Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Viknok Activity 3


  • Please log in to reply

#1
hofner

hofner

    Member

  • Member
  • PipPip
  • 82 posts

Hello all,I do not recall when I first got the Norton pop-up "Norton Blocked an attack by: System Infected. Trojan.Viknok Activity 3.  I cannot and have not been able to open anything on the Norton 360 dashboard for quite a while.  It just disappears immediately after being presented onto the screen and I cannot "View Details" of the notice either. I tried sparktrust who could find nothing to cause the virus notice. Their scan supposedly showed many internal problems which they assured me could be fixed by "a Windows tech service" subscription. FIne Try it. 

The"tech" who I assumed would be with Windows but was with "qresolve" proceded to further inspect and "clean the excessive jiunk" from my computer (Toshiba laptop WIndows 7).  He said that he could find no reason for the virus message, made it disappear when he seemed to get into Norton and change the notification timing details.  He then told me that I did not need Norton or any other device...I only needed them to check the system once a month as in the agreement and use Windows security and firewall.  He asked if I wanted to remove Norton and I told him not to, but he reemphasized a few time how unnecessary it is.  I told him I wanted it left alone.

He then recommended doing a remove and reinstall (Ihad done this previously trying to reconnect with the Norton dash) but he wanted to make sure I had a fresh, correctly installled version. Fine.  Go ahead. When he finished I had no internet access which he blamed on Norton. itold him to leave everything as it is, which he also argued with.  I finally got rid of him, went to Norton and downloaded the 360 Premier Edition and the internet access was reestablished.

Everything was back to how it was previously except the Trojan notification was gone.

Well 24 hours later it is back. 

and so

 

 

OTL logfile created on: 7/12/2014 8:42:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.89 Gb Total Physical Memory | 3.87 Gb Available Physical Memory | 65.63% Memory free
11.78 Gb Paging File | 9.65 Gb Available in Paging File | 81.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.74 Gb Total Space | 620.40 Gb Free Space | 90.87% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/12 20:06:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
PRC - [2014/06/27 01:44:06 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe
PRC - [2014/06/13 15:20:44 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/04/30 10:07:08 | 004,492,776 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2013/11/28 17:12:33 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
PRC - [2012/01/20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/20 14:45:30 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/13 15:20:44 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/11/28 17:12:32 | 016,237,448 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/02 18:33:46 | 000,580,608 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2012/01/11 00:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/14 18:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/12/08 13:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2011/12/08 13:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/12/08 13:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/12/08 13:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/11/25 21:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/11/24 16:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/04/20 18:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/06/27 01:44:06 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe -- (N360)
SRV - [2014/06/13 15:20:44 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/30 10:07:08 | 004,492,776 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/11/28 17:12:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO)
SRV - [2012/05/10 15:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/20 19:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 19:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/01/20 14:45:30 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/21 18:32:40 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/11 18:41:52 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/03/04 00:18:12 | 001,148,120 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2014/02/20 19:14:34 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2014/02/17 21:32:41 | 000,593,112 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 21:59:49 | 000,875,736 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/10/30 03:26:19 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/10/30 02:48:51 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/10/30 02:32:37 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/05/29 11:06:34 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2013/05/23 08:39:23 | 000,041,032 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD04000.00A\ccsetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012/09/20 05:11:58 | 000,258,848 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2012/09/20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2012/09/20 05:11:58 | 000,061,216 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2012/07/26 10:01:26 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/10 15:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 06:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 06:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 06:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/24 20:11:54 | 000,412,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/02/24 20:11:52 | 000,022,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012/01/16 18:49:14 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/01/09 04:44:44 | 011,416,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/12/20 20:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/12/20 20:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/13 18:00:32 | 000,259,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011/12/06 07:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/23 20:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/18 18:03:18 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/07/11 17:22:18 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20140711.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/07/10 01:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140712.002\ex64.sys -- (NAVEX15)
DRV - [2014/07/10 01:00:00 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/07/10 01:00:00 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/07/10 01:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140712.002\eng64.sys -- (NAVENG)
DRV - [2014/07/03 17:17:17 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20140703.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {A38B9178-817C-4704-97DE-9299CC519752}
IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{A38B9178-817C-4704-97DE-9299CC519752}: "URL" = http://www.google.co...1I7TSNO_enUS507
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Amazon.com"
FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo..../?fr=sfp-yff25"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.4.20140604103324
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF [2014/07/11 18:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn\ [2014/07/12 18:36:52 | 000,000,000 | ---D | M]
 
