Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan.Viknok Activity 3

Started by hofner , Jul 12 2014 06:50 PM

Page 3 of 9
1
2
3
4
5

Please log in to reply

#31
hofner

Posted 15 July 2014 - 09:27 PM

Member

Topic Starter
Member
82 posts

I'm certain that I followed your procedures. I just ran it again....from the notepad I copied the info and pasted into OTL Clicked on Run Fix....it locked again with the same message. OTL does not respond to any command....I cannot minimize it, I cannot even X out...Message says OTL not responding. The first time I closed the operation and the shortcut disappeared.

#32
hofner

Posted 15 July 2014 - 09:39 PM

Member

Topic Starter
Member
82 posts

hofner-1.txt Notepad is as follows:

Where OTL locks is in bold

:Commands
[createrestorepoint]

:OTL
PRC - [2014/07/13 17:27:15 | 000,380,416 | ---- | M] () -- C:\Users\owner\Downloads\mqhgmwg0.exe
MOD - [2014/07/13 17:27:15 | 000,380,416 | ---- | M] () -- C:\Users\owner\Downloads\mqhgmwg0.exe
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKCU\..\SearchScopes,DefaultScope = {A38B9178-817C-4704-97DE-9299CC519752}
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28270AC4-B16B-45F1-81E0-BA4AF7273AD6}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O34 - HKLM BootExecute: (?)
O34 - HKLM BootExecute: (??????)
O34 - HKLM BootExecute: (????????) -------------> this is where it locks
O34 - HKLM BootExecute: (????)
[2014/07/11 15:51:41 | 000,000,000 | R--D | C] -- C:\Users\owner\My SpeedyBackup SyncFolder
[2014/07/11 15:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/02/14 22:50:22 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/02/14 22:50:02 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg

:Files
C:\Users\owner\Downloads\mqhgmwg0.exe

:commands
[resethosts]
[emptytemp]
[reboot]

#33
Biscuithd

Posted 16 July 2014 - 08:43 AM

Trusted Helper

Malware Removal
2,573 posts

Hi Hofner,

I think OTL is struggling with the contents of one of the lines, so I'm going to switch tools. As I mentioned before, we have several options at our disposal. So, follow my instructions for FRST below. Very Important, make sure you save it to your Desktop! When we get to the Fix, it won't work unless it's on the Desktop.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

#34
hofner

Posted 16 July 2014 - 12:35 PM

Member

Topic Starter
Member
82 posts

Hi there. I'm at work right now so I'll get to this when I get home. It's becoming personal now. When I see that pop-up it's as if it's just thumbing its nose at me.

I'm curious..you don't like that message abiout ignoring the popup I found in Norton, do you ?

#35
Biscuithd

Posted 16 July 2014 - 12:38 PM

Trusted Helper

Malware Removal
2,573 posts

you don't like that message abiout ignoring the popup I found in Norton, do you ?

I'm not totally certain what the message means. I'm not a huge Norton fan, but I see enough wrong on your computer that I'm sure Norton is indicating, correctly, that something is wrong.

#36
hofner

Posted 16 July 2014 - 04:31 PM

Member

Topic Starter
Member
82 posts

Hi Biscuithd,

I find myself agreeing with you on Norton. Confidence is dwindling. I left that alone, by the way and didn't change anything...so, here we go. Here is the FRSY.txt. #1 and additional. I put a line across the page to differentiate about half way down. I'll keep going until you say otherwise, but I'm warming up to the idea of a new computer....and a different security system.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by owner (administrator) on OWNER-PC on 16-07-2014 18:13:13
Running from C:\Users\owner\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3199016441-4099478238-2613309327-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-27] (Google Inc.)
HKU\S-1-5-21-3199016441-4099478238-2613309327-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
BootExecute: ጦ潔瑰蝁ȰᜄጔꅘܫᦐȰ恐ፊ撰ᆹ蓁Ȱᜄጔ

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKCU - DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...1I7TSNO_enUS507
SearchScopes: HKCU - {A38B9178-817C-4704-97DE-9299CC519752} URL = http://www.google.co...1I7TSNO_enUS507
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\imt0iusk.default
FF DefaultSearchEngine: Amazon.com
FF SelectedSearchEngine: Amazon.com
FF Homepage: hxxp://search.yahoo.com/firefox/?fr=sfp-yff25
FF NetworkProxy: "type", 0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn [2014-07-16]

