Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Corrupted normal.dot(m) file and unable to restore to prior restore point


  • This topic is locked This topic is locked
14 replies to this topic

#1 LISurfcaster

LISurfcaster

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 13 September 2013 - 10:13 AM

Can use your help...started up the computer today and my Word2007 normal template was corrupted. I attempted to locate the normal.dot(m) file and was unsuccessful (I searched all files and folders). Then ran Norton and found nothing; then tried to do a system restore and received error message indicating that the following file failed to extract: C:\Program Files9x86)\Common Files\microsoft shared\vgx\vgx.dll - restore point was damaged of deleted during restore...which all has me thinking I have a virus of some type...

 

Here are the two logs; thanks for your help:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/29/2012 12:51:12 AM
System Uptime: 9/13/2013 10:52:05 AM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | VIOLET6
Processor: AMD Phenom™ II X4 820 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1386 GiB total, 1292.96 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.476 GiB free.
E: is CDROM (CDFS)
F: is FIXED (FAT32) - 149 GiB total, 108.149 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP105: 9/9/2013 4:39:09 PM - Scheduled Checkpoint
RP106: 9/10/2013 10:58:14 PM - Windows Update
RP107: 9/12/2013 3:00:13 AM - Windows Update
RP108: 9/12/2013 10:51:47 PM - Windows Update
RP110: 9/13/2013 10:48:40 AM - Restore Operation
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auction Sentry
Auslogics BitReplica
Bonjour
CCleaner
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system
Convert PDF to Word Desktop Software version 2.8.1
Coupon Companion
CPUID HWMonitor 1.22
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
DVD Menu Pack for HP MediaSmart Video
FastStone Image Viewer 4.6
FBackup 4
Free PDF Solutions PDF to WORD version 1.0
Google Earth
Google Update Helper
GoToMeeting 5.8.0.1189
Hardware Diagnostic Tools
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Hulu Desktop
iTunes
Java 7 Update 17 (64-bit)
Java 7 Update 25
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
LabelPrint
LightScribe System Software
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 60 day trial
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MozyHome
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Norton Online Backup
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
PhoneTrans 1.2.0
PictureMover
PlayReady PC Runtime amd64
Power2Go
PowerDirector
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
Sendouts Outlook AddIn
Sendouts SourcePro Toolbar
SlimCleaner
SpeedFan (remove only)
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 2.0.3
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WXTide32
.
==== Event Viewer Messages From Past Week ========
.
9/13/2013 10:51:31 AM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.
9/11/2013 8:57:16 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk6\DR8.
9/11/2013 5:30:16 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Print Spooler service, but this action failed with the following error:  An instance of the service is already running.
9/11/2013 5:29:16 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/11/2013 5:27:49 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by Ross at 11:03:32 on 2013-09-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7935.6116 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Softland\FBackup 4\fbaSched.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mstart.exe
C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\AOL\1358221278\ee\aolsoftware.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mlauncher.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
uRun: [FBackup Scheduler] <no file>
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1358221278\ee\AOLSoftware.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files\MozyHome\mozystat.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B3972472-04B6-4533-8FF5-AE70A821634E} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\bkj2v3s8.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll
FF - plugin: C:\Users\Ross\AppData\Local\Citrix\Plugins\79\npappdetector.dll
FF - plugin: C:\Users\Ross\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-10 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-10 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [2013-9-3 1525336]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-10 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130911.001\IDSviA64.sys [2013-9-11 520280]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-10 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-10 433752]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-10 144368]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-15 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-27 140376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-5 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-5 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-30 1255736]
.
=============== Created Last 30 ================
.
2013-09-11 21:28:05    --------    d-----w-    C:\Output Files
2013-09-11 21:27:24    --------    d-----w-    C:\Program Files (x86)\office Convert Pdf to PowerPoint for ppt Free
2013-09-11 21:27:09    --------    d--h--w-    C:\ProgramData\Common Files
2013-09-11 21:07:30    --------    d-----w-    C:\Users\Ross\AppData\Local\Wondershare
2013-09-11 21:07:30    --------    d-----w-    C:\Program Files (x86)\Common Files\Wondershare
2013-09-11 21:07:10    --------    d-----w-    C:\ProgramData\PDFEditor
2013-09-11 21:07:09    --------    d-----w-    C:\Users\Ross\AppData\Roaming\Wondershare
2013-09-10 21:19:00    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-09-04 20:45:02    --------    d-----w-    C:\Program Files\CCleaner
.
==================== Find3M  ====================
.
2013-09-11 15:25:16    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 15:25:16    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:22:18    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-08-10 05:20:59    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43    3155456    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-02 02:23:53    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-02 02:15:03    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:45:37    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-06 17:25:55    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-06 17:25:55    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-06 17:25:55    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 11:04:01.53 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 PM

Posted 18 September 2013 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 

9/13/2013 10:51:31 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.

How to:
http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/using-windows-7-how-do-i-run-chkdsk/a68b3e4d-1a42-e011-9767-d8d385dcbb12

Let it finish.
===

Can this be the cause of not finding normal.dot?
One of the fundamentals of Word is that all its main settings are in a file named normal.dot. (In Word 2007 and Word 2010 this file is called normal.dotm.)

p.s.
Do you get a prompt that the file is corrupted?
http://support.microsoft.com/kb/291352
===

Lets check for malware.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 LISurfcaster

LISurfcaster
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 18 September 2013 - 11:05 AM

Thanks for your reply. Here are some additional issues since my initial posting:

 

I did not get a prompt informing me that the nomal.dotm file was corrupted. I noticed it when I launched Word.

My printer is no longer recognized and I have been unable to uninstall or reinstall it. I cannot print from any application or from the Internet

When I insert a flash drive, the flash drive appears but I am unable to open or save files to it

 

Chkdsk completed...no issues reported.

I will complete the rest of your instructions and post the updated logs.

 

Ross



#4 LISurfcaster

LISurfcaster
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 18 September 2013 - 11:49 AM

AdwCkeaner, JUnkware Removal Tool, and ComboFix all completed. Logs to follow.

Printer is back on line and working fine.

MS Word normal.dot file still not correct. New document opens to cursor all the way at the top of the page. I checked the page margin settings and they look to be correct.

I renamed the normal.dot file and restarted Word and that did not work.

 

Here are the logs:

 

# AdwCleaner v3.004 - Report created 18/09/2013 at 12:10:53
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ross - ROSS-PC
# Running from : C:\Users\Ross\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Users\Ross\AppData\Local\Temp\boost_interprocess
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Ross\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\bkj2v3s8.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "13b90aa3cb647b2de13ec40c5569c1ff");
Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

