Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combo fix


  • This topic is locked This topic is locked
12 replies to this topic

#1 mrs.starrclark

mrs.starrclark

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 08 February 2014 - 10:08 AM

I ran combo fix on my computer and this is the log. Please help

ComboFix 14-02-05.02 - Superman 02/08/2014   9:10.1.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.1738.499 [GMT -5:00]
Running from: c:\users\Superman\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-08 to 2014-02-08  )))))))))))))))))))))))))))))))
.
.
2014-02-08 14:47 . 2014-02-08 14:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-08 12:53 . 2013-12-16 09:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D394037B-D04A-4303-8E9A-F6BF6F99FA3B}\mpengine.dll
2014-02-08 12:53 . 2014-01-19 07:33 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-02-08 12:52 . 2014-02-08 12:52 240816 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10232.bin
2014-01-15 18:15 . 2014-02-08 14:06 -------- d-----w- c:\users\user
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2012-06-02 20:25 298568 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2012-10-18 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-22 642216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2012-07-26 62976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Acer Backup Manager Tray.lnk - c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k [2012-8-23 533568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 tmel;tmel;c:\windows\system32\DRIVERS\tmel.sys;c:\windows\SYSNATIVE\DRIVERS\tmel.sys [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 QRDCIO;Quanta Generic IO Access;c:\windows\System32\drivers\QRDCIO.sys;c:\windows\SYSNATIVE\drivers\QRDCIO.sys [x]
S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC64.sys;c:\windows\SYSNATIVE\DRIVERS\TMEBC64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
S2 tmusa;Trend Micro Osprey Driver;c:\windows\system32\DRIVERS\tmusa.sys;c:\windows\SYSNATIVE\DRIVERS\tmusa.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys;c:\windows\SYSNATIVE\DRIVERS\tmeevw.sys [x]
S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys;c:\windows\SYSNATIVE\DRIVERS\tmnciesc.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-08 13:30 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 18:43]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 18:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2012-06-02 20:25 445512 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2012-07-18 366720]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2013-09-16 1382568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-08-29 216928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
TCP: DhcpNameServer = 10.1.10.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
Wow6432Node-HKLM-Run-LManager - (no file)
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-02-08  09:57:56
ComboFix-quarantined-files.txt  2014-02-08 14:57
.
Pre-Run: 273,185,988,608 bytes free
Post-Run: 272,996,872,192 bytes free
.
- - End Of File - - B46AF7A8ED27DD5E74F0E3A7F3EB2505
5FB38429D5D77768867C76DCBDB35194
 



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:08 AM

Posted 08 February 2014 - 03:56 PM

Greetings and  :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know. I am in training and an instructor will need to check my fixes so a little delay may happen at times.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now   :thumbup2:

 

--------------

 

Hi mrs.starrclark,

 

I will be handling your log to help you get cleaned up. Please give me some time to look it over, and I will get back to you as soon as possible. 

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 mrs.starrclark

mrs.starrclark
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 09 February 2014 - 06:18 PM

Thanks Toffee :)

 

:bananas:



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:08 AM

Posted 10 February 2014 - 01:08 PM

Hi mrs.starrclark,

 

A few questions to give me some information to work from:

 

Is there any specific reason you ran Combofix? It's a very powerful tool which should be run only under trained guidance.

 

You mention you need help, but you never gave any details. Can you explain what you need help with? Is there anything unusual happening on your computer, any problems?

 

What antivirus are you running on your computer?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 mrs.starrclark

mrs.starrclark
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 10 February 2014 - 07:23 PM

Yeah my computer is running very slowly and it has been since I bought this other stupid computer from the pawnshop. They're laptops and I have Wi-Fi so I thought maybe this computer got slow do 2 maybe a virus being transferred through the network connection, if that's possible. I must have a computer for my school work :(



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:08 AM

Posted 11 February 2014 - 02:37 PM

Hi mrs.starrclark,

 

Okay, thank you for that information. We will do some more checks to see if there is anything malicious on this computer.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.


Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 

--------------

 

Also, I still need the answer to the last question I asked in my last reply:

What antivirus are you running on your computer?

 

--------------

 

To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~

 


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 mrs.starrclark

mrs.starrclark
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 12 February 2014 - 05:59 AM

My computer doesn't have any antivirus software unfortunately.Now in addition 2 running slowly whatever is affecting my computer isalso disconnecting my Wi-Fi connection and changing my settings. Here is the requested info.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by store at 2014-02-12 05:52:12
Running from C:\Users\store\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SAR2RM8
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
AMD Quick Stream (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (x32 Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (x32 Version: 2.10.3 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
HP Games (x32 Version: 1.0.3.0 - WildTangent)
HP MyRoom (x32 Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (x32 Version: 3.0.4 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (x32 Version: 6.0.100.244 - Hewlett-Packard)
HP Software Framework (x32 Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (x32 Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (x32 Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (x32 Version: 1.0.6418.0 - IDT)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (x32 Version: 20.4.0.40 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (x32 Version: 10.0 - Qualcomm Atheros)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (x32 Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Respondus LockDown Browser (x32 Version: 1.02.0001 - Respondus, Inc.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 16.2.10.12 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Validity WBF DDK (Version: 4.4.234.0 - Validity Sensors, Inc.)
WildTangent Games (x32 Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

==================== Hosts content: ==========================

2012-07-25 21:26 - 2012-07-25 21:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {12B23F3F-1ED6-4301-B1A6-9B4E60F6717A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-22] (Microsoft Corporation)
Task: {16E4CC10-5A8C-480B-82B7-CC45438D6D94} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3992CA4B-F1A2-4A2A-BE54-6FAE54686DF9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {52498138-87B6-41A0-8825-85F02E5AF7AF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {7D5A191C-C0E1-4FD8-BCD8-DB29D7650D89} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {8C8B3584-99D2-4C82-93A1-E7ECD8E98896} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {94317591-D00A-438F-8935-C27BDE097663} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {9EBA73D0-52B9-49A8-82F1-BB0144D1CB79} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {A294755B-394C-4F1C-A19D-6EEDB7D6F572} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D9BFAE6B-E76E-4A85-9DBA-5FB23D4E4CC1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {E351B779-6C0F-4F64-88E7-66F64B5335D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F4594471-68D6-4440-AD4C-D8BD75CC5FE2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)

==================== Loaded Modules (whitelisted) =============

2014-01-22 09:07 - 2014-01-22 09:07 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-10 00:36 - 2012-08-10 00:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2012-08-08 09:36 - 2012-08-08 09:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-08 09:22 - 2012-08-08 09:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-10 00:36 - 2012-08-10 00:36 - 00255336 _____ () C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
2013-04-18 00:52 - 2012-06-07 19:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-01-12 06:27 - 2012-05-29 22:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2012-08-10 00:36 - 2012-08-10 00:36 - 00018792 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2014 07:09:47 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3f4

Start Time: 01cf279d84bb63f2

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 1ed7f6f9-9393-11e3-be7b-082e5f7cadb3

Faulting package full name:

Faulting package-relative application ID:

Error: (02/11/2014 04:45:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: wwahost.exe, version: 6.2.9200.16420, time stamp: 0x505a9152
Faulting module name: atidxx64.dll, version: 8.17.10.451, time stamp: 0x50227732
Exception code: 0xc0000005
Fault offset: 0x00000000000747db
Faulting process id: 0x11e8
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report Id: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5

Error: (02/11/2014 05:00:00 AM) (Source: ESENT) (User: )
Description: svchost (1668) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU00076.log.