==================== Services (Whitelisted) =================

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-20] ()
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-04-30] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
S4 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed]
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-07-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-10] (Symantec Corporation)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-07-10] (Symantec Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20140715.001\IDSvia64.sys [525016 2014-07-11] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140715.008\ENG64.SYS [126040 2014-07-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140715.008\EX64.SYS [2099288 2014-07-10] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259176 2011-12-13] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-24] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-16 18:13 - 2014-07-16 18:13 - 00013886 _____ () C:\Users\owner\Downloads\FRST.txt
2014-07-16 18:13 - 2014-07-16 18:13 - 00000000 ____D () C:\FRST
2014-07-16 18:08 - 2014-07-16 18:08 - 00001142 _____ () C:\Users\owner\Desktop\FRST64.exe - Shortcut.lnk
2014-07-16 18:07 - 2014-07-16 18:07 - 02086912 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
2014-07-15 23:20 - 2014-07-15 23:20 - 00000000 ____D () C:\_OTL
2014-07-15 21:31 - 2014-07-15 21:31 - 00005174 _____ () C:\Users\owner\Downloads\zoek-resultssecond.txt
2014-07-15 21:27 - 2014-07-15 21:12 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-07-15 21:13 - 2014-07-15 20:37 - 00007080 _____ () C:\zoek-results2014-07-16-003739.log
2014-07-15 19:51 - 2014-07-15 21:30 - 00005174 _____ () C:\zoek-results.log
2014-07-15 19:41 - 2014-07-15 20:05 - 00000000 ____D () C:\zoek_backup
2014-07-15 19:39 - 2014-07-15 19:39 - 00001122 _____ () C:\Users\owner\Desktop\zoek - Shortcut.lnk
2014-07-15 19:38 - 2014-07-15 19:38 - 01287168 _____ () C:\Users\owner\Downloads\zoek.exe
2014-07-14 18:47 - 2014-07-14 18:47 - 00004355 _____ () C:\Users\owner\Desktop\RKreport_DEL_07142014_184529.log
2014-07-14 18:26 - 2014-07-14 18:26 - 00001216 _____ () C:\Users\owner\Desktop\RogueKillerX64 - Shortcut.lnk
2014-07-14 18:25 - 2014-07-14 18:25 - 00001194 _____ () C:\Users\owner\Downloads\RogueKillerX64 - Shortcut.lnk
2014-07-13 17:30 - 2014-07-13 17:30 - 00001453 _____ () C:\Users\owner\Desktop\mqhgmwg0 - Shortcut.lnk
2014-07-13 17:29 - 2014-07-13 17:29 - 00001453 _____ () C:\Users\owner\Downloads\mqhgmwg0 - Shortcut.lnk
2014-07-13 17:27 - 2014-07-13 17:27 - 00380416 _____ () C:\Users\owner\Downloads\mqhgmwg0.exe
2014-07-13 16:54 - 2014-07-15 22:04 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-07-13 16:54 - 2014-07-13 16:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-13 16:53 - 2014-07-13 16:53 - 05336664 _____ () C:\Users\owner\Downloads\RogueKillerX64.exe
2014-07-13 12:28 - 2014-07-13 12:28 - 00002992 _____ () C:\windows\System32\Tasks\{246E3151-37FB-4074-ADE5-A7D90B648B50}
2014-07-12 20:14 - 2014-07-12 20:14 - 00602112 _____ (OldTimer Tools) C:\Users\owner\Downloads\OTL(1).exe
2014-07-12 18:25 - 2014-07-12 18:25 - 00286680 _____ () C:\windows\msxml4-KB973688-enu.LOG
2014-07-12 18:24 - 2014-07-12 18:25 - 00291936 _____ () C:\windows\msxml4-KB954430-enu.LOG
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-11 18:43 - 2014-07-11 18:43 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-07-11 18:41 - 2014-07-11 18:41 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2014-07-11 18:41 - 2014-07-11 18:41 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2014-07-11 18:41 - 2014-07-11 18:41 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-07-11 18:41 - 2014-07-11 18:41 - 00002406 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-07-11 18:37 - 2014-07-11 18:37 - 01021968 _____ (Symantec Corporation) C:\Users\owner\Downloads\NortonN360Downloader(4).exe
2014-07-11 18:37 - 2014-07-11 18:37 - 01021968 _____ (Symantec Corporation) C:\Users\owner\Downloads\NortonN360Downloader(3).exe
2014-07-11 17:50 - 2014-07-11 17:50 - 01021872 _____ (Symantec Corporation) C:\Users\owner\Downloads\NortonN360Downloader(2).exe
2014-07-11 17:36 - 2014-07-11 17:36 - 10619688 _____ (VS Revo Group ) C:\Users\owner\Downloads\RevoUninProSetup.exe
2014-07-11 17:36 - 2014-07-11 17:36 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\Users\owner\AppData\Local\VS Revo Group
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-11 17:36 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2014-07-11 17:19 - 2014-07-11 17:19 - 00001279 _____ () C:\Users\owner\Desktop\Revo Uninstaller.lnk
2014-07-11 17:19 - 2014-07-11 17:19 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-11 17:15 - 2011-03-21 05:57 - 02649016 _____ (VS Revo Group Ltd.) C:\revosetup.exe
2014-07-11 17:13 - 2014-07-16 18:00 - 00001232 _____ () C:\windows\setupact.log
2014-07-11 17:13 - 2014-07-11 17:13 - 00000000 _____ () C:\windows\setuperr.log
2014-07-11 17:13 - 2014-07-11 17:13 - 00000000 _____ () C:\Users\owner\agent.log
2014-07-11 17:11 - 2014-07-11 17:11 - 00000000 ____D () C:\windows\pss
2014-07-11 17:06 - 2014-07-11 17:06 - 00869456 _____ () C:\Users\owner\Downloads\Norton_Removal_Tool(3).exe
2014-07-11 17:04 - 2014-07-15 22:21 - 02680226 _____ () C:\windows\PFRO.log
2014-07-11 17:01 - 2014-07-11 17:01 - 00869456 _____ () C:\Users\owner\Downloads\Norton_Removal_Tool(2).exe
2014-07-11 16:54 - 2014-07-11 16:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-11 16:54 - 2014-07-11 16:54 - 00000000 ____D () C:\ProgramData\Hitman Pro
2014-07-11 16:52 - 2014-07-11 16:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-11 16:52 - 2014-07-11 16:52 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-11 16:50 - 2014-07-11 16:50 - 21657592 _____ (Simply Super Software ) C:\Users\owner\Downloads\trjsetup.exe
2014-07-11 16:32 - 2014-07-11 16:44 - 00000144 _____ () C:\Users\owner\Desktop\tech support.txt
2014-07-11 16:06 - 2014-07-11 16:06 - 00007620 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg
2014-07-11 15:56 - 2013-05-23 08:39 - 00041032 _____ (ThreatTrack Security) C:\windows\system32\Drivers\gfiark.sys
2014-07-11 15:51 - 2014-07-16 18:00 - 00000552 _____ () C:\windows\Tasks\SparkTrust AntiVirus Startup.job
2014-07-11 15:51 - 2014-07-16 18:00 - 00000474 _____ () C:\windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-07-11 15:51 - 2014-07-11 15:51 - 00002900 _____ () C:\windows\System32\Tasks\SparkTrust Update Version3 Startup Task
2014-07-11 15:51 - 2014-07-11 15:51 - 00002750 _____ () C:\windows\System32\Tasks\SparkTrust AntiVirus Startup
2014-07-11 15:51 - 2014-07-11 15:51 - 00000000 ___RD () C:\Users\owner\My SpeedyBackup SyncFolder
2014-07-11 15:50 - 2012-09-20 05:11 - 00258848 _____ (GFI Software) C:\windows\system32\Drivers\SbFw.sys
2014-07-11 15:50 - 2012-09-20 05:11 - 00061216 _____ (GFI Software) C:\windows\system32\Drivers\sbhips.sys
2014-07-11 15:50 - 2012-09-12 20:19 - 00120064 _____ (GFI Software) C:\windows\system32\Drivers\SbFwIm.sys
2014-07-11 15:49 - 2014-07-11 15:50 - 10769912 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust AntiVirus Setup.exe
2014-07-11 15:43 - 2014-07-11 18:40 - 00000000 ____D () C:\Users\owner\AppData\Local\LogMeIn Rescue Applet
2014-07-11 15:42 - 2014-07-11 15:42 - 01528640 _____ (LogMeIn, Inc.) C:\Users\owner\Downloads\Support-LogMeInRescue.exe
2014-07-11 14:53 - 2014-07-13 18:00 - 00000464 _____ () C:\windows\Tasks\SparkTrust Registration3.job
2014-07-11 14:53 - 2014-07-11 17:33 - 00000422 _____ () C:\windows\Tasks\SparkTrust Update Version3.job
2014-07-11 14:53 - 2014-07-11 17:14 - 00003238 _____ () C:\windows\System32\Tasks\SparkTrust Update Version3
2014-07-11 14:53 - 2014-07-11 14:53 - 00003128 _____ () C:\windows\System32\Tasks\SparkTrust Registration3
2014-07-11 14:50 - 2014-07-11 14:50 - 06769280 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust PC Cleaner Plus Setup_cea5968_.exe
2014-07-10 19:18 - 2014-07-10 19:18 - 00869456 _____ () C:\Users\owner\Downloads\Norton_Removal_Tool(1).exe
2014-07-10 18:44 - 2014-07-10 18:44 - 07539624 _____ (Symantec Corporation) C:\Users\owner\Downloads\NRnR.exe
2014-07-09 19:02 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 19:02 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 19:02 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 19:02 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 19:02 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 19:02 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 19:02 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 19:02 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 19:02 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 19:02 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 19:02 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 19:02 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 19:02 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 19:02 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 19:02 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 19:02 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 19:02 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 19:02 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 19:02 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 19:02 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 19:02 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 19:02 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 19:02 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 19:02 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 19:02 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 19:02 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 19:02 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 19:02 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 19:02 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 19:02 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 19:02 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 19:02 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 19:02 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 19:02 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 19:02 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 19:02 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 19:02 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 19:02 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 19:02 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 19:02 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 19:02 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 19:02 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 19:02 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 19:02 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 19:02 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 19:02 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 19:02 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 19:02 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 19:02 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 19:02 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 19:02 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 19:02 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 19:02 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 19:02 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 19:02 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 19:02 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 19:02 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 19:02 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 19:02 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 19:02 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 19:02 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 19:02 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 18:55 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 18:55 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 18:55 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