*************************

AdwCleaner[R0].txt - [3521 octets] - [18/09/2013 12:07:56]
AdwCleaner[S0].txt - [3372 octets] - [18/09/2013 12:10:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3432 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ross on Wed 09/18/2013 at 12:17:58.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022442293}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055445593}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044444493}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022442293}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550055445593}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440044444493}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550055445593}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440044444493}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\wondershare"



~~~ FireFox

Successfully deleted the following from C:\Users\Ross\AppData\Roaming\mozilla\firefox\profiles\bkj2v3s8.default\prefs.js

user_pref("social.manifest.facebook", "{\"origin\":\"hxxps://www.facebook.com\",\"name\":\"Facebook Messenger\",\"workerURL\":\"hxxps://www.facebook.com/desktop/fbdesktop2/soc
Emptied folder: C:\Users\Ross\AppData\Roaming\mozilla\firefox\profiles\bkj2v3s8.default\minidumps [64 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/18/2013 at 12:24:33.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

ComboFix 13-09-17.01 - Ross 09/18/2013  12:28:16.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7935.6029 [GMT -4:00]
Running from: c:\users\Ross\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ross\AppData\Local\assembly\tmp
c:\users\Ross\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-18 to 2013-09-18  )))))))))))))))))))))))))))))))
.
.
2013-09-18 16:35 . 2013-09-18 16:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-18 16:17 . 2013-09-18 16:17    --------    d-----w-    c:\windows\ERUNT
2013-09-18 16:07 . 2013-09-18 16:10    --------    d-----w-    C:\AdwCleaner
2013-09-13 18:53 . 2013-09-13 18:53    --------    d-----w-    c:\users\Ross\AppData\Roaming\AVG2014
2013-09-13 18:53 . 2013-09-13 18:53    --------    d-----w-    c:\users\Ross\AppData\Roaming\TuneUp Software
2013-09-13 18:51 . 2013-09-13 18:53    --------    d-----w-    c:\programdata\AVG2014
2013-09-13 18:51 . 2013-09-13 18:51    --------    d-----w-    C:\$AVG
2013-09-13 18:50 . 2013-09-13 18:50    --------    d-----w-    c:\program files (x86)\AVG
2013-09-13 18:48 . 2013-09-18 13:10    --------    d-----w-    c:\programdata\MFAData
2013-09-13 18:48 . 2013-09-13 18:55    --------    d-----w-    c:\users\Ross\AppData\Local\Avg2014
2013-09-13 18:48 . 2013-09-13 18:48    --------    d-----w-    c:\users\Ross\AppData\Local\MFAData
2013-09-11 21:28 . 2013-09-11 21:28    --------    d-----w-    C:\Output Files
2013-09-11 21:27 . 2013-09-11 21:42    --------    d-----w-    c:\program files (x86)\office Convert Pdf to PowerPoint for ppt Free
2013-09-11 21:27 . 2013-09-11 21:27    --------    d--h--w-    c:\programdata\Common Files
2013-09-11 21:07 . 2013-09-11 21:07    --------    d-----w-    c:\users\Ross\AppData\Local\Wondershare
2013-09-11 21:07 . 2013-09-11 21:42    --------    d-----w-    c:\programdata\PDFEditor
2013-09-11 21:07 . 2013-09-11 21:07    --------    d-----w-    c:\users\Ross\AppData\Roaming\Wondershare
2013-09-10 21:19 . 2013-08-05 02:25    155584    ----a-w-    c:\windows\system32\drivers\ataport.sys
2013-09-04 20:45 . 2013-09-04 20:45    --------    d-----w-    c:\program files\CCleaner
2013-08-23 03:25 . 2013-08-23 03:25    212280    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2013-08-23 03:08 . 2013-08-23 03:08    294712    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2013-08-23 02:55 . 2013-08-23 02:55    241464    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-23 02:54 . 2013-08-23 02:54    192824    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2013-08-21 02:53 . 2013-08-21 02:53    123704    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 18:25 . 2012-07-29 17:00    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 18:25 . 2012-07-29 17:00    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-11 03:02 . 2012-07-30 14:05    79143768    ----a-w-    c:\windows\system32\MRT.exe
2013-08-02 01:48 . 2013-09-10 21:18    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-08-01 20:07 . 2013-08-01 20:07    251192    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2013-08-01 20:06 . 2013-08-01 20:06    147768    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2013-08-01 20:04 . 2013-08-01 20:04    31544    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
2013-07-25 09:25 . 2013-08-14 10:06    1888768    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 10:06    1620992    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 10:06    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 10:06    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 10:07    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 10:06    1217024    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 10:07    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 10:07    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 10:07    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 10:06    663552    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 10:07    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 10:07    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 10:07    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 10:07    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-07-06 17:25 . 2013-07-06 17:26    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-06 17:25 . 2012-08-13 00:59    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-07-06 17:25 . 2012-08-13 00:59    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-07-06 06:03 . 2013-08-14 10:06    1910208    ----a-w-    c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\1172\g2mstart.exe" [2013-06-27 40816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"HostManager"="c:\program files (x86)\Common Files\AOL\1358221278\ee\AOLSoftware.exe" [2010-03-08 41800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-08-26 4851248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2013-5-21 6438216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130903.002\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130918.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130918.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 18:25]
.
2013-09-14 c:\windows\Tasks\fba_Computer Backup.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2012-11-18 17:58]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-30 20:21]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-30 20:21]
.
2013-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2013-05-21 19:06    6437192    ----a-w-    c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2013-05-21 19:06    6437192    ----a-w-    c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: websponsorlink.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\bkj2v3s8.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-FBackup Scheduler - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-18  12:37:54
ComboFix-quarantined-files.txt  2013-09-18 16:37
.
Pre-Run: 1,386,002,747,392 bytes free
Post-Run: 1,385,591,865,344 bytes free
.
- - End Of File - - 2F586B10142862C08AD98E169AF63368
836A0BBD50D5ABD49BD28CB10FA10956
 

THANKS.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 PM

Posted 18 September 2013 - 01:20 PM


Have the additional problems occurred after you have completed the execution of the tools I recommended?

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#6 LISurfcaster

LISurfcaster
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 18 September 2013 - 01:45 PM

Hi,

 

As mentioned the Printer is now back online and accessible. The MS Word template still appears to be damaged - upon opening a new document the cursor appears at the very top of the page. I am now able to access and read my flash drive. Here are the logs:

 

14:29:59.0139 6084  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:29:59.0554 6084  ============================================================
14:29:59.0555 6084  Current date / time: 2013/09/18 14:29:59.0554
14:29:59.0555 6084  SystemInfo:
14:29:59.0555 6084  
14:29:59.0555 6084  OS Version: 6.1.7601 ServicePack: 1.0
14:29:59.0555 6084  Product type: Workstation
14:29:59.0555 6084  ComputerName: ROSS-PC
14:29:59.0555 6084  UserName: Ross
14:29:59.0556 6084  Windows directory: C:\Windows
14:29:59.0556 6084  System windows directory: C:\Windows
14:29:59.0556 6084  Running under WOW64
14:29:59.0556 6084  Processor architecture: Intel x64
14:29:59.0556 6084  Number of processors: 4
14:29:59.0556 6084  Page size: 0x1000
14:29:59.0556 6084  Boot type: Normal boot
14:29:59.0556 6084  ============================================================
14:30:00.0815 6084  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:30:00.0821 6084  Drive \Device\Harddisk1\DR1 - Size: 0x776F8000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:30:00.0835 6084  ============================================================
14:30:00.0835 6084  \Device\Harddisk0\DR0:
14:30:00.0835 6084  MBR partitions:
14:30:00.0835 6084  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:30:00.0835 6084  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3283F, BlocksNum 0xAD4A07C1
14:30:00.0835 6084  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAD4D3000, BlocksNum 0x157DB30
14:30:00.0835 6084  \Device\Harddisk1\DR1:
14:30:00.0836 6084  MBR partitions:
14:30:00.0836 6084  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3BB521
14:30:00.0836 6084  ============================================================
