Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads by keep now, computer dragging miserably


  • This topic is locked This topic is locked
11 replies to this topic

#1 j.evans1981

j.evans1981

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 19 April 2014 - 09:00 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17041
Run by James at 9:57:01 on 2014-04-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.3078 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.212.1\NativeBHO.dll
BHO: FFlashCouipon: {C4E8CBAC-5D3F-9121-2FC0-034E96A44698} - C:\ProgramData\FFlashCouipon\b.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coieplg.dll
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D58CEFDD-400F-49EF-BA7A-F4FE3D02DC0A} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F1810C8E-ADB9-40C9-82BF-D89658411F07} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.2.0.38\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: FFlashCouipon: {C4E8CBAC-5D3F-9121-2FC0-034E96A44698} - C:\ProgramData\FFlashCouipon\b.x64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.2.0.38\coieplg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\m1i4jxkc.default-1397913581991\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\James\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1502000.026\symds64.sys [2014-4-10 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1502000.026\symefa64.sys [2014-4-10 1148120]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE1200w764.sys [2011-3-28 1254464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-3-7 38456]
S1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2014-4-10 49240]
S1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [2014-4-15 1525976]
S1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1502000.026\ccsetx64.sys [2014-4-10 162392]
S1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140417.001\IDSviA64.sys [2014-4-17 525016]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1502000.026\ironx64.sys [2014-4-10 264280]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1502000.026\symnets.sys [2014-4-10 593112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-11-2 203392]
S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\n360.exe [2014-4-10 265040]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-11-2 234040]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-2 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-19 111616]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-10 19456]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-10 56832]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-11-2 1301504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-3-7 1255736]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-2 203776]
S4 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2014-3-7 915736]
S4 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2014-2-23 41024]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-19 13:46:14    --------    d-----w-    C:\AdwCleaner
2014-04-19 12:06:51    --------    d-----w-    C:\Users\James\AppData\Local\CrashDumps
2014-04-19 07:01:00    359936    ----a-w-    C:\Program Files\Internet Explorer\IEShims.dll
2014-04-19 07:01:00    257536    ----a-w-    C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-04-17 12:15:10    --------    d-----w-    C:\Users\James\AppData\Local\Diagnostics
2014-04-16 13:21:33    --------    d-----w-    C:\N360_BACKUP
2014-04-10 19:44:33    --------    d-----w-    C:\Users\James\AppData\Local\NPE
2014-04-10 19:05:10    --------    d-----w-    C:\Program Files (x86)\Common Files\Symantec Shared
2014-04-10 18:52:44    875736    ----a-w-    C:\Windows\System32\drivers\N360x64\1502000.026\srtsp64.sys
2014-04-10 18:52:44    593112    ----a-w-    C:\Windows\System32\drivers\N360x64\1502000.026\symnets.sys
2014-04-10 18:52:44    493656    ----a-r-    C:\Windows\System32\drivers\N360x64\1502000.026\symds64.sys
2014-04-10 18:52:44    36952    ----a-r-    C:\Windows\System32\drivers\N360x64\1502000.026\srtspx64.sys
2014-04-10 18:52:44    264280    ----a-r-    C:\Windows\System32\drivers\N360x64\1502000.026\ironx64.sys
2014-04-10 18:52:44    23568    ----a-r-    C:\Windows\System32\drivers\N360x64\1502000.026\symelam.sys
2014-04-10 18:52:44    162392    ----a-r-    C:\Windows\System32\drivers\N360x64\1502000.026\ccsetx64.sys
2014-04-10 18:52:44    1148120    ----a-w-    C:\Windows\System32\drivers\N360x64\1502000.026\symefa64.sys
2014-04-10 18:52:39    --------    d-----w-    C:\Windows\System32\drivers\N360x64\1502000.026
2014-04-10 18:48:06    177752    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-04-10 18:48:06    --------    d-----w-    C:\Program Files\Common Files\Symantec Shared
2014-04-10 18:47:31    --------    d-----w-    C:\Windows\System32\drivers\N360x64
2014-04-10 18:47:30    --------    d-----w-    C:\Program Files (x86)\Norton Security Suite
2014-04-10 18:46:38    --------    d-----w-    C:\ProgramData\NortonInstaller
2014-04-10 18:46:38    --------    d-----w-    C:\Program Files (x86)\NortonInstaller
2014-04-10 18:42:44    --------    d-----w-    C:\ProgramData\Norton
2014-04-10 18:38:20    --------    d-----w-    C:\Users\James\AppData\Local\White_Sky,_Inc
2014-04-10 18:38:20    --------    d-----w-    C:\ProgramData\IsolatedStorage
2014-04-10 18:38:17    --------    d-----w-    C:\Users\James\AppData\Local\ID Vault
2014-04-10 18:37:52    --------    d-----w-    C:\Users\James\AppData\Roaming\ID Vault
2014-04-10 18:37:34    49240    ----a-w-    C:\Windows\System32\drivers\AntiLog64.sys
2014-04-10 18:37:34    10674488    ----a-w-    C:\Windows\SysWow64\ZALSDKCore.dll
2014-04-10 18:37:34    --------    d-----w-    C:\Windows\SysWow64\ZALSDK_uninst
2014-04-10 18:37:33    --------    d-----w-    C:\Users\James\AppData\Local\Zemana
2014-04-10 18:37:28    --------    d-----w-    C:\Program Files (x86)\Constant Guard Protection Suite
2014-04-10 18:37:15    --------    d-----w-    C:\ProgramData\White Sky, Inc
2014-04-07 23:10:37    --------    d-----w-    C:\ProgramData\VirtualizedApplications
2014-04-07 21:00:28    --------    d-----w-    C:\Users\James\AppData\Roaming\SoftGrid Client
2014-04-07 21:00:28    --------    d-----w-    C:\Users\James\AppData\Local\SoftGrid Client
2014-04-07 20:59:46    --------    d-----w-    C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-04-07 20:59:38    --------    d-----w-    C:\Users\James\AppData\Roaming\TP
2014-04-03 03:00:31    --------    d-----w-    C:\ProgramData\FFlashCouipon
2014-03-30 15:26:37    --------    d-----w-    C:\Program Files (x86)\GreatsAoving
2014-03-28 20:55:54    --------    d-----w-    C:\ProgramData\84bd06b0c3cd615c
2014-03-28 20:55:48    --------    d-----w-    C:\Users\James\AppData\Local\Packages
2014-03-28 20:55:42    --------    d-----w-    C:\ProgramData\GreatsAoving
.
==================== Find3M  ====================
.
2014-04-06 08:54:41    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-06 08:54:41    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-10 00:00:04    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-09 17:08:41    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2014-03-09 17:08:41    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2014-03-06 09:32:16    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-02-27 07:04:40    829264    ----a-w-    C:\Windows\System32\msvcr100.dll
2014-02-27 07:04:40    608080    ----a-w-    C:\Windows\System32\msvcp100.dll
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:35:56    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:28:36    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-24 02:37:55    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH:  9:57:40.20 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 24 April 2014 - 09:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/531644 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:56 PM

Posted 24 April 2014 - 10:12 AM

Greetings and  :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now  :thumbup2:

==========================

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------

 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 j.evans1981

j.evans1981
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 25 April 2014 - 09:38 AM

I cannot use AdwCleaner...when I click the Scan button, it searches through the files and then when it gets to "Searching for infected shortcuts....." an error pops up saying AdwCleaner had experienced an unexpected problem and needs to close, and then asks me to report the error to Windows.  Is there another program I can use?