2014-07-16 18:13 - 2014-07-16 18:13 - 00013886 _____ () C:\Users\owner\Downloads\FRST.txt
2014-07-16 18:13 - 2014-07-16 18:13 - 00000000 ____D () C:\FRST
2014-07-16 18:13 - 2012-04-25 21:04 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 18:09 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 18:09 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 18:08 - 2014-07-16 18:08 - 00001142 _____ () C:\Users\owner\Desktop\FRST64.exe - Shortcut.lnk
2014-07-16 18:07 - 2014-07-16 18:07 - 02086912 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
2014-07-16 18:05 - 2012-05-27 21:16 - 01915463 _____ () C:\windows\WindowsUpdate.log
2014-07-16 18:00 - 2014-07-11 17:13 - 00001232 _____ () C:\windows\setupact.log
2014-07-16 18:00 - 2014-07-11 15:51 - 00000552 _____ () C:\windows\Tasks\SparkTrust AntiVirus Startup.job
2014-07-16 18:00 - 2014-07-11 15:51 - 00000474 _____ () C:\windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-07-16 18:00 - 2013-05-12 17:26 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1ce4f575a8ab0d1.job
2014-07-16 18:00 - 2012-05-27 21:18 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-07-16 18:00 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-15 23:32 - 2012-05-27 22:08 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 23:20 - 2014-07-15 23:20 - 00000000 ____D () C:\_OTL
2014-07-15 22:21 - 2014-07-11 17:04 - 02680226 _____ () C:\windows\PFRO.log
2014-07-15 22:04 - 2014-07-13 16:54 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-07-15 21:31 - 2014-07-15 21:31 - 00005174 _____ () C:\Users\owner\Downloads\zoek-resultssecond.txt
2014-07-15 21:30 - 2014-07-15 19:51 - 00005174 _____ () C:\zoek-results.log
2014-07-15 21:12 - 2014-07-15 21:27 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-07-15 20:37 - 2014-07-15 21:13 - 00007080 _____ () C:\zoek-results2014-07-16-003739.log
2014-07-15 20:35 - 2012-10-22 14:55 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps
2014-07-15 20:05 - 2014-07-15 19:41 - 00000000 ____D () C:\zoek_backup
2014-07-15 20:03 - 2012-10-20 16:25 - 00000000 ____D () C:\Users\owner
2014-07-15 19:39 - 2014-07-15 19:39 - 00001122 _____ () C:\Users\owner\Desktop\zoek - Shortcut.lnk
2014-07-15 19:39 - 2012-05-27 21:18 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-07-15 19:38 - 2014-07-15 19:38 - 01287168 _____ () C:\Users\owner\Downloads\zoek.exe
2014-07-14 18:47 - 2014-07-14 18:47 - 00004355 _____ () C:\Users\owner\Desktop\RKreport_DEL_07142014_184529.log
2014-07-14 18:26 - 2014-07-14 18:26 - 00001216 _____ () C:\Users\owner\Desktop\RogueKillerX64 - Shortcut.lnk
2014-07-14 18:25 - 2014-07-14 18:25 - 00001194 _____ () C:\Users\owner\Downloads\RogueKillerX64 - Shortcut.lnk
2014-07-13 18:00 - 2014-07-11 14:53 - 00000464 _____ () C:\windows\Tasks\SparkTrust Registration3.job
2014-07-13 17:30 - 2014-07-13 17:30 - 00001453 _____ () C:\Users\owner\Desktop\mqhgmwg0 - Shortcut.lnk
2014-07-13 17:29 - 2014-07-13 17:29 - 00001453 _____ () C:\Users\owner\Downloads\mqhgmwg0 - Shortcut.lnk
2014-07-13 17:27 - 2014-07-13 17:27 - 00380416 _____ () C:\Users\owner\Downloads\mqhgmwg0.exe
2014-07-13 16:54 - 2014-07-13 16:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-13 16:53 - 2014-07-13 16:53 - 05336664 _____ () C:\Users\owner\Downloads\RogueKillerX64.exe
2014-07-13 12:28 - 2014-07-13 12:28 - 00002992 _____ () C:\windows\System32\Tasks\{246E3151-37FB-4074-ADE5-A7D90B648B50}
2014-07-12 20:14 - 2014-07-12 20:14 - 00602112 _____ (OldTimer Tools) C:\Users\owner\Downloads\OTL(1).exe
2014-07-12 18:25 - 2014-07-12 18:25 - 00286680 _____ () C:\windows\msxml4-KB973688-enu.LOG
2014-07-12 18:25 - 2014-07-12 18:24 - 00291936 _____ () C:\windows\msxml4-KB954430-enu.LOG
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-11 18:43 - 2014-07-11 18:43 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-07-11 18:43 - 2012-11-20 19:43 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-07-11 18:43 - 2012-04-25 21:03 - 00000000 ____D () C:\ProgramData\Norton
2014-07-11 18:41 - 2014-07-11 18:41 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2014-07-11 18:41 - 2014-07-11 18:41 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2014-07-11 18:41 - 2014-07-11 18:41 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-07-11 18:41 - 2014-07-11 18:41 - 00002406 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-07-11 18:40 - 2014-07-11 15:43 - 00000000 ____D () C:\Users\owner\AppData\Local\LogMeIn Rescue Applet
2014-07-11 18:40 - 2012-11-20 19:43 - 00001315 _____ () C:\Users\owner\Desktop\Norton Installation Files.lnk
2014-07-11 18:37 - 2014-07-11 18:37 - 01021968 _____ (Symantec Corporation) C:\Users\owner\Downloads\NortonN360Downloader(4).exe
2014-07-11 18:37 - 2014-07-11 18:37 - 01021968 _____ (Symantec Corporation) C:\Users\owner\Downloads\NortonN360Downloader(3).exe
2014-07-11 17:50 - 2014-07-11 17:50 - 01021872 _____ (Symantec Corporation) C:\Users\owner\Downloads\NortonN360Downloader(2).exe
2014-07-11 17:50 - 2012-11-20 19:43 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-07-11 17:36 - 2014-07-11 17:36 - 10619688 _____ (VS Revo Group ) C:\Users\owner\Downloads\RevoUninProSetup.exe
2014-07-11 17:36 - 2014-07-11 17:36 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\Users\owner\AppData\Local\VS Revo Group
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-11 17:33 - 2014-07-11 14:53 - 00000422 _____ () C:\windows\Tasks\SparkTrust Update Version3.job
2014-07-11 17:26 - 2014-05-24 17:19 - 00000000 ____D () C:\Users\owner\AppData\Local\SpyZooka
2014-07-11 17:19 - 2014-07-11 17:19 - 00001279 _____ () C:\Users\owner\Desktop\Revo Uninstaller.lnk
2014-07-11 17:19 - 2014-07-11 17:19 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-11 17:14 - 2014-07-11 14:53 - 00003238 _____ () C:\windows\System32\Tasks\SparkTrust Update Version3
2014-07-11 17:13 - 2014-07-11 17:13 - 00000000 _____ () C:\windows\setuperr.log
2014-07-11 17:13 - 2014-07-11 17:13 - 00000000 _____ () C:\Users\owner\agent.log
2014-07-11 17:11 - 2014-07-11 17:11 - 00000000 ____D () C:\windows\pss
2014-07-11 17:06 - 2014-07-11 17:06 - 00869456 _____ () C:\Users\owner\Downloads\Norton_Removal_Tool(3).exe
2014-07-11 17:01 - 2014-07-11 17:01 - 00869456 _____ () C:\Users\owner\Downloads\Norton_Removal_Tool(2).exe
2014-07-11 16:58 - 2014-07-11 16:54 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-11 16:54 - 2014-07-11 16:54 - 00000000 ____D () C:\ProgramData\Hitman Pro
2014-07-11 16:52 - 2014-07-11 16:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-11 16:52 - 2014-07-11 16:52 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-11 16:50 - 2014-07-11 16:50 - 21657592 _____ (Simply Super Software ) C:\Users\owner\Downloads\trjsetup.exe
2014-07-11 16:44 - 2014-07-11 16:32 - 00000144 _____ () C:\Users\owner\Desktop\tech support.txt
2014-07-11 16:06 - 2014-07-11 16:06 - 00007620 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg
2014-07-11 15:53 - 2014-06-13 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-11 15:53 - 2013-05-05 13:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-11 15:53 - 2012-11-19 21:26 - 00000000 ____D () C:\Users\owner\AppData\Roaming\OnlineVault
2014-07-11 15:53 - 2012-10-28 14:16 - 00000000 ___DC () C:\Users\owner\AppData\Local\MigWiz
2014-07-11 15:53 - 2012-04-25 21:05 - 00000000 ____D () C:\windows\Panther
2014-07-11 15:53 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-07-11 15:52 - 2012-04-25 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-07-11 15:51 - 2014-07-11 15:51 - 00002900 _____ () C:\windows\System32\Tasks\SparkTrust Update Version3 Startup Task
2014-07-11 15:51 - 2014-07-11 15:51 - 00002750 _____ () C:\windows\System32\Tasks\SparkTrust AntiVirus Startup
2014-07-11 15:51 - 2014-07-11 15:51 - 00000000 ___RD () C:\Users\owner\My SpeedyBackup SyncFolder
2014-07-11 15:51 - 2014-05-23 15:36 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-07-11 15:50 - 2014-07-11 15:49 - 10769912 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust AntiVirus Setup.exe
2014-07-11 15:42 - 2014-07-11 15:42 - 01528640 _____ (LogMeIn, Inc.) C:\Users\owner\Downloads\Support-LogMeInRescue.exe
2014-07-11 14:53 - 2014-07-11 14:53 - 00003128 _____ () C:\windows\System32\Tasks\SparkTrust Registration3
2014-07-11 14:50 - 2014-07-11 14:50 - 06769280 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust PC Cleaner Plus Setup_cea5968_.exe
2014-07-10 21:08 - 2013-05-09 22:03 - 00000000 ____D () C:\Program Files (x86)\RegZooka
2014-07-10 19:18 - 2014-07-10 19:18 - 00869456 _____ () C:\Users\owner\Downloads\Norton_Removal_Tool(1).exe
2014-07-10 19:09 - 2013-02-10 00:22 - 00000000 ____D () C:\Users\owner\AppData\Local\NPE
2014-07-10 18:44 - 2014-07-10 18:44 - 07539624 _____ (Symantec Corporation) C:\Users\owner\Downloads\NRnR.exe
2014-07-09 19:12 - 2009-07-14 00:45 - 00275712 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-09 19:10 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 19:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-09 19:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-09 19:06 - 2013-08-14 22:51 - 00000000 ____D () C:\windows\system32\MRT
2014-07-09 19:06 - 2012-10-21 14:10 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 18:57 - 2009-07-14 01:08 - 00032600 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-05 14:58 - 2014-05-23 15:14 - 00001126 _____ () C:\Users\owner\Desktop\20140523-001-v5i64 - Shortcut.lnk
2014-06-21 21:27 - 2012-05-27 22:08 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 21:26 - 2013-08-10 21:59 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1ce4f575a8ab0d1
2014-06-20 16:14 - 2014-07-09 19:02 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-09 19:02 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-18 21:39 - 2014-07-09 19:02 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-09 19:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-09 19:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-09 19:02 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-09 19:02 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-09 19:02 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-09 19:02 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-09 19:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-09 19:02 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-09 19:02 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-09 19:02 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-09 19:02 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-09 19:02 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-09 19:02 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-09 19:02 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-09 19:02 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-09 19:02 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-09 19:02 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-09 19:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-09 19:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-09 19:02 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-09 19:02 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-09 19:02 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-09 19:02 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-09 19:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-09 19:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-09 19:02 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-09 19:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-09 19:02 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-09 19:02 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-09 19:02 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-09 19:02 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-09 19:02 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-09 19:02 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-09 19:02 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-09 19:02 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-09 19:02 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-09 19:02 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-09 19:02 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-09 19:02 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-09 19:02 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 19:02 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-09 19:02 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-09 19:02 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-09 19:02 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-09 19:02 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-09 19:02 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-09 19:02 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 19:02 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-09 19:02 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-09 19:02 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-09 19:02 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-09 19:02 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-09 19:02 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-17 22:18 - 2014-07-09 19:02 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-09 19:02 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-09 19:02 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-16 19:56 - 2009-07-14 01:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2013-10-20 10:39