14:30:00.0846 6084  C: <-> \Device\Harddisk0\DR0\Partition2
14:30:00.0904 6084  D: <-> \Device\Harddisk0\DR0\Partition3
14:30:00.0904 6084  ============================================================
14:30:00.0904 6084  Initialize success
14:30:00.0904 6084  ============================================================
14:30:32.0269 6080  ============================================================
14:30:32.0269 6080  Scan started
14:30:32.0269 6080  Mode: Manual; SigCheck; TDLFS;
14:30:32.0269 6080  ============================================================
14:30:32.0542 6080  ================ Scan system memory ========================
14:30:32.0542 6080  System memory - ok
14:30:32.0543 6080  ================ Scan services =============================
14:30:32.0722 6080  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:30:32.0820 6080  1394ohci - ok
14:30:32.0837 6080  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:30:32.0851 6080  ACPI - ok
14:30:32.0882 6080  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:30:32.0953 6080  AcpiPmi - ok
14:30:33.0045 6080  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:30:33.0082 6080  AdobeARMservice - ok
14:30:33.0167 6080  [ 7BBAF543CABE8A8D275BC7F6C66C1959 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:30:33.0201 6080  AdobeFlashPlayerUpdateSvc - ok
14:30:33.0231 6080  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:30:33.0255 6080  adp94xx - ok
14:30:33.0275 6080  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:30:33.0292 6080  adpahci - ok
14:30:33.0311 6080  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:30:33.0327 6080  adpu320 - ok
14:30:33.0347 6080  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:30:33.0392 6080  AeLookupSvc - ok
14:30:33.0511 6080  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:30:33.0560 6080  AFD - ok
14:30:33.0587 6080  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:30:33.0607 6080  agp440 - ok
14:30:33.0627 6080  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:30:33.0653 6080  ALG - ok
14:30:33.0691 6080  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:30:33.0719 6080  aliide - ok
14:30:33.0738 6080  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:30:33.0757 6080  amdide - ok
14:30:33.0780 6080  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:30:33.0804 6080  AmdK8 - ok
14:30:33.0822 6080  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:30:33.0843 6080  AmdPPM - ok
14:30:33.0871 6080  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:30:33.0884 6080  amdsata - ok
14:30:33.0896 6080  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:30:33.0910 6080  amdsbs - ok
14:30:33.0922 6080  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:30:33.0933 6080  amdxata - ok
14:30:34.0005 6080  [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS         C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
14:30:34.0039 6080  AOL ACS - ok
14:30:34.0076 6080  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:30:34.0170 6080  AppID - ok
14:30:34.0175 6080  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:30:34.0209 6080  AppIDSvc - ok
14:30:34.0235 6080  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
14:30:34.0274 6080  Appinfo - ok
14:30:34.0363 6080  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:30:34.0396 6080  Apple Mobile Device - ok
14:30:34.0436 6080  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:30:34.0452 6080  arc - ok
14:30:34.0465 6080  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:30:34.0481 6080  arcsas - ok
14:30:34.0574 6080  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:30:34.0609 6080  aspnet_state - ok
14:30:34.0626 6080  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:30:34.0674 6080  AsyncMac - ok
14:30:34.0702 6080  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:30:34.0734 6080  atapi - ok
14:30:34.0829 6080  [ B4421D8CDADC441F76BA39532A3E3414 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
14:30:34.0957 6080  athr - ok
14:30:35.0013 6080  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:30:35.0084 6080  AudioEndpointBuilder - ok
14:30:35.0094 6080  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:30:35.0128 6080  AudioSrv - ok
14:30:35.0150 6080  [ 877FC6E4E22218C1C1B1F41E63AC825A ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
14:30:35.0168 6080  Avgdiska - ok
14:30:35.0304 6080  [ F0EFB3F533DF6C153033211889023905 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
14:30:35.0360 6080  AVGIDSAgent - ok
14:30:35.0377 6080  [ 829A14AFA90D2CA821BAF49FF280CCC4 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:30:35.0390 6080  AVGIDSDriver - ok
14:30:35.0406 6080  [ BB49C8C604F1A1771ED25E7B9A1B6F43 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
14:30:35.0425 6080  AVGIDSHA - ok
14:30:35.0445 6080  [ 07F3EADE36F17AB8C1AF1BB4688C8242 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
14:30:35.0477 6080  Avgldx64 - ok
14:30:35.0534 6080  [ F9139BF79B4D64E84479942F9E3DAF99 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
14:30:35.0574 6080  Avgloga - ok
14:30:35.0584 6080  [ 4B459C2FCF22ECE548766B2FCF46F62C ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
14:30:35.0620 6080  Avgmfx64 - ok
14:30:35.0639 6080  [ B97B24A97F2DF22C459E87F4BED2E015 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
14:30:35.0656 6080  Avgrkx64 - ok
14:30:35.0665 6080  [ 4E364FABBD147F59E5D524C9EA86D772 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
14:30:35.0686 6080  Avgtdia - ok
14:30:35.0720 6080  [ 19781AE826FD0A14BE5B583408C6185F ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
14:30:35.0756 6080  avgwd - ok
14:30:35.0797 6080  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:30:35.0871 6080  AxInstSV - ok
14:30:35.0913 6080  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:30:35.0980 6080  b06bdrv - ok
14:30:36.0017 6080  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:30:36.0051 6080  b57nd60a - ok
14:30:36.0095 6080  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:30:36.0169 6080  BDESVC - ok
14:30:36.0192 6080  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:30:36.0241 6080  Beep - ok
14:30:36.0305 6080  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:30:36.0367 6080  BFE - ok
14:30:36.0526 6080  [ 4CFB458DDB8C7874C1544A7653200F00 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130903.002\BHDrvx64.sys
14:30:36.0569 6080  BHDrvx64 - ok
14:30:36.0593 6080  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
14:30:36.0639 6080  BITS - ok
14:30:36.0657 6080  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:30:36.0670 6080  blbdrive - ok
14:30:36.0758 6080  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:30:36.0788 6080  Bonjour Service - ok
14:30:36.0820 6080  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:30:36.0854 6080  bowser - ok
14:30:36.0883 6080  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:30:36.0953 6080  BrFiltLo - ok
14:30:36.0963 6080  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:30:36.0981 6080  BrFiltUp - ok
14:30:37.0010 6080  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:30:37.0068 6080  BridgeMP - ok
14:30:37.0110 6080  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:30:37.0148 6080  Browser - ok
14:30:37.0169 6080  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:30:37.0209 6080  Brserid - ok
14:30:37.0219 6080  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:30:37.0251 6080  BrSerWdm - ok
14:30:37.0271 6080  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:30:37.0315 6080  BrUsbMdm - ok
14:30:37.0329 6080  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:30:37.0361 6080  BrUsbSer - ok
14:30:37.0374 6080  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:30:37.0398 6080  BTHMODEM - ok
14:30:37.0427 6080  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:30:37.0494 6080  bthserv - ok
14:30:37.0508 6080  catchme - ok
14:30:37.0586 6080  [ 56685951208AC81CF923B9B08BEDF3B7 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys
14:30:37.0615 6080  ccSet_NIS - ok
14:30:37.0627 6080  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:30:37.0676 6080  cdfs - ok
14:30:37.0725 6080  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:30:37.0774 6080  cdrom - ok
14:30:37.0829 6080  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:30:37.0886 6080  CertPropSvc - ok
14:30:37.0897 6080  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:30:37.0926 6080  circlass - ok
14:30:37.0945 6080  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:30:37.0960 6080  CLFS - ok
14:30:38.0011 6080  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:30:38.0039 6080  clr_optimization_v2.0.50727_32 - ok
14:30:38.0066 6080  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:30:38.0084 6080  clr_optimization_v2.0.50727_64 - ok
14:30:38.0167 6080  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:30:38.0202 6080  clr_optimization_v4.0.30319_32 - ok
14:30:38.0220 6080  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:30:38.0240 6080  clr_optimization_v4.0.30319_64 - ok
14:30:38.0258 6080  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:30:38.0280 6080  CmBatt - ok
14:30:38.0306 6080  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:30:38.0318 6080  cmdide - ok
14:30:38.0346 6080  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
14:30:38.0367 6080  CNG - ok
14:30:38.0381 6080  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:30:38.0393 6080  Compbatt - ok
14:30:38.0435 6080  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:30:38.0487 6080  CompositeBus - ok
14:30:38.0492 6080  COMSysApp - ok
14:30:38.0511 6080  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:30:38.0530 6080  crcdisk - ok