[2013/11/28 17:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2014/06/10 17:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\imt0iusk.default\extensions
[2014/06/10 17:58:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\imt0iusk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/06/13 15:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/13 15:20:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/13 15:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2014/06/13 15:20:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
O1 HOSTS File: ([2013/05/27 18:16:59 | 000,447,225 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    www.123fporn.info
O1 - Hosts: 15354 more lines...
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28270AC4-B16B-45F1-81E0-BA4AF7273AD6}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (ጦ)
O34 - HKLM BootExecute: (潔瑰蝁Ȱᜄጔ)
O34 - HKLM BootExecute: (ꅘܫᦐȰ恐ፊ撰ᆹ)
O34 - HKLM BootExecute: (蓁Ȱᜄጔ)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/12 18:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/07/11 18:41:52 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/07/11 18:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/07/11 18:41:40 | 001,148,120 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymEFA64.sys
[2014/07/11 18:41:40 | 000,875,736 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtsp64.sys
[2014/07/11 18:41:40 | 000,593,112 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\symnets.sys
[2014/07/11 18:41:40 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymDS64.sys
[2014/07/11 18:41:40 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Ironx64.sys
[2014/07/11 18:41:40 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\ccSetx64.sys
[2014/07/11 18:41:40 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtspx64.sys
[2014/07/11 18:41:40 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymELAM.sys
[2014/07/11 18:41:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2014/07/11 18:41:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1504000.00D
[2014/07/11 18:41:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/07/11 18:41:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2014/07/11 17:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/07/11 17:36:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\VS Revo Group
[2014/07/11 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2014/07/11 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2014/07/11 17:36:40 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\windows\SysNative\drivers\revoflt.sys
[2014/07/11 17:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/07/11 17:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/07/11 17:19:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/07/11 17:15:44 | 002,649,016 | ---- | C] (VS Revo Group Ltd.) -- C:\revosetup.exe
[2014/07/11 17:11:23 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/07/11 16:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/07/11 16:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2014/07/11 16:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/07/11 16:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/07/11 15:56:50 | 000,041,032 | ---- | C] (ThreatTrack Security) -- C:\windows\SysNative\drivers\gfiark.sys
[2014/07/11 15:51:41 | 000,000,000 | R--D | C] -- C:\Users\owner\My SpeedyBackup SyncFolder
[2014/07/11 15:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2014/07/11 15:50:49 | 000,061,216 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbhips.sys
[2014/07/11 15:50:41 | 000,258,848 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\SbFw.sys
[2014/07/11 15:50:41 | 000,120,064 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\SbFwIm.sys
[2014/07/11 15:43:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\LogMeIn Rescue Applet
[2014/07/11 14:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2014/06/13 15:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/12 20:32:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/12 20:13:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/07/12 19:39:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/07/12 18:43:27 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/12 18:43:27 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/12 18:36:05 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1ce4f575a8ab0d1.job
[2014/07/12 18:36:00 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/07/12 18:36:00 | 000,000,474 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3 Startup Task.job
[2014/07/12 18:35:58 | 000,000,552 | ---- | M] () -- C:\windows\tasks\SparkTrust AntiVirus Startup.job
[2014/07/12 18:35:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/07/12 18:35:17 | 448,237,567 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/11 18:42:04 | 002,121,736 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Cat.DB
[2014/07/11 18:41:52 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/07/11 18:41:52 | 000,008,222 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/07/11 18:41:52 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/07/11 18:41:48 | 000,002,406 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/07/11 18:40:42 | 000,001,315 | ---- | M] () -- C:\Users\owner\Desktop\Norton Installation Files.lnk
[2014/07/11 18:00:00 | 000,000,464 | ---- | M] () -- C:\windows\tasks\SparkTrust Registration3.job
[2014/07/11 17:36:42 | 000,001,112 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/07/11 17:36:42 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/07/11 17:33:30 | 000,000,422 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3.job
[2014/07/11 17:19:49 | 000,001,279 | ---- | M] () -- C:\Users\owner\Desktop\Revo Uninstaller.lnk
[2014/07/11 16:06:40 | 000,007,620 | ---- | M] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2014/07/09 19:12:47 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/07/05 14:58:48 | 000,001,126 | ---- | M] () -- C:\Users\owner\Desktop\20140523-001-v5i64 - Shortcut.lnk
[2014/07/01 05:23:42 | 000,040,105 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\VT20140701.003
[2014/06/27 01:55:25 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\isolate.ini
[2014/06/16 19:56:00 | 000,782,470 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/06/16 19:56:00 | 000,650,892 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/06/16 19:56:00 | 000,118,628 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/12 18:17:23 | 000,040,105 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\VT20140701.003
[2014/07/11 18:41:56 | 002,121,736 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Cat.DB
[2014/07/11 18:41:52 | 000,008,222 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/07/11 18:41:52 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/07/11 18:41:48 | 000,002,406 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/07/11 18:41:16 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymEFA.inf
[2014/07/11 18:41:16 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymDS.inf
[2014/07/11 18:41:16 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymNet.inf
[2014/07/11 18:41:16 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtsp64.inf
[2014/07/11 18:41:16 | 000,001,420 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtspx64.inf
[2014/07/11 18:41:16 | 000,001,098 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\symELAM.inf
[2014/07/11 18:41:16 | 000,000,855 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\ccSetx64.inf
[2014/07/11 18:41:16 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Iron.inf
[2014/07/11 18:41:15 | 000,030,068 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymVTcer.dat
[2014/07/11 18:41:14 | 000,009,939 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymELAM64.cat
[2014/07/11 18:41:14 | 000,008,202 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\ccSetx64.cat
[2014/07/11 18:41:14 | 000,008,196 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtspx64.cat
[2014/07/11 18:41:14 | 000,008,194 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymEFA64.cat
[2014/07/11 18:41:14 | 000,008,192 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\symnet64.cat
[2014/07/11 18:41:14 | 000,008,192 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtsp64.cat
[2014/07/11 18:41:14 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymDS64.cat
[2014/07/11 18:41:14 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\iron.cat
[2014/07/11 18:41:14 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\isolate.ini
[2014/07/11 17:36:42 | 000,001,112 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/07/11 17:36:42 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/07/11 17:19:49 | 000,001,279 | ---- | C] () -- C:\Users\owner\Desktop\Revo Uninstaller.lnk
[2014/07/11 16:06:40 | 000,007,620 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2014/07/11 15:51:22 | 000,000,552 | ---- | C] () -- C:\windows\tasks\SparkTrust AntiVirus Startup.job
[2014/07/11 15:51:13 | 000,000,474 | ---- | C] () -- C:\windows\tasks\SparkTrust Update Version3 Startup Task.job
[2014/07/11 14:53:30 | 000,000,464 | ---- | C] () -- C:\windows\tasks\SparkTrust Registration3.job
[2014/07/11 14:53:02 | 000,000,422 | ---- | C] () -- C:\windows\tasks\SparkTrust Update Version3.job
[2014/05/23 19:09:24 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
[2013/09/02 13:34:52 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dat
[2013/02/14 22:50:22 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/02/14 22:50:02 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2012/10/21 14:18:07 | 000,017,408 | ---- | C] () -- C:\Users\owner\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/23 15:36:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DriverCure
[2014/05/22 19:16:59 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\iolo
[2013/12/07 21:10:27 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ioloGovernor
[2013/07/31 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech
[2014/07/11 15:53:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OnlineVault
[2012/11/19 21:28:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PCPowerSpeed
[2013/01/19 12:02:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\sMedio
[2014/05/23 15:36:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SparkTrust
[2013/07/31 17:56:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Toshiba
[2012/10/20 16:26:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >
 

