Program Files (x86)\DataVault\extension.crx [2013-03-09]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-26]
 
==================== Services (Whitelisted) =================
 
S3 Backup Client Agent Service; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [403240 2013-11-11] (NovaStor Corporation)
R2 Disaster Recovery Imaging; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe [6256936 2013-11-11] (NovaStor Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2011-10-31] (BUFFALO INC.)
R2 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [613008 2013-11-11] (NovaStor Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-17] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 SiHbaWakeupService; C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe [62464 2009-07-27] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-24] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20140211.001\IDSvia64.sys [521944 2014-01-23] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140211.020\ENG64.SYS [126040 2014-02-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140211.020\EX64.SYS [2099288 2014-02-10] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [46616 2007-01-24] (Belcarra Technologies)
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-12 19:49 - 2014-02-12 19:50 - 00019308 _____ () C:\Users\Steve\Desktop\FRST.txt
2014-02-12 19:49 - 2014-02-12 19:49 - 00000000 ____D () C:\FRST
2014-02-12 19:45 - 2014-02-12 19:45 - 02152448 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2014-02-12 15:34 - 2014-02-12 15:34 - 00037260 _____ () C:\Users\Steve\Desktop\attach.txt
2014-02-12 15:34 - 2014-02-12 15:34 - 00022695 _____ () C:\Users\Steve\Desktop\dds.txt
2014-02-12 15:32 - 2014-02-12 15:32 - 00037507 _____ () C:\Users\Steve\Desktop\Attach_SafeMode.txt
2014-02-12 15:32 - 2014-02-12 15:32 - 00019816 _____ () C:\Users\Steve\Desktop\DDS_SafeMode.txt
2014-02-12 15:29 - 2014-02-12 15:31 - 00000000 ____D () C:\Users\Steve\Desktop\TempStorage
2014-02-12 15:27 - 2014-02-12 15:27 - 00688992 ____R (Swearware) C:\Users\Steve\Desktop\dds.com
2014-02-12 15:25 - 2014-02-12 15:26 - 00688992 _____ (Swearware) C:\Users\Steve\Downloads\dds (1).com
2014-02-12 15:24 - 2014-02-12 15:24 - 00688992 _____ (Swearware) C:\Users\Steve\Downloads\dds.com
2014-02-12 13:03 - 2014-02-12 13:03 - 00291176 _____ () C:\Windows\Minidump\021214-11122-01.dmp
2014-02-12 12:44 - 2014-02-12 12:44 - 00290992 _____ () C:\Windows\Minidump\021214-4586-01.dmp
2014-02-12 12:30 - 2014-02-12 12:30 - 00000000 ____D () C:\9aa9ee789e5ff7f8851ac3
2014-02-12 11:44 - 2014-02-12 11:44 - 00009800 ____N () C:\bootsqm.dat
2014-02-12 11:44 - 2014-02-12 11:44 - 00000000 __SHD () C:\found.002
2014-02-12 02:48 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 02:48 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 02:47 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 02:47 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 02:47 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 02:47 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 02:47 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 02:47 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 02:47 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 02:47 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 02:47 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 02:47 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 02:47 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 02:47 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 02:47 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 02:47 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 02:47 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 02:47 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 02:47 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 02:47 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 02:47 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 02:47 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 02:47 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 02:47 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 02:47 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 02:47 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 02:47 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 02:47 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 02:47 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 02:47 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 02:47 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 02:47 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 02:47 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 02:47 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 02:47 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 02:47 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 02:47 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 02:47 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 02:47 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 02:47 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 02:47 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 02:42 - 2014-02-12 02:42 - 02456845 _____ () C:\Users\Steve\Downloads\elvui-6.94.zip
2014-02-12 01:20 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 01:20 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 01:20 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 01:20 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 15:25 - 2014-02-12 13:13 - 00000000 ____D () C:\Users\Steve\AppData\Local\CrashDumps
2014-02-10 14:29 - 2014-02-10 14:29 - 00298944 _____ () C:\Windows\Minidump\021014-8377-01.dmp
2014-02-06 23:20 - 2014-02-06 23:30 - 00000000 ____D () C:\Users\Public\Documents\AuctioneerSuite-5.19.5445
2014-02-06 23:20 - 2014-02-06 23:20 - 00000000 ____D () C:\Users\Public\Documents\GathererDB_Wowhead-2.0.2013-06-15
2014-02-06 23:20 - 2014-02-06 23:20 - 00000000 ____D () C:\Users\Public\Documents\Gatherer-4.4.0
2014-02-04 23:06 - 2001-12-19 11:45 - 00008576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VCdRom.sys
2014-02-04 22:51 - 2014-02-04 22:53 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-02-04 22:48 - 2014-02-04 22:48 - 00774072 _____ (PortableApps.com) C:\Users\Steve\Downloads\RufusPortable_1.3.4_English.paf.exe
2014-02-04 22:48 - 2014-02-04 22:48 - 00000000 ____D () C:\Users\Steve\Downloads\RufusPortable
2014-02-04 17:06 - 2014-02-04 17:07 - 00000000 ____D () C:\Users\Steve\Logitech
2014-02-04 17:06 - 2014-02-04 17:06 - 00002361 _____ () C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
2014-02-04 17:05 - 2014-02-04 17:05 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-02-04 17:05 - 2007-01-24 16:24 - 00046616 _____ (Belcarra Technologies) C:\Windows\system32\Drivers\rcblan.sys
2014-02-04 16:57 - 2014-02-04 16:57 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\InstallShield