14:30:38.0567 6080  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:30:38.0607 6080  CryptSvc - ok
14:30:38.0648 6080  [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
14:30:38.0667 6080  dc3d - ok
14:30:38.0704 6080  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:30:38.0762 6080  DcomLaunch - ok
14:30:38.0790 6080  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:30:38.0839 6080  defragsvc - ok
14:30:38.0864 6080  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:30:38.0895 6080  DfsC - ok
14:30:38.0921 6080  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:30:38.0955 6080  Dhcp - ok
14:30:38.0970 6080  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:30:39.0042 6080  discache - ok
14:30:39.0064 6080  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:30:39.0075 6080  Disk - ok
14:30:39.0104 6080  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:30:39.0135 6080  Dnscache - ok
14:30:39.0163 6080  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:30:39.0195 6080  dot3svc - ok
14:30:39.0210 6080  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:30:39.0252 6080  DPS - ok
14:30:39.0267 6080  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:30:39.0292 6080  drmkaud - ok
14:30:39.0335 6080  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:30:39.0372 6080  DXGKrnl - ok
14:30:39.0397 6080  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:30:39.0445 6080  EapHost - ok
14:30:39.0494 6080  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:30:39.0622 6080  ebdrv - ok
14:30:39.0673 6080  [ A2DA3D8E0B336E13F7A155B5789B58CF ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:30:39.0715 6080  eeCtrl - ok
14:30:39.0746 6080  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:30:39.0762 6080  EFS - ok
14:30:39.0817 6080  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:30:39.0875 6080  ehRecvr - ok
14:30:39.0906 6080  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:30:39.0983 6080  ehSched - ok
14:30:40.0069 6080  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:30:40.0127 6080  elxstor - ok
14:30:40.0158 6080  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:30:40.0192 6080  ErrDev - ok
14:30:40.0219 6080  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:30:40.0259 6080  EventSystem - ok
14:30:40.0271 6080  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:30:40.0303 6080  exfat - ok
14:30:40.0316 6080  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:30:40.0349 6080  fastfat - ok
14:30:40.0388 6080  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:30:40.0421 6080  Fax - ok
14:30:40.0438 6080  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:30:40.0461 6080  fdc - ok
14:30:40.0473 6080  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:30:40.0503 6080  fdPHost - ok
14:30:40.0527 6080  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:30:40.0567 6080  FDResPub - ok
14:30:40.0582 6080  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:30:40.0593 6080  FileInfo - ok
14:30:40.0600 6080  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:30:40.0639 6080  Filetrace - ok
14:30:40.0657 6080  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:30:40.0670 6080  flpydisk - ok
14:30:40.0690 6080  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:30:40.0704 6080  FltMgr - ok
14:30:40.0762 6080  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
14:30:40.0828 6080  FontCache - ok
14:30:40.0868 6080  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:30:40.0968 6080  FontCache3.0.0.0 - ok
14:30:40.0980 6080  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:30:40.0995 6080  FsDepends - ok
14:30:41.0024 6080  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:30:41.0039 6080  Fs_Rec - ok
14:30:41.0071 6080  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:30:41.0091 6080  fvevol - ok
14:30:41.0101 6080  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:30:41.0113 6080  gagp30kx - ok
14:30:41.0188 6080  [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:30:41.0219 6080  GameConsoleService - ok
14:30:41.0247 6080  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:30:41.0262 6080  GEARAspiWDM - ok
14:30:41.0287 6080  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:30:41.0328 6080  gpsvc - ok
14:30:41.0384 6080  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:30:41.0416 6080  gupdate - ok
14:30:41.0430 6080  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:30:41.0442 6080  gupdatem - ok
14:30:41.0453 6080  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:30:41.0480 6080  hcw85cir - ok
14:30:41.0509 6080  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:30:41.0569 6080  HDAudBus - ok
14:30:41.0584 6080  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:30:41.0600 6080  HidBatt - ok
14:30:41.0614 6080  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:30:41.0634 6080  HidBth - ok
14:30:41.0641 6080  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:30:41.0660 6080  HidIr - ok
14:30:41.0675 6080  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
14:30:41.0712 6080  hidserv - ok
14:30:41.0734 6080  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:30:41.0746 6080  HidUsb - ok
14:30:41.0778 6080  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:30:41.0846 6080  hkmsvc - ok
14:30:41.0885 6080  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:30:41.0920 6080  HomeGroupListener - ok
14:30:41.0954 6080  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:30:41.0968 6080  HomeGroupProvider - ok
14:30:42.0017 6080  [ 00B239202F7756695C8CCDF8BAFA7D3D ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:30:42.0044 6080  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
14:30:42.0044 6080  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
14:30:42.0099 6080  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:30:42.0138 6080  hpqwmiex - ok
14:30:42.0153 6080  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:30:42.0169 6080  HpSAMD - ok
14:30:42.0222 6080  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:30:42.0279 6080  HTTP - ok
14:30:42.0312 6080  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:30:42.0323 6080  hwpolicy - ok
14:30:42.0337 6080  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:30:42.0350 6080  i8042prt - ok
14:30:42.0365 6080  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:30:42.0383 6080  iaStorV - ok
14:30:42.0428 6080  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:30:42.0468 6080  idsvc - ok
14:30:42.0554 6080  [ A1258065E8B16E23E2AFDE72FB5559BC ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130918.001\IDSvia64.sys
14:30:42.0596 6080  IDSVia64 - ok
14:30:42.0629 6080  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:30:42.0644 6080  iirsp - ok
14:30:42.0665 6080  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:30:42.0720 6080  IKEEXT - ok
14:30:42.0800 6080  [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:30:42.0845 6080  IntcAzAudAddService - ok
14:30:42.0866 6080  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:30:42.0878 6080  intelide - ok
14:30:42.0901 6080  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:30:42.0924 6080  intelppm - ok
14:30:42.0959 6080  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:30:43.0034 6080  IPBusEnum - ok
14:30:43.0060 6080  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:30:43.0091 6080  IpFilterDriver - ok
14:30:43.0120 6080  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:30:43.0160 6080  iphlpsvc - ok
14:30:43.0188 6080  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:30:43.0241 6080  IPMIDRV - ok
14:30:43.0261 6080  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:30:43.0319 6080  IPNAT - ok
14:30:43.0360 6080  [ B474C756C13960793C7583B766F904C4 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:30:43.0378 6080  iPod Service - ok
14:30:43.0403 6080  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:30:43.0466 6080  IRENUM - ok
14:30:43.0478 6080  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:30:43.0495 6080  isapnp - ok
14:30:43.0514 6080  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:30:43.0530 6080  iScsiPrt - ok
14:30:43.0557 6080  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:30:43.0568 6080  kbdclass - ok
14:30:43.0574 6080  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:30:43.0599 6080  kbdhid - ok
14:30:43.0610 6080  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:30:43.0623 6080  KeyIso - ok
14:30:43.0653 6080  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:30:43.0665 6080  KSecDD - ok
14:30:43.0690 6080  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:30:43.0702 6080  KSecPkg - ok
14:30:43.0709 6080  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:30:43.0740 6080  ksthunk - ok
14:30:43.0762 6080  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:30:43.0809 6080  KtmRm - ok
14:30:43.0856 6080  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:30:43.0911 6080  LanmanServer - ok
14:30:43.0953 6080  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:30:44.0014 6080  LanmanWorkstation - ok
14:30:44.0063 6080  [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:30:44.0091 6080  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:30:44.0091 6080  LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:30:44.0116 6080  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:30:44.0175 6080  lltdio - ok
14:30:44.0204 6080  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:30:44.0251 6080  lltdsvc - ok
14:30:44.0264 6080  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:30:44.0295 6080  lmhosts - ok
14:30:44.0319 6080  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:30:44.0332 6080  LSI_FC - ok
14:30:44.0347 6080  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:30:44.0360 6080  LSI_SAS - ok