I thank you for your time and efforts looking into this

H


  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi, wavey.gif.pagespeed.ce.4AQn4GwL8t.gif Welcome to the forums!
welcome.gif.pagespeed.ce.jM2aDq5TfO.gif. My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...

  • Carefully read every post completely before doing anything.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

Looks like you've been through a lot with this machine, so I'll try to get you up and running as quickly as possible. After we get your machine cleaned, we'll talk about anit-virus, etc.

 

It will probably take the remained of the day for me to work up a fix for you. In the mean time could you post the Extras.txt file that OTL produced on it's initial scan? It might still be in your Download directory. If it's not, don't worry, we'll handle that later.


  • 0

#3
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi hofner,

 

Back a little sooner than I had thought. :)

 

No doubt that you've got a significant infection on your computer. This is likely going to take multiple steps, so let's get started.

 

Hi hofner,

 

No doubt that you've got a significant infection on your computer. This is likely going to take multiple steps, so let's get started.

 

Please perform the following:

 

OTL Fix

  • Run OTL as you did before.
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

xotlrunfix.jpg.pagespeed.ic.wT-vY4tHzw.j

:Commands

[createrestorepoint]



:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}

IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}

IE - HKCU\..\SearchScopes,DefaultScope = {A38B9178-817C-4704-97DE-9299CC519752}

FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.4.20140604103324

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

[2013/11/28 17:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions

[2014/06/10 17:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\imt0iusk.default\extensions

[2014/06/13 15:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O34 - HKLM BootExecute: (ጦ)

O34 - HKLM BootExecute: (潔瑰蝁Ȱᜄጔ)

O34 - HKLM BootExecute: (ꅘܫᦐȰ恐ፊ撰ᆹ)

O34 - HKLM BootExecute: (蓁Ȱᜄጔ)



:commands

[resethosts]

[emptytemp]

[reboot]

Then press the Run Fix button

Your computer will reboot. If it does not, please manually reboot.

 

Next, Download RogueKiller from one of the links below to your Desktop

Download Link for 32 bit system

Download link for 64 bit system

  • Click on Scan
  • The scan will take a short amount of time
  • Click on Report to open the log.
  • Copy and paste the content of the log in your next reply.

Next, Please download GMER from one of the following locations and save it to your desktop:

 

  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER gmericon_zps951fd5aa.jpg icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important

    GMER2new_zpsdd936679.jpg
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

Note:
 

  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

Finally, Re-Run OTL and press the Quick Scan button. When it finishes, post the results of the OTL scan, RogueKiller Scan and GMER scan.


  • 0

#4
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Hello Biscuithd.  Thank you for the quick response. Working on it now...