2014-02-03 10:40 - 2014-02-03 10:40 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\webex
2014-02-03 09:30 - 2014-02-03 09:30 - 00000000 ____D () C:\ProgramData\WebEx
2014-02-02 18:23 - 2014-02-02 18:23 - 00365840 _____ (Seagate Technology, LLC) C:\Users\Steve\Downloads\usbdrivelist.exe
2014-02-02 18:17 - 2014-02-02 18:17 - 00286864 _____ () C:\Users\Steve\Downloads\drivedetect.exe
2014-01-31 20:40 - 2014-01-31 20:40 - 00298944 _____ () C:\Windows\Minidump\013114-8205-01.dmp
2014-01-26 12:12 - 2014-02-12 19:49 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\CrashDumps
2014-01-24 14:03 - 2014-01-24 14:08 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\dvdcss
2014-01-24 13:22 - 2014-01-24 13:22 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-01-24 13:18 - 2014-01-24 13:18 - 00000000 ____D () C:\Users\Steve\Documents\Symantec
2014-01-24 13:13 - 2014-01-24 13:22 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-01-24 13:13 - 2014-01-24 13:22 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-01-24 13:13 - 2014-01-24 13:22 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-01-24 13:13 - 2014-01-24 13:14 - 00000000 ____D () C:\ProgramData\Norton
2014-01-24 13:13 - 2014-01-24 13:13 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-01-24 13:13 - 2014-01-24 13:13 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-01-24 13:13 - 2014-01-24 13:13 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-01-24 13:13 - 2014-01-24 13:13 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-01-23 18:35 - 2014-01-23 18:35 - 00448512 _____ (OldTimer Tools) C:\Users\Steve\Downloads\TFC.exe
2014-01-23 18:22 - 2014-01-23 18:22 - 00291232 _____ () C:\Windows\Minidump\012314-6474-01.dmp
2014-01-23 11:18 - 2014-01-23 11:18 - 00038432 _____ () C:\Users\Steve\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-01-23 11:09 - 2014-01-23 11:09 - 08080866 _____ () C:\Users\Steve\Downloads\SetupAkrutoSync-3.1.23.zip
2014-01-23 09:46 - 2014-01-23 09:46 - 00298944 _____ () C:\Windows\Minidump\012314-6115-01.dmp
2014-01-21 21:35 - 2014-01-21 21:35 - 00000000 ____D () C:\Users\Public\Documents\RareCoordinator-v5.4.1-4
2014-01-19 13:06 - 2014-01-19 13:06 - 00005221 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 10:44 - 2014-01-16 10:44 - 00298944 _____ () C:\Windows\Minidump\011614-6427-01.dmp
2014-01-15 03:00 - 2014-01-15 03:01 - 00000000 ____D () C:\f5d5df41b109a7a190f086afe4ba
2014-01-14 23:42 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 23:42 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 23:42 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 23:42 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 23:42 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 23:42 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 23:42 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 23:42 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 23:42 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 20:41 - 2014-01-14 20:44 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Mozilla
2014-01-14 20:41 - 2014-01-14 20:41 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-14 20:40 - 2014-01-14 20:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-14 20:20 - 2014-01-14 20:20 - 00076119 _____ () C:\Users\Steve\Documents\bookmarks.html
2014-01-14 20:20 - 2014-01-14 20:20 - 00033049 _____ () C:\Users\Steve\Documents\bookmarks-2014-01-14.json
2014-01-14 19:21 - 2014-01-14 19:21 - 00000000 ____D () C:\Users\Steve\AppData\Local\Nero_AG
2014-01-14 19:20 - 2014-01-14 19:23 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Nero
2014-01-14 19:20 - 2014-01-14 19:22 - 00000000 ____D () C:\Users\Steve\AppData\Local\Nero
2014-01-14 19:15 - 2014-01-14 19:15 - 00002835 _____ () C:\Users\Public\Desktop\Nero Express 12.lnk
2014-01-14 19:14 - 2014-01-14 19:17 - 00000000 ____D () C:\ProgramData\Nero
2014-01-14 19:14 - 2014-01-14 19:15 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-01-14 19:04 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-14 19:03 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-14 19:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-01-14 19:03 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-13 12:59 - 2014-01-13 12:59 - 00298944 _____ () C:\Windows\Minidump\011314-6676-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2014-02-12 19:50 - 2014-02-12 19:49 - 00019308 _____ () C:\Users\Steve\Desktop\FRST.txt
2014-02-12 19:49 - 2014-02-12 19:49 - 00000000 ____D () C:\FRST
2014-02-12 19:49 - 2014-01-26 12:12 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\CrashDumps
2014-02-12 19:48 - 2013-11-02 20:30 - 00000000 _____ () C:\sparkraw.log
2014-02-12 19:48 - 2013-08-11 21:01 - 00000000 ____D () C:\Users\Steve\Documents\Outlook Files
2014-02-12 19:48 - 2013-08-10 12:56 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-12 19:48 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-12 19:48 - 2009-07-13 22:51 - 00073503 _____ () C:\Windows\setupact.log
2014-02-12 19:45 - 2014-02-12 19:45 - 02152448 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2014-02-12 15:43 - 2009-07-13 23:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 15:38 - 2009-07-13 22:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-12 15:38 - 2009-07-13 22:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-12 15:37 - 2013-08-10 07:53 - 01697447 _____ () C:\Windows\WindowsUpdate.log
2014-02-12 15:37 - 2009-07-13 23:08 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-12 15:34 - 2014-02-12 15:34 - 00037260 _____ () C:\Users\Steve\Desktop\attach.txt
2014-02-12 15:34 - 2014-02-12 15:34 - 00022695 _____ () C:\Users\Steve\Desktop\dds.txt
2014-02-12 15:32 - 2014-02-12 15:32 - 00037507 _____ () C:\Users\Steve\Desktop\Attach_SafeMode.txt
2014-02-12 15:32 - 2014-02-12 15:32 - 00019816 _____ () C:\Users\Steve\Desktop\DDS_SafeMode.txt
2014-02-12 15:31 - 2014-02-12 15:29 - 00000000 ____D () C:\Users\Steve\Desktop\TempStorage
2014-02-12 15:27 - 2014-02-12 15:27 - 00688992 ____R (Swearware) C:\Users\Steve\Desktop\dds.com
2014-02-12 15:26 - 2014-02-12 15:25 - 00688992 _____ (Swearware) C:\Users\Steve\Downloads\dds (1).com
2014-02-12 15:24 - 2014-02-12 15:24 - 00688992 _____ (Swearware) C:\Users\Steve\Downloads\dds.com
2014-02-12 13:13 - 2014-02-10 15:25 - 00000000 ____D () C:\Users\Steve\AppData\Local\CrashDumps
2014-02-12 13:04 - 2013-08-10 07:52 - 00000000 ____D () C:\Users\Steve
2014-02-12 13:03 - 2014-02-12 13:03 - 00291176 _____ () C:\Windows\Minidump\021214-11122-01.dmp
2014-02-12 13:03 - 2013-08-10 08:58 - 844851718 _____ () C:\Windows\MEMORY.DMP
2014-02-12 13:03 - 2013-08-10 08:58 - 00000000 ____D () C:\Windows\Minidump
2014-02-12 12:46 - 2013-10-20 22:44 - 00000000 ____D () C:\Users\Steve\AppData\Local\Deployment
2014-02-12 12:44 - 2014-02-12 12:44 - 00290992 _____ () C:\Windows\Minidump\021214-4586-01.dmp
2014-02-12 12:36 - 2013-10-27 23:17 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft Robocopy GUI