Error: (02/10/2014 04:20:18 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 604

Start Time: 01cf2653cc7a7208

Termination Time: 40

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: b11cae43-924d-11e3-be83-082e5f7cadb3

Faulting package full name:

Faulting package-relative application ID:

Error: (02/10/2014 03:32:37 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: dd8

Start Time: 01cf26525292ce0e

Termination Time: 80

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 0457f7c1-9247-11e3-be83-082e5f7cadb3

Faulting package full name:

Faulting package-relative application ID:

Error: (02/09/2014 01:55:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16384, time stamp: 0x50107ee0
Faulting module name: atidxx32.dll, version: 8.17.10.451, time stamp: 0x50227b09
Exception code: 0xc0000005
Fault offset: 0x000624f2
Faulting process id: 0x1324
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (02/09/2014 10:47:54 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (02/09/2014 10:26:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1888

Error: (02/09/2014 10:26:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1888

Error: (02/09/2014 10:26:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (02/11/2014 05:08:19 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (02/09/2014 03:25:09 PM) (Source: DCOM) (User: aarons)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/09/2014 03:25:09 PM) (Source: DCOM) (User: aarons)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/09/2014 03:25:09 PM) (Source: DCOM) (User: aarons)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/09/2014 03:25:09 PM) (Source: DCOM) (User: aarons)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/08/2014 05:44:22 PM) (Source: DCOM) (User: aarons)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}aaronsstoreS-1-5-21-1384132197-3499723974-1313073863-1002LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/05/2014 05:31:58 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 47.

Error: (02/05/2014 05:31:58 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 47.

Error: (02/05/2014 05:31:08 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 47.

Error: (02/05/2014 05:30:07 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 47.

Microsoft Office Sessions:
=========================
Error: (02/11/2014 07:09:47 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.163843f401cf279d84bb63f215C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE1ed7f6f9-9393-11e3-be7b-082e5f7cadb3

Error: (02/11/2014 04:45:38 PM) (Source: Application Error)(User: )
Description: wwahost.exe6.2.9200.16420505a9152atidxx64.dll8.17.10.45150227732c000000500000000000747db11e801cf278b8be48ddbC:\Windows\system32\wwahost.exeC:\Windows\system32\atidxx64.dllfd606dff-937e-11e3-be7b-082e5f7cadb3microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbweMicrosoft.WindowsLive.ModernPhotos

Error: (02/11/2014 05:00:00 AM) (Source: ESENT)(User: )
Description: svchost1668SRUJet: C:\Windows\system32\SRU\SRU00076.log-1811 (0xfffff8ed)

Error: (02/10/2014 04:20:18 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.1638460401cf2653cc7a720840C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEb11cae43-924d-11e3-be83-082e5f7cadb3

Error: (02/10/2014 03:32:37 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16384dd801cf26525292ce0e80C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE0457f7c1-9247-11e3-be83-082e5f7cadb3

Error: (02/09/2014 01:55:37 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1638450107ee0atidxx32.dll8.17.10.45150227b09c0000005000624f2132401cf25e0cea23864C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\atidxx32.dlle7dacd34-91d4-11e3-be82-082e5f7cadb3

Error: (02/09/2014 10:47:54 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (02/09/2014 10:26:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1888

Error: (02/09/2014 10:26:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1888

Error: (02/09/2014 10:26:45 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 3546.25 MB
Available physical RAM: 2199.98 MB
Total Pagefile: 7130.25 MB
Available Pagefile: 5385.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:437.84 GB) (Free:393.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:27.15 GB) (Free:3.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: A50E1C7D)

Partition: GPT Partition Type
==================== End Of Log ==================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by store (administrator) on AARONS on 12-02-2014 05:51:35
Running from C:\Users\store\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SAR2RM8
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Windows\system32\valWBFPolicyService.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
HKU\S-1-5-21-1384132197-3499723974-1313073863-1002\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1384132197-3499723974-1313073863-1002\...\Policies\Explorer: [NoLogOff] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {ADD418BF-A4DB-47FF-9861-02FBC5493EF7} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {ADD418BF-A4DB-47FF-9861-02FBC5493EF7} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {ADD418BF-A4DB-47FF-9861-02FBC5493EF7} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.10.1