#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:56 PM

Posted 25 April 2014 - 10:25 AM

Hi j.evans1981,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 j.evans1981

j.evans1981
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 27 April 2014 - 04:06 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013 (ATTENTION: ====> FRST version is 154 days old and could be outdated)
Ran by James (administrator) on JAMES-PC on 27-04-2014 16:59:15
Running from C:\Users\James\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\n360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\n360.exe
(Farbar) C:\Users\James\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-14] (VIA)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
AppInit_DLLs:   [ ] ()
AppInit_DLLs-x32:   [ ] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x96EE10655962CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://www.better-search.net/?q={searchTerms}&src=6&q={searchTerms}&st=12&i=998&did=10844&ppd=search,33481641140,ultraiso,p,,c,UltraISO,,,www.fileparade.com&barid=1523565415772823710
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://www.better-search.net/?q={searchTerms}&src=6&q={searchTerms}&st=12&i=998&did=10844&ppd=search,33481641140,ultraiso,p,,c,UltraISO,,,www.fileparade.com&barid=1523565415772823710
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: FFlashCouipon - {C4E8CBAC-5D3F-9121-2FC0-034E96A44698} - C:\ProgramData\FFlashCouipon\b.x64.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.212.1\NativeBHO.dll (WhiteSky)
BHO-x32: FFlashCouipon - {C4E8CBAC-5D3F-9121-2FC0-034E96A44698} - C:\ProgramData\FFlashCouipon\b.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\m1i4jxkc.default-1397913581991
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (ClickForSale) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpelinoagehkoodoljggnnhmmgajhffe\1.9
CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (topdEalu) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\laagenieomhdepcpbmpjmnnddblhddmp\1.7
CHR Extension: (Norton Identity Protection) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0
CHR Extension: (Google Wallet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\Exts\Chrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2014-04-25] (BitRaider, LLC)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\N360.exe [265040 2014-03-14] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140425.001\IDSvia64.sys [525016 2014-04-09] (Symantec Corporation)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140426.001\ENG64.SYS [126040 2014-04-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140426.001\EX64.SYS [2099288 2014-04-25] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [x]
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-27 16:59 - 2014-04-27 17:00 - 00012036 _____ C:\Users\James\Downloads\FRST.txt
2014-04-27 16:57 - 2014-04-27 16:57 - 00000000 ____D C:\FRST
2014-04-27 16:51 - 2014-04-27 16:52 - 01958440 _____ (Farbar) C:\Users\James\Downloads\FRST64 (1).exe
2014-04-27 16:22 - 2014-04-27 16:22 - 02061824 _____ C:\Users\James\Downloads\FRST64.exe
2014-04-27 13:14 - 2014-04-27 14:37 - 00000000 ____D C:\Users\James\Desktop\solar_pay
2014-04-27 11:32 - 2014-04-27 12:22 - 00000000 ____D C:\Users\James\Desktop\EPAY_Enterprises
2014-04-27 11:15 - 2003-12-05 14:48 - 00078462 _____ C:\Users\James\Desktop\solarpay
2014-04-27 11:15 - 2003-11-28 12:46 - 00003749 _____ C:\Users\James\Desktop\solarpay_software_license.htm
2014-04-26 09:47 - 2014-04-26 09:47 - 00052159 _____ C:\Users\James\Downloads\trust.jpeg
2014-04-25 10:35 - 2014-04-25 10:35 - 01365865 _____ C:\Users\James\Downloads\AdwCleaner.exe
2014-04-25 06:35 - 2014-04-25 06:35 - 04520208 _____ (BitRaider, LLC) C:\Users\James\Downloads\potbsinstall(4).exe
2014-04-24 10:31 - 2014-04-24 10:31 - 00000000 ____D C:\ProgramData\McAfee
2014-04-22 15:19 - 2014-04-22 15:19 - 00000000 ____D C:\Users\dub_cm_auto
2014-04-19 21:48 - 2014-04-19 21:48 - 00000000 ____D C:\Windows\pss
2014-04-19 10:34 - 2014-04-19 10:34 - 00000000 __SHD C:\Users\James\AppData\Local\EmieUserList
2014-04-19 10:34 - 2014-04-19 10:34 - 00000000 __SHD C:\Users\James\AppData\Local\EmieSiteList
2014-04-19 10:12 - 2014-04-19 10:12 - 01381864 _____ (Anvisoft Corporation) C:\Users\James\Downloads\AnviUnIns (1).exe
2014-04-19 10:07 - 2014-04-19 10:07 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2014-04-19 10:06 - 2014-04-19 10:07 - 01381864 _____ (Anvisoft Corporation) C:\Users\James\Downloads\AnviUnIns.exe
2014-04-19 09:59 - 2014-04-19 09:59 - 00004122 _____ C:\Users\James\Desktop\attach.zip
2014-04-19 09:58 - 2014-04-19 09:58 - 00020712 _____ C:\Users\James\Desktop\attach.txt
2014-04-19 09:58 - 2014-04-19 09:57 - 00017955 _____ C:\Users\James\Desktop\dds.txt
2014-04-19 09:56 - 2014-04-19 09:56 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds.com
2014-04-19 09:46 - 2014-04-25 10:35 - 00000000 ____D C:\AdwCleaner
2014-04-19 09:26 - 2014-04-19 09:27 - 01258805 _____ C:\Users\James\Desktop\adwcleaner.exe
2014-04-19 09:19 - 2014-04-19 09:19 - 00000000 ____D C:\Users\James\Desktop\Old Firefox Data
2014-04-19 08:06 - 2014-04-25 10:35 - 00000000 ____D C:\Users\James\AppData\Local\CrashDumps
2014-04-19 03:01 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-19 03:00 - 2014-03-06 06:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-19 03:00 - 2014-03-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-19 03:00 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-19 03:00 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-19 03:00 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-19 03:00 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-19 03:00 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-19 03:00 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-19 03:00 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-19 03:00 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-19 03:00 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-19 03:00 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-19 03:00 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-19 03:00 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-19 03:00 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-19 03:00 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-19 03:00 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-19 03:00 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-19 03:00 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-19 03:00 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-19 03:00 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-19 03:00 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-19 03:00 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-19 03:00 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-19 03:00 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-19 03:00 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-19 03:00 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-19 03:00 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-19 03:00 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-19 03:00 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-19 03:00 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-19 03:00 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-19 03:00 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-19 03:00 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-19 03:00 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-19 03:00 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-19 03:00 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-19 03:00 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-19 03:00 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-19 03:00 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-19 03:00 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-19 03:00 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-19 03:00 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-19 03:00 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-19 03:00 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-19 03:00 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-19 03:00 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-16 09:21 - 2014-04-16 09:21 - 00000000 ____D C:\N360_BACKUP
2014-04-13 14:34 - 2014-04-13 14:34 - 00009825 _____ C:\Users\James\Downloads\p3plcpnl0317.prod.phx3.secureserver.net%20Secure%20Email%20Setup.vbs
2014-04-10 15:44 - 2014-04-16 09:21 - 00000000 ____D C:\Users\James\AppData\Local\NPE
2014-04-10 15:03 - 2014-04-10 15:04 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2014-04-10 14:48 - 2014-04-10 14:58 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2014-04-10 14:48 - 2014-04-10 14:48 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-04-10 14:48 - 2014-04-10 14:48 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-04-10 14:48 - 2014-04-10 14:48 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-04-10 14:47 - 2014-04-10 14:58 - 00002444 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-04-10 14:47 - 2014-04-10 14:58 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2014-04-10 14:47 - 2014-04-10 14:47 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2014-04-10 14:46 - 2014-04-10 14:46 - 00000000 ____D C:\Users\James\Documents\Symantec
2014-04-10 14:42 - 2014-04-10 14:49 - 00000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-04-10 14:42 - 2014-04-10 14:49 - 00000000 ____D C:\ProgramData\Norton
2014-04-10 14:42 - 2014-04-10 14:42 - 00001234 _____ C:\Users\James\Desktop\Norton Installation Files.lnk
2014-04-10 14:42 - 2014-04-10 14:42 - 00000000 ____D C:\Users\Public\Downloads\Norton
2014-04-10 14:38 - 2014-04-10 14:56 - 00000000 ____D C:\Users\James\AppData\Local\ID Vault
2014-04-10 14:38 - 2014-04-10 14:38 - 00000000 ____D C:\Users\James\AppData\Local\White_Sky,_Inc
2014-04-10 14:38 - 2014-04-10 14:38 - 00000000 ____D C:\ProgramData\IsolatedStorage
2014-04-10 14:37 - 2014-04-27 14:44 - 00000000 ____D C:\Users\James\AppData\Roaming\ID Vault
2014-04-10 14:37 - 2014-04-10 14:38 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2014-04-10 14:37 - 2014-04-10 14:37 - 00002265 _____ C:\Users\Public\Desktop\Constant Guard.lnk
2014-04-10 14:37 - 2014-04-10 14:37 - 00000000 ____D C:\ProgramData\White Sky, Inc
2014-04-08 14:22 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 14:22 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 14:22 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 14:22 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 14:22 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 14:22 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 14:22 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 14:22 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 14:22 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 14:22 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 14:22 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 14:22 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 14:22 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 14:22 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 14:22 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 14:22 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 14:22 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 19:10 - 2014-04-09 03:31 - 00000000 ____D C:\ProgramData\VirtualizedApplications
2014-04-07 17:05 - 2014-04-07 17:05 - 00000000 __RHD C:\MSOCache
2014-04-07 17:00 - 2014-04-09 03:19 - 00000000 ____D C:\Users\James\AppData\Roaming\SoftGrid Client
2014-04-07 17:00 - 2014-04-07 17:00 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-04-07 17:00 - 2014-04-07 17:00 - 00000000 ____D C:\Users\James\AppData\Local\SoftGrid Client
2014-04-07 16:59 - 2014-04-09 03:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-04-07 16:59 - 2014-04-07 17:00 - 00000000 ____D C:\Users\James\AppData\Roaming\TP
2014-04-03 09:15 - 2014-04-03 09:15 - 00884696 _____ (Google Inc.) C:\Users\James\Downloads\GoogleVoiceAndVideoSetup.exe
2014-04-02 23:00 - 2014-04-10 15:43 - 00000000 ____D C:\ProgramData\FFlashCouipon
2014-04-02 21:13 - 2014-04-02 21:13 - 04520208 _____ (BitRaider, LLC) C:\Users\James\Downloads\potbsinstall(3).exe
2014-03-31 19:34 - 2014-03-31 19:34 - 04968079 _____ (Tim Kosse) C:\Users\James\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-03-30 17:31 - 2014-04-19 21:35 - 00000000 ____D C:\Users\James\AppData\Roaming\Mozilla
2014-03-30 17:31 - 2014-03-30 17:31 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-30 17:31 - 2014-03-30 17:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 17:31 - 2014-03-30 17:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-03-30 11:26 - 2014-03-30 11:26 - 00000000 ____D C:\Program Files (x86)\GreatsAoving
2014-03-28 16:55 - 2014-04-02 23:00 - 00000000 ____D C:\ProgramData\84bd06b0c3cd615c
2014-03-28 16:55 - 2014-03-30 11:38 - 00000000 ____D C:\ProgramData\GreatsAoving
2014-03-28 16:55 - 2014-03-28 16:55 - 00000000 ____D C:\Users\James\AppData\Local\Packages