2014-02-12 12:30 - 2014-02-12 12:30 - 00000000 ____D () C:\9aa9ee789e5ff7f8851ac3
2014-02-12 12:30 - 2013-08-11 20:45 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-02-12 12:29 - 2013-08-11 20:46 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Samsung
2014-02-12 12:29 - 2013-08-11 20:46 - 00000000 ____D () C:\Users\Steve\AppData\Local\Samsung
2014-02-12 12:29 - 2013-08-11 20:41 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-12 12:28 - 2013-08-11 20:41 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-12 12:28 - 2013-08-10 08:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-12 12:13 - 2013-08-10 12:56 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 11:44 - 2014-02-12 11:44 - 00009800 ____N () C:\bootsqm.dat
2014-02-12 11:44 - 2014-02-12 11:44 - 00000000 __SHD () C:\found.002
2014-02-12 02:48 - 2013-08-11 15:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 02:48 - 2009-07-13 20:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-12 02:42 - 2014-02-12 02:42 - 02456845 _____ () C:\Users\Steve\Downloads\elvui-6.94.zip
2014-02-12 02:11 - 2013-08-18 21:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 17:16 - 2013-09-26 21:09 - 00000000 ____D () C:\Users\Steve\Documents\DataVault
2014-02-10 14:29 - 2014-02-10 14:29 - 00298944 _____ () C:\Windows\Minidump\021014-8377-01.dmp
2014-02-10 14:29 - 2013-08-10 10:00 - 00139992 _____ () C:\Windows\PFRO.log
2014-02-10 04:28 - 2013-09-30 20:49 - 00003904 ____H () C:\ProgramData\nsActivation.act
2014-02-09 18:10 - 2013-08-26 22:18 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-02-09 18:10 - 2013-08-26 22:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-09 18:10 - 2013-08-26 22:16 - 00000000 ____D () C:\ProgramData\Garmin
2014-02-09 18:10 - 2013-08-26 22:15 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-02-06 23:30 - 2014-02-06 23:20 - 00000000 ____D () C:\Users\Public\Documents\AuctioneerSuite-5.19.5445
2014-02-06 23:20 - 2014-02-06 23:20 - 00000000 ____D () C:\Users\Public\Documents\GathererDB_Wowhead-2.0.2013-06-15
2014-02-06 23:20 - 2014-02-06 23:20 - 00000000 ____D () C:\Users\Public\Documents\Gatherer-4.4.0
2014-02-06 06:16 - 2014-02-12 02:47 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-12 02:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-12 02:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-12 02:47 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-12 02:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-12 02:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 02:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-12 02:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-12 02:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-12 02:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-12 02:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-12 02:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-12 02:47 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-12 02:47 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-12 02:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-12 02:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-12 02:47 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-12 02:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-12 02:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-12 02:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-12 02:47 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-12 02:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-12 02:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-12 02:47 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-12 02:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-12 02:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-12 02:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-12 02:47 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-12 02:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-12 02:47 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-12 02:47 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-12 02:47 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-12 02:47 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-12 02:47 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-12 02:47 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-12 02:47 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-12 02:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-12 02:47 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-12 02:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 23:11 - 2013-08-18 21:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 23:11 - 2013-08-18 21:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 23:11 - 2013-08-18 21:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 22:53 - 2014-02-04 22:51 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-02-04 22:51 - 2009-07-13 21:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-04 22:51 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-02-04 22:48 - 2014-02-04 22:48 - 00774072 _____ (PortableApps.com) C:\Users\Steve\Downloads\RufusPortable_1.3.4_English.paf.exe
2014-02-04 22:48 - 2014-02-04 22:48 - 00000000 ____D () C:\Users\Steve\Downloads\RufusPortable
2014-02-04 17:07 - 2014-02-04 17:06 - 00000000 ____D () C:\Users\Steve\Logitech
2014-02-04 17:06 - 2014-02-04 17:06 - 00002361 _____ () C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
2014-02-04 17:05 - 2014-02-04 17:05 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-02-04 17:05 - 2013-11-13 22:31 - 00103578 _____ () C:\Windows\DPINST.LOG
2014-02-04 16:57 - 2014-02-04 16:57 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\InstallShield
2014-02-03 10:40 - 2014-02-03 10:40 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\webex
2014-02-03 09:30 - 2014-02-03 09:30 - 00000000 ____D () C:\ProgramData\WebEx
2014-02-02 18:23 - 2014-02-02 18:23 - 00365840 _____ (Seagate Technology, LLC) C:\Users\Steve\Downloads\usbdrivelist.exe
2014-02-02 18:17 - 2014-02-02 18:17 - 00286864 _____ () C:\Users\Steve\Downloads\drivedetect.exe
2014-01-31 20:43 - 2013-08-10 14:49 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-01-31 20:40 - 2014-01-31 20:40 - 00298944 _____ () C:\Windows\Minidump\013114-8205-01.dmp
2014-01-26 12:11 - 2013-08-10 08:40 - 00111056 _____ () C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-26 12:11 - 2009-07-13 22:45 - 00442512 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-24 14:09 - 2013-11-26 22:16 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\vlc
2014-01-24 14:08 - 2014-01-24 14:03 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\dvdcss
2014-01-24 13:22 - 2014-01-24 13:22 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-01-24 13:22 - 2014-01-24 13:13 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-01-24 13:22 - 2014-01-24 13:13 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-01-24 13:22 - 2014-01-24 13:13 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-01-24 13:18 - 2014-01-24 13:18 - 00000000 ____D () C:\Users\Steve\Documents\Symantec