 

RogueKiller V9.2.2.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : owner [Admin rights]
Mode : Scan -- Date : 07/13/2014  17:01:47

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSearch : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSearch : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\0000008d (\SystemRoot\System32\drivers\dxgmms1.sys)

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] imt0iusk.default : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 1fb784fb6136f2d89d217c5b61a8b9c5
[BSP] 2ddba0680ab0dfee9a8f7ea6671bb68f : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 699128 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1434888192 | Size: 14775 MB
User != LL1 ... KO!
--- LL1 ---
[MBR] 8669e310039aa5f617a51cc98a094721
[BSP] b4fe96067e3c605bceeffb1bd20d8dae : Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 699128 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1434888192 | Size: 14775 MB
User != LL2 ... KO!
--- LL2 ---
[MBR] 8669e310039aa5f617a51cc98a094721
[BSP] b4fe96067e3c605bceeffb1bd20d8dae : Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 699128 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1434888192 | Size: 14775 MB
 


Edited by hofner, 13 July 2014 - 03:25 PM.

  • 0

#5
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hello Biscuithd thank you for the quick response.

 

I do my best :) Sometimes we just get swamped here and things get backed up, but I'll try to get you going as quick as we can. :thumbsup:

 

 

OK I got as far as downloading Roguekiller but as soon as the scan finished it went directly to this page without giving me a chance to select "Report"  I must be missing something.

 

Just as a test, I ran it myself and it's working ok for me. However, it's possible that the infection is causing you to re-direct. Would you mind trying it again? Don't do the Download again, just Start it up which will do the Pre-Scan, then press the Scan Button and then the Report button. Let me know if that works or not. If it doesn't, don't worry, I've got some other tricks up my sleeve.

 

 

I ran the scan and the fix on OTL

 

Good that you ran the Fix. Would you re-run OTL, do a Quick Scan and post the results.

 

Then Run GMER and post the results.

 

NOTE: Only OTL had a "fix". The others are diagnostic scans, so don't expect the machine to be cured. I know you've been through a lot with the others that failed to help you. I think that we can give you a better result, but it will take some analysis on my part. Also, the person that told you that you didn't need Anti-Virus software...that was very bad advice. We always recommend using an A/V.

 

 

Nice guitar.  Playing my Casino as therapy now  ; )

 

I like the Casino! Very nice guitar. My Avatar is of a Les Paul, but these days I play more acoustic. My "baby" is a McIlroy. Hand made in Ireland.


  • 0

#6
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Norton is turned off but still denying access to the Trojan?   Anyway

Gmer

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-07-13 17:53:12
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698.64GB
Running: mqhgmwg0.exe; Driver: C:\Users\owner\AppData\Local\Temp\pgloapow.sys