14:30:44.0372 6080  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:30:44.0384 6080  LSI_SAS2 - ok
14:30:44.0401 6080  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:30:44.0414 6080  LSI_SCSI - ok
14:30:44.0425 6080  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:30:44.0456 6080  luafv - ok
14:30:44.0478 6080  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:30:44.0498 6080  Mcx2Svc - ok
14:30:44.0511 6080  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:30:44.0524 6080  megasas - ok
14:30:44.0539 6080  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:30:44.0554 6080  MegaSR - ok
14:30:44.0568 6080  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:30:44.0599 6080  MMCSS - ok
14:30:44.0608 6080  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:30:44.0645 6080  Modem - ok
14:30:44.0661 6080  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:30:44.0685 6080  monitor - ok
14:30:44.0718 6080  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:30:44.0748 6080  mouclass - ok
14:30:44.0764 6080  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:30:44.0780 6080  mouhid - ok
14:30:44.0807 6080  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:30:44.0822 6080  mountmgr - ok
14:30:44.0861 6080  [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:30:44.0876 6080  MozillaMaintenance - ok
14:30:44.0928 6080  [ A02A8C6EA51340BE305767F3F5049DB6 ] mozybackup      C:\Program Files\MozyHome\mozybackup.exe
14:30:44.0955 6080  mozybackup - ok
14:30:45.0003 6080  [ E7C9CCAA210D23096118184CF583C952 ] mozyFilter      C:\Windows\system32\DRIVERS\mozy.sys
14:30:45.0029 6080  mozyFilter - ok
14:30:45.0050 6080  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:30:45.0072 6080  mpio - ok
14:30:45.0098 6080  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:30:45.0129 6080  mpsdrv - ok
14:30:45.0167 6080  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:30:45.0204 6080  MpsSvc - ok
14:30:45.0227 6080  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:30:45.0251 6080  MRxDAV - ok
14:30:45.0271 6080  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:30:45.0296 6080  mrxsmb - ok
14:30:45.0311 6080  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:30:45.0334 6080  mrxsmb10 - ok
14:30:45.0350 6080  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:30:45.0363 6080  mrxsmb20 - ok
14:30:45.0379 6080  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:30:45.0391 6080  msahci - ok
14:30:45.0422 6080  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:30:45.0435 6080  msdsm - ok
14:30:45.0459 6080  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:30:45.0474 6080  MSDTC - ok
14:30:45.0489 6080  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:30:45.0521 6080  Msfs - ok
14:30:45.0531 6080  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:30:45.0576 6080  mshidkmdf - ok
14:30:45.0584 6080  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:30:45.0595 6080  msisadrv - ok
14:30:45.0625 6080  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:30:45.0659 6080  MSiSCSI - ok
14:30:45.0662 6080  msiserver - ok
14:30:45.0691 6080  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:30:45.0722 6080  MSKSSRV - ok
14:30:45.0734 6080  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:30:45.0766 6080  MSPCLOCK - ok
14:30:45.0775 6080  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:30:45.0814 6080  MSPQM - ok
14:30:45.0848 6080  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:30:45.0862 6080  MsRPC - ok
14:30:45.0874 6080  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:30:45.0885 6080  mssmbios - ok
14:30:45.0901 6080  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:30:45.0932 6080  MSTEE - ok
14:30:45.0944 6080  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:30:45.0963 6080  MTConfig - ok
14:30:45.0986 6080  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:30:45.0998 6080  Mup - ok
14:30:46.0016 6080  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:30:46.0053 6080  napagent - ok
14:30:46.0078 6080  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:30:46.0105 6080  NativeWifiP - ok
14:30:46.0167 6080  [ 702E07EC32F96ACDB873E9A5465D4401 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130917.025\ENG64.SYS
14:30:46.0197 6080  NAVENG - ok
14:30:46.0243 6080  [ 302EA314A1AF0D7CEF0A3D0195F79561 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130917.025\EX64.SYS
14:30:46.0281 6080  NAVEX15 - ok
14:30:46.0339 6080  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:30:46.0391 6080  NDIS - ok
14:30:46.0405 6080  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:30:46.0439 6080  NdisCap - ok
14:30:46.0461 6080  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:30:46.0492 6080  NdisTapi - ok
14:30:46.0523 6080  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:30:46.0561 6080  Ndisuio - ok
14:30:46.0590 6080  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:30:46.0626 6080  NdisWan - ok
14:30:46.0642 6080  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:30:46.0691 6080  NDProxy - ok
14:30:46.0707 6080  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:30:46.0749 6080  NetBIOS - ok
14:30:46.0770 6080  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:30:46.0819 6080  NetBT - ok
14:30:46.0833 6080  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:30:46.0846 6080  Netlogon - ok
14:30:46.0870 6080  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:30:46.0903 6080  Netman - ok
14:30:46.0939 6080  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:30:46.0972 6080  NetMsmqActivator - ok
14:30:46.0976 6080  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:30:46.0989 6080  NetPipeActivator - ok
14:30:47.0013 6080  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:30:47.0048 6080  netprofm - ok
14:30:47.0052 6080  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:30:47.0064 6080  NetTcpActivator - ok
14:30:47.0067 6080  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:30:47.0078 6080  NetTcpPortSharing - ok
14:30:47.0089 6080  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:30:47.0101 6080  nfrd960 - ok
14:30:47.0176 6080  [ 1BF9D6476061B31CD7FC2BF848529A56 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
14:30:47.0211 6080  NIS - ok
14:30:47.0241 6080  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:30:47.0277 6080  NlaSvc - ok
14:30:47.0286 6080  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:30:47.0320 6080  Npfs - ok
14:30:47.0339 6080  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:30:47.0385 6080  nsi - ok
14:30:47.0398 6080  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:30:47.0430 6080  nsiproxy - ok
14:30:47.0474 6080  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:30:47.0504 6080  Ntfs - ok
14:30:47.0513 6080  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:30:47.0558 6080  Null - ok
14:30:47.0756 6080  [ 1CF597C9F0745735A6C5181ECB83706E ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:30:47.0901 6080  nvlddmkm - ok
14:30:47.0929 6080  [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
14:30:47.0942 6080  NVNET - ok
14:30:47.0981 6080  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:30:47.0995 6080  nvraid - ok
14:30:48.0023 6080  [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
14:30:48.0032 6080  nvsmu - ok
14:30:48.0061 6080  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:30:48.0075 6080  nvstor - ok
14:30:48.0104 6080  [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
14:30:48.0115 6080  nvstor64 - ok
14:30:48.0193 6080  [ E71CFA7AE5E7518E29073D7C20A8FCA1 ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:30:48.0234 6080  nvsvc - ok
14:30:48.0271 6080  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:30:48.0295 6080  nv_agp - ok
14:30:48.0425 6080  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:30:48.0456 6080  odserv - ok
14:30:48.0492 6080  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:30:48.0505 6080  ohci1394 - ok
14:30:48.0561 6080  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:30:48.0593 6080  ose - ok
14:30:48.0613 6080  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:30:48.0652 6080  p2pimsvc - ok
14:30:48.0672 6080  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:30:48.0692 6080  p2psvc - ok
14:30:48.0713 6080  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:30:48.0731 6080  Parport - ok
14:30:48.0761 6080  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:30:48.0776 6080  partmgr - ok
14:30:48.0783 6080  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:30:48.0814 6080  PcaSvc - ok
14:30:48.0827 6080  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:30:48.0840 6080  pci - ok
14:30:48.0863 6080  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:30:48.0875 6080  pciide - ok
14:30:48.0894 6080  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:30:48.0908 6080  pcmcia - ok
14:30:48.0922 6080  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:30:48.0933 6080  pcw - ok
14:30:48.0954 6080  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:30:48.0995 6080  PEAUTH - ok
14:30:49.0059 6080  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:30:49.0099 6080  PerfHost - ok
14:30:49.0153 6080  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:30:49.0215 6080  pla - ok
14:30:49.0250 6080  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:30:49.0307 6080  PlugPlay - ok
14:30:49.0321 6080  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:30:49.0353 6080  PNRPAutoReg - ok
14:30:49.0371 6080  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:30:49.0395 6080  PNRPsvc - ok
14:30:49.0437 6080  [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64         C:\Windows\system32\DRIVERS\point64.sys
14:30:49.0467 6080  Point64 - ok
14:30:49.0489 6080  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:30:49.0556 6080  PolicyAgent - ok
14:30:49.0596 6080  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:30:49.0628 6080  Power - ok
14:30:49.0670 6080  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:30:49.0726 6080  PptpMiniport - ok
14:30:49.0742 6080  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:30:49.0755 6080  Processor - ok
14:30:49.0781 6080  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:30:49.0803 6080  ProfSvc - ok
14:30:49.0815 6080  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:30:49.0827 6080  ProtectedStorage - ok
14:30:49.0864 6080  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:30:49.0896 6080  Psched - ok
14:30:49.0928 6080  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:30:49.0975 6080  ql2300 - ok
14:30:49.0987 6080  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:30:50.0000 6080  ql40xx - ok
14:30:50.0024 6080  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:30:50.0049 6080  QWAVE - ok
14:30:50.0065 6080  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:30:50.0093 6080  QWAVEdrv - ok
14:30:50.0116 6080  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:30:50.0159 6080  RasAcd - ok
14:30:50.0228 6080  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:30:50.0294 6080  RasAgileVpn - ok
14:30:50.0340 6080  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:30:50.0399 6080  RasAuto - ok
14:30:50.0407 6080  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:30:50.0443 6080  Rasl2tp - ok
14:30:50.0459 6080  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:30:50.0492 6080  RasMan - ok
14:30:50.0508 6080  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:30:50.0540 6080  RasPppoe - ok
14:30:50.0559 6080  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:30:50.0623 6080  RasSstp - ok
14:30:50.0639 6080  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:30:50.0673 6080  rdbss - ok
14:30:50.0688 6080  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:30:50.0705 6080  rdpbus - ok
14:30:50.0720 6080  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:30:50.0752 6080  RDPCDD - ok
14:30:50.0771 6080  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:30:50.0815 6080  RDPENCDD - ok
14:30:50.0835 6080  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:30:50.0865 6080  RDPREFMP - ok
14:30:50.0930 6080  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:30:50.0968 6080  RdpVideoMiniport - ok
14:30:50.0999 6080  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:30:51.0046 6080  RDPWD - ok
14:30:51.0077 6080  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:30:51.0113 6080  rdyboost - ok
14:30:51.0138 6080  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:30:51.0178 6080  RemoteAccess - ok
14:30:51.0196 6080  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:30:51.0229 6080  RemoteRegistry - ok
14:30:51.0238 6080  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:30:51.0284 6080  RpcEptMapper - ok
14:30:51.0316 6080  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:30:51.0349 6080  RpcLocator - ok
14:30:51.0391 6080  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:30:51.0429 6080  RpcSs - ok
14:30:51.0438 6080  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:30:51.0479 6080  rspndr - ok
14:30:51.0489 6080  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:30:51.0501 6080  SamSs - ok
14:30:51.0538 6080  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:30:51.0569 6080  sbp2port - ok
14:30:51.0668 6080  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
14:30:51.0704 6080  SBSDWSCService - ok
14:30:51.0716 6080  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:30:51.0765 6080  SCardSvr - ok
14:30:51.0796 6080  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:30:51.0852 6080  scfilter - ok
14:30:51.0873 6080  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:30:51.0912 6080  Schedule - ok
14:30:51.0944 6080  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:30:51.0973 6080  SCPolicySvc - ok
14:30:52.0000 6080  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:30:52.0025 6080  SDRSVC - ok
14:30:52.0044 6080  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:30:52.0075 6080  secdrv - ok
14:30:52.0104 6080  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:30:52.0181 6080  seclogon - ok
14:30:52.0198 6080  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
14:30:52.0235 6080  SENS - ok
14:30:52.0249 6080  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:30:52.0275 6080  SensrSvc - ok
14:30:52.0295 6080  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:30:52.0315 6080  Serenum - ok
14:30:52.0328 6080  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:30:52.0342 6080  Serial - ok
14:30:52.0383 6080  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:30:52.0406 6080  sermouse - ok
14:30:52.0426 6080  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:30:52.0459 6080  SessionEnv - ok
14:30:52.0484 6080  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:30:52.0499 6080  sffdisk - ok
14:30:52.0507 6080  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:30:52.0524 6080  sffp_mmc - ok
14:30:52.0532 6080  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:30:52.0554 6080  sffp_sd - ok
14:30:52.0568 6080  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:30:52.0589 6080  sfloppy - ok
14:30:52.0627 6080  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:30:52.0663 6080  SharedAccess - ok
14:30:52.0681 6080  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:30:52.0721 6080  ShellHWDetection - ok
14:30:52.0736 6080  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:30:52.0748 6080  SiSRaid2 - ok
14:30:52.0757 6080  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:30:52.0770 6080  SiSRaid4 - ok
14:30:52.0787 6080  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:30:52.0819 6080  Smb - ok
14:30:52.0842 6080  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:30:52.0856 6080  SNMPTRAP - ok
14:30:52.0905 6080  [ 0FFE35F0B0CD5A324BBE22F02569AE3B ] speedfan        C:\Windows\syswow64\speedfan.sys
14:30:52.0933 6080  speedfan - ok
14:30:52.0945 6080  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:30:52.0975 6080  spldr - ok
14:30:53.0020 6080  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:30:53.0042 6080  Spooler - ok
14:30:53.0131 6080  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:30:53.0198 6080  sppsvc - ok
14:30:53.0210 6080  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:30:53.0243 6080  sppuinotify - ok
14:30:53.0320 6080  [ 2FD9346F9D76CB4192D37329CFA47A82 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS
14:30:53.0356 6080  SRTSP - ok
14:30:53.0371 6080  [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX          C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS
14:30:53.0381 6080  SRTSPX - ok
14:30:53.0429 6080  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:30:53.0476 6080  srv - ok
14:30:53.0517 6080  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:30:53.0554 6080  srv2 - ok
14:30:53.0587 6080  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:30:53.0614 6080  srvnet - ok
14:30:53.0639 6080  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:30:53.0690 6080  SSDPSRV - ok
14:30:53.0705 6080  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:30:53.0737 6080  SstpSvc - ok
14:30:53.0759 6080  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:30:53.0771 6080  stexstor - ok
14:30:53.0818 6080  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:30:53.0859 6080  stisvc - ok
14:30:53.0893 6080  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:30:53.0903 6080  swenum - ok
14:30:53.0921 6080  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:30:53.0959 6080  swprv - ok
14:30:54.0009 6080  [ 52DC0048D667757A8A2E4C87182890AC ] SymDS           C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS
14:30:54.0054 6080  SymDS - ok
14:30:54.0088 6080  [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA          C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS
14:30:54.0116 6080  SymEFA - ok
14:30:54.0147 6080  [ F19E5E37ED8134B9E5F6287F2D3A75D7 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:30:54.0158 6080  SymEvent - ok
14:30:54.0189 6080  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS
14:30:54.0200 6080  SymIRON - ok
14:30:54.0215 6080  [ 9CDCA70485BD6B9D230365F67C31F132 ] SymNetS         C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS
14:30:54.0230 6080  SymNetS - ok
14:30:54.0289 6080  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:30:54.0342 6080  SysMain - ok
14:30:54.0370 6080  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:30:54.0388 6080  TabletInputService - ok
14:30:54.0420 6080  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:30:54.0464 6080  TapiSrv - ok
14:30:54.0479 6080  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:30:54.0511 6080  TBS - ok
14:30:54.0569 6080  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:30:54.0623 6080  Tcpip - ok
14:30:54.0663 6080  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:30:54.0696 6080  TCPIP6 - ok
14:30:54.0723 6080  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:30:54.0735 6080  tcpipreg - ok
14:30:54.0756 6080  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:30:54.0797 6080  TDPIPE - ok
14:30:54.0823 6080  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:30:54.0856 6080  TDTCP - ok
14:30:54.0885 6080  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:30:54.0951 6080  tdx - ok
14:30:54.0970 6080  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:30:54.0981 6080  TermDD - ok
14:30:55.0004 6080  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:30:55.0043 6080  TermService - ok
14:30:55.0053 6080  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:30:55.0076 6080  Themes - ok
14:30:55.0095 6080  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:30:55.0126 6080  THREADORDER - ok
14:30:55.0136 6080  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:30:55.0180 6080  TrkWks - ok
14:30:55.0218 6080  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:30:55.0276 6080  TrustedInstaller - ok
14:30:55.0307 6080  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:30:55.0363 6080  tssecsrv - ok
14:30:55.0405 6080  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:30:55.0450 6080  TsUsbFlt - ok
14:30:55.0503 6080  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:30:55.0594 6080  tunnel - ok
14:30:55.0615 6080  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:30:55.0631 6080  uagp35 - ok
14:30:55.0653 6080  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:30:55.0696 6080  udfs - ok
14:30:55.0712 6080  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:30:55.0738 6080  UI0Detect - ok
14:30:55.0758 6080  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:30:55.0770 6080  uliagpkx - ok
14:30:55.0802 6080  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
14:30:55.0815 6080  umbus - ok
14:30:55.0832 6080  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:30:55.0852 6080  UmPass - ok
14:30:55.0871 6080  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:30:55.0905 6080  upnphost - ok
14:30:55.0925 6080  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:30:55.0963 6080  USBAAPL64 - ok
14:30:55.0981 6080  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:30:56.0013 6080  usbccgp - ok
14:30:56.0032 6080  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:30:56.0051 6080  usbcir - ok
14:30:56.0067 6080  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:30:56.0080 6080  usbehci - ok
14:30:56.0100 6080  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:30:56.0130 6080  usbhub - ok
14:30:56.0149 6080  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:30:56.0161 6080  usbohci - ok
14:30:56.0184 6080  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:30:56.0205 6080  usbprint - ok
14:30:56.0216 6080  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:30:56.0257 6080  USBSTOR - ok
14:30:56.0267 6080  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:30:56.0280 6080  usbuhci - ok
14:30:56.0294 6080  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:30:56.0335 6080  UxSms - ok
14:30:56.0352 6080  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:30:56.0365 6080  VaultSvc - ok
14:30:56.0369 6080  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:30:56.0381 6080  vdrvroot - ok
14:30:56.0415 6080  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:30:56.0479 6080  vds - ok
14:30:56.0487 6080  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:30:56.0502 6080  vga - ok
14:30:56.0514 6080  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:30:56.0546 6080  VgaSave - ok
14:30:56.0565 6080  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:30:56.0579 6080  vhdmp - ok
14:30:56.0600 6080  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:30:56.0611 6080  viaide - ok
14:30:56.0622 6080  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:30:56.0632 6080  volmgr - ok
14:30:56.0672 6080  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:30:56.0682 6080  volmgrx - ok
14:30:56.0702 6080  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:30:56.0712 6080  volsnap - ok
14:30:56.0732 6080  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:30:56.0742 6080  vsmraid - ok
14:30:56.0772 6080  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:30:56.0832 6080  VSS - ok
14:30:56.0852 6080  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:30:56.0872 6080  vwifibus - ok
14:30:56.0882 6080  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:30:56.0912 6080  vwififlt - ok
14:30:56.0932 6080  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:30:56.0952 6080  vwifimp - ok
14:30:56.0982 6080  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:30:57.0012 6080  W32Time - ok
14:30:57.0032 6080  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:30:57.0052 6080  WacomPen - ok
14:30:57.0062 6080  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:30:57.0112 6080  WANARP - ok
14:30:57.0112 6080  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:30:57.0142 6080  Wanarpv6 - ok
14:30:57.0172 6080  [ ECEB715BECE47E101DDEC06B11126066 ] wanatw          C:\Windows\system32\DRIVERS\wanatw64.sys
14:30:57.0232 6080  wanatw - ok
14:30:57.0292 6080  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:30:57.0362 6080  WatAdminSvc - ok
14:30:57.0412 6080  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:30:57.0502 6080  wbengine - ok
14:30:57.0522 6080  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:30:57.0542 6080  WbioSrvc - ok
14:30:57.0562 6080  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:30:57.0592 6080  wcncsvc - ok
14:30:57.0602 6080  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:30:57.0622 6080  WcsPlugInService - ok
14:30:57.0632 6080  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:30:57.0642 6080  Wd - ok
14:30:57.0692 6080  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:30:57.0732 6080  Wdf01000 - ok
14:30:57.0732 6080  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:30:57.0832 6080  WdiServiceHost - ok
14:30:57.0842 6080  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:30:57.0872 6080  WdiSystemHost - ok
14:30:57.0892 6080  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:30:57.0922 6080  WebClient - ok
14:30:57.0932 6080  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:30:57.0982 6080  Wecsvc - ok
14:30:57.0992 6080  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:30:58.0032 6080  wercplsupport - ok
14:30:58.0062 6080  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:30:58.0092 6080  WerSvc - ok
14:30:58.0112 6080  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:30:58.0142 6080  WfpLwf - ok
14:30:58.0162 6080  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:30:58.0172 6080  WIMMount - ok
14:30:58.0192 6080  WinDefend - ok
14:30:58.0202 6080  WinHttpAutoProxySvc - ok
14:30:58.0242 6080  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:30:58.0272 6080  Winmgmt - ok
14:30:58.0312 6080  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:30:58.0402 6080  WinRM - ok
14:30:58.0422 6080  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:30:58.0442 6080  WinUsb - ok
14:30:58.0462 6080  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:30:58.0492 6080  Wlansvc - ok
14:30:58.0542 6080  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:30:58.0582 6080  WmiAcpi - ok
14:30:58.0602 6080  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:30:58.0632 6080  wmiApSrv - ok
14:30:58.0652 6080  WMPNetworkSvc - ok
14:30:58.0652 6080  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:30:58.0682 6080  WPCSvc - ok
14:30:58.0712 6080  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:30:58.0722 6080  WPDBusEnum - ok
14:30:58.0742 6080  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:30:58.0782 6080  ws2ifsl - ok
14:30:58.0792 6080  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
14:30:58.0822 6080  wscsvc - ok
14:30:58.0822 6080  WSearch - ok
14:30:58.0872 6080  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:30:58.0932 6080  wuauserv - ok
14:30:58.0962 6080  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:30:59.0002 6080  WudfPf - ok
14:30:59.0032 6080  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:30:59.0072 6080  WUDFRd - ok
14:30:59.0092 6080  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:30:59.0112 6080  wudfsvc - ok
14:30:59.0132 6080  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:30:59.0162 6080  WwanSvc - ok
14:30:59.0172 6080  ================ Scan global ===============================
14:30:59.0192 6080  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:30:59.0222 6080  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
14:30:59.0232 6080  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
14:30:59.0252 6080  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:30:59.0272 6080  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:30:59.0282 6080  [Global] - ok
14:30:59.0282 6080  ================ Scan MBR ==================================
14:30:59.0302 6080  [ 836A0BBD50D5ABD49BD28CB10FA10956 ] \Device\Harddisk0\DR0
14:30:59.0682 6080  \Device\Harddisk0\DR0 - ok
14:30:59.0692 6080  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
14:30:59.0802 6080  \Device\Harddisk1\DR1 - ok
14:30:59.0802 6080  ================ Scan VBR ==================================
14:30:59.0802 6080  [ AC591AB1A2CE5B84EE0F9429BA50C97E ] \Device\Harddisk0\DR0\Partition1
14:30:59.0812 6080  \Device\Harddisk0\DR0\Partition1 - ok
14:30:59.0842 6080  [ 40679A2A91ECD93F3D085E50024883C3 ] \Device\Harddisk0\DR0\Partition2
14:30:59.0842 6080  \Device\Harddisk0\DR0\Partition2 - ok
14:30:59.0872 6080  [ 94BDD6BAAFDF9887BD4A7F1642068E87 ] \Device\Harddisk0\DR0\Partition3
14:30:59.0872 6080  \Device\Harddisk0\DR0\Partition3 - ok
14:30:59.0882 6080  [ A9DD7690FE978D19CE0EE07B95168205 ] \Device\Harddisk1\DR1\Partition1
14:30:59.0882 6080  \Device\Harddisk1\DR1\Partition1 - ok
14:30:59.0892 6080  ============================================================
14:30:59.0892 6080  Scan finished
14:30:59.0892 6080  ============================================================
14:30:59.0902 1580  Detected object count: 2
14:30:59.0902 1580  Actual detected object count: 2
14:31:59.0929 1580  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:31:59.0929 1580  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:31:59.0939 1580  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:31:59.0939 1580  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:49.0826 0648  Deinitialize success
 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-18 14:39:27
-----------------------------
14:39:27.565    OS Version: Windows x64 6.1.7601 Service Pack 1
14:39:27.565    Number of processors: 4 586 0x402
14:39:27.565    ComputerName: ROSS-PC  UserName: Ross
14:39:31.060    Initialize success
14:40:39.608    AVAST engine defs: 13091805
14:42:04.830    The log file has been saved successfully to "C:\Users\Ross\Contacts\Desktop\Logs\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-18 14:43:05
-----------------------------
14:43:05.360    OS Version: Windows x64 6.1.7601 Service Pack 1
14:43:05.360    Number of processors: 4 586 0x402
14:43:05.360    ComputerName: ROSS-PC  UserName: Ross
14:43:08.823    Initialize success
14:43:33.143    AVAST engine defs: 13091805
14:43:38.790    The log file has been saved successfully to "C:\Users\Ross\Contacts\Desktop\Logs\aswMBR.txt"

 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 PM

Posted 19 September 2013 - 09:21 AM

Lets check the normal.xxx files

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :filefind
    normal.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt
  • [/list]


#8 LISurfcaster

LISurfcaster
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 19 September 2013 - 09:59 AM

Here you go...

 

SystemLook 30.07.11 by jpshortstuff
Log created at 10:58 on 19/09/2013 by Ross
Administrator - Elevation successful

========== filefind ==========

Searching for "normal.*"
C:\Program Files (x86)\Common Files\AOL\1358221278\ee\services\toaster\ver5_1_8_1\content\normal.box    --a---- 1334 bytes    [15:42 22/01/2007]    [15:42 22/01/2007] FE9DF8249BB98A1404D9C87CA154F137
C:\Program Files (x86)\Common Files\AOL\1358221278\ee\services\toaster\ver5_1_8_1\content\normal.js    --a---- 13841 bytes    [18:50 05/09/2007]    [18:50 05/09/2007] 171572FF2074CD454F741E15AD95BDA4
C:\Program Files (x86)\Microsoft Works\Normal.bin    -ra---- 9728 bytes    [20:02 23/01/2007]    [20:02 23/01/2007] 87571FB04F06396BEA4E2F5F55EAEFF1
C:\System Recovery Files\2012-07-29 011831\C\Program Files\Windows Sidebar\Gadgets\Norton.Gadget\images\green\normal.png    -ra---- 2387 bytes    [04:58 29/07/2012]    [00:17 29/01/2011] 5A4FDD475396F6DFC7C4389B27DA08D5
C:\System Recovery Files\2012-07-29 011831\C\Program Files\Windows Sidebar\Gadgets\Norton.Gadget\images\icons\mobi\normal.png    -ra---- 1673 bytes    [04:58 29/07/2012]    [00:40 22/04/2011] 9DC1EAD68DC0F8AC69E6C93C4D6A712B
C:\System Recovery Files\2012-07-29 011831\C\Program Files\Windows Sidebar\Gadgets\Norton.Gadget\images\icons\nobu\normal.png    -ra---- 1861 bytes    [04:58 29/07/2012]    [01:00 22/04/2011] A3B966AC4C6E2621ACEE750EB8A576EE
C:\System Recovery Files\2012-07-29 011831\C\Program Files\Windows Sidebar\Gadgets\Norton.Gadget\images\icons\nolf\normal.png    -ra---- 1916 bytes    [04:58 29/07/2012]    [01:02 22/04/2011] EC74CE502FC7044FC77A6FF9EE83E1E2
C:\System Recovery Files\2012-07-29 011831\C\Program Files\Windows Sidebar\Gadgets\Norton.Gadget\images\icons\none\normal.png    -ra---- 3531 bytes    [04:58 29/07/2012]    [23:46 26/09/2011] E7A179EADC3F270958D54BC0BFE9DBF6
C:\System Recovery Files\2012-07-29 011831\C\Program Files\Windows Sidebar\Gadgets\Norton.Gadget\images\icons\nvip\normal.png    -ra---- 3816 bytes    [04:58 29/07/2012]    [20:08 20/09/2011] 4F97EEE86825DE6F0175139E56E5E9D2
C:\System Recovery Files\2012-07-29 011831\C\Program Files\Windows Sidebar\Gadgets\Norton.Gadget\images\icons\sweb\normal.png    -ra---- 1940 bytes    [04:58 29/07/2012]    [08:16 20/05/2011] 07B90D3D969127CDDD93390752FB9B6C
C:\System Recovery Files\2012-07-29 011831\C\Program Files\Windows Sidebar\Gadgets\Norton.Gadget\images\icons\tmap\normal.png    -ra---- 2107 bytes    [04:58 29/07/2012]    [00:38 22/04/2011] 8A1DE162967002CF6A224C1E8861C007
C:\System Recovery Files\2012-07-29 011831\C\Program Files\Windows Sidebar\Gadgets\Norton.Gadget\images\orange\normal.png    -ra---- 2277 bytes    [04:58 29/07/2012]    [00:22 29/01/2011] 217D760678BBFD46BCA35E92AF91ECF0
C:\System Recovery Files\2012-07-29 011831\C\Program Files\Windows Sidebar\Gadgets\Norton.Gadget\images\red\normal.png    -ra---- 2277 bytes    [04:58 29/07/2012]    [00:20 29/01/2011] 4D392729A8B149B50AB0E8439D25A072
C:\System Recovery Files\2012-07-29 011831\C\Program Files (x86)\Norton Internet Security\MUI\Gadgets\Norton.Gadget\images\green\normal.png    -ra---- 2387 bytes    [05:03 29/07/2012]    [00:17 29/01/2011] 5A4FDD475396F6DFC7C4389B27DA08D5
C:\System Recovery Files\2012-07-29 011831\C\Program Files (x86)\Norton Internet Security\MUI\Gadgets\Norton.Gadget\images\icons\mobi\normal.png    -ra---- 1673 bytes    [05:03 29/07/2012]    [00:40 22/04/2011] 9DC1EAD68DC0F8AC69E6C93C4D6A712B
C:\System Recovery Files\2012-07-29 011831\C\Program Files (x86)\Norton Internet Security\MUI\Gadgets\Norton.Gadget\images\icons\nobu\normal.png    -ra---- 1861 bytes    [05:03 29/07/2012]    [01:00 22/04/2011] A3B966AC4C6E2621ACEE750EB8A576EE
C:\System Recovery Files\2012-07-29 011831\C\Program Files (x86)\Norton Internet Security\MUI\Gadgets\Norton.Gadget\images\icons\nolf\normal.png    -ra---- 1916 bytes    [05:03 29/07/2012]    [01:02 22/04/2011] EC74CE502FC7044FC77A6FF9EE83E1E2
C:\System Recovery Files\2012-07-29 011831\C\Program Files (x86)\Norton Internet Security\MUI\Gadgets\Norton.Gadget\images\icons\none\normal.png    -ra---- 3531 bytes    [05:03 29/07/2012]    [23:46 26/09/2011] E7A179EADC3F270958D54BC0BFE9DBF6
C:\System Recovery Files\2012-07-29 011831\C\Program Files (x86)\Norton Internet Security\MUI\Gadgets\Norton.Gadget\images\icons\nvip\normal.png    -ra---- 3816 bytes    [05:03 29/07/2012]    [20:08 20/09/2011] 4F97EEE86825DE6F0175139E56E5E9D2
C:\System Recovery Files\2012-07-29 011831\C\Program Files (x86)\Norton Internet Security\MUI\Gadgets\Norton.Gadget\images\icons\sweb\normal.png    -ra---- 1940 bytes    [05:03 29/07/2012]    [08:16 20/05/2011] 07B90D3D969127CDDD93390752FB9B6C
C:\System Recovery Files\2012-07-29 011831\C\Program Files (x86)\Norton Internet Security\MUI\Gadgets\Norton.Gadget\images\icons\tmap\normal.png    -ra---- 2107 bytes    [05:03 29/07/2012]    [00:38 22/04/2011] 8A1DE162967002CF6A224C1E8861C007
C:\System Recovery Files\2012-07-29 011831\C\Program Files (x86)\Norton Internet Security\MUI\Gadgets\Norton.Gadget\images\orange\normal.png    -ra---- 2277 bytes    [05:03 29/07/2012]    [00:22 29/01/2011] 217D760678BBFD46BCA35E92AF91ECF0
C:\System Recovery Files\2012-07-29 011831\C\Program Files (x86)\Norton Internet Security\MUI\Gadgets\Norton.Gadget\images\red\normal.png    -ra---- 2277 bytes    [05:03 29/07/2012]    [00:20 29/01/2011] 4D392729A8B149B50AB0E8439D25A072
C:\System Recovery Files\2012-07-29 011831\C\Users\Administrator\AppData\Roaming\Microsoft\Templates\Normal.dotm    --a---- 15884 bytes    [05:12 29/07/2012]    [19:10 28/07/2012] 0AD24797B1A848A24497F218057F8C59
C:\Users\Ross\AppData\Roaming\Microsoft\Templates\Normal.dotm    --a---- 15285 bytes    [18:33 18/09/2013]    [18:33 18/09/2013] AC3A3773C825AA62AFCD7F8A1249F0C9
C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Recent\Normal.lnk    --a---- 1025 bytes    [01:47 28/08/2013]    [02:21 10/09/2013] 0F2AB27F65DD8C516560425C1CCD0A38

-= EOF =-



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 PM

Posted 19 September 2013 - 10:48 AM

C:\System Recovery Files\2012-07-29 011831\C\Users\Administrator\AppData\Roaming\Microsoft\Templates\Normal.dotm --a---- 15884 bytes [05:12 29/07/2012] [19:10 28/07/2012] 0AD24797B1A848A24497F218057F8C59

C:\Users\Ross\AppData\Roaming\Microsoft\Templates\Normal.dotm --a---- 15285 bytes [18:33 18/09/2013] [18:33 18/09/2013] AC3A3773C825AA62AFCD7F8A1249F0C9

Not sure what .lnk is but it should not be a concern.
C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Recent\Normal.lnk --a---- 1025 bytes [01:47 28/08/2013] [02:21 10/09/2013] 0F2AB27F65DD8C516560425C1CCD0A38

What I suggest is that you rename both Normal.dotm to Normal.dotm.OLD

Restart the computer normally.

Is the problem persisting?

#10 LISurfcaster

LISurfcaster
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 19 September 2013 - 11:22 AM

Made the recommended changes and Word still not opening correctly. Cursor appears at the very top of the page and you cannot get into the header or footer sections of the document as you normally would. I am thinking a reinstall of Word may be in order. Any other options??

 

Thanks.

 

RS



#11 LISurfcaster

LISurfcaster
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 19 September 2013 - 11:23 AM

I just checked the C:\Users\Ross\AppData\Roaming\Microsoft\Templates directory and the normal.dotm file that normally is recreated when you change the normal.dotm file and relaunch Word is not there.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 PM

Posted 19 September 2013 - 12:43 PM

Go to this page.

https://liquidwarelabs.zendesk.com/entries/24435761-Laptop-users-off-line-receive-Normal-dotm-error-while-launching-MS-Word


Under this section.
Possible Resolution(s):

Make sure that Always Available Offline is set for all folders you have . MS documents.
===

If that fails and you can reinstall Work please do.

#13 LISurfcaster

LISurfcaster
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 19 September 2013 - 01:01 PM

No luck with this approach...looks like a reinstall is in order...thanks for your assistance.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 PM

Posted 19 September 2013 - 01:16 PM

When all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 PM

Posted 25 September 2013 - 01:43 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users