==================== One Month Modified Files and Folders =======

2014-04-27 17:01 - 2014-03-08 13:01 - 00000288 _____ C:\Windows\Tasks\FoxTab.job
2014-04-27 17:00 - 2014-04-27 16:59 - 00012036 _____ C:\Users\James\Downloads\FRST.txt
2014-04-27 16:57 - 2014-04-27 16:57 - 00000000 ____D C:\FRST
2014-04-27 16:52 - 2014-04-27 16:51 - 01958440 _____ (Farbar) C:\Users\James\Downloads\FRST64 (1).exe
2014-04-27 16:49 - 2014-03-07 10:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 16:49 - 2014-03-07 06:47 - 01537567 _____ C:\Windows\WindowsUpdate.log
2014-04-27 16:49 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 16:49 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 16:42 - 2014-03-08 13:11 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-27 16:42 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-04-27 16:42 - 2009-07-14 00:51 - 00116092 _____ C:\Windows\setupact.log
2014-04-27 16:22 - 2014-04-27 16:22 - 02061824 _____ C:\Users\James\Downloads\FRST64.exe
2014-04-27 16:15 - 2014-03-08 13:02 - 00000000 ____D C:\Users\James\AppData\Roaming\FileZilla
2014-04-27 15:27 - 2014-03-08 13:11 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-27 14:44 - 2014-04-10 14:37 - 00000000 ____D C:\Users\James\AppData\Roaming\ID Vault
2014-04-27 14:37 - 2014-04-27 13:14 - 00000000 ____D C:\Users\James\Desktop\solar_pay
2014-04-27 12:22 - 2014-04-27 11:32 - 00000000 ____D C:\Users\James\Desktop\EPAY_Enterprises
2014-04-27 11:38 - 2014-03-07 08:44 - 00147496 _____ C:\Windows\PFRO.log
2014-04-26 14:58 - 2014-03-08 13:05 - 00000000 ____D C:\Users\James\Documents\WORK
2014-04-26 09:47 - 2014-04-26 09:47 - 00052159 _____ C:\Users\James\Downloads\trust.jpeg
2014-04-25 10:35 - 2014-04-25 10:35 - 01365865 _____ C:\Users\James\Downloads\AdwCleaner.exe
2014-04-25 10:35 - 2014-04-19 09:46 - 00000000 ____D C:\AdwCleaner
2014-04-25 10:35 - 2014-04-19 08:06 - 00000000 ____D C:\Users\James\AppData\Local\CrashDumps
2014-04-25 06:38 - 2014-03-07 07:07 - 00000000 ____D C:\Program Files (x86)\Pirates of the Burning Sea
2014-04-25 06:37 - 2014-03-07 07:06 - 00000000 ____D C:\ProgramData\BitRaider
2014-04-25 06:35 - 2014-04-25 06:35 - 04520208 _____ (BitRaider, LLC) C:\Users\James\Downloads\potbsinstall(4).exe
2014-04-24 11:15 - 2014-03-07 10:22 - 00000000 ____D C:\Users\James\AppData\Local\Adobe
2014-04-24 10:31 - 2014-04-24 10:31 - 00000000 ____D C:\ProgramData\McAfee
2014-04-24 10:31 - 2014-03-07 10:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-24 10:30 - 2014-03-07 10:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-24 10:30 - 2014-03-07 10:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-23 10:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2014-04-22 15:19 - 2014-04-22 15:19 - 00000000 ____D C:\Users\dub_cm_auto
2014-04-20 22:19 - 2009-07-14 01:08 - 00030326 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-19 22:22 - 2014-03-08 13:11 - 00000000 ____D C:\Users\James\AppData\Local\Google
2014-04-19 21:48 - 2014-04-19 21:48 - 00000000 ____D C:\Windows\pss
2014-04-19 21:35 - 2014-03-30 17:31 - 00000000 ____D C:\Users\James\AppData\Roaming\Mozilla
2014-04-19 10:34 - 2014-04-19 10:34 - 00000000 __SHD C:\Users\James\AppData\Local\EmieUserList
2014-04-19 10:34 - 2014-04-19 10:34 - 00000000 __SHD C:\Users\James\AppData\Local\EmieSiteList
2014-04-19 10:29 - 2010-11-02 12:56 - 00000000 ____D C:\Program Files (x86)\ASUS
2014-04-19 10:29 - 2010-11-02 12:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-04-19 10:12 - 2014-04-19 10:12 - 01381864 _____ (Anvisoft Corporation) C:\Users\James\Downloads\AnviUnIns (1).exe
2014-04-19 10:07 - 2014-04-19 10:07 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2014-04-19 10:07 - 2014-04-19 10:06 - 01381864 _____ (Anvisoft Corporation) C:\Users\James\Downloads\AnviUnIns.exe
2014-04-19 09:59 - 2014-04-19 09:59 - 00004122 _____ C:\Users\James\Desktop\attach.zip
2014-04-19 09:58 - 2014-04-19 09:58 - 00020712 _____ C:\Users\James\Desktop\attach.txt
2014-04-19 09:57 - 2014-04-19 09:58 - 00017955 _____ C:\Users\James\Desktop\dds.txt
2014-04-19 09:56 - 2014-04-19 09:56 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds.com
2014-04-19 09:30 - 2010-11-02 12:56 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2014-04-19 09:27 - 2014-04-19 09:26 - 01258805 _____ C:\Users\James\Desktop\adwcleaner.exe
2014-04-19 09:19 - 2014-04-19 09:19 - 00000000 ____D C:\Users\James\Desktop\Old Firefox Data
2014-04-19 08:56 - 2014-03-07 07:54 - 00000000 ____D C:\Users\James\Documents\Pirates of the Burning Sea
2014-04-19 04:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2014-04-19 03:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-04-17 11:49 - 2009-07-14 01:13 - 00006398 _____ C:\Windows\system32\PerfStringBackup.INI
2014-04-16 09:21 - 2014-04-16 09:21 - 00000000 ____D C:\N360_BACKUP
2014-04-16 09:21 - 2014-04-10 15:44 - 00000000 ____D C:\Users\James\AppData\Local\NPE
2014-04-13 14:34 - 2014-04-13 14:34 - 00009825 _____ C:\Users\James\Downloads\p3plcpnl0317.prod.phx3.secureserver.net%20Secure%20Email%20Setup.vbs
2014-04-10 16:10 - 2014-03-08 15:03 - 00000000 ____D C:\Users\James\AppData\Local\Windows Live
2014-04-10 15:43 - 2014-04-02 23:00 - 00000000 ____D C:\ProgramData\FFlashCouipon
2014-04-10 15:04 - 2014-04-10 15:03 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2014-04-10 14:58 - 2014-04-10 14:48 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2014-04-10 14:58 - 2014-04-10 14:47 - 00002444 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-04-10 14:58 - 2014-04-10 14:47 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2014-04-10 14:56 - 2014-04-10 14:38 - 00000000 ____D C:\Users\James\AppData\Local\ID Vault
2014-04-10 14:49 - 2014-04-10 14:42 - 00000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-04-10 14:49 - 2014-04-10 14:42 - 00000000 ____D C:\ProgramData\Norton
2014-04-10 14:48 - 2014-04-10 14:48 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-04-10 14:48 - 2014-04-10 14:48 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-04-10 14:48 - 2014-04-10 14:48 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-04-10 14:47 - 2014-04-10 14:47 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2014-04-10 14:46 - 2014-04-10 14:46 - 00000000 ____D C:\Users\James\Documents\Symantec
2014-04-10 14:42 - 2014-04-10 14:42 - 00001234 _____ C:\Users\James\Desktop\Norton Installation Files.lnk
2014-04-10 14:42 - 2014-04-10 14:42 - 00000000 ____D C:\Users\Public\Downloads\Norton
2014-04-10 14:38 - 2014-04-10 14:38 - 00000000 ____D C:\Users\James\AppData\Local\White_Sky,_Inc
2014-04-10 14:38 - 2014-04-10 14:38 - 00000000 ____D C:\ProgramData\IsolatedStorage
2014-04-10 14:38 - 2014-04-10 14:37 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2014-04-10 14:37 - 2014-04-10 14:37 - 00002265 _____ C:\Users\Public\Desktop\Constant Guard.lnk
2014-04-10 14:37 - 2014-04-10 14:37 - 00000000 ____D C:\ProgramData\White Sky, Inc
2014-04-09 03:31 - 2014-04-07 19:10 - 00000000 ____D C:\ProgramData\VirtualizedApplications
2014-04-09 03:19 - 2014-04-07 17:00 - 00000000 ____D C:\Users\James\AppData\Roaming\SoftGrid Client
2014-04-09 03:04 - 2014-04-07 16:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-04-09 03:04 - 2014-03-10 17:52 - 00798472 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-09 03:03 - 2014-03-07 10:01 - 00000000 ____D C:\Windows\system32\MRT
2014-04-09 03:01 - 2014-03-07 10:01 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 17:05 - 2014-04-07 17:05 - 00000000 __RHD C:\MSOCache
2014-04-07 17:00 - 2014-04-07 17:00 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-04-07 17:00 - 2014-04-07 17:00 - 00000000 ____D C:\Users\James\AppData\Local\SoftGrid Client
2014-04-07 17:00 - 2014-04-07 16:59 - 00000000 ____D C:\Users\James\AppData\Roaming\TP
2014-04-07 16:59 - 2014-03-08 10:39 - 00000000 ____D C:\Program Files\Microsoft Office
2014-04-07 16:59 - 2010-11-02 12:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-04-07 16:59 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-04-03 09:15 - 2014-04-03 09:15 - 00884696 _____ (Google Inc.) C:\Users\James\Downloads\GoogleVoiceAndVideoSetup.exe
2014-04-02 23:00 - 2014-03-28 16:55 - 00000000 ____D C:\ProgramData\84bd06b0c3cd615c
2014-04-02 21:13 - 2014-04-02 21:13 - 04520208 _____ (BitRaider, LLC) C:\Users\James\Downloads\potbsinstall(3).exe
2014-03-31 19:34 - 2014-03-31 19:34 - 04968079 _____ (Tim Kosse) C:\Users\James\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-03-31 19:34 - 2014-03-08 13:02 - 00002004 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2014-03-31 19:34 - 2014-03-08 13:02 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2014-03-30 17:31 - 2014-03-30 17:31 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-30 17:31 - 2014-03-30 17:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 17:31 - 2014-03-30 17:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-03-30 11:38 - 2014-03-28 16:55 - 00000000 ____D C:\ProgramData\GreatsAoving
2014-03-30 11:26 - 2014-03-30 11:26 - 00000000 ____D C:\Program Files (x86)\GreatsAoving
2014-03-28 16:55 - 2014-03-28 16:55 - 00000000 ____D C:\Users\James\AppData\Local\Packages

Some content of TEMP:
====================
C:\Users\James\AppData\Local\Temp\First15.exe
C:\Users\James\AppData\Local\Temp\VP6Install.exe
C:\Users\James\AppData\Local\Temp\VP6VFW.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-19 00:50