---- User code sections - GMER 2.1 ----

.text   C:\windows\system32\svchost.exe[1092] C:\windows\system32\USER32.dll!DialogBoxParamW                                                                   0000000076bad410 14 bytes {JMP QWORD [RIP+0x0]}
.text   C:\windows\system32\svchost.exe[1092] C:\windows\system32\USER32.dll!DialogBoxIndirectParamW                                                           0000000076bb4f70 13 bytes {JMP QWORD [RIP+0x0]}
.text   C:\windows\system32\svchost.exe[1092] C:\windows\system32\USER32.dll!MessageBoxW                                                                       0000000076c01314 13 bytes {JMP QWORD [RIP+0x0]}
.text   C:\windows\system32\svchost.exe[1092] C:\windows\system32\USER32.dll!MessageBoxIndirectW + 1                                                           0000000076c01875 13 bytes {JMP QWORD [RIP+0x0]}
.text   C:\windows\system32\svchost.exe[1092] C:\windows\system32\WININET.dll!HttpSendRequestW                                                                 000007fefecf37c4 14 bytes {JMP QWORD [RIP+0x0]}
.text   C:\windows\system32\svchost.exe[1092] C:\windows\system32\WININET.dll!HttpSendRequestA                                                                 000007fefed74380 14 bytes {JMP QWORD [RIP+0x0]}
.text   C:\windows\system32\svchost.exe[1092] C:\windows\system32\ole32.dll!CoCreateInstance                                                                   000007fefd817490 9 bytes {JMP QWORD [RIP+0x0]}
.text   C:\windows\system32\svchost.exe[1092] C:\windows\system32\ole32.dll!CoCreateInstance + 11                                                              000007fefd81749b 3 bytes [00, 00, 00]
.text   C:\windows\system32\svchost.exe[1092] C:\windows\system32\ole32.dll!CoGetClassObject                                                                   000007fefd822e18 14 bytes {JMP QWORD [RIP+0x0]}
.text   C:\windows\system32\svchost.exe[1092] C:\windows\system32\ws2_32.dll!GetAddrInfoW + 1                                                                  000007fefd4123c1 13 bytes {JMP QWORD [RIP+0x0]}
.text   C:\windows\system32\svchost.exe[1092] C:\windows\system32\winmm.dll!waveOutOpen                                                                        000007fefa8438d0 14 bytes {JMP QWORD [RIP+0x0]}
.text   C:\windows\system32\svchost.exe[1092] C:\windows\system32\dsound.dll!DirectSoundCreate                                                                 0000000000245a84 14 bytes {JMP QWORD [RIP+0x0]}
.text   C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000076f61465 2 bytes [F6, 76]
.text   C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           0000000076f614bb 2 bytes [F6, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2356] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076f61465 2 bytes [F6, 76]
.text   C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2356] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076f614bb 2 bytes [F6, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                           0000000076fafcb0 5 bytes JMP 000000010030091c
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                         0000000076fafe14 5 bytes JMP 0000000100300048
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                  0000000076fafea8 5 bytes JMP 00000001003002ee
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtCreateThread                                                               0000000076fb0004 5 bytes JMP 00000001003004b2
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                       0000000076fb0038 5 bytes JMP 00000001003009fe
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtResumeThread                                                               0000000076fb0068 5 bytes JMP 0000000100300ae0
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread                                                            0000000076fb0084 5 bytes JMP 0000000100290050
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant                                                               0000000076fb079c 5 bytes JMP 000000010030012a
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                   0000000076fb088c 5 bytes JMP 0000000100300758
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                             0000000076fb08a4 5 bytes JMP 0000000100300676
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                 0000000076fb0df4 5 bytes JMP 00000001003003d0
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                                           0000000076fb1920 5 bytes JMP 0000000100300594
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                       0000000076fb1be4 5 bytes JMP 000000010030083a
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread                                                              0000000076fb1d70 5 bytes JMP 000000010030020c
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                             000000007616524f 7 bytes JMP 0000000100300f52
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                 00000000761653d0 7 bytes JMP 0000000100310210
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                0000000076165677 1 byte JMP 0000000100310048
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                0000000076165679 5 bytes {JMP 0xffffffff8a1aa9d1}
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                       000000007616589a 7 bytes JMP 0000000100300ca6
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                       0000000076165a1d 7 bytes JMP 00000001003103d8
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                  0000000076165c9b 7 bytes JMP 000000010031012c
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                    0000000076165d87 7 bytes JMP 00000001003102f4
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                   0000000076167240 7 bytes JMP 0000000100300e6e
.text   C:\Users\owner\Downloads\mqhgmwg0.exe[2068] C:\windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                  00000000764a1492 7 bytes JMP 00000001003104bc

---- Devices - GMER 2.1 ----

Device  \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                                                          fffffa8008f770a8

---- Threads - GMER 2.1 ----

Thread  C:\windows\SysWOW64\ntdll.dll [2708:2712]                                                                                                              00000000000e1c94
Thread  C:\windows\SysWOW64\ntdll.dll [2708:4456]                                                                                                              000000007279e767
Thread  C:\windows\SysWOW64\ntdll.dll [2708:4972]                                                                                                              000000006dba2238
Thread  C:\windows\SysWOW64\ntdll.dll [2708:4976]                                                                                                              000000006dba2238
Thread  C:\windows\SysWOW64\ntdll.dll [2708:4980]                                                                                                              000000006dba2238
Thread  C:\windows\SysWOW64\ntdll.dll [2708:4996]                                                                                                              000000006d6e3189
Thread  C:\windows\SysWOW64\ntdll.dll [2708:5020]                                                                                                              000000006ecf8f59
Thread  C:\windows\SysWOW64\ntdll.dll [2708:5068]                                                                                                              000000006ec74b0d
Thread  C:\windows\SysWOW64\ntdll.dll [2708:2412]                                                                                                              00000000685c1854
Thread  C:\windows\SysWOW64\ntdll.dll [1576:1588]                                                                                                              00000000000e1c94

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\PDFsFilter\Parameters\{065f5d45-a862-11e1-bda9-806e6f6e6963}@NumExtendFileExtentsSaved                          559870

---- EOF - GMER 2.1 ----
 


  • 0

#7
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

ok    here ya go....OTL....good luck

 