==================== End Of Log ============================

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by owner at 2014-07-16 18:13:48
Running from C:\Users\owner\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.7.1 - iolo technologies, LLC)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.4.0.13 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2013.4.0.10 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6581 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29006 - Realtek Semiconductor Corp.)
RegZooka (HKLM-x32\...\RegZooka) (Version: 4.44.11 - ZookaWare)
Revo Uninstaller 1.91 (HKLM-x32\...\Revo Uninstaller) (Version: 1.91 - VS Revo Group)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SRS Premium Sound Control Panel (HKLM\...\{75A43A49-A6A1-4FCB-A41E-02D76E166691}) (Version: 1.12.1100 - SRS Labs, Inc.)
Super TextTwist (HKLM-x32\...\am-supertexttwist) (Version: - gamehouse)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.7 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.8 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
Toshiba Security Dashboard (HKLM-x32\...\ToshibaSD) (Version: 1.0.0.48 - Symantec Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.3.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0022.640207 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.0022.640207 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.0022.640207 - TOSHIBA Corporation) Hidden
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

03-06-2014 23:26:45 Norton 360 Registry Clean
12-06-2014 22:58:05 Windows Update
09-07-2014 23:04:11 Windows Update
11-07-2014 19:52:24 SparkTrust PC Cleaner Plus Backup
11-07-2014 20:46:16 tech_restore point
11-07-2014 21:21:28 Revo Uninstaller's restore point - SpeedyBackup
11-07-2014 21:24:08 Revo Uninstaller's restore point - SpeedZooka
11-07-2014 21:25:36 Revo Uninstaller's restore point - SpyZooka
11-07-2014 21:26:43 Revo Uninstaller's restore point - SparkTrust PC Cleaner Plus
11-07-2014 21:28:14 Revo Uninstaller's restore point - Trojan Remover 6.9.1
11-07-2014 21:38:37 Revo Uninstaller Pro's restore point - spytrust antivirus
11-07-2014 21:41:12 Revo Uninstaller Pro's restore point - SparkTrust AntiVirus
12-07-2014 22:24:27 Windows Update
15-07-2014 23:52:01 zoek.exe restore point
16-07-2014 00:47:40 OTL Restore Point - 7/15/2014 8:47:35 PM
16-07-2014 03:20:15 OTL Restore Point - 7/15/2014 11:20:12 PM

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-05-27 18:16 - 00447225 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   www.10sek.com
127.0.0.1   10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   www.123fporn.info
127.0.0.1   123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {081F24D7-FD1D-4FF5-8752-4AE4871BB0EA} - System32\Tasks\{948218FA-0451-413F-876D-77FF04FE561F} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [2014-04-30] (iolo technologies, LLC)
Task: {1297FD28-3CA4-4FFA-B1BA-A8161FCA0F9B} - System32\Tasks\GoogleUpdateTaskMachineCore1ce4f575a8ab0d1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-27] (Google Inc.)
Task: {1CE3D0A6-528C-494E-8F9D-8FF19308A061} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {224A27B7-C2F8-4A5F-B5AC-0849A980D867} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\WSCStub.exe [2014-06-26] (Symantec Corporation)
Task: {34DD4306-A1DA-46C5-A8D3-4EDB31AB04FE} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2014-04-30] (iolo technologies, LLC)
Task: {3BC1D72D-1DE4-4BC2-8017-7B8896988C2A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {412A3AD9-13E9-419A-8DB6-306912A4D90C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-27] (Google Inc.)
Task: {4441F434-1659-40AE-9859-58B294F6C50F} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {507EFCAB-2733-478A-BA9D-673998ABA334} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-27] (Google Inc.)
Task: {5311907A-403B-4D83-B3CE-E63F50505413} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-05-10] (SparkTrust Systems) <==== ATTENTION
Task: {545E73AD-0AF7-446A-95A6-B4C5A7534661} - System32\Tasks\{AECE48A5-0AA1-4A25-94DF-9E7ABD5A0A5D} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\20.3.1.22\uistub.exe
Task: {5EAC87F3-26B7-43F6-BAAA-D78AA5F3568E} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {64930324-99FE-4E13-A0DD-BE8D3435DB7E} - System32\Tasks\SparkTrust AntiVirus Startup => C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SparkTrust.exe <==== ATTENTION
Task: {6D24458E-B05A-4057-8574-B525B5A8A6EB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7904D279-34E8-453F-882B-27D7C725A2CF} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation)
Task: {7E73F552-B402-4C93-BD0C-CFC9C0B060D9} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {831F60B3-D646-4682-9021-54BC689E34B7} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation)
Task: {8B975287-826A-4C90-843E-37A0162BEDAA} - System32\Tasks\{246E3151-37FB-4074-ADE5-A7D90B648B50} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\uiStub.exe [2014-06-26] (Symantec Corporation)
Task: {B2A56C4B-45B6-4473-9B96-A781D2A04565} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {B563E0A8-A501-4726-9BD5-F5122E3573D5} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {B78B5154-D1A7-4D62-9F14-C13EEEC37AFB} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {B8ACBE33-2433-47C7-9305-F5EC3EE1FB88} - System32\Tasks\SparkTrust Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-05-10] (SparkTrust Systems) <==== ATTENTION
Task: {C30014AB-B502-4738-81ED-F2E565976CFF} - System32\Tasks\{8EAB4A0F-9C40-4ABB-A87D-39BC98D6F2F9} => C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe
Task: {C441C766-934B-4AA9-8335-CEFB9602CD46} - System32\Tasks\{76035275-95E8-484D-A3E0-FB6E5129A988} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [2014-04-30] (iolo technologies, LLC)
Task: {D0614472-2AE0-4433-9688-E64DAB2A5ADB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {E7236719-0443-400F-A2E1-EF95649253AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-28] (Adobe Systems Incorporated)
Task: {F1B07E1D-745B-45C1-8A64-1D1A657A0FCD} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-05-10] (SparkTrust Systems) <==== ATTENTION
Task: {FB085102-3ECE-461B-95EC-F6312FE6D2B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1ce4f575a8ab0d1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\SparkTrust AntiVirus Startup.job => C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SparkTrust.exe <==== ATTENTION
Task: C:\windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: C:\windows\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: C:\windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-05-27 21:18 - 2012-01-20 14:45 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2013-06-18 20:08 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll
2014-06-13 15:20 - 2014-06-13 15:20 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-28 17:12 - 2013-11-28 17:12 - 16237448 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbaphd => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbapifs => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbapifsl => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbhips => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbaphd => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbapifs => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbapifsl => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbhips => ""=""