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2014-01-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ []

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-10] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-11] (Symantec Corporation)
U3 EraserUtilDrv11312; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [137648 2014-02-10] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-11] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140211.001\IDSvia64.sys [521944 2014-02-09] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140211.033\ENG64.SYS [126040 2014-02-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140211.033\EX64.SYS [2099288 2014-02-10] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-12] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-12 05:51 - 2014-02-12 05:51 - 00000000 ____D () C:\FRST
2014-02-03 09:41 - 2014-02-03 09:41 - 00000000 ____D () C:\Users\store\AppData\Roaming\IDT
2014-01-24 13:03 - 2014-01-24 13:03 - 00000000 ____D () C:\Users\store\AppData\Roaming\Apple Computer
2014-01-22 10:01 - 2014-01-22 10:01 - 00002223 _____ () C:\Users\store\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-01-22 10:01 - 2014-01-22 10:01 - 00002205 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-01-22 10:01 - 2014-01-22 10:01 - 00002205 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-01-22 10:01 - 2014-01-22 10:01 - 00000000 ___RD () C:\Users\store\SkyDrive
2014-01-22 10:01 - 2014-01-22 10:01 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-01-22 10:01 - 2014-01-22 10:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-01-22 08:58 - 2014-01-22 08:58 - 01382640 _____ () C:\Windows\NIRMALA.tt2
2014-01-22 08:58 - 2014-01-22 08:58 - 01334012 _____ () C:\Windows\NIRMALAB.tt2
2014-01-22 08:51 - 2014-01-22 08:51 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-18 19:31 - 2014-01-18 19:31 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-01-18 19:31 - 2014-01-18 19:31 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-01-18 19:29 - 2014-01-18 19:29 - 00000000 ____D () C:\Users\store\AppData\Local\Apple
2014-01-18 19:29 - 2014-01-18 19:29 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-01-18 19:23 - 2014-01-18 19:31 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-01-17 05:28 - 2014-01-17 05:28 - 00001951 _____ () C:\Users\Public\Desktop\LockDown Browser.lnk
2014-01-17 05:28 - 2006-01-04 12:04 - 01410704 _____ (FarPoint Technologies, Inc.) C:\Windows\SysWOW64\FPSPR70.ocx
2014-01-17 05:28 - 2006-01-04 12:04 - 00729161 _____ (FarPoint Technologies, Inc.) C:\Windows\SysWOW64\fpimage.dll
2014-01-16 17:20 - 2014-01-16 17:20 - 222850054 _____ () C:\Windows\MEMORY.DMP
2014-01-16 17:20 - 2014-01-16 17:20 - 00277896 _____ () C:\Windows\Minidump\011614-35786-01.dmp
2014-01-16 17:20 - 2014-01-16 17:20 - 00000000 ____D () C:\Windows\Minidump
2014-01-16 16:03 - 2014-01-16 16:02 - 00040265 _____ () C:\Users\store\Desktop\psychology.html
2014-01-16 10:35 - 2014-01-17 05:28 - 00000000 ____D () C:\Program Files (x86)\Respondus LockDown Browser
2014-01-15 08:09 - 2014-01-16 17:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-15 08:09 - 2014-01-15 08:09 - 00000000 ____D () C:\Users\store\AppData\Roaming\Mozilla
2014-01-15 08:09 - 2014-01-15 08:09 - 00000000 ____D () C:\Users\store\AppData\Local\Mozilla
2014-01-15 08:09 - 2014-01-15 08:09 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-14 16:14 - 2014-01-14 16:14 - 00000000 ____D () C:\Users\store\AppData\Local\{47DD7177-AC73-47F9-B5A1-BF074F05F880}
2014-01-14 11:30 - 2014-01-14 11:30 - 02760592 _____ () C:\Users\store\Downloads\fwdmorepics.zip
2014-01-13 09:41 - 2014-01-15 03:07 - 00000000 ____D () C:\Windows\system32\MRT