OTL logfile created on: 7/13/2014 6:03:07 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.89 Gb Total Physical Memory | 3.23 Gb Available Physical Memory | 54.91% Memory free
11.78 Gb Paging File | 9.45 Gb Available in Paging File | 80.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.74 Gb Total Space | 620.34 Gb Free Space | 90.86% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/13 17:27:15 | 000,380,416 | ---- | M] () -- C:\Users\owner\Downloads\mqhgmwg0.exe
PRC - [2014/07/12 20:06:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
PRC - [2014/06/27 01:44:06 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe
PRC - [2014/06/13 15:20:44 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/04/30 10:07:08 | 004,492,776 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2013/11/28 17:12:33 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
PRC - [2012/01/20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/20 14:45:30 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/13 17:27:15 | 000,380,416 | ---- | M] () -- C:\Users\owner\Downloads\mqhgmwg0.exe
MOD - [2014/06/13 15:20:44 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/11/28 17:12:32 | 016,237,448 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/02 18:33:46 | 000,580,608 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2012/01/11 00:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/14 18:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/12/08 13:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2011/12/08 13:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/12/08 13:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/12/08 13:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/11/25 21:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/11/24 16:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/04/20 18:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/06/27 01:44:06 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe -- (N360)
SRV - [2014/06/13 15:20:44 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/30 10:07:08 | 004,492,776 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/11/28 17:12:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO)
SRV - [2012/05/10 15:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/20 19:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 19:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/01/20 14:45:30 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/21 18:32:40 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/13 16:54:34 | 000,030,312 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/07/11 18:41:52 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/03/04 00:18:12 | 001,148,120 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2014/02/20 19:14:34 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2014/02/17 21:32:41 | 000,593,112 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 21:59:49 | 000,875,736 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/10/30 03:26:19 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/10/30 02:48:51 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/10/30 02:32:37 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/05/29 11:06:34 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2013/05/23 08:39:23 | 000,041,032 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD04000.00A\ccsetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012/09/20 05:11:58 | 000,258,848 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2012/09/20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2012/09/20 05:11:58 | 000,061,216 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2012/07/26 10:01:26 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/10 15:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 06:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 06:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 06:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/24 20:11:54 | 000,412,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/02/24 20:11:52 | 000,022,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012/01/16 18:49:14 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/01/09 04:44:44 | 011,416,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/12/20 20:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/12/20 20:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/13 18:00:32 | 000,259,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011/12/06 07:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/23 20:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/18 18:03:18 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/07/11 17:22:18 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20140711.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/07/10 01:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140712.002\ex64.sys -- (NAVEX15)
DRV - [2014/07/10 01:00:00 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/07/10 01:00:00 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/07/10 01:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140712.002\eng64.sys -- (NAVENG)
DRV - [2014/07/03 17:17:17 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20140703.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {A38B9178-817C-4704-97DE-9299CC519752}
IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{A38B9178-817C-4704-97DE-9299CC519752}: "URL" = http://www.google.co...1I7TSNO_enUS507
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Amazon.com"
FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo..../?fr=sfp-yff25"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.4.20140604103324
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF [2014/07/11 18:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn\ [2014/07/13 16:51:09 | 000,000,000 | ---D | M]
 