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: DelayTSS => "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SRS Premium Sound 3D => "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip" /h
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

==================== Faulty Device Manager Devices =============

Name: Hook Test Driver
Description: Hook Test Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SDHookDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2014 11:42:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL(1).exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13c

Start Time: 01cfa0a4b3f1f96f

Termination Time: 16

Application Path: C:\Users\owner\Downloads\OTL(1).exe

Report Id: 221eab86-0c9b-11e4-8d4b-00266c19d0bd

Error: (07/15/2014 09:49:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c0c

Start Time: 01cfa0963c24760a

Termination Time: 15

Application Path: C:\Users\owner\Downloads\OTL.exe

Report Id: 5f1d8cc8-0c8b-11e4-a204-00266c19d0bd

Error: (07/15/2014 09:08:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 414

Start Time: 01cfa08f60e16e4f

Termination Time: 0

Application Path: C:\Users\owner\Downloads\OTL.exe

Report Id: ab2c5b3f-0c85-11e4-9179-00266c19d0bd

Error: (07/15/2014 08:35:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0xf1c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/11/2014 05:38:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b1ff2a38-e439-4b86-b445-70d988dc5f81}

Error: (07/11/2014 05:14:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17207 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12a8

Start Time: 01cf9d4d0e09295d

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/01/2014 02:33:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SpeedZooka.exe version 4.55.14.1862 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f38

Start Time: 01cf7dc6fa163553

Termination Time: 16

Application Path: C:\Program Files (x86)\SpeedZooka\SpeedZooka.exe

Report Id: 28c613f3-e9bb-11e3-b00f-00266c19d0bd

Error: (05/23/2014 07:09:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (05/22/2014 06:42:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2014 06:37:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/16/2014 06:01:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SDHookDriver

Error: (07/15/2014 11:20:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Identity Safe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/15/2014 11:20:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/15/2014 11:16:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SDHookDriver

Error: (07/15/2014 10:22:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SDHookDriver

Error: (07/15/2014 09:51:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SDHookDriver

Error: (07/15/2014 09:30:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SDHookDriver

Error: (07/15/2014 09:23:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/15/2014 09:23:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/15/2014 09:23:39 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (07/15/2014 11:42:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL(1).exe3.2.69.013c01cfa0a4b3f1f96f16C:\Users\owner\Downloads\OTL(1).exe221eab86-0c9b-11e4-8d4b-00266c19d0bd

Error: (07/15/2014 09:49:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.0c0c01cfa0963c24760a15C:\Users\owner\Downloads\OTL.exe5f1d8cc8-0c8b-11e4-a204-00266c19d0bd

Error: (07/15/2014 09:08:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.041401cfa08f60e16e4f0C:\Users\owner\Downloads\OTL.exeab2c5b3f-0c85-11e4-9179-00266c19d0bd

Error: (07/15/2014 08:35:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bf1c01cfa08ceccf4829C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll0c99c26f-0c81-11e4-9e7d-00266c19d0bd

Error: (07/11/2014 05:38:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b1ff2a38-e439-4b86-b445-70d988dc5f81}

Error: (07/11/2014 05:14:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1720712a801cf9d4d0e09295d0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (06/01/2014 02:33:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SpeedZooka.exe4.55.14.1862f3801cf7dc6fa16355316C:\Program Files (x86)\SpeedZooka\SpeedZooka.exe28c613f3-e9bb-11e3-b00f-00266c19d0bd

Error: (05/23/2014 07:09:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (05/22/2014 06:42:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2014 06:37:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2014-07-16 18:00:46.394
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 23:34:12.662
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 23:21:35.872
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 23:15:55.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 22:21:56.152
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 21:57:21.830
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 21:51:32.763
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 21:29:44.300
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 20:56:43.600
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-07-15 20:37:21.576
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 6031.3 MB
Available physical RAM: 4136.21 MB
Total Pagefile: 12060.78 MB
Available Pagefile: 9993 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI106411W0E) (Fixed) (Total:682.74 GB) (Free:633.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: A411BFA2)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=17)

==================== End Of Log ============================

#37
hofner

Posted 17 July 2014 - 04:32 AM

Member

Topic Starter
Member
82 posts

Hi Biscuithd,

Good morning or whatever it is when you see this. I found my way to the updated Roguekiller...I still do not get or see the screen with the "fix shortcuts." Here's the report after "delete." As I said, I'm in this for the long haul, so if you have anything for me to do or redo, please let me know. If you think I should wave the white flag...say so.

By the way, when it's only the birds and me making noise, I can hear this machine chattering away almost constantly.

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : owner [Admin rights]
Mode : Remove -- Date : 07/17/2014 06:21:05

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSearch : 0 -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSearch : 0 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3199016441-4099478238-2613309327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 1fb784fb6136f2d89d217c5b61a8b9c5
[BSP] 2ddba0680ab0dfee9a8f7ea6671bb68f : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 699128 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1434888192 | Size: 14775 MB
User != LL1 ... KO!
--- LL1 ---
[MBR] 8669e310039aa5f617a51cc98a094721
[BSP] b4fe96067e3c605bceeffb1bd20d8dae : Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 699128 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1434888192 | Size: 14775 MB
User != LL2 ... KO!
--- LL2 ---
[MBR] 8669e310039aa5f617a51cc98a094721
[BSP] b4fe96067e3c605bceeffb1bd20d8dae : Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 699128 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1434888192 | Size: 14775 MB

============================================
RKreport_DEL_07142014_184529.log - RKreport_DEL_07142014_190520.log - RKreport_DEL_07152014_220739.log - RKreport_DEL_07162014_215457.log
RKreport_SCN_07132014_170147.log - RKreport_SCN_07142014_184328.log - RKreport_SCN_07142014_190106.log - RKreport_SCN_07152014_220651.log
RKreport_SCN_07162014_215403.log - RKreport_SCN_07172014_061647.log

#38
Biscuithd

Posted 17 July 2014 - 05:10 AM

Trusted Helper

Malware Removal
2,573 posts

Good morning or whatever it is when you see this.

Good Morning! I'm on EST.

As I said, I'm in this for the long haul

I appreciate your commitment as I'm in this for the long haul too :thumbsup:

If you think I should wave the white flag...say so.

I absolutely do not think you should wave the white flag. We are very close to fixing this machine.!

I can hear this machine chattering away almost constantly.

I'm not surprised, but we'll get that handled.

I've got your FRST scan to review and the RK scan. Actually, there's nothing of importance in the RK scan. The problem can be easily seen in the FRST scan. I just need a clever fix. Don't worry, I'll have it for you today. :thumbsup: Hold off on running any more tools as it changes the machine and may take me longer to clean it. Be back soon

#39
Biscuithd

Posted 17 July 2014 - 08:53 AM

Trusted Helper

Malware Removal
2,573 posts

Hi hofner,

Let's see if we can get rid of the remaining issues.

Open notepad and copy/paste the text in the quotebox below into it:

cmd: c:\windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager"

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO

SearchScopes: HKCU - DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO

SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...1I7TSNO_enUS507

SearchScopes: HKCU - {A38B9178-817C-4704-97DE-9299CC519752} URL = http://www.google.co...1I7TSNO_enUS507

SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO

2014-07-13 12:28 - 2014-07-13 12:28 - 00002992 _____ () C:\windows\System32\Tasks\{246E3151-37FB-4074-ADE5-A7D90B648B50}

BootExecute: ጦ潔瑰蝁ȰᜄጔꅘܫᦐȰ恐ፊ撰ᆹ蓁Ȱᜄጔ

cmd: c:\windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager"

I want you to Save this file a little differently. In Notepad, Click File, Save As, Click the Encoding drop down and pick Unicode.

Then Save with a file name of fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

#40
hofner

Posted 17 July 2014 - 04:43 PM

Member

Topic Starter
Member
82 posts

Hi Biscuithd,

I saved the text as instructed. To be sure...all I was supposed to do with FRST was open it and run Fix? That went very quickly and produced:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014 01
Ran by owner at 2014-07-17 18:36:06 Run:1
Running from C:\Users\owner\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
cmd: c:\windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager"

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO

SearchScopes: HKCU - DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO

SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...1I7TSNO_enUS507

SearchScopes: HKCU - {A38B9178-817C-4704-97DE-9299CC519752} URL = http://www.google.co...1I7TSNO_enUS507

SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO

2014-07-13 12:28 - 2014-07-13 12:28 - 00002992 _____ () C:\windows\System32\Tasks\{246E3151-37FB-4074-ADE5-A7D90B648B50}

BootExecute: ጦ潔瑰蝁ȰᜄጔꅘܫᦐȰ恐ፊ撰ᆹ蓁Ȱᜄጔ

cmd: c:\windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager"

*****************

========= c:\windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" =========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    CriticalSectionTimeout    REG_DWORD    0x278d00
    GlobalFlag    REG_DWORD    0x0
    HeapDeCommitFreeBlockThreshold    REG_DWORD    0x0
    HeapDeCommitTotalFreeThreshold    REG_DWORD    0x0
    HeapSegmentCommit    REG_DWORD    0x0
    HeapSegmentReserve    REG_DWORD    0x0
    ProcessorControl    REG_DWORD    0x2
    ResourceTimeoutCount    REG_DWORD    0x9e340
    BootExecute    REG_MULTI_SZ    ?\0??????\0????????\0????
    ExcludeFromKnownDlls    REG_MULTI_SZ
    ObjectDirectories    REG_MULTI_SZ    \Windows\0\RPC Control
    ProtectionMode    REG_DWORD    0x1
    NumberOfInitialSessions    REG_DWORD    0x2
    SetupExecute    REG_MULTI_SZ

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\I/O System
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Quota System
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA

========= End of CMD: =========

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}' => Key deleted successfully.
'HKCR\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Error deleting key. The key could be protected.
'HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}' => Key deleted successfully.
'HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A38B9178-817C-4704-97DE-9299CC519752}' => Key deleted successfully.
'HKCR\CLSID\{A38B9178-817C-4704-97DE-9299CC519752}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}' => Key deleted successfully.
'HKCR\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}'=> Key not found.
C:\windows\System32\Tasks\{246E3151-37FB-4074-ADE5-A7D90B648B50} => Moved successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.

========= c:\windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" =========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    CriticalSectionTimeout    REG_DWORD    0x278d00
    GlobalFlag    REG_DWORD    0x0
    HeapDeCommitFreeBlockThreshold    REG_DWORD    0x0
    HeapDeCommitTotalFreeThreshold    REG_DWORD    0x0
    HeapSegmentCommit    REG_DWORD    0x0
    HeapSegmentReserve    REG_DWORD    0x0
    ProcessorControl    REG_DWORD    0x2
    ResourceTimeoutCount    REG_DWORD    0x9e340
    BootExecute    REG_MULTI_SZ    autocheck autochk *
    ExcludeFromKnownDlls    REG_MULTI_SZ
    ObjectDirectories    REG_MULTI_SZ    \Windows\0\RPC Control
    ProtectionMode    REG_DWORD    0x1
    NumberOfInitialSessions    REG_DWORD    0x2
    SetupExecute    REG_MULTI_SZ

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\I/O System
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Quota System
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA

========= End of CMD: =========

==== End of Fixlog ====

If that was right, you're up.

#41
Biscuithd

Posted 17 July 2014 - 04:50 PM

Trusted Helper

Malware Removal
2,573 posts

That looks like it might have done it. Can you run a fresh FRST Scan and an OTL Quick Scan and post the logs for me?

Also, is the dreaded error message gone and the computer working a little better?

#42
hofner

Posted 17 July 2014 - 07:00 PM

Member

Topic Starter
Member
82 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by owner (administrator) on OWNER-PC on 17-07-2014 20:59:16
Running from C:\Users\owner\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3199016441-4099478238-2613309327-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-27] (Google Inc.)
HKU\S-1-5-21-3199016441-4099478238-2613309327-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...1I7TSNO_enUS507
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...1I7TSNO_enUS507
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\imt0iusk.default
FF DefaultSearchEngine: Amazon.com
FF SelectedSearchEngine: Amazon.com
FF Homepage: hxxp://search.yahoo.com/firefox/?fr=sfp-yff25
FF NetworkProxy: "type", 0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn [2014-07-17]

==================== Services (Whitelisted) =================

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-20] ()
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-04-30] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
S4 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed]
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-07-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-10] (Symantec Corporation)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-07-10] (Symantec Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20140717.001\IDSvia64.sys [525016 2014-07-11] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140717.008\ENG64.SYS [126040 2014-07-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140717.008\EX64.SYS [2099288 2014-07-10] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259176 2011-12-13] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-24] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-17 18:46 - 2014-07-17 18:46 - 00002624 _____ () C:\Users\owner\Downloads\fixlist.txt
2014-07-17 06:12 - 2014-07-17 06:12 - 00001243 _____ () C:\Users\owner\Desktop\RogueKillerX64(1) - Shortcut.lnk
2014-07-16 21:47 - 2014-07-16 21:47 - 05336664 _____ () C:\Users\owner\Downloads\RogueKillerX64(1).exe
2014-07-16 21:34 - 2014-07-16 21:34 - 00059064 _____ () C:\Users\owner\Downloads\Extras.Txt
2014-07-16 21:33 - 2014-07-16 21:33 - 00104824 _____ () C:\Users\owner\Downloads\OTL.Txt
2014-07-16 18:13 - 2014-07-17 20:59 - 00012641 _____ () C:\Users\owner\Downloads\FRST.txt
2014-07-16 18:13 - 2014-07-17 20:59 - 00000000 ____D () C:\FRST
2014-07-16 18:13 - 2014-07-16 18:14 - 00036454 _____ () C:\Users\owner\Downloads\Addition.txt
2014-07-16 18:08 - 2014-07-16 18:08 - 00001142 _____ () C:\Users\owner\Desktop\FRST64.exe - Shortcut.lnk
2014-07-16 18:07 - 2014-07-16 18:07 - 02086912 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
2014-07-15 23:20 - 2014-07-15 23:20 - 00000000 ____D () C:\_OTL
2014-07-15 21:31 - 2014-07-15 21:31 - 00005174 _____ () C:\Users\owner\Downloads\zoek-resultssecond.txt
2014-07-15 21:27 - 2014-07-15 21:12 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-07-15 21:13 - 2014-07-15 20:37 - 00007080 _____ () C:\zoek-results2014-07-16-003739.log
2014-07-15 19:51 - 2014-07-15 21:30 - 00005174 _____ () C:\zoek-results.log
2014-07-15 19:41 - 2014-07-15 20:05 - 00000000 ____D () C:\zoek_backup
2014-07-15 19:39 - 2014-07-15 19:39 - 00001122 _____ () C:\Users\owner\Desktop\zoek - Shortcut.lnk
2014-07-15 19:38 - 2014-07-15 19:38 - 01287168 _____ () C:\Users\owner\Downloads\zoek.exe
2014-07-14 18:47 - 2014-07-14 18:47 - 00004355 _____ () C:\Users\owner\Desktop\RKreport_DEL_07142014_184529.log
2014-07-14 18:26 - 2014-07-14 18:26 - 00001216 _____ () C:\Users\owner\Desktop\RogueKillerX64 - Shortcut.lnk
2014-07-13 17:30 - 2014-07-13 17:30 - 00001453 _____ () C:\Users\owner\Desktop\mqhgmwg0 - Shortcut.lnk
2014-07-13 17:29 - 2014-07-13 17:29 - 00001453 _____ () C:\Users\owner\Downloads\mqhgmwg0 - Shortcut.lnk
2014-07-13 17:27 - 2014-07-13 17:27 - 00380416 _____ () C:\Users\owner\Downloads\mqhgmwg0.exe
2014-07-13 16:54 - 2014-07-17 06:13 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-07-13 16:54 - 2014-07-13 16:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-12 20:14 - 2014-07-12 20:14 - 00602112 _____ (OldTimer Tools) C:\Users\owner\Downloads\OTL(1).exe
2014-07-12 18:25 - 2014-07-12 18:25 - 00286680 _____ () C:\windows\msxml4-KB973688-enu.LOG
2014-07-12 18:24 - 2014-07-12 18:25 - 00291936 _____ () C:\windows\msxml4-KB954430-enu.LOG
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-11 18:43 - 2014-07-11 18:43 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-07-11 18:41 - 2014-07-11 18:41 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2014-07-11 18:41 - 2014-07-11 18:41 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2014-07-11 18:41 - 2014-07-11 18:41 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-07-11 18:41 - 2014-07-11 18:41 - 00002406 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-07-11 18:37 - 2014-07-11 18:37 - 01021968 _____ (Symantec Corporation) C:\Users\owner\Downloads\NortonN360Downloader(4).exe
2014-07-11 18:37 - 2014-07-11 18:37 - 01021968 _____ (Symantec Corporation) C:\Users\owner\Downloads\NortonN360Downloader(3).exe
2014-07-11 17:50 - 2014-07-11 17:50 - 01021872 _____ (Symantec Corporation) C:\Users\owner\Downloads\NortonN360Downloader(2).exe
2014-07-11 17:36 - 2014-07-11 17:36 - 10619688 _____ (VS Revo Group ) C:\Users\owner\Downloads\RevoUninProSetup.exe
2014-07-11 17:36 - 2014-07-11 17:36 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\Users\owner\AppData\Local\VS Revo Group
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-11 17:36 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2014-07-11 17:19 - 2014-07-11 17:19 - 00001279 _____ () C:\Users\owner\Desktop\Revo Uninstaller.lnk
2014-07-11 17:19 - 2014-07-11 17:19 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-11 17:15 - 2011-03-21 05:57 - 02649016 _____ (VS Revo Group Ltd.) C:\revosetup.exe
2014-07-11 17:13 - 2014-07-17 20:40 - 00001568 _____ () C:\windows\setupact.log
2014-07-11 17:13 - 2014-07-11 17:13 - 00000000 _____ () C:\windows\setuperr.log
2014-07-11 17:13 - 2014-07-11 17:13 - 00000000 _____ () C:\Users\owner\agent.log
2014-07-11 17:11 - 2014-07-11 17:11 - 00000000 ____D () C:\windows\pss
2014-07-11 17:06 - 2014-07-11 17:06 - 00869456 _____ () C:\Users\owner\Downloads\Norton_Removal_Tool(3).exe
2014-07-11 17:04 - 2014-07-17 06:01 - 02680376 _____ () C:\windows\PFRO.log
2014-07-11 17:01 - 2014-07-11 17:01 - 00869456 _____ () C:\Users\owner\Downloads\Norton_Removal_Tool(2).exe
2014-07-11 16:54 - 2014-07-11 16:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-11 16:54 - 2014-07-11 16:54 - 00000000 ____D () C:\ProgramData\Hitman Pro
2014-07-11 16:52 - 2014-07-11 16:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-11 16:52 - 2014-07-11 16:52 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-11 16:50 - 2014-07-11 16:50 - 21657592 _____ (Simply Super Software ) C:\Users\owner\Downloads\trjsetup.exe
2014-07-11 16:32 - 2014-07-11 16:44 - 00000144 _____ () C:\Users\owner\Desktop\tech support.txt
2014-07-11 16:06 - 2014-07-11 16:06 - 00007620 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg
2014-07-11 15:56 - 2013-05-23 08:39 - 00041032 _____ (ThreatTrack Security) C:\windows\system32\Drivers\gfiark.sys
2014-07-11 15:51 - 2014-07-17 20:40 - 00000552 _____ () C:\windows\Tasks\SparkTrust AntiVirus Startup.job
2014-07-11 15:51 - 2014-07-17 20:40 - 00000474 _____ () C:\windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-07-11 15:51 - 2014-07-11 15:51 - 00002900 _____ () C:\windows\System32\Tasks\SparkTrust Update Version3 Startup Task
2014-07-11 15:51 - 2014-07-11 15:51 - 00002750 _____ () C:\windows\System32\Tasks\SparkTrust AntiVirus Startup
2014-07-11 15:51 - 2014-07-11 15:51 - 00000000 ___RD () C:\Users\owner\My SpeedyBackup SyncFolder
2014-07-11 15:50 - 2012-09-20 05:11 - 00258848 _____ (GFI Software) C:\windows\system32\Drivers\SbFw.sys
2014-07-11 15:50 - 2012-09-20 05:11 - 00061216 _____ (GFI Software) C:\windows\system32\Drivers\sbhips.sys
2014-07-11 15:50 - 2012-09-12 20:19 - 00120064 _____ (GFI Software) C:\windows\system32\Drivers\SbFwIm.sys
2014-07-11 15:49 - 2014-07-11 15:50 - 10769912 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust AntiVirus Setup.exe
2014-07-11 15:43 - 2014-07-11 18:40 - 00000000 ____D () C:\Users\owner\AppData\Local\LogMeIn Rescue Applet
2014-07-11 15:42 - 2014-07-11 15:42 - 01528640 _____ (LogMeIn, Inc.) C:\Users\owner\Downloads\Support-LogMeInRescue.exe
2014-07-11 14:53 - 2014-07-13 18:00 - 00000464 _____ () C:\windows\Tasks\SparkTrust Registration3.job
2014-07-11 14:53 - 2014-07-11 17:33 - 00000422 _____ () C:\windows\Tasks\SparkTrust Update Version3.job
2014-07-11 14:53 - 2014-07-11 17:14 - 00003238 _____ () C:\windows\System32\Tasks\SparkTrust Update Version3
2014-07-11 14:53 - 2014-07-11 14:53 - 00003128 _____ () C:\windows\System32\Tasks\SparkTrust Registration3
2014-07-11 14:50 - 2014-07-11 14:50 - 06769280 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust PC Cleaner Plus Setup_cea5968_.exe
2014-07-10 19:18 - 2014-07-10 19:18 - 00869456 _____ () C:\Users\owner\Downloads\Norton_Removal_Tool(1).exe
2014-07-10 18:44 - 2014-07-10 18:44 - 07539624 _____ (Symantec Corporation) C:\Users\owner\Downloads\NRnR.exe
2014-07-09 19:02 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 19:02 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 19:02 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 19:02 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 19:02 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 19:02 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 19:02 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 19:02 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 19:02 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 19:02 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 19:02 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 19:02 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 19:02 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 19:02 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 19:02 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 19:02 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 19:02 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 19:02 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 19:02 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 19:02 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 19:02 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 19:02 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 19:02 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 19:02 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 19:02 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 19:02 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 19:02 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 19:02 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 19:02 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 19:02 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 19:02 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 19:02 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 19:02 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 19:02 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 19:02 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 19:02 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 19:02 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 19:02 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 19:02 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 19:02 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 19:02 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 19:02 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 19:02 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 19:02 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 19:02 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 19:02 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 19:02 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 19:02 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 19:02 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 19:02 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 19:02 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 19:02 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 19:02 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 19:02 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 19:02 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 19:02 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 19:02 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 19:02 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 19:02 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 19:02 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 19:02 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 19:02 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 19:02 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 19:02 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 18:55 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 18:55 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 18:55 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