==================== One Month Modified Files and Folders =======

2014-02-12 05:51 - 2014-02-12 05:51 - 00000000 ____D () C:\FRST
2014-02-11 21:00 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-11 19:28 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-11 18:50 - 2014-01-10 17:07 - 01750276 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 16:45 - 2012-07-25 23:28 - 00941050 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 16:43 - 2012-07-25 23:21 - 00039464 _____ () C:\Windows\setupact.log
2014-02-11 04:46 - 2014-01-10 17:07 - 00000000 ____D () C:\Users\store
2014-02-11 04:46 - 2012-07-25 23:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 01:44 - 2014-01-12 12:09 - 00000000 ____D () C:\Users\store\Documents\Youcam
2014-02-11 01:44 - 2013-04-18 00:36 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-02-11 01:43 - 2013-04-18 01:07 - 00000000 ____D () C:\ProgramData\Norton
2014-02-11 01:40 - 2014-01-10 17:08 - 00000000 ____D () C:\Users\store\AppData\Local\Packages
2014-02-11 01:40 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\registration
2014-02-10 23:16 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-09 15:29 - 2012-07-25 21:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-02-09 08:56 - 2014-01-12 11:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-03 09:41 - 2014-02-03 09:41 - 00000000 ____D () C:\Users\store\AppData\Roaming\IDT
2014-02-03 09:33 - 2013-04-18 00:30 - 00013586 _____ () C:\Windows\DPINST.LOG
2014-02-03 09:33 - 2013-04-18 00:30 - 00001332 _____ () C:\Windows\Synaptics.log
2014-01-26 10:02 - 2014-01-12 11:17 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-24 13:13 - 2014-01-10 17:18 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1384132197-3499723974-1313073863-1002
2014-01-24 13:03 - 2014-01-24 13:03 - 00000000 ____D () C:\Users\store\AppData\Roaming\Apple Computer
2014-01-24 13:02 - 2013-04-18 00:11 - 00432288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-24 13:02 - 2012-08-03 14:23 - 00014784 _____ () C:\Windows\PFRO.log
2014-01-22 10:01 - 2014-01-22 10:01 - 00002223 _____ () C:\Users\store\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-01-22 10:01 - 2014-01-22 10:01 - 00002205 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-01-22 10:01 - 2014-01-22 10:01 - 00002205 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-01-22 10:01 - 2014-01-22 10:01 - 00000000 ___RD () C:\Users\store\SkyDrive
2014-01-22 10:01 - 2014-01-22 10:01 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-01-22 10:01 - 2014-01-22 10:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-01-22 10:01 - 2012-08-16 22:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-01-22 08:58 - 2014-01-22 08:58 - 01382640 _____ () C:\Windows\NIRMALA.tt2
2014-01-22 08:58 - 2014-01-22 08:58 - 01334012 _____ () C:\Windows\NIRMALAB.tt2
2014-01-22 08:52 - 2014-01-10 17:09 - 00000000 ____D () C:\Users\store\AppData\Local\VirtualStore
2014-01-22 08:51 - 2014-01-22 08:51 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-20 19:46 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-01-18 19:31 - 2014-01-18 19:31 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-01-18 19:31 - 2014-01-18 19:31 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-01-18 19:31 - 2014-01-18 19:23 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-01-18 19:29 - 2014-01-18 19:29 - 00000000 ____D () C:\Users\store\AppData\Local\Apple
2014-01-18 19:29 - 2014-01-18 19:29 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-01-17 05:28 - 2014-01-17 05:28 - 00001951 _____ () C:\Users\Public\Desktop\LockDown Browser.lnk
2014-01-17 05:28 - 2014-01-16 10:35 - 00000000 ____D () C:\Program Files (x86)\Respondus LockDown Browser
2014-01-16 17:20 - 2014-01-16 17:20 - 222850054 _____ () C:\Windows\MEMORY.DMP
2014-01-16 17:20 - 2014-01-16 17:20 - 00277896 _____ () C:\Windows\Minidump\011614-35786-01.dmp
2014-01-16 17:20 - 2014-01-16 17:20 - 00000000 ____D () C:\Windows\Minidump
2014-01-16 17:19 - 2012-07-25 21:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-01-16 17:18 - 2012-07-26 00:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-01-16 17:18 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\WinStore
2014-01-16 17:18 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\system32\WinBioDatabase
2014-01-16 17:18 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\rescache
2014-01-16 17:17 - 2014-01-15 08:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-16 17:08 - 2012-07-25 21:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-01-16 16:02 - 2014-01-16 16:03 - 00040265 _____ () C:\Users\store\Desktop\psychology.html
2014-01-15 08:09 - 2014-01-15 08:09 - 00000000 ____D () C:\Users\store\AppData\Roaming\Mozilla
2014-01-15 08:09 - 2014-01-15 08:09 - 00000000 ____D () C:\Users\store\AppData\Local\Mozilla
2014-01-15 08:09 - 2014-01-15 08:09 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-15 03:07 - 2014-01-13 09:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-14 16:14 - 2014-01-14 16:14 - 00000000 ____D () C:\Users\store\AppData\Local\{47DD7177-AC73-47F9-B5A1-BF074F05F880}
2014-01-14 11:30 - 2014-01-14 11:30 - 02760592 _____ () C:\Users\store\Downloads\fwdmorepics.zip
2014-01-13 09:13 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\system32\restore

Some content of TEMP:
====================
C:\Users\store\AppData\Local\Temp\OfficeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-06 18:05

==================== End Of Log ============================



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:08 AM

Posted 13 February 2014 - 11:49 AM

Hi mrs.starrclark,

 

The logs seem to show a completely different computer than the one combofix was run on, is this true?

 

This is important to know as it can become confusing to work on two different computers at once.

 

Just for the record, Norton Internet Security is the antivirus running on the computer that FRST was run on.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 mrs.starrclark

mrs.starrclark
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 14 February 2014 - 08:23 AM

Yes ma'am I apologize the computer I just ran frst on is the computer I have now. I ran combo fix on the pawn shop computer. Sorry and I thought Norton was only a site advisor on my computer.



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:08 AM

Posted 16 February 2014 - 04:14 AM

Hi mrs.starrclark,

 

It's okay, but from now on we will work on the computer you ran FRST on. Just to avoid confusion.

 

No, the logs show Norton is your antivirus and your firewall too.

 

Everything below applies to the computer you ran FRST on:

 

WildTangent Program Warning:

Wildtangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:

  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from

For that reason I would suggest you uninstalled it via add/remove programs. Reboot after uninstalling.
 

--------------

 

We need to run a fix with FRST:
  • ​First you need to redownload FRST from here and make sure to save it to your desktop. This is important because otherwise the fix will not work.
  • Press ctrl + R and type notepad into the run box which appears. Press enter.
  • Copy and paste the script below in the notepad document:​
HKLM-x32\...\Run: [] - [X]
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

 

--------------

 

Please run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop, please copy and paste the contents into your next reply.

 

--------------

 

To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • New FRST.txt log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:08 AM

Posted 17 February 2014 - 07:07 AM

Hi,

 

Just to let you know, I'm going to be away for a few days and won't be able to post. Another colleague will continue working with you on getting the problem sorted.

 

Sorry for the inconvenience.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:08 AM

Posted 22 February 2014 - 11:10 AM

Hi mrs.starrclark,

 

This is a 3 day bump:

 

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:08 PM

Posted 25 February 2014 - 02:10 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users