[2013/11/28 17:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2014/06/10 17:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\imt0iusk.default\extensions
[2014/06/10 17:58:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\imt0iusk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/06/13 15:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/13 15:20:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/13 15:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2014/06/13 15:20:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
O1 HOSTS File: ([2013/05/27 18:16:59 | 000,447,225 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    www.123fporn.info
O1 - Hosts: 15354 more lines...
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28270AC4-B16B-45F1-81E0-BA4AF7273AD6}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (ጦ)
O34 - HKLM BootExecute: (潔瑰蝁Ȱᜄጔ)
O34 - HKLM BootExecute: (ꅘܫᦐȰ恐ፊ撰ᆹ)
O34 - HKLM BootExecute: (蓁Ȱᜄጔ)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/13 17:30:46 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Gmer
[2014/07/13 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/13 16:45:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/12 18:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/07/11 18:41:52 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/07/11 18:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/07/11 18:41:40 | 001,148,120 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymEFA64.sys
[2014/07/11 18:41:40 | 000,875,736 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtsp64.sys
[2014/07/11 18:41:40 | 000,593,112 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\symnets.sys
[2014/07/11 18:41:40 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymDS64.sys
[2014/07/11 18:41:40 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Ironx64.sys
[2014/07/11 18:41:40 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\ccSetx64.sys
[2014/07/11 18:41:40 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtspx64.sys
[2014/07/11 18:41:40 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymELAM.sys
[2014/07/11 18:41:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2014/07/11 18:41:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1504000.00D
[2014/07/11 18:41:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/07/11 18:41:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2014/07/11 17:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/07/11 17:36:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\VS Revo Group
[2014/07/11 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2014/07/11 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2014/07/11 17:36:40 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\windows\SysNative\drivers\revoflt.sys
[2014/07/11 17:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/07/11 17:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/07/11 17:19:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/07/11 17:15:44 | 002,649,016 | ---- | C] (VS Revo Group Ltd.) -- C:\revosetup.exe
[2014/07/11 17:11:23 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/07/11 16:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/07/11 16:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2014/07/11 16:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/07/11 16:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/07/11 15:56:50 | 000,041,032 | ---- | C] (ThreatTrack Security) -- C:\windows\SysNative\drivers\gfiark.sys
[2014/07/11 15:51:41 | 000,000,000 | R--D | C] -- C:\Users\owner\My SpeedyBackup SyncFolder
[2014/07/11 15:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2014/07/11 15:50:49 | 000,061,216 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbhips.sys
[2014/07/11 15:50:41 | 000,258,848 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\SbFw.sys
[2014/07/11 15:50:41 | 000,120,064 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\SbFwIm.sys
[2014/07/11 15:43:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\LogMeIn Rescue Applet
[2014/07/11 14:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/13 18:00:00 | 000,000,464 | ---- | M] () -- C:\windows\tasks\SparkTrust Registration3.job
[2014/07/13 17:32:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/13 17:30:29 | 000,001,453 | ---- | M] () -- C:\Users\owner\Desktop\mqhgmwg0 - Shortcut.lnk
[2014/07/13 17:13:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/07/13 16:57:05 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/13 16:57:05 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/13 16:54:34 | 000,030,312 | ---- | M] () -- C:\windows\SysNative\drivers\TrueSight.sys
[2014/07/13 16:49:35 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1ce4f575a8ab0d1.job
[2014/07/13 16:49:35 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/07/13 16:49:35 | 000,000,552 | ---- | M] () -- C:\windows\tasks\SparkTrust AntiVirus Startup.job
[2014/07/13 16:49:35 | 000,000,474 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3 Startup Task.job
[2014/07/13 16:49:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/07/13 16:49:06 | 448,237,567 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/12 19:39:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/07/11 18:42:04 | 002,121,736 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Cat.DB
[2014/07/11 18:41:52 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/07/11 18:41:52 | 000,008,222 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/07/11 18:41:52 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/07/11 18:41:48 | 000,002,406 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/07/11 18:40:42 | 000,001,315 | ---- | M] () -- C:\Users\owner\Desktop\Norton Installation Files.lnk
[2014/07/11 17:36:42 | 000,001,112 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/07/11 17:36:42 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/07/11 17:33:30 | 000,000,422 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3.job
[2014/07/11 17:19:49 | 000,001,279 | ---- | M] () -- C:\Users\owner\Desktop\Revo Uninstaller.lnk
[2014/07/11 16:06:40 | 000,007,620 | ---- | M] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2014/07/09 19:12:47 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/07/05 14:58:48 | 000,001,126 | ---- | M] () -- C:\Users\owner\Desktop\20140523-001-v5i64 - Shortcut.lnk
[2014/07/01 05:23:42 | 000,040,105 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\VT20140701.003
[2014/06/27 01:55:25 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\isolate.ini
[2014/06/16 19:56:00 | 000,782,470 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/06/16 19:56:00 | 000,650,892 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/06/16 19:56:00 | 000,118,628 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/13 17:30:29 | 000,001,453 | ---- | C] () -- C:\Users\owner\Desktop\mqhgmwg0 - Shortcut.lnk
[2014/07/13 16:54:34 | 000,030,312 | ---- | C] () -- C:\windows\SysNative\drivers\TrueSight.sys
[2014/07/12 18:17:23 | 000,040,105 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\VT20140701.003
[2014/07/11 18:41:56 | 002,121,736 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Cat.DB
[2014/07/11 18:41:52 | 000,008,222 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/07/11 18:41:52 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/07/11 18:41:48 | 000,002,406 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/07/11 18:41:16 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymEFA.inf
[2014/07/11 18:41:16 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymDS.inf
[2014/07/11 18:41:16 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymNet.inf
[2014/07/11 18:41:16 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtsp64.inf
[2014/07/11 18:41:16 | 000,001,420 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtspx64.inf
[2014/07/11 18:41:16 | 000,001,098 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\symELAM.inf
[2014/07/11 18:41:16 | 000,000,855 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\ccSetx64.inf
[2014/07/11 18:41:16 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Iron.inf
[2014/07/11 18:41:15 | 000,030,068 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymVTcer.dat
[2014/07/11 18:41:14 | 000,009,939 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymELAM64.cat
[2014/07/11 18:41:14 | 000,008,202 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\ccSetx64.cat
[2014/07/11 18:41:14 | 000,008,196 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtspx64.cat
[2014/07/11 18:41:14 | 000,008,194 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymEFA64.cat
[2014/07/11 18:41:14 | 000,008,192 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\symnet64.cat
[2014/07/11 18:41:14 | 000,008,192 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtsp64.cat
[2014/07/11 18:41:14 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymDS64.cat
[2014/07/11 18:41:14 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\iron.cat
[2014/07/11 18:41:14 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\isolate.ini
[2014/07/11 17:36:42 | 000,001,112 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/07/11 17:36:42 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/07/11 17:19:49 | 000,001,279 | ---- | C] () -- C:\Users\owner\Desktop\Revo Uninstaller.lnk
[2014/07/11 16:06:40 | 000,007,620 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2014/07/11 15:51:22 | 000,000,552 | ---- | C] () -- C:\windows\tasks\SparkTrust AntiVirus Startup.job
[2014/07/11 15:51:13 | 000,000,474 | ---- | C] () -- C:\windows\tasks\SparkTrust Update Version3 Startup Task.job
[2014/07/11 14:53:30 | 000,000,464 | ---- | C] () -- C:\windows\tasks\SparkTrust Registration3.job
[2014/07/11 14:53:02 | 000,000,422 | ---- | C] () -- C:\windows\tasks\SparkTrust Update Version3.job
[2014/05/23 19:09:24 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
[2013/09/02 13:34:52 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dat
[2013/02/14 22:50:22 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/02/14 22:50:02 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2012/10/21 14:18:07 | 000,017,408 | ---- | C] () -- C:\Users\owner\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/23 15:36:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DriverCure
[2014/05/22 19:16:59 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\iolo
[2013/12/07 21:10:27 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ioloGovernor
[2013/07/31 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech
[2014/07/11 15:53:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OnlineVault
[2012/11/19 21:28:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PCPowerSpeed
[2013/01/19 12:02:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\sMedio
[2014/05/23 15:36:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SparkTrust
[2013/07/31 17:56:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Toshiba
[2012/10/20 16:26:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