2014-01-24 13:14 - 2014-01-24 13:13 - 00000000 ____D () C:\ProgramData\Norton
2014-01-24 13:13 - 2014-01-24 13:13 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-01-24 13:13 - 2014-01-24 13:13 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-01-24 13:13 - 2014-01-24 13:13 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-01-24 13:13 - 2014-01-24 13:13 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-01-24 13:00 - 2013-08-11 18:19 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-23 18:35 - 2014-01-23 18:35 - 00448512 _____ (OldTimer Tools) C:\Users\Steve\Downloads\TFC.exe
2014-01-23 18:22 - 2014-01-23 18:22 - 00291232 _____ () C:\Windows\Minidump\012314-6474-01.dmp
2014-01-23 11:18 - 2014-01-23 11:18 - 00038432 _____ () C:\Users\Steve\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-01-23 11:09 - 2014-01-23 11:09 - 08080866 _____ () C:\Users\Steve\Downloads\SetupAkrutoSync-3.1.23.zip
2014-01-23 09:46 - 2014-01-23 09:46 - 00298944 _____ () C:\Windows\Minidump\012314-6115-01.dmp
2014-01-22 18:26 - 2013-08-25 14:47 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\DTencryptor-F
2014-01-21 21:35 - 2014-01-21 21:35 - 00000000 ____D () C:\Users\Public\Documents\RareCoordinator-v5.4.1-4
2014-01-19 13:06 - 2014-01-19 13:06 - 00005221 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 13:06 - 2013-10-20 09:32 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-19 13:06 - 2013-08-10 13:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-16 10:44 - 2014-01-16 10:44 - 00298944 _____ () C:\Windows\Minidump\011614-6427-01.dmp
2014-01-15 03:01 - 2014-01-15 03:00 - 00000000 ____D () C:\f5d5df41b109a7a190f086afe4ba
2014-01-15 03:01 - 2013-08-10 12:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 03:00 - 2013-08-10 12:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 20:44 - 2014-01-14 20:41 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Mozilla
2014-01-14 20:41 - 2014-01-14 20:41 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-14 20:41 - 2014-01-14 20:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-14 20:41 - 2013-12-20 21:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-14 20:20 - 2014-01-14 20:20 - 00076119 _____ () C:\Users\Steve\Documents\bookmarks.html
2014-01-14 20:20 - 2014-01-14 20:20 - 00033049 _____ () C:\Users\Steve\Documents\bookmarks-2014-01-14.json
2014-01-14 19:23 - 2014-01-14 19:20 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Nero
2014-01-14 19:22 - 2014-01-14 19:20 - 00000000 ____D () C:\Users\Steve\AppData\Local\Nero
2014-01-14 19:21 - 2014-01-14 19:21 - 00000000 ____D () C:\Users\Steve\AppData\Local\Nero_AG
2014-01-14 19:17 - 2014-01-14 19:14 - 00000000 ____D () C:\ProgramData\Nero
2014-01-14 19:17 - 2013-08-12 06:46 - 00000000 ____D () C:\Users\Steve\AppData\Local\Adobe
2014-01-14 19:15 - 2014-01-14 19:15 - 00002835 _____ () C:\Users\Public\Desktop\Nero Express 12.lnk
2014-01-14 19:15 - 2014-01-14 19:14 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-01-14 19:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Cursors
2014-01-14 16:15 - 2013-08-13 18:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-13 12:59 - 2014-01-13 12:59 - 00298944 _____ () C:\Windows\Minidump\011314-6676-01.dmp
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 02:15
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01
Ran by Steve (administrator) on ALIEN on 12-02-2014 19:49:40
Running from C:\Users\Steve\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Cloudmark, Inc.) C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(http://www.android-sync.com) C:\Program Files (x86)\Android-Sync\AndroidSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Android-Sync\bin\adb.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1063200 2013-10-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [SiHBAWakeupUtility] - [X]
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AndroidSync] - C:\Program Files (x86)\Android-Sync\AndroidSync.exe [6223792 2013-11-01] (http://www.android-sync.com)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1001126741-1943683864-3140619235-1001\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-1001126741-1943683864-3140619235-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-1001126741-1943683864-3140619235-1001\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1001126741-1943683864-3140619235-1001\...\Run: [Plextool] - C:\Program Files (x86)\Plextool\Plextool.exe [13804544 2013-08-23] ()
HKU\S-1-5-21-1001126741-1943683864-3140619235-1001\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1001126741-1943683864-3140619235-1003\...\Run: [Plextool] - C:\Program Files (x86)\Plextool\Plextool.exe [13804544 2013-08-23] ()
HKU\S-1-5-21-1001126741-1943683864-3140619235-1003\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-1001126741-1943683864-3140619235-1003\...\MountPoints2: {c6235b32-0189-11e3-8742-806e6f6e6963} - E:\setup_assist.exe
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5A0DEE4AD695CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {F9E0E4CC-9AFD-4104-87CB-B597E5D30C62} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie64.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie64.dll ()
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://apmoller.webex.com/client/WBXclient-T29L10NSP3-17099/webex/ieatgpc1.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\5unu98a6.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @ascendo-inc/DataVault;version=1 - C:\Program Files (x86)\DataVault\npapi.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-08-10]
FF HKLM-x32\...\Firefox\Extensions: [datavault@ascendo.inc] - C:\Program Files (x86)\DataVault\firefox
FF Extension: DataVault Toolbar - C:\Program Files (x86)\DataVault\firefox [2013-09-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF [2014-01-24]
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-10]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-10]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-10]
CHR Extension: (Adblock for Youtube™) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2013-11-10]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-10]
CHR Extension: (Google Calendar) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-20]
CHR Extension: (AdBlock) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-10]
CHR Extension: (DataVault Extension) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii [2013-09-29]
CHR Extension: (Norton Identity Protection) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-10]
CHR HKLM-x32\...\Chrome\Extension: [idbmmgcdhhiblollphopejjpnkpdgbii] - C:\Program Files (x86)\DataVault\extension.crx [2013-03-09]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-26]
 
==================== Services (Whitelisted) =================
 
S3 Backup Client Agent Service; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [403240 2013-11-11] (NovaStor Corporation)
R2 Disaster Recovery Imaging; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe [6256936 2013-11-11] (NovaStor Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2011-10-31] (BUFFALO INC.)
R2 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [613008 2013-11-11] (NovaStor Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-17] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 SiHbaWakeupService; C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe [62464 2009-07-27] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-24] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20140211.001\IDSvia64.sys [521944 2014-01-23] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140211.020\ENG64.SYS [126040 2014-02-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140211.020\EX64.SYS [2099288 2014-02-10] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [46616 2007-01-24] (Belcarra Technologies)
R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-12 19:49 - 2014-02-12 19:50 - 00019308 _____ () C:\Users\Steve\Desktop\FRST.txt
2014-02-12 19:49 - 2014-02-12 19:49 - 00000000 ____D () C:\FRST
2014-02-12 19:45 - 2014-02-12 19:45 - 02152448 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2014-02-12 15:34 - 2014-02-12 15:34 - 00037260 _____ () C:\Users\Steve\Desktop\attach.txt
2014-02-12 15:34 - 2014-02-12 15:34 - 00022695 _____ () C:\Users\Steve\Desktop\dds.txt
2014-02-12 15:32 - 2014-02-12 15:32 - 00037507 _____ () C:\Users\Steve\Desktop\Attach_SafeMode.txt
2014-02-12 15:32 - 2014-02-12 15:32 - 00019816 _____ () C:\Users\Steve\Desktop\DDS_SafeMode.txt
2014-02-12 15:29 - 2014-02-12 15:31 - 00000000 ____D () C:\Users\Steve\Desktop\TempStorage
2014-02-12 15:27 - 2014-02-12 15:27 - 00688992 ____R (Swearware) C:\Users\Steve\Desktop\dds.com
2014-02-12 15:25 - 2014-02-12 15:26 - 00688992 _____ (Swearware) C:\Users\Steve\Downloads\dds (1).com
2014-02-12 15:24 - 2014-02-12 15:24 - 00688992 _____ (Swearware) C:\Users\Steve\Downloads\dds.com
2014-02-12 13:03 - 2014-02-12 13:03 - 00291176 _____ () C:\Windows\Minidump\021214-11122-01.dmp
2014-02-12 12:44 - 2014-02-12 12:44 - 00290992 _____ () C:\Windows\Minidump\021214-4586-01.dmp
2014-02-12 12:30 - 2014-02-12 12:30 - 00000000 ____D () C:\9aa9ee789e5ff7f8851ac3
2014-02-12 11:44 - 2014-02-12 11:44 - 00009800 ____N () C:\bootsqm.dat
2014-02-12 11:44 - 2014-02-12 11:44 - 00000000 __SHD () C:\found.002
2014-02-12 02:48 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 02:48 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 02:47 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 02:47 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 02:47 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 02:47 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 02:47 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 02:47 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 02:47 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 02:47 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 02:47 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 02:47 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 02:47 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 02:47 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 02:47 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 02:47 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 02:47 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 02:47 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 02:47 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 02:47 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 02:47 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 02:47 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 02:47 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 02:47 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 02:47 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 02:47 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 02:47 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 02:47 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 02:47 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 02:47 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 02:47 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 02:47 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 02:47 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 02:47 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 02:47 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 02:47 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 02:47 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 02:47 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 02:47 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 02:47 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 02:47 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 02:42 - 2014-02-12 02:42 - 02456845 _____ () C:\Users\Steve\Downloads\elvui-6.94.zip
2014-02-12 01:20 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 01:20 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 01:20 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 01:20 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 15:25 - 2014-02-12 13:13 - 00000000 ____D () C:\Users\Steve\AppData\Local\CrashDumps
2014-02-10 14:29 - 2014-02-10 14:29 - 00298944 _____ () C:\Windows\Minidump\021014-8377-01.dmp
2014-02-06 23:20 - 2014-02-06 23:30 - 00000000 ____D () C:\Users\Public\Documents\AuctioneerSuite-5.19.5445
2014-02-06 23:20 - 2014-02-06 23:20 - 00000000 ____D () C:\Users\Public\Documents\GathererDB_Wowhead-2.0.2013-06-15
2014-02-06 23:20 - 2014-02-06 23:20 - 00000000 ____D () C:\Users\Public\Documents\Gatherer-4.4.0
2014-02-04 23:06 - 2001-12-19 11:45 - 00008576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VCdRom.sys
2014-02-04 22:51 - 2014-02-04 22:53 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-02-04 22:48 - 2014-02-04 22:48 - 00774072 _____ (PortableApps.com) C:\Users\Steve\Downloads\RufusPortable_1.3.4_English.paf.exe
2014-02-04 22:48 - 2014-02-04 22:48 - 00000000 ____D () C:\Users\Steve\Downloads\RufusPortable
2014-02-04 17:06 - 2014-02-04 17:07 - 00000000 ____D () C:\Users\Steve\Logitech
2014-02-04 17:06 - 2014-02-04 17:06 - 00002361 _____ () C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
2014-02-04 17:05 - 2014-02-04 17:05 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-02-04 17:05 - 2007-01-24 16:24 - 00046616 _____ (Belcarra Technologies) C:\Windows\system32\Drivers\rcblan.sys
2014-02-04 16:57 - 2014-02-04 16:57 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\InstallShield
2014-02-03 10:40 - 2014-02-03 10:40 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\webex
2014-02-03 09:30 - 2014-02-03 09:30 - 00000000 ____D () C:\ProgramData\WebEx
2014-02-02 18:23 - 2014-02-02 18:23 - 00365840 _____ (Seagate Technology, LLC) C:\Users\Steve\Downloads\usbdrivelist.exe
2014-02-02 18:17 - 2014-02-02 18:17 - 00286864 _____ () C:\Users\Steve\Downloads\drivedetect.exe
2014-01-31 20:40 - 2014-01-31 20:40 - 00298944 _____ () C:\Windows\Minidump\013114-8205-01.dmp
2014-01-26 12:12 - 2014-02-12 19:49 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\CrashDumps
2014-01-24 14:03 - 2014-01-24 14:08 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\dvdcss
2014-01-24 13:22 - 2014-01-24 13:22 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-01-24 13:18 - 2014-01-24 13:18 - 00000000 ____D () C:\Users\Steve\Documents\Symantec
2014-01-24 13:13 - 2014-01-24 13:22 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-01-24 13:13 - 2014-01-24 13:22 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-01-24 13:13 - 2014-01-24 13:22 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-01-24 13:13 - 2014-01-24 13:14 - 00000000 ____D () C:\ProgramData\Norton
2014-01-24 13:13 - 2014-01-24 13:13 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-01-24 13:13 - 2014-01-24 13:13 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-01-24 13:13 - 2014-01-24 13:13 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-01-24 13:13 - 2014-01-24 13:13 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-01-23 18:35 - 2014-01-23 18:35 - 00448512 _____ (OldTimer Tools) C:\Users\Steve\Downloads\TFC.exe
2014-01-23 18:22 - 2014-01-23 18:22 - 00291232 _____ () C:\Windows\Minidump\012314-6474-01.dmp
2014-01-23 11:18 - 2014-01-23 11:18 - 00038432 _____ () C:\Users\Steve\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-01-23 11:09 - 2014-01-23 11:09 - 08080866 _____ () C:\Users\Steve\Downloads\SetupAkrutoSync-3.1.23.zip
2014-01-23 09:46 - 2014-01-23 09:46 - 00298944 _____ () C:\Windows\Minidump\012314-6115-01.dmp
2014-01-21 21:35 - 2014-01-21 21:35 - 00000000 ____D () C:\Users\Public\Documents\RareCoordinator-v5.4.1-4
2014-01-19 13:06 - 2014-01-19 13:06 - 00005221 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 10:44 - 2014-01-16 10:44 - 00298944 _____ () C:\Windows\Minidump\011614-6427-01.dmp
2014-01-15 03:00 - 2014-01-15 03:01 - 00000000 ____D () C:\f5d5df41b109a7a190f086afe4ba
2014-01-14 23:42 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 23:42 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 23:42 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 23:42 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 23:42 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 23:42 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 23:42 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 23:42 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 23:42 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 20:41 - 2014-01-14 20:44 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Mozilla
2014-01-14 20:41 - 2014-01-14 20:41 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-14 20:40 - 2014-01-14 20:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-14 20:20 - 2014-01-14 20:20 - 00076119 _____ () C:\Users\Steve\Documents\bookmarks.html
2014-01-14 20:20 - 2014-01-14 20:20 - 00033049 _____ () C:\Users\Steve\Documents\bookmarks-2014-01-14.json
2014-01-14 19:21 - 2014-01-14 19:21 - 00000000 ____D () C:\Users\Steve\AppData\Local\Nero_AG
2014-01-14 19:20 - 2014-01-14 19:23 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Nero
2014-01-14 19:20 - 2014-01-14 19:22 - 00000000 ____D () C:\Users\Steve\AppData\Local\Nero
2014-01-14 19:15 - 2014-01-14 19:15 - 00002835 _____ () C:\Users\Public\Desktop\Nero Express 12.lnk
2014-01-14 19:14 - 2014-01-14 19:17 - 00000000 ____D () C:\ProgramData\Nero
2014-01-14 19:14 - 2014-01-14 19:15 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-01-14 19:04 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-14 19:03 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-14 19:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-01-14 19:03 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-13 12:59 - 2014-01-13 12:59 - 00298944 _____ () C:\Windows\Minidump\011314-6676-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2014-02-12 19:50 - 2014-02-12 19:49 - 00019308 _____ () C:\Users\Steve\Desktop\FRST.txt
2014-02-12 19:49 - 2014-02-12 19:49 - 00000000 ____D () C:\FRST
2014-02-12 19:49 - 2014-01-26 12:12 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\CrashDumps
2014-02-12 19:48 - 2013-11-02 20:30 - 00000000 _____ () C:\sparkraw.log
2014-02-12 19:48 - 2013-08-11 21:01 - 00000000 ____D () C:\Users\Steve\Documents\Outlook Files
2014-02-12 19:48 - 2013-08-10 12:56 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-12 19:48 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-12 19:48 - 2009-07-13 22:51 - 00073503 _____ () C:\Windows\setupact.log
2014-02-12 19:45 - 2014-02-12 19:45 - 02152448 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2014-02-12 15:43 - 2009-07-13 23:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 15:38 - 2009-07-13 22:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-12 15:38 - 2009-07-13 22:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-12 15:37 - 2013-08-10 07:53 - 01697447 _____ () C:\Windows\WindowsUpdate.log
2014-02-12 15:37 - 2009-07-13 23:08 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-12 15:34 - 2014-02-12 15:34 - 00037260 _____ () C:\Users\Steve\Desktop\attach.txt
2014-02-12 15:34 - 2014-02-12 15:34 - 00022695 _____ () C:\Users\Steve\Desktop\dds.txt
2014-02-12 15:32 - 2014-02-12 15:32 - 00037507 _____ () C:\Users\Steve\Desktop\Attach_SafeMode.txt
2014-02-12 15:32 - 2014-02-12 15:32 - 00019816 _____ () C:\Users\Steve\Desktop\DDS_SafeMode.txt
2014-02-12 15:31 - 2014-02-12 15:29 - 00000000 ____D () C:\Users\Steve\Desktop\TempStorage
2014-02-12 15:27 - 2014-02-12 15:27 - 00688992 ____R (Swearware) C:\Users\Steve\Desktop\dds.com
2014-02-12 15:26 - 2014-02-12 15:25 - 00688992 _____ (Swearware) C:\Users\Steve\Downloads\dds (1).com
2014-02-12 15:24 - 2014-02-12 15:24 - 00688992 _____ (Swearware) C:\Users\Steve\Downloads\dds.com
2014-02-12 13:13 - 2014-02-10 15:25 - 00000000 ____D () C:\Users\Steve\AppData\Local\CrashDumps
2014-02-12 13:04 - 2013-08-10 07:52 - 00000000 ____D () C:\Users\Steve
2014-02-12 13:03 - 2014-02-12 13:03 - 00291176 _____ () C:\Windows\Minidump\021214-11122-01.dmp
2014-02-12 13:03 - 2013-08-10 08:58 - 844851718 _____ () C:\Windows\MEMORY.DMP
2014-02-12 13:03 - 2013-08-10 08:58 - 00000000 ____D () C:\Windows\Minidump
2014-02-12 12:46 - 2013-10-20 22:44 - 00000000 ____D () C:\Users\Steve\AppData\Local\Deployment
2014-02-12 12:44 - 2014-02-12 12:44 - 00290992 _____ () C:\Windows\Minidump\021214-4586-01.dmp
2014-02-12 12:36 - 2013-10-27 23:17 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft Robocopy GUI
2014-02-12 12:30 - 2014-02-12 12:30 - 00000000 ____D () C:\9aa9ee789e5ff7f8851ac3
2014-02-12 12:30 - 2013-08-11 20:45 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-02-12 12:29 - 2013-08-11 20:46 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Samsung
2014-02-12 12:29 - 2013-08-11 20:46 - 00000000 ____D () C:\Users\Steve\AppData\Local\Samsung
2014-02-12 12:29 - 2013-08-11 20:41 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-12 12:28 - 2013-08-11 20:41 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-12 12:28 - 2013-08-10 08:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-12 12:13 - 2013-08-10 12:56 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 11:44 - 2014-02-12 11:44 - 00009800 ____N () C:\bootsqm.dat
2014-02-12 11:44 - 2014-02-12 11:44 - 00000000 __SHD () C:\found.002
2014-02-12 02:48 - 2013-08-11 15:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 02:48 - 2009-07-13 20:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-12 02:42 - 2014-02-12 02:42 - 02456845 _____ () C:\Users\Steve\Downloads\elvui-6.94.zip
2014-02-12 02:11 - 2013-08-18 21:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 17:16 - 2013-09-26 21:09 - 00000000 ____D () C:\Users\Steve\Documents\DataVault
2014-02-10 14:29 - 2014-02-10 14:29 - 00298944 _____ () C:\Windows\Minidump\021014-8377-01.dmp
2014-02-10 14:29 - 2013-08-10 10:00 - 00139992 _____ () C:\Windows\PFRO.log
2014-02-10 04:28 - 2013-09-30 20:49 - 00003904 ____H () C:\ProgramData\nsActivation.act
2014-02-09 18:10 - 2013-08-26 22:18 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-02-09 18:10 - 2013-08-26 22:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-09 18:10 - 2013-08-26 22:16 - 00000000 ____D () C:\ProgramData\Garmin
2014-02-09 18:10 - 2013-08-26 22:15 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-02-06 23:30 - 2014-02-06 23:20 - 00000000 ____D () C:\Users\Public\Documents\AuctioneerSuite-5.19.5445
2014-02-06 23:20 - 2014-02-06 23:20 - 00000000 ____D () C:\Users\Public\Documents\GathererDB_Wowhead-2.0.2013-06-15
2014-02-06 23:20 - 2014-02-06 23:20 - 00000000 ____D () C:\Users\Public\Documents\Gatherer-4.4.0
2014-02-06 06:16 - 2014-02-12 02:47 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-12 02:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-12 02:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-12 02:47 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-12 02:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-12 02:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 02:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-12 02:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-12 02:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-12 02:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-12 02:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-12 02:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-12 02:47 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-12 02:47 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-12 02:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-12 02:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-12 02:47 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-12 02:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-12 02:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-12 02:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-12 02:47 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-12 02:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-12 02:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-12 02:47 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-12 02:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-12 02:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-12 02:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-12 02:47 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-12 02:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-12 02:47 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-12 02:47 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-12 02:47 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-12 02:47 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-12 02:47 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-12 02:47 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-12 02:47 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-12 02:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-12 02:47 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-12 02:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 23:11 - 2013-08-18 21:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 23:11 - 2013-08-18 21:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 23:11 - 2013-08-18 21:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 22:53 - 2014-02-04 22:51 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-02-04 22:51 - 2009-07-13 21:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-04 22:51 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-02-04 22:48 - 2014-02-04 22:48 - 00774072 _____ (PortableApps.com) C:\Users\Steve\Downloads\RufusPortable_1.3.4_English.paf.exe
2014-02-04 22:48 - 2014-02-04 22:48 - 00000000 ____D () C:\Users\Steve\Downloads\RufusPortable
2014-02-04 17:07 - 2014-02-04 17:06 - 00000000 ____D () C:\Users\Steve\Logitech
2014-02-04 17:06 - 2014-02-04 17:06 - 00002361 _____ () C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
2014-02-04 17:05 - 2014-02-04 17:05 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-02-04 17:05 - 2013-11-13 22:31 - 00103578 _____ () C:\Windows\DPINST.LOG
2014-02-04 16:57 - 2014-02-04 16:57 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\InstallShield
2014-02-03 10:40 - 2014-02-03 10:40 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\webex
2014-02-03 09:30 - 2014-02-03 09:30 - 00000000 ____D () C:\ProgramData\WebEx
2014-02-02 18:23 - 2014-02-02 18:23 - 00365840 _____ (Seagate Technology, LLC) C:\Users\Steve\Downloads\usbdrivelist.exe
2014-02-02 18:17 - 2014-02-02 18:17 - 00286864 _____ () C:\Users\Steve\Downloads\drivedetect.exe
2014-01-31 20:43 - 2013-08-10 14:49 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-01-31 20:40 - 2014-01-31 20:40 - 00298944 _____ () C:\Windows\Minidump\013114-8205-01.dmp
2014-01-26 12:11 - 2013-08-10 08:40 - 00111056 _____ () C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-26 12:11 - 2009-07-13 22:45 - 00442512 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-24 14:09 - 2013-11-26 22:16 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\vlc
2014-01-24 14:08 - 2014-01-24 14:03 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\dvdcss
2014-01-24 13:22 - 2014-01-24 13:22 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-01-24 13:22 - 2014-01-24 13:13 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-01-24 13:22 - 2014-01-24 13:13 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-01-24 13:22 - 2014-01-24 13:13 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-01-24 13:18 - 2014-01-24 13:18 - 00000000 ____D () C:\Users\Steve\Documents\Symantec
2014-01-24 13:14 - 2014-01-24 13:13 - 00000000 ____D () C:\ProgramData\Norton
2014-01-24 13:13 - 2014-01-24 13:13 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-01-24 13:13 - 2014-01-24 13:13 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-01-24 13:13 - 2014-01-24 13:13 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-01-24 13:13 - 2014-01-24 13:13 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-01-24 13:00 - 2013-08-11 18:19 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-23 18:35 - 2014-01-23 18:35 - 00448512 _____ (OldTimer Tools) C:\Users\Steve\Downloads\TFC.exe
2014-01-23 18:22 - 2014-01-23 18:22 - 00291232 _____ () C:\Windows\Minidump\012314-6474-01.dmp
2014-01-23 11:18 - 2014-01-23 11:18 - 00038432 _____ () C:\Users\Steve\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-01-23 11:09 - 2014-01-23 11:09 - 08080866 _____ () C:\Users\Steve\Downloads\SetupAkrutoSync-3.1.23.zip
2014-01-23 09:46 - 2014-01-23 09:46 - 00298944 _____ () C:\Windows\Minidump\012314-6115-01.dmp
2014-01-22 18:26 - 2013-08-25 14:47 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\DTencryptor-F
2014-01-21 21:35 - 2014-01-21 21:35 - 00000000 ____D () C:\Users\Public\Documents\RareCoordinator-v5.4.1-4
2014-01-19 13:06 - 2014-01-19 13:06 - 00005221 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 13:06 - 2013-10-20 09:32 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-19 13:06 - 2013-08-10 13:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-16 10:44 - 2014-01-16 10:44 - 00298944 _____ () C:\Windows\Minidump\011614-6427-01.dmp
2014-01-15 03:01 - 2014-01-15 03:00 - 00000000 ____D () C:\f5d5df41b109a7a190f086afe4ba
2014-01-15 03:01 - 2013-08-10 12:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 03:00 - 2013-08-10 12:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 20:44 - 2014-01-14 20:41 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Mozilla
2014-01-14 20:41 - 2014-01-14 20:41 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-14 20:41 - 2014-01-14 20:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-14 20:41 - 2013-12-20 21:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-14 20:20 - 2014-01-14 20:20 - 00076119 _____ () C:\Users\Steve\Documents\bookmarks.html
2014-01-14 20:20 - 2014-01-14 20:20 - 00033049 _____ () C:\Users\Steve\Documents\bookmarks-2014-01-14.json
2014-01-14 19:23 - 2014-01-14 19:20 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Nero
2014-01-14 19:22 - 2014-01-14 19:20 - 00000000 ____D () C:\Users\Steve\AppData\Local\Nero
2014-01-14 19:21 - 2014-01-14 19:21 - 00000000 ____D () C:\Users\Steve\AppData\Local\Nero_AG
2014-01-14 19:17 - 2014-01-14 19:14 - 00000000 ____D () C:\ProgramData\Nero
2014-01-14 19:17 - 2013-08-12 06:46 - 00000000 ____D () C:\Users\Steve\AppData\Local\Adobe
2014-01-14 19:15 - 2014-01-14 19:15 - 00002835 _____ () C:\Users\Public\Desktop\Nero Express 12.lnk
2014-01-14 19:15 - 2014-01-14 19:14 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-01-14 19:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Cursors
2014-01-14 16:15 - 2013-08-13 18:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-13 12:59 - 2014-01-13 12:59 - 00298944 _____ () C:\Windows\Minidump\011314-6676-01.dmp
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 02:15
 
==================== End Of Log ============================

Attached Files



#4 mcsiscm

mcsiscm
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 12 February 2014 - 09:03 PM

oops, looks like I pasted twice - sorry....



#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 13 February 2014 - 09:25 AM

Please do this next:

icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 mcsiscm

mcsiscm
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 13 February 2014 - 12:41 PM

Thank you - both logs are attached.

Steve

 

Attached Files



#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 14 February 2014 - 08:15 AM

Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 mcsiscm

mcsiscm
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 16 February 2014 - 02:38 PM

Thank you.  The log files are attached.

 

 

Note - During one of the times when the machine rebooted due to the "DCOM service termination" the start button flashed up with the "Install MS Updates" on it as it.

I could not make any selection of any kind as the machine was in the process of downing itself.

When the machine came back up it said to wait while it was installing updates.

It then said the updates were NOT successful, and it rolled back the updates, then it continued to the desktop.

As soon as the desktop was fully built and all disk activity ceased, i rebooted again (restart, not shutdown)

There was no indication of "install MS Updates" on the start button as the button flashed by.

When the machine started up, it again started applying the MS updates, this time successfully.

The PC has now been up for a couple of hours without displaying the "service terminated unexpectedly" error.

 

Attached Files



#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 16 February 2014 - 07:10 PM

Is it still running better?  Please do this next:

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is the computer running now?
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 mcsiscm

mcsiscm
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 17 February 2014 - 10:01 PM

Good evening.

The PC is has not displayed symptoms for 24 hours at this time.

 

The ESET log is below...

 

 

C:\Users\Steve\Downloads\Nero-9.4.12.3_free.exe Win32/Toolbar.AskSBar potentially unwanted application
D:\SAVE_2-12\download\Nero-9.4.12.3_free.exe Win32/Toolbar.AskSBar potentially unwanted application
D:\Steve\Documents\ubcd511.iso Win32/PSWTool.KonBoot.A potentially unsafe application
D:\Steve\Documents\Work\desktop\Desktop Storage\MakeVIT.bat BAT/HostsChanger.A potentially unsafe application
D:\Steve\Downloads\alienware_lsp_us.zip Win32/InstallMonetizer.AQ potentially unwanted application
D:\Steve\Downloads\Alienware_Theme.zip Win32/InstallMonetizer.AQ potentially unwanted application
D:\Steve\Downloads\cnet_mdsetup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
D:\Steve\Downloads\disk-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Steve\Downloads\DVDStyler-2.2-win32.exe Win32/DownWare.W potentially unwanted application
D:\Steve\Downloads\SetupImgBurn_2.5.6.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Steve\Downloads\CPUZ - processor deisplay\cpu-z_1.62-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Steve\Pictures\_Desktops\alienware_skin_pack_1_0_x86_by_hameddanger-d4epy4k_installer.exe a variant of Win32/OpenInstall potentially unwanted application
 


#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 20 February 2014 - 08:43 AM

I'm very sorry for the delay in responding to you.  None of those ESET detections are concerning. They are all related to freeware applications you have installed that ESET flags because they are ad driven or come with toolbars.

If the computer is still running well, all I have left for you is some very important housekeeping:

icon11.gif  Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif  Download OTC to your desktop and run it
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
  • Manually delete any remaining logs or tools from our fixes

icon11.gif  Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

icon11.gif  Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't,  manually reboot to ensure a complete clean

icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
[list][*]Restart any anti-malware programs that we disabled while we were cleaning your machine.
[*]Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 mcsiscm

mcsiscm
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 24 February 2014 - 10:31 AM

It appears that whatever ailed my machine at the beginning of the journey has been resolved - my pc has been running non-stop since 20 Feb, and has not exhibited any symptoms since before 16th.

This issue may be marked resolved.

 

Thank you for your kind assistance.  

 

Respectfully, 

 

Steve

/bow



#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 25 February 2014 - 09:22 AM

You're welcome, Steve.  Take care!


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 27 February 2014 - 11:32 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users