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2013
Ran by James at 2014-04-27 17:01:29
Running from C:\Users\James\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 1.2.0)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.77)
Adobe Flash Player 13 Plugin (x32 Version: 13.0.0.182)
Adobe Reader 9.1 MUI (x32 Version: 9.1.0)
AI Manager (x32 Version: 1.08.07)
AMD USB Filter Driver (x32 Version: 1.0.15.94)
ASUS Backup Wizard (x32 Version: 1.00.09)
ASUS VIBE (x32 Version: 1.0.188)
ASUSUpdate (x32 Version: 7.18.03)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Best Buy pc app (Version: 3.1.1.0)
Best Buy pc app (x32 Version: 3.1.1.0)
BitRaider Web Client (x32 Version: 1.1.6.9)
Caesar 3 (x32)
Catalyst Control Center Core Implementation (x32 Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Light (x32 Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0210.2206.39615)
Catalyst Control Center InstallProxy (x32 Version: 2010.0210.2206.39615)
Catalyst Control Center Localization All (x32 Version: 2010.0210.2206.39615)
CCC Help Chinese Standard (x32 Version: 2010.0210.2205.39615)
CCC Help Chinese Traditional (x32 Version: 2010.0210.2205.39615)
CCC Help Czech (x32 Version: 2010.0210.2205.39615)
CCC Help Danish (x32 Version: 2010.0210.2205.39615)
CCC Help Dutch (x32 Version: 2010.0210.2205.39615)
CCC Help English (x32 Version: 2010.0210.2205.39615)
CCC Help Finnish (x32 Version: 2010.0210.2205.39615)
CCC Help French (x32 Version: 2010.0210.2205.39615)
CCC Help German (x32 Version: 2010.0210.2205.39615)
CCC Help Greek (x32 Version: 2010.0210.2205.39615)
CCC Help Hungarian (x32 Version: 2010.0210.2205.39615)
CCC Help Italian (x32 Version: 2010.0210.2205.39615)
CCC Help Japanese (x32 Version: 2010.0210.2205.39615)
CCC Help Korean (x32 Version: 2010.0210.2205.39615)
CCC Help Norwegian (x32 Version: 2010.0210.2205.39615)
CCC Help Polish (x32 Version: 2010.0210.2205.39615)
CCC Help Portuguese (x32 Version: 2010.0210.2205.39615)
CCC Help Russian (x32 Version: 2010.0210.2205.39615)
CCC Help Spanish (x32 Version: 2010.0210.2205.39615)
CCC Help Swedish (x32 Version: 2010.0210.2205.39615)
CCC Help Thai (x32 Version: 2010.0210.2205.39615)
CCC Help Turkish (x32 Version: 2010.0210.2205.39615)
ccc-core-static (x32 Version: 2010.0210.2206.39615)
ccc-utility64 (Version: 2010.0210.2206.39615)
CivCity (x32 Version: 1.00.0000)
Complément Messenger (x32 Version: 15.4.3502.0922)
Constant Guard Protection Suite (x32 Version: 1.14.212.1)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Cutthroats (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
FileZilla Client 3.8.0 (x32 Version: 3.8.0)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 33.0.1750.154)
Google Update Helper (x32 Version: 1.3.23.9)
Grand Ages Rome 1.02 (x32 Version: 1.02)
Immortal Cities: Children of the Nile (x32 Version: 000.118.00075)
IrfanView (remove only) (x32 Version: 4.37)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 28.0 (x86 en-US) (x32 Version: 28.0)
Mozilla Maintenance Service (x32 Version: 28.0)
MS Access 97 SP2 (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
Norton Security Suite (x32 Version: 21.2.0.38)
NVIDIA PhysX (x32 Version: 9.10.0513)
Pharaoh (x32)
Pirates Of The Burning Sea (x32 Version: 1.0.0.14)
Platform (x32 Version: 1.34)
Railroad Tycoon 3 (x32 Version: 1.0)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005)
SeaDogs (x32)
Sid Meier's Pirates! (x32 Version: 1.00.0000)
SimCity 3000 Unlimited (x32)
The Sims 2 (x32)
Tropico 2: Pirate Cove (x32)
VIA Platform Device Manager (x32 Version: 1.34)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

20-04-2014 17:02:39 Scheduled Checkpoint
25-04-2014 10:37:21 Installed DirectX

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {059F5AE2-3497-47A2-8CC5-51CCDDB36538} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\symerr.exe [2014-01-30] (Symantec Corporation)
Task: {3B114614-0E20-4B2B-8342-E914EA50B349} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-08] (Google Inc.)
Task: {3D3A8490-7691-4692-BD44-36C68C6CB5A0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4F7521E0-5030-4229-81A9-3C590C28B238} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {5F54184A-E3AB-4B40-91DD-D6B5DA05BBF9} - System32\Tasks\FoxTab => C:\Users\James\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE
Task: {7F3D9EE1-7EEF-41D0-A07D-67F85EA58161} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\symerr.exe [2014-01-30] (Symantec Corporation)
Task: {8E2C5CBF-724E-40BD-B987-D3D0B0F77E96} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\wscstub.exe [2014-03-11] (Symantec Corporation)
Task: {A0E415BB-0977-454A-9454-AAFD0C3859E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-24] (Adobe Systems Incorporated)
Task: {AD27FE19-DD71-4A43-8B11-5116A7CE348F} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe [2009-12-24] (ASUSTeK Computer Inc.)
Task: {E24CAFD4-D60B-42F3-BE6C-D54FDDF9ED26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-08] (Google Inc.)
Task: {EDA5C304-E048-4FFD-8383-1B49E3CDAEE5} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\AsBackupWizard\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\James\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-02 12:55 - 2009-05-07 04:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-11-02 12:55 - 2009-05-07 04:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-11-02 12:55 - 2008-01-18 02:50 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-11-02 12:55 - 2010-03-02 03:31 - 64105984 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-03-07 06:50 - 2014-03-07 06:50 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-03-28 05:35 - 2014-03-28 05:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2014 04:57:19 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (04/27/2014 04:57:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: TQUERY.DLL, version: 7.0.7601.17610, time stamp: 0x4dc0e17a
Exception code: 0xc0000006
Fault offset: 0x0000000000034a88
Faulting process id: 0x126c
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (04/27/2014 04:55:20 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (04/27/2014 04:55:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: TQUERY.DLL, version: 7.0.7601.17610, time stamp: 0x4dc0e17a
Exception code: 0xc0000006
Fault offset: 0x0000000000034a88
Faulting process id: 0x122c
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (04/27/2014 04:52:49 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (04/27/2014 04:52:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: TQUERY.DLL, version: 7.0.7601.17610, time stamp: 0x4dc0e17a
Exception code: 0xc0000006
Fault offset: 0x0000000000034a88
Faulting process id: 0x1048
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (04/27/2014 04:51:36 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (04/27/2014 04:51:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: TQUERY.DLL, version: 7.0.7601.17610, time stamp: 0x4dc0e17a
Exception code: 0xc0000006
Fault offset: 0x0000000000034a88
Faulting process id: 0xdb8
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (04/27/2014 04:50:04 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a4c

Start Time: 01cf62593f412a6e

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 6c8c16df-ce4d-11e3-ae26-bcaec5b77b1e

Error: (04/27/2014 04:46:37 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

System errors:
=============
Error: (04/27/2014 05:01:28 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:01:25 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:01:22 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:01:19 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:01:16 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:01:13 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:01:10 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:01:07 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:00:15 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:00:12 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Microsoft Office Sessions:
=========================
Error: (04/27/2014 04:57:19 PM) (Source: Application Error)(User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ciMicrosoft Windows Search IndexerC000009C3

Error: (04/27/2014 04:57:19 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019TQUERY.DLL7.0.7601.176104dc0e17ac00000060000000000034a88126c01cf625b1af62023C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLL8530e08e-ce4e-11e3-ae26-bcaec5b77b1e

Error: (04/27/2014 04:55:20 PM) (Source: Application Error)(User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ciMicrosoft Windows Search IndexerC000009C3

Error: (04/27/2014 04:55:20 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019TQUERY.DLL7.0.7601.176104dc0e17ac00000060000000000034a88122c01cf625af169dc76C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLL3e1dd67c-ce4e-11e3-ae26-bcaec5b77b1e

Error: (04/27/2014 04:52:49 PM) (Source: Application Error)(User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ciMicrosoft Windows Search IndexerC000009C3

Error: (04/27/2014 04:52:49 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019TQUERY.DLL7.0.7601.176104dc0e17ac00000060000000000034a88104801cf625a8ca53e8bC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLLe41cf29e-ce4d-11e3-ae26-bcaec5b77b1e

Error: (04/27/2014 04:51:36 PM) (Source: Application Error)(User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ciMicrosoft Windows Search IndexerC000009C3

Error: (04/27/2014 04:51:36 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019TQUERY.DLL7.0.7601.176104dc0e17ac00000060000000000034a88db801cf625a3906eaa7C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLLb84e963e-ce4d-11e3-ae26-bcaec5b77b1e

Error: (04/27/2014 04:50:04 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567a4c01cf62593f412a6e0C:\Windows\Explorer.EXE6c8c16df-ce4d-11e3-ae26-bcaec5b77b1e

Error: (04/27/2014 04:46:37 PM) (Source: Application Error)(User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ciMicrosoft Windows Search IndexerC000009C3

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 3839.18 MB
Available physical RAM: 2627.76 MB
Total Pagefile: 7676.53 MB
Available Pagefile: 6402.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:917.33 GB) (Free:858.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=14 GB) - (Type=1B)
Partition 2: (Active) - (Size=917 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 j.evans1981

j.evans1981
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 27 April 2014 - 04:10 PM

It said the version I had was out dated. Here's one that's not:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by James (administrator) on JAMES-PC on 27-04-2014 17:09:20
Running from C:\Users\James\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\N360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\N360.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Farbar) C:\Users\James\Downloads\FRST64 (2).exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-14] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-09] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x96EE10655962CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://www.better-search.net/?q={searchTerms}&src=6&q={searchTerms}&st=12&i=998&did=10844&ppd=search,33481641140,ultraiso,p,,c,UltraISO,,,www.fileparade.com&barid=1523565415772823710
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://www.better-search.net/?q={searchTerms}&src=6&q={searchTerms}&st=12&i=998&did=10844&ppd=search,33481641140,ultraiso,p,,c,UltraISO,,,www.fileparade.com&barid=1523565415772823710
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: FFlashCouipon - {C4E8CBAC-5D3F-9121-2FC0-034E96A44698} - C:\ProgramData\FFlashCouipon\b.x64.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.212.1\NativeBHO.dll (WhiteSky)
BHO-x32: FFlashCouipon - {C4E8CBAC-5D3F-9121-2FC0-034E96A44698} - C:\ProgramData\FFlashCouipon\b.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\m1i4jxkc.default-1397913581991
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-04-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []

Chrome:
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-08]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-08]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08]
CHR Extension: (ClickForSale) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpelinoagehkoodoljggnnhmmgajhffe [2014-04-02]
CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08]
CHR Extension: (topdEalu) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\laagenieomhdepcpbmpjmnnddblhddmp [2014-03-28]
CHR Extension: (Norton Identity Protection) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-17]
CHR Extension: (Google Wallet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-08]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\Exts\Chrome.crx [2014-04-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2014-04-25] (BitRaider, LLC)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\N360.exe [265040 2014-03-14] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140425.001\IDSvia64.sys [525016 2014-04-09] (Symantec Corporation)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140426.001\ENG64.SYS [126040 2014-04-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140426.001\EX64.SYS [2099288 2014-04-25] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-27 17:07 - 2014-04-27 17:07 - 02061824 _____ (Farbar) C:\Users\James\Downloads\FRST64 (2).exe
2014-04-27 17:01 - 2014-04-27 17:01 - 00028290 _____ () C:\Users\James\Downloads\Addition.txt
2014-04-27 16:59 - 2014-04-27 17:09 - 00012863 _____ () C:\Users\James\Downloads\FRST.txt
2014-04-27 16:57 - 2014-04-27 17:09 - 00000000 ____D () C:\FRST
2014-04-27 16:51 - 2014-04-27 16:52 - 01958440 _____ (Farbar) C:\Users\James\Downloads\FRST64 (1).exe
2014-04-27 16:22 - 2014-04-27 16:22 - 02061824 _____ () C:\Users\James\Downloads\FRST64.exe
2014-04-27 13:14 - 2014-04-27 14:37 - 00000000 ____D () C:\Users\James\Desktop\solar_pay
2014-04-27 11:32 - 2014-04-27 12:22 - 00000000 ____D () C:\Users\James\Desktop\EPAY_Enterprises
2014-04-27 11:15 - 2003-12-05 14:48 - 00078462 _____ () C:\Users\James\Desktop\solarpay
2014-04-27 11:15 - 2003-11-28 12:46 - 00003749 _____ () C:\Users\James\Desktop\solarpay_software_license.htm
2014-04-26 09:47 - 2014-04-26 09:47 - 00052159 _____ () C:\Users\James\Downloads\trust.jpeg
2014-04-25 10:35 - 2014-04-25 10:35 - 01365865 _____ () C:\Users\James\Downloads\AdwCleaner.exe
2014-04-25 06:35 - 2014-04-25 06:35 - 04520208 _____ (BitRaider, LLC) C:\Users\James\Downloads\potbsinstall(4).exe
2014-04-24 10:31 - 2014-04-24 10:31 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-22 15:19 - 2014-04-22 15:19 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-19 21:48 - 2014-04-19 21:48 - 00000000 ____D () C:\Windows\pss
2014-04-19 10:34 - 2014-04-19 10:34 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieUserList
2014-04-19 10:34 - 2014-04-19 10:34 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieSiteList
2014-04-19 10:12 - 2014-04-19 10:12 - 01381864 _____ (Anvisoft Corporation) C:\Users\James\Downloads\AnviUnIns (1).exe
2014-04-19 10:07 - 2014-04-19 10:07 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-04-19 10:06 - 2014-04-19 10:07 - 01381864 _____ (Anvisoft Corporation) C:\Users\James\Downloads\AnviUnIns.exe
2014-04-19 09:59 - 2014-04-19 09:59 - 00004122 _____ () C:\Users\James\Desktop\attach.zip
2014-04-19 09:58 - 2014-04-19 09:58 - 00020712 _____ () C:\Users\James\Desktop\attach.txt
2014-04-19 09:58 - 2014-04-19 09:57 - 00017955 _____ () C:\Users\James\Desktop\dds.txt
2014-04-19 09:56 - 2014-04-19 09:56 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds.com
2014-04-19 09:46 - 2014-04-25 10:35 - 00000000 ____D () C:\AdwCleaner
2014-04-19 09:26 - 2014-04-19 09:27 - 01258805 _____ () C:\Users\James\Desktop\adwcleaner.exe
2014-04-19 09:19 - 2014-04-19 09:19 - 00000000 ____D () C:\Users\James\Desktop\Old Firefox Data
2014-04-19 08:06 - 2014-04-25 10:35 - 00000000 ____D () C:\Users\James\AppData\Local\CrashDumps
2014-04-19 03:01 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-19 03:00 - 2014-03-06 06:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-19 03:00 - 2014-03-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-19 03:00 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-19 03:00 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-19 03:00 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-19 03:00 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-19 03:00 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-19 03:00 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-19 03:00 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-19 03:00 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-19 03:00 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-19 03:00 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-19 03:00 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-19 03:00 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-19 03:00 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-19 03:00 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-19 03:00 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-19 03:00 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-19 03:00 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-19 03:00 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-19 03:00 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-19 03:00 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-19 03:00 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-19 03:00 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-19 03:00 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-19 03:00 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-19 03:00 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-19 03:00 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-19 03:00 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-19 03:00 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-19 03:00 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-19 03:00 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-19 03:00 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-19 03:00 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-19 03:00 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-19 03:00 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-19 03:00 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-19 03:00 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-19 03:00 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-19 03:00 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-19 03:00 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-19 03:00 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-19 03:00 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-19 03:00 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-19 03:00 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-19 03:00 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-19 03:00 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-16 09:21 - 2014-04-16 09:21 - 00000000 ____D () C:\N360_BACKUP
2014-04-13 14:34 - 2014-04-13 14:34 - 00009825 _____ () C:\Users\James\Downloads\p3plcpnl0317.prod.phx3.secureserver.net%20Secure%20Email%20Setup.vbs
2014-04-10 15:44 - 2014-04-16 09:21 - 00000000 ____D () C:\Users\James\AppData\Local\NPE
2014-04-10 15:03 - 2014-04-10 15:04 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-04-10 14:48 - 2014-04-10 14:58 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-04-10 14:48 - 2014-04-10 14:48 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-04-10 14:48 - 2014-04-10 14:48 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-04-10 14:48 - 2014-04-10 14:48 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-04-10 14:47 - 2014-04-10 14:58 - 00002444 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-04-10 14:47 - 2014-04-10 14:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-04-10 14:47 - 2014-04-10 14:58 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-04-10 14:47 - 2014-04-10 14:47 - 00000000 ____D () C:\Program Files (x86)\Norton Security Suite
2014-04-10 14:46 - 2014-04-10 14:46 - 00000000 ____D () C:\Users\James\Documents\Symantec
2014-04-10 14:42 - 2014-04-10 14:49 - 00000000 ____D () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-04-10 14:42 - 2014-04-10 14:49 - 00000000 ____D () C:\ProgramData\Norton
2014-04-10 14:42 - 2014-04-10 14:42 - 00001234 _____ () C:\Users\James\Desktop\Norton Installation Files.lnk
2014-04-10 14:42 - 2014-04-10 14:42 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-04-10 14:38 - 2014-04-10 14:56 - 00000000 ____D () C:\Users\James\AppData\Local\ID Vault
2014-04-10 14:38 - 2014-04-10 14:38 - 00000000 ____D () C:\Users\James\AppData\Local\White_Sky,_Inc
2014-04-10 14:38 - 2014-04-10 14:38 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-04-10 14:37 - 2014-04-27 14:44 - 00000000 ____D () C:\Users\James\AppData\Roaming\ID Vault
2014-04-10 14:37 - 2014-04-10 14:38 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-04-10 14:37 - 2014-04-10 14:37 - 00002277 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
2014-04-10 14:37 - 2014-04-10 14:37 - 00002265 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
2014-04-10 14:37 - 2014-04-10 14:37 - 00000000 ____D () C:\ProgramData\White Sky, Inc
2014-04-09 10:40 - 2014-04-09 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2014-04-08 14:22 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 14:22 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 14:22 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 14:22 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 14:22 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 14:22 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 14:22 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 14:22 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 14:22 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 14:22 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 14:22 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 14:22 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 14:22 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 14:22 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 14:22 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 14:22 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 14:22 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 19:10 - 2014-04-09 03:31 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-04-07 17:05 - 2014-04-07 17:05 - 00000000 __RHD () C:\MSOCache
2014-04-07 17:00 - 2014-04-09 03:19 - 00000000 ____D () C:\Users\James\AppData\Roaming\SoftGrid Client
2014-04-07 17:00 - 2014-04-07 17:00 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-04-07 17:00 - 2014-04-07 17:00 - 00000000 ____D () C:\Users\James\AppData\Local\SoftGrid Client
2014-04-07 16:59 - 2014-04-09 03:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-04-07 16:59 - 2014-04-07 17:00 - 00000000 ____D () C:\Users\James\AppData\Roaming\TP
2014-04-03 09:15 - 2014-04-03 09:15 - 00884696 _____ (Google Inc.) C:\Users\James\Downloads\GoogleVoiceAndVideoSetup.exe
2014-04-02 23:00 - 2014-04-10 15:43 - 00000000 ____D () C:\ProgramData\FFlashCouipon
2014-04-02 21:13 - 2014-04-02 21:13 - 04520208 _____ (BitRaider, LLC) C:\Users\James\Downloads\potbsinstall(3).exe
2014-03-31 19:34 - 2014-03-31 19:34 - 04968079 _____ (Tim Kosse) C:\Users\James\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-03-30 17:31 - 2014-04-19 21:35 - 00000000 ____D () C:\Users\James\AppData\Roaming\Mozilla
2014-03-30 17:31 - 2014-03-30 17:31 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-30 17:31 - 2014-03-30 17:31 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-30 17:31 - 2014-03-30 17:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 17:31 - 2014-03-30 17:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 11:26 - 2014-03-30 11:26 - 00000000 ____D () C:\Program Files (x86)\GreatsAoving
2014-03-28 16:55 - 2014-04-02 23:00 - 00000000 ____D () C:\ProgramData\84bd06b0c3cd615c
2014-03-28 16:55 - 2014-03-30 11:38 - 00000000 ____D () C:\ProgramData\GreatsAoving
2014-03-28 16:55 - 2014-03-28 16:55 - 00000000 ____D () C:\Users\James\AppData\Local\Packages

==================== One Month Modified Files and Folders =======

2014-04-27 17:09 - 2014-04-27 16:59 - 00012863 _____ () C:\Users\James\Downloads\FRST.txt
2014-04-27 17:09 - 2014-04-27 16:57 - 00000000 ____D () C:\FRST
2014-04-27 17:07 - 2014-04-27 17:07 - 02061824 _____ (Farbar) C:\Users\James\Downloads\FRST64 (2).exe
2014-04-27 17:01 - 2014-04-27 17:01 - 00028290 _____ () C:\Users\James\Downloads\Addition.txt
2014-04-27 17:01 - 2014-03-08 13:01 - 00000288 _____ () C:\Windows\Tasks\FoxTab.job
2014-04-27 16:52 - 2014-04-27 16:51 - 01958440 _____ (Farbar) C:\Users\James\Downloads\FRST64 (1).exe
2014-04-27 16:49 - 2014-03-07 10:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 16:49 - 2014-03-07 06:47 - 01537567 _____ () C:\Windows\WindowsUpdate.log
2014-04-27 16:49 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 16:49 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 16:42 - 2014-03-08 13:11 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-27 16:42 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 16:42 - 2009-07-14 00:51 - 00116092 _____ () C:\Windows\setupact.log
2014-04-27 16:22 - 2014-04-27 16:22 - 02061824 _____ () C:\Users\James\Downloads\FRST64.exe
2014-04-27 16:15 - 2014-03-08 13:02 - 00000000 ____D () C:\Users\James\AppData\Roaming\FileZilla
2014-04-27 15:27 - 2014-03-08 13:11 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-27 14:44 - 2014-04-10 14:37 - 00000000 ____D () C:\Users\James\AppData\Roaming\ID Vault
2014-04-27 14:37 - 2014-04-27 13:14 - 00000000 ____D () C:\Users\James\Desktop\solar_pay
2014-04-27 12:22 - 2014-04-27 11:32 - 00000000 ____D () C:\Users\James\Desktop\EPAY_Enterprises
2014-04-27 11:38 - 2014-03-07 08:44 - 00147496 _____ () C:\Windows\PFRO.log
2014-04-26 14:58 - 2014-03-08 13:05 - 00000000 ____D () C:\Users\James\Documents\WORK
2014-04-26 09:47 - 2014-04-26 09:47 - 00052159 _____ () C:\Users\James\Downloads\trust.jpeg
2014-04-25 10:35 - 2014-04-25 10:35 - 01365865 _____ () C:\Users\James\Downloads\AdwCleaner.exe
2014-04-25 10:35 - 2014-04-19 09:46 - 00000000 ____D () C:\AdwCleaner
2014-04-25 10:35 - 2014-04-19 08:06 - 00000000 ____D () C:\Users\James\AppData\Local\CrashDumps
2014-04-25 06:38 - 2014-03-07 07:07 - 00000000 ____D () C:\Program Files (x86)\Pirates of the Burning Sea
2014-04-25 06:37 - 2014-03-07 07:06 - 00000000 ____D () C:\ProgramData\BitRaider
2014-04-25 06:35 - 2014-04-25 06:35 - 04520208 _____ (BitRaider, LLC) C:\Users\James\Downloads\potbsinstall(4).exe
2014-04-24 11:17 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 11:15 - 2014-03-07 10:22 - 00000000 ____D () C:\Users\James\AppData\Local\Adobe
2014-04-24 10:31 - 2014-04-24 10:31 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-24 10:31 - 2014-03-07 10:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-24 10:30 - 2014-03-07 10:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-24 10:30 - 2014-03-07 10:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-23 10:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-22 15:19 - 2014-04-22 15:19 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-20 22:19 - 2009-07-14 01:08 - 00030326 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-19 22:22 - 2014-03-08 13:11 - 00000000 ____D () C:\Users\James\AppData\Local\Google
2014-04-19 21:48 - 2014-04-19 21:48 - 00000000 ____D () C:\Windows\pss
2014-04-19 21:35 - 2014-03-30 17:31 - 00000000 ____D () C:\Users\James\AppData\Roaming\Mozilla
2014-04-19 10:34 - 2014-04-19 10:34 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieUserList
2014-04-19 10:34 - 2014-04-19 10:34 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieSiteList
2014-04-19 10:29 - 2010-11-02 12:56 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-04-19 10:29 - 2010-11-02 12:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-19 10:12 - 2014-04-19 10:12 - 01381864 _____ (Anvisoft Corporation) C:\Users\James\Downloads\AnviUnIns (1).exe
2014-04-19 10:07 - 2014-04-19 10:07 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-04-19 10:07 - 2014-04-19 10:06 - 01381864 _____ (Anvisoft Corporation) C:\Users\James\Downloads\AnviUnIns.exe
2014-04-19 09:59 - 2014-04-19 09:59 - 00004122 _____ () C:\Users\James\Desktop\attach.zip
2014-04-19 09:58 - 2014-04-19 09:58 - 00020712 _____ () C:\Users\James\Desktop\attach.txt
2014-04-19 09:57 - 2014-04-19 09:58 - 00017955 _____ () C:\Users\James\Desktop\dds.txt
2014-04-19 09:56 - 2014-04-19 09:56 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds.com
2014-04-19 09:30 - 2010-11-02 12:56 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2014-04-19 09:30 - 2010-11-02 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-04-19 09:27 - 2014-04-19 09:26 - 01258805 _____ () C:\Users\James\Desktop\adwcleaner.exe
2014-04-19 09:19 - 2014-04-19 09:19 - 00000000 ____D () C:\Users\James\Desktop\Old Firefox Data
2014-04-19 08:56 - 2014-03-07 07:54 - 00000000 ____D () C:\Users\James\Documents\Pirates of the Burning Sea
2014-04-19 04:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-04-19 03:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-17 11:49 - 2009-07-14 01:13 - 00006398 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 09:21 - 2014-04-16 09:21 - 00000000 ____D () C:\N360_BACKUP
2014-04-16 09:21 - 2014-04-10 15:44 - 00000000 ____D () C:\Users\James\AppData\Local\NPE
2014-04-13 14:34 - 2014-04-13 14:34 - 00009825 _____ () C:\Users\James\Downloads\p3plcpnl0317.prod.phx3.secureserver.net%20Secure%20Email%20Setup.vbs
2014-04-10 16:10 - 2014-03-08 15:03 - 00000000 ____D () C:\Users\James\AppData\Local\Windows Live
2014-04-10 15:43 - 2014-04-02 23:00 - 00000000 ____D () C:\ProgramData\FFlashCouipon
2014-04-10 15:04 - 2014-04-10 15:03 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-04-10 14:58 - 2014-04-10 14:48 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-04-10 14:58 - 2014-04-10 14:47 - 00002444 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-04-10 14:58 - 2014-04-10 14:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-04-10 14:58 - 2014-04-10 14:47 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-04-10 14:56 - 2014-04-10 14:38 - 00000000 ____D () C:\Users\James\AppData\Local\ID Vault
2014-04-10 14:49 - 2014-04-10 14:42 - 00000000 ____D () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-04-10 14:49 - 2014-04-10 14:42 - 00000000 ____D () C:\ProgramData\Norton
2014-04-10 14:48 - 2014-04-10 14:48 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-04-10 14:48 - 2014-04-10 14:48 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-04-10 14:48 - 2014-04-10 14:48 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-04-10 14:47 - 2014-04-10 14:47 - 00000000 ____D () C:\Program Files (x86)\Norton Security Suite
2014-04-10 14:46 - 2014-04-10 14:46 - 00000000 ____D () C:\Users\James\Documents\Symantec
2014-04-10 14:42 - 2014-04-10 14:42 - 00001234 _____ () C:\Users\James\Desktop\Norton Installation Files.lnk
2014-04-10 14:42 - 2014-04-10 14:42 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-04-10 14:38 - 2014-04-10 14:38 - 00000000 ____D () C:\Users\James\AppData\Local\White_Sky,_Inc
2014-04-10 14:38 - 2014-04-10 14:38 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-04-10 14:38 - 2014-04-10 14:37 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-04-10 14:37 - 2014-04-10 14:37 - 00002277 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
2014-04-10 14:37 - 2014-04-10 14:37 - 00002265 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
2014-04-10 14:37 - 2014-04-10 14:37 - 00000000 ____D () C:\ProgramData\White Sky, Inc
2014-04-09 10:40 - 2014-04-09 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2014-04-09 03:31 - 2014-04-07 19:10 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-04-09 03:19 - 2014-04-07 17:00 - 00000000 ____D () C:\Users\James\AppData\Roaming\SoftGrid Client
2014-04-09 03:04 - 2014-04-07 16:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-04-09 03:04 - 2014-03-10 17:52 - 00798472 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-09 03:03 - 2014-03-07 10:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 03:01 - 2014-03-07 10:01 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 17:05 - 2014-04-07 17:05 - 00000000 __RHD () C:\MSOCache
2014-04-07 17:00 - 2014-04-07 17:00 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-04-07 17:00 - 2014-04-07 17:00 - 00000000 ____D () C:\Users\James\AppData\Local\SoftGrid Client
2014-04-07 17:00 - 2014-04-07 16:59 - 00000000 ____D () C:\Users\James\AppData\Roaming\TP
2014-04-07 16:59 - 2014-03-08 10:39 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-04-07 16:59 - 2010-11-02 12:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-07 16:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-03 09:15 - 2014-04-03 09:15 - 00884696 _____ (Google Inc.) C:\Users\James\Downloads\GoogleVoiceAndVideoSetup.exe
2014-04-02 23:00 - 2014-03-28 16:55 - 00000000 ____D () C:\ProgramData\84bd06b0c3cd615c
2014-04-02 21:13 - 2014-04-02 21:13 - 04520208 _____ (BitRaider, LLC) C:\Users\James\Downloads\potbsinstall(3).exe
2014-03-31 19:34 - 2014-03-31 19:34 - 04968079 _____ (Tim Kosse) C:\Users\James\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-03-31 19:34 - 2014-03-08 13:02 - 00002004 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-03-31 19:34 - 2014-03-08 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-03-31 19:34 - 2014-03-08 13:02 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-30 17:31 - 2014-03-30 17:31 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-30 17:31 - 2014-03-30 17:31 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-30 17:31 - 2014-03-30 17:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 17:31 - 2014-03-30 17:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 11:38 - 2014-03-28 16:55 - 00000000 ____D () C:\ProgramData\GreatsAoving
2014-03-30 11:26 - 2014-03-30 11:26 - 00000000 ____D () C:\Program Files (x86)\GreatsAoving
2014-03-28 16:55 - 2014-03-28 16:55 - 00000000 ____D () C:\Users\James\AppData\Local\Packages

Some content of TEMP:
====================
C:\Users\James\AppData\Local\Temp\First15.exe
C:\Users\James\AppData\Local\Temp\VP6Install.exe
C:\Users\James\AppData\Local\Temp\VP6VFW.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-19 00:50

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014
Ran by James at 2014-04-27 17:09:47
Running from C:\Users\James\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.08.07 - ASUSTeK)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
ASUS VIBE (HKLM-x32\...\ASUS VIBE) (Version: 1.0.188 - Ecareme, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI Catalyst Install Manager (HKLM\...\{0C798FBB-2BA6-D113-C055-936965550F33}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.6.9 - BitRaider, LLC)
Caesar 3 (HKLM-x32\...\Caesar 3) (Version:  - )
Catalyst Control Center Core Implementation (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0210.2206.39615 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help English (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help French (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help German (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0210.2205.39615 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
ccc-utility64 (Version: 2010.0210.2206.39615 - ATI) Hidden
CivCity (HKLM-x32\...\{994E24A6-EC47-4201-8D0B-D4563B7AD66B}) (Version: 1.00.0000 - Firefly Studios)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.212.1 - Comcast)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cutthroats (HKLM-x32\...\Cutthroats) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Grand Ages Rome 1.02 (HKLM-x32\...\Civitas3) (Version: 1.02 - Kalypso Media)
Immortal Cities: Children of the Nile (HKLM-x32\...\InstallShield_{667A1F4B-BFFA-4CF0-8C0B-6ED397370BCB}) (Version: 000.118.00075 - Tilted Mill Entertainment)
Immortal Cities: Children of the Nile (x32 Version: 000.118.00075 - Tilted Mill Entertainment) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MS Access 97 SP2 (HKLM-x32\...\MS Access 97 SP2) (Version:  - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Pharaoh (HKLM-x32\...\Pharaoh) (Version:  - )
Pirates Of The Burning Sea (HKLM-x32\...\potbs) (Version: 1.0.0.14 - )
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Railroad Tycoon 3 (HKLM-x32\...\{DE29025A-091F-4998-AD2D-24C84421190F}) (Version: 1.0 - )
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
SeaDogs (HKLM-x32\...\SeaDogs) (Version:  - )
Sid Meier's Pirates! (HKLM-x32\...\InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}) (Version: 1.00.0000 - Firaxis Games)
Sid Meier's Pirates! (x32 Version: 1.00.0000 - Firaxis Games) Hidden
SimCity 3000 Unlimited (HKLM-x32\...\SimCity 3000 Unlimited) (Version:  - )
The Sims 2 (HKLM-x32\...\{8AB8D458-939E-403F-0097-9BA1C1F013D5}) (Version:  - )
Tropico 2: Pirate Cove (HKLM-x32\...\{1A2000AF-79DE-47FB-8411-BA22F981917F}) (Version:  - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

20-04-2014 17:02:39 Scheduled Checkpoint
25-04-2014 10:37:21 Installed DirectX

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {059F5AE2-3497-47A2-8CC5-51CCDDB36538} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3B114614-0E20-4B2B-8342-E914EA50B349} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-08] (Google Inc.)
Task: {4F7521E0-5030-4229-81A9-3C590C28B238} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {5F54184A-E3AB-4B40-91DD-D6B5DA05BBF9} - System32\Tasks\FoxTab => C:\Users\James\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7F3D9EE1-7EEF-41D0-A07D-67F85EA58161} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8E2C5CBF-724E-40BD-B987-D3D0B0F77E96} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\WSCStub.exe [2014-03-11] (Symantec Corporation)
Task: {A0E415BB-0977-454A-9454-AAFD0C3859E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-24] (Adobe Systems Incorporated)
Task: {AD27FE19-DD71-4A43-8B11-5116A7CE348F} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe [2009-12-24] (ASUSTeK Computer Inc.)
Task: {E24CAFD4-D60B-42F3-BE6C-D54FDDF9ED26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-08] (Google Inc.)
Task: {EDA5C304-E048-4FFD-8383-1B49E3CDAEE5} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\AsBackupWizard\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\James\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-02 12:55 - 2009-05-07 04:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-11-02 12:55 - 2009-05-07 04:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-11-02 12:55 - 2008-01-18 02:50 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-11-02 12:55 - 2010-03-02 03:31 - 64105984 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-03-07 06:50 - 2014-03-07 06:50 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-03-28 05:35 - 2014-03-28 05:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-04-02 23:00 - 2014-04-02 23:00 - 00424960 _____ () C:\ProgramData\FFlashCouipon\b.dll
2000-01-28 01:00 - 2000-01-28 01:00 - 00012288 _____ () C:\Windows\SysWow64\hlinkprx.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: BRSptSvc => 3
MSCONFIG\Services: Device Handle Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IBUpdaterService => 2
MSCONFIG\Services: IDVaultSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SfCtlCom => 2
MSCONFIG\Services: TMBMServer => 3
MSCONFIG\Services: TmPfw => 3
MSCONFIG\Services: TmProxy => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Constant Guard.lnk => C:\Windows\pss\Constant Guard.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Best Buy pc app => C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
MSCONFIG\startupreg: Google Update => "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: RunAIShell => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
MSCONFIG\startupreg: UfSeAgnt.exe => "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

==================== Faulty Device Manager Devices =============

Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2014 05:07:41 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (04/27/2014 05:07:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: TQUERY.DLL, version: 7.0.7601.17610, time stamp: 0x4dc0e17a
Exception code: 0xc0000006
Fault offset: 0x0000000000034a88
Faulting process id: 0x13f0
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (04/27/2014 05:03:39 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (04/27/2014 05:03:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: TQUERY.DLL, version: 7.0.7601.17610, time stamp: 0x4dc0e17a
Exception code: 0xc0000006
Fault offset: 0x0000000000034a88
Faulting process id: 0x2e8
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (04/27/2014 05:03:21 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (04/27/2014 05:03:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: TQUERY.DLL, version: 7.0.7601.17610, time stamp: 0x4dc0e17a
Exception code: 0xc0000006
Fault offset: 0x0000000000034a88
Faulting process id: 0x288
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (04/27/2014 04:57:19 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (04/27/2014 04:57:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: TQUERY.DLL, version: 7.0.7601.17610, time stamp: 0x4dc0e17a
Exception code: 0xc0000006
Fault offset: 0x0000000000034a88
Faulting process id: 0x126c
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (04/27/2014 04:55:20 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (04/27/2014 04:55:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: TQUERY.DLL, version: 7.0.7601.17610, time stamp: 0x4dc0e17a
Exception code: 0xc0000006
Fault offset: 0x0000000000034a88
Faulting process id: 0x122c
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

System errors:
=============
Error: (04/27/2014 05:09:47 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:09:45 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:09:42 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:09:39 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:09:36 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:09:33 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:09:30 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:09:27 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:08:36 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/27/2014 05:08:33 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Microsoft Office Sessions:
=========================
Error: (04/27/2014 05:07:41 PM) (Source: Application Error)(User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ciMicrosoft Windows Search IndexerC000009C3

Error: (04/27/2014 05:07:41 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019TQUERY.DLL7.0.7601.176104dc0e17ac00000060000000000034a8813f001cf625cb7e8c640C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLLf7efac9b-ce4f-11e3-ae26-bcaec5b77b1e

Error: (04/27/2014 05:03:39 PM) (Source: Application Error)(User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ciMicrosoft Windows Search IndexerC000009C3

Error: (04/27/2014 05:03:39 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019TQUERY.DLL7.0.7601.176104dc0e17ac00000060000000000034a882e801cf625c278987b4C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLL679ce17e-ce4f-11e3-ae26-bcaec5b77b1e

Error: (04/27/2014 05:03:21 PM) (Source: Application Error)(User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ciMicrosoft Windows Search IndexerC000009C3

Error: (04/27/2014 05:03:21 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019TQUERY.DLL7.0.7601.176104dc0e17ac00000060000000000034a8828801cf625c1c343e9eC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLL5cf7feed-ce4f-11e3-ae26-bcaec5b77b1e

Error: (04/27/2014 04:57:19 PM) (Source: Application Error)(User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ciMicrosoft Windows Search IndexerC000009C3

Error: (04/27/2014 04:57:19 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019TQUERY.DLL7.0.7601.176104dc0e17ac00000060000000000034a88126c01cf625b1af62023C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLL8530e08e-ce4e-11e3-ae26-bcaec5b77b1e

Error: (04/27/2014 04:55:20 PM) (Source: Application Error)(User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ciMicrosoft Windows Search IndexerC000009C3

Error: (04/27/2014 04:55:20 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019TQUERY.DLL7.0.7601.176104dc0e17ac00000060000000000034a88122c01cf625af169dc76C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\TQUERY.DLL3e1dd67c-ce4e-11e3-ae26-bcaec5b77b1e

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 3839.18 MB
Available physical RAM: 2437.66 MB
Total Pagefile: 7676.53 MB
Available Pagefile: 6127.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:917.33 GB) (Free:858.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=14 GB) - (Type=1B)
Partition 2: (Active) - (Size=917 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:56 PM

Posted 28 April 2014 - 10:23 AM

Hi j.evans1981,
 
Before I start addressing the ads issue, I must check out the state of your hard drive. A number of errors created lean to a failing hard drive, which is not a good thing I must say:

  • Download GSmartControl for Windows and save it to your desktop
  • Unzip the folder to your desktop
  • Double click gsmartcontrol.exe
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • GsmartControl results

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 j.evans1981

j.evans1981
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 28 April 2014 - 03:04 PM

GSmart Results:

 

 

 

===================================

 

 

 

 

 

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win7(64)-sp1] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net

=== START OF INFORMATION SECTION ===
Model Family:     Seagate Barracuda 7200.12
Device Model:     ST31000528AS
Serial Number:    6VPAH2QS
LU WWN Device Id: 5 000c50 030cdca43
Firmware Version: CC46
User Capacity:    1,000,204,886,016 bytes [1.00 TB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 4
Local Time is:    Mon Apr 28 16:03:28 2014 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x82) Offline data collection activity
     was completed without error.
     Auto Offline Data Collection: Enabled.
Self-test execution status:      ( 121) The previous self-test completed having
     the read element of the test failed.
Total time to complete Offline
data collection:   (  600) seconds.
Offline data collection
capabilities:     (0x7b) SMART execute Offline immediate.
     Auto Offline data collection on/off support.
     Suspend Offline collection upon new
     command.
     Offline surface scan supported.
     Self-test supported.
     Conveyance Self-test supported.
     Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
     power-saving mode.
     Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
     General Purpose Logging supported.
Short self-test routine
recommended polling time:   (   1) minutes.
Extended self-test routine
recommended polling time:   ( 169) minutes.
Conveyance self-test routine
recommended polling time:   (   2) minutes.
SCT capabilities:         (0x103f) SCT Status supported.
     SCT Error Recovery Control supported.
     SCT Feature Control supported.
     SCT Data Table supported.

SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000f   081   075   006    Pre-fail  Always       -       72834165
  3 Spin_Up_Time            0x0003   095   094   000    Pre-fail  Always       -       0
  4 Start_Stop_Count        0x0032   100   100   020    Old_age   Always       -       584
  5 Reallocated_Sector_Ct   0x0033   056   056   036    Pre-fail  Always       -       1812
  7 Seek_Error_Rate         0x000f   084   060   030    Pre-fail  Always       -       322188809
  9 Power_On_Hours          0x0032   074   074   000    Old_age   Always       -       23392
 10 Spin_Retry_Count        0x0013   100   100   097    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   020    Old_age   Always       -       288
183 Runtime_Bad_Block       0x0032   100   100   000    Old_age   Always       -       0
184 End-to-End_Error        0x0032   100   100   099    Old_age   Always       -       0
187 Reported_Uncorrect      0x0032   001   001   000    Old_age   Always       -       52842
188 Command_Timeout         0x0032   100   092   000    Old_age   Always       -       304947462309
189 High_Fly_Writes         0x003a   087   087   000    Old_age   Always       -       13
190 Airflow_Temperature_Cel 0x0022   063   052   045    Old_age   Always       -       37 (Min/Max 34/39)
194 Temperature_Celsius     0x0022   037   048   000    Old_age   Always       -       37 (0 17 0 0 0)
195 Hardware_ECC_Recovered  0x001a   036   026   000    Old_age   Always       -       72834165
197 Current_Pending_Sector  0x0012   072   045   000    Old_age   Always       -       1178
198 Offline_Uncorrectable   0x0010   072   045   000    Old_age   Offline      -       1178
199 UDMA_CRC_Error_Count    0x003e   200   200   000    Old_age   Always       -       0
240 Head_Flying_Hours       0x0000   100   253   000    Old_age   Offline      -       254429567671804
241 Total_LBAs_Written      0x0000   100   253   000    Old_age   Offline      -       2371619643
242 Total_LBAs_Read         0x0000   100   253   000    Old_age   Offline      -       1234017866

SMART Error Log Version: 1
ATA Error Count: 49015 (device log contains only the most recent five errors)
 CR = Command Register [HEX]
 FR = Features Register [HEX]
 SC = Sector Count Register [HEX]
 SN = Sector Number Register [HEX]
 CL = Cylinder Low Register [HEX]
 CH = Cylinder High Register [HEX]
 DH = Device/Head Register [HEX]
 DC = Device Command Register [HEX]
 ER = Error register [HEX]
 ST = Status register [HEX]
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.

Error 49015 occurred at disk power-on lifetime: 23392 hours (974 days + 16 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 d0 47 e6 02  Error: UNC at LBA = 0x02e647d0 = 48646096

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  25 00 08 d0 47 e6 e2 00      22:03:45.938  READ DMA EXT
  35 00 22 b0 83 87 e2 00      22:03:45.938  WRITE DMA EXT
  35 00 08 30 ea 26 e2 00      22:03:45.937  WRITE DMA EXT
  35 00 08 48 f9 25 e2 00      22:03:45.937  WRITE DMA EXT
  35 00 08 a8 02 21 e2 00      22:03:45.937  WRITE DMA EXT

Error 49014 occurred at disk power-on lifetime: 23392 hours (974 days + 16 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 d0 47 e6 02  Error: UNC at LBA = 0x02e647d0 = 48646096

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  25 00 08 d0 47 e6 e2 00      22:03:40.291  READ DMA EXT
  35 00 08 b0 02 21 e2 00      22:03:40.291  WRITE DMA EXT
  35 00 08 10 8b d0 e1 00      22:03:40.290  WRITE DMA EXT
  35 00 08 58 d0 ef e7 00      22:03:40.290  WRITE DMA EXT
  35 00 73 28 04 ef e7 00      22:03:40.290  WRITE DMA EXT

Error 49013 occurred at disk power-on lifetime: 23392 hours (974 days + 16 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 d0 47 e6 02  Error: UNC at LBA = 0x02e647d0 = 48646096

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  25 00 08 d0 47 e6 e2 00      22:03:37.524  READ DMA EXT
  ea 00 00 ff ff ff af 00      22:03:37.505  FLUSH CACHE EXT
  35 00 08 a8 02 21 e2 00      22:03:37.505  WRITE DMA EXT
  35 00 08 58 ba d5 e8 00      22:03:37.504  WRITE DMA EXT
  35 00 08 b0 02 21 e2 00      22:03:37.504  WRITE DMA EXT

Error 49012 occurred at disk power-on lifetime: 23392 hours (974 days + 16 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 d0 47 e6 02  Error: UNC at LBA = 0x02e647d0 = 48646096

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  25 00 08 d0 47 e6 e2 00      22:03:34.172  READ DMA EXT
  35 00 08 98 02 21 e2 00      22:03:34.172  WRITE DMA EXT
  35 00 10 c8 ac c6 e1 00      22:03:34.172  WRITE DMA EXT
  25 00 08 d0 47 e6 e2 00      22:03:31.343  READ DMA EXT
  35 00 20 08 8f 21 e2 00      22:03:31.343  WRITE DMA EXT

Error 49011 occurred at disk power-on lifetime: 23392 hours (974 days + 16 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 d0 47 e6 02  Error: UNC at LBA = 0x02e647d0 = 48646096

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  25 00 08 d0 47 e6 e2 00      22:03:31.343  READ DMA EXT
  35 00 20 08 8f 21 e2 00      22:03:31.343  WRITE DMA EXT
  35 00 08 10 8b d0 e1 00      22:03:31.343  WRITE DMA EXT
  35 00 08 80 c6 c6 e1 00      22:03:31.342  WRITE DMA EXT
  35 00 08 48 ec c5 e1 00      22:03:31.342  WRITE DMA EXT

SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed: read failure       90%     23392         48646096

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:56 PM

Posted 29 April 2014 - 12:33 PM

Hi j.evans1981,
 
I suggest backing up all files that you want to keep as your hard drive shows it has been damaged. The SMART test was passed, but there is a chance your hard driver could fail, which would loose you all your data.
 
Run CHKDSK to check for disk errors:

  • Click Start => go to RUN and type in cmd and then hit Enter.
  • At the command prompt, type the following command chkdsk c: /x /f /r and then press Enter.
  • If you are prompted to schedule CHKDSK to run the next time the computer restarts (because CHKDSK may be unable to gain exclusive access to the drive under Windows), type the following text y, and then press Enter.
  • At the command prompt, type exit and then press Enter.
  • Restart your computer. While Windows is loading, CHKDSK should automatically run and check the drive that you specified earlier.
    This process can take up to an hour!
  • When all is one and you are back into normal mode click Start => Run and type in eventvwr.msc and then hit Enter.
  • Once Event Viewer is open, select Windows logs => Application  => The 3th column of information in the right-hand pane is titled Source, click on the word Source at the top of the column to sort by that column.
  • Scroll through the Source column to find the most recent entry titled Winlogon and event id of 1001 (WinInit and id of 1001 for Windows Vista/7).
  • Double-click Wininit to open the CHKDSK results.
  • Click on the Copy button and post the result in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • CHKDSK results

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:56 PM

Posted 03 May 2014 - 10:27 AM

Hi j.evans1981,
 
This is a 3 day bump:
 
It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:56 PM

Posted 05 May 2014 - 12:25 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users