2014-07-17 20:59 - 2014-07-16 18:13 - 00012641 _____ () C:\Users\owner\Downloads\FRST.txt
2014-07-17 20:59 - 2014-07-16 18:13 - 00000000 ____D () C:\FRST
2014-07-17 20:48 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 20:48 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 20:44 - 2012-05-27 21:16 - 01954140 _____ () C:\windows\WindowsUpdate.log
2014-07-17 20:40 - 2014-07-11 17:13 - 00001568 _____ () C:\windows\setupact.log
2014-07-17 20:40 - 2014-07-11 15:51 - 00000552 _____ () C:\windows\Tasks\SparkTrust AntiVirus Startup.job
2014-07-17 20:40 - 2014-07-11 15:51 - 00000474 _____ () C:\windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-07-17 20:40 - 2013-05-12 17:26 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1ce4f575a8ab0d1.job
2014-07-17 20:40 - 2012-05-27 21:18 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-07-17 20:40 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-17 18:46 - 2014-07-17 18:46 - 00002624 _____ () C:\Users\owner\Downloads\fixlist.txt
2014-07-17 18:32 - 2012-05-27 22:08 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 18:13 - 2012-04-25 21:04 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 06:13 - 2014-07-13 16:54 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-07-17 06:12 - 2014-07-17 06:12 - 00001243 _____ () C:\Users\owner\Desktop\RogueKillerX64(1) - Shortcut.lnk
2014-07-17 06:01 - 2014-07-11 17:04 - 02680376 _____ () C:\windows\PFRO.log
2014-07-16 21:47 - 2014-07-16 21:47 - 05336664 _____ () C:\Users\owner\Downloads\RogueKillerX64(1).exe
2014-07-16 21:34 - 2014-07-16 21:34 - 00059064 _____ () C:\Users\owner\Downloads\Extras.Txt
2014-07-16 21:33 - 2014-07-16 21:33 - 00104824 _____ () C:\Users\owner\Downloads\OTL.Txt
2014-07-16 19:39 - 2012-05-27 21:18 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-07-16 18:14 - 2014-07-16 18:13 - 00036454 _____ () C:\Users\owner\Downloads\Addition.txt
2014-07-16 18:08 - 2014-07-16 18:08 - 00001142 _____ () C:\Users\owner\Desktop\FRST64.exe - Shortcut.lnk
2014-07-16 18:07 - 2014-07-16 18:07 - 02086912 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
2014-07-15 23:20 - 2014-07-15 23:20 - 00000000 ____D () C:\_OTL
2014-07-15 21:31 - 2014-07-15 21:31 - 00005174 _____ () C:\Users\owner\Downloads\zoek-resultssecond.txt
2014-07-15 21:30 - 2014-07-15 19:51 - 00005174 _____ () C:\zoek-results.log
2014-07-15 21:12 - 2014-07-15 21:27 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-07-15 20:37 - 2014-07-15 21:13 - 00007080 _____ () C:\zoek-results2014-07-16-003739.log
2014-07-15 20:35 - 2012-10-22 14:55 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps
2014-07-15 20:05 - 2014-07-15 19:41 - 00000000 ____D () C:\zoek_backup
2014-07-15 20:03 - 2012-10-20 16:25 - 00000000 ____D () C:\Users\owner
2014-07-15 19:39 - 2014-07-15 19:39 - 00001122 _____ () C:\Users\owner\Desktop\zoek - Shortcut.lnk
2014-07-15 19:38 - 2014-07-15 19:38 - 01287168 _____ () C:\Users\owner\Downloads\zoek.exe
2014-07-14 18:47 - 2014-07-14 18:47 - 00004355 _____ () C:\Users\owner\Desktop\RKreport_DEL_07142014_184529.log
2014-07-14 18:26 - 2014-07-14 18:26 - 00001216 _____ () C:\Users\owner\Desktop\RogueKillerX64 - Shortcut.lnk
2014-07-13 18:00 - 2014-07-11 14:53 - 00000464 _____ () C:\windows\Tasks\SparkTrust Registration3.job
2014-07-13 17:30 - 2014-07-13 17:30 - 00001453 _____ () C:\Users\owner\Desktop\mqhgmwg0 - Shortcut.lnk
2014-07-13 17:29 - 2014-07-13 17:29 - 00001453 _____ () C:\Users\owner\Downloads\mqhgmwg0 - Shortcut.lnk
2014-07-13 17:27 - 2014-07-13 17:27 - 00380416 _____ () C:\Users\owner\Downloads\mqhgmwg0.exe
2014-07-13 16:54 - 2014-07-13 16:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-12 20:14 - 2014-07-12 20:14 - 00602112 _____ (OldTimer Tools) C:\Users\owner\Downloads\OTL(1).exe
2014-07-12 18:25 - 2014-07-12 18:25 - 00286680 _____ () C:\windows\msxml4-KB973688-enu.LOG
2014-07-12 18:25 - 2014-07-12 18:24 - 00291936 _____ () C:\windows\msxml4-KB954430-enu.LOG
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-11 18:43 - 2014-07-11 18:43 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-07-11 18:43 - 2012-11-20 19:43 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-07-11 18:43 - 2012-04-25 21:03 - 00000000 ____D () C:\ProgramData\Norton
2014-07-11 18:41 - 2014-07-11 18:41 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2014-07-11 18:41 - 2014-07-11 18:41 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2014-07-11 18:41 - 2014-07-11 18:41 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-07-11 18:41 - 2014-07-11 18:41 - 00002406 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-11 18:41 - 2014-07-11 18:41 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-07-11 18:40 - 2014-07-11 15:43 - 00000000 ____D () C:\Users\owner\AppData\Local\LogMeIn Rescue Applet
2014-07-11 18:40 - 2012-11-20 19:43 - 00001315 _____ () C:\Users\owner\Desktop\Norton Installation Files.lnk
2014-07-11 18:37 - 2014-07-11 18:37 - 01021968 _____ (Symantec Corporation) C:\Users\owner\Downloads\NortonN360Downloader(4).exe
2014-07-11 18:37 - 2014-07-11 18:37 - 01021968 _____ (Symantec Corporation) C:\Users\owner\Downloads\NortonN360Downloader(3).exe
2014-07-11 17:50 - 2014-07-11 17:50 - 01021872 _____ (Symantec Corporation) C:\Users\owner\Downloads\NortonN360Downloader(2).exe
2014-07-11 17:50 - 2012-11-20 19:43 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-07-11 17:36 - 2014-07-11 17:36 - 10619688 _____ (VS Revo Group ) C:\Users\owner\Downloads\RevoUninProSetup.exe
2014-07-11 17:36 - 2014-07-11 17:36 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\Users\owner\AppData\Local\VS Revo Group
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-11 17:33 - 2014-07-11 14:53 - 00000422 _____ () C:\windows\Tasks\SparkTrust Update Version3.job
2014-07-11 17:26 - 2014-05-24 17:19 - 00000000 ____D () C:\Users\owner\AppData\Local\SpyZooka
2014-07-11 17:19 - 2014-07-11 17:19 - 00001279 _____ () C:\Users\owner\Desktop\Revo Uninstaller.lnk
2014-07-11 17:19 - 2014-07-11 17:19 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-11 17:14 - 2014-07-11 14:53 - 00003238 _____ () C:\windows\System32\Tasks\SparkTrust Update Version3
2014-07-11 17:13 - 2014-07-11 17:13 - 00000000 _____ () C:\windows\setuperr.log
2014-07-11 17:13 - 2014-07-11 17:13 - 00000000 _____ () C:\Users\owner\agent.log
2014-07-11 17:11 - 2014-