#8
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hey, a couple of quick things. Please don't edit your posts. It's a real issue as the system doesn't notify me that something changed, so I almost always miss it.

 

If you need to add something, just make a new post and give me a quick note as to what changed. That way I get an email fro the system and all that.

 

Thanks!!


  • 0

#9
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

So, just to be sure. I've got your GMER scan, your RogueKiller Scan and your OTL scan, right?


  • 0

#10
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Yes....all three.  Message received about the editing.


  • 0

Advertisements


#11
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Message received about the editing.

 

Cool, thanks!

 

 

Yes....all three.

 

Yes, I can see some issues and this will likely take me until tomorrow to cobble together your fixes.

 

I'll be back in touch then. :)


  • 0

#12
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Happy cobbling. 

You folks volunteer to do this.....I'm mighty impressed.

Thank you

Good night.

oh...if  you're still there...should I stay off of this thing unless I'm checking in with you?  I don't have any clue as to how dangerous this thing is or what it can do. 

Thanks again


  • 0

#13
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi hofner,

 

You folks volunteer to do this.....I'm mighty impressed.

Yup, everyone one of us. All volunteers :)  

 

Yestarday's OTL fix did not work, but it was because of something that I did incorrectly. I think I've got it fixed this time. :)

 

Also, after this round of fixes, as long as you have your anti-virus turned on, feel free to use the machine and let me know how it's working.

 

We are going to re-run RogueKiller and this time let if delete what it finds, run a Custom OTL Fix, and finally, run ZOEK. A very good cleaner/scanner.

 

Run RogueKiller

Quit all programs and close all browsers.

  • Right click the RogueKiller icon and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click the Scan button and wait for the scan to complete.
  • Click on the Delete button.

    RKDelete.GIF
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RKFixShortcuts.GIF
  • The report has been created on the desktop.

Please post:
The RKreport.txt files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.

 

OTL Fix

  • Run OTL as you did before.
  • Copy the text in the quote box below (staring with and including the :Commands. All the way to, and including the [reboot] command) and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

xotlrunfix.jpg.pagespeed.ic.wT-vY4tHzw.j

:Commands
[createrestorepoint]

:OTL
PRC - [2014/07/13 17:27:15 | 000,380,416 | ---- | M] () -- C:\Users\owner\Downloads\mqhgmwg0.exe
MOD - [2014/07/13 17:27:15 | 000,380,416 | ---- | M] () -- C:\Users\owner\Downloads\mqhgmwg0.exe
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKCU\..\SearchScopes,DefaultScope = {A38B9178-817C-4704-97DE-9299CC519752}
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28270AC4-B16B-45F1-81E0-BA4AF7273AD6}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O34 - HKLM BootExecute: (ጦ)
O34 - HKLM BootExecute: (潔瑰蝁Ȱᜄጔ)
O34 - HKLM BootExecute: (ꅘܫᦐȰ恐ፊ撰ᆹ)
O34 - HKLM BootExecute: (蓁Ȱᜄጔ)
[2014/07/11 15:51:41 | 000,000,000 | R--D | C] -- C:\Users\owner\My SpeedyBackup SyncFolder
[2014/07/11 15:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/02/14 22:50:22 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/02/14 22:50:02 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg

:Files
C:\Users\owner\Downloads\mqhgmwg0.exe

:commands
[resethosts]
[emptytemp]
[reboot]

Then press the Run Fix button

Your computer will reboot. If it does not, please manually reboot.

 

 

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  • Double click on zoek.exe to run.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
  • Click Options button below the large panel and check the box:

    Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

Last, re-run OTL as you have done before and this time select Quick Scan. When complete, post the results. This is different than the OTL Moved log requested in the next step.

 

To summarize, please post results of RogueKiller, OTL MovedFiles. The Moved Files log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run), the OTL Quick Scan Results (OTL.TXT), and the ZOEK Scan (Zoek-results.log).


  • 0

#14
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Biscuithd....Anybody home ?...Roguekiller is telling me that I have an outdated version and asking me to download new version.  You have anticipated everything else rather nicely, so if I don't hear from you I'm gonna go rogue, tell it no and go on to scan.


  • 0

#15
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

  I see you are offline (just figgered out how to do that) so.....stand by  I'm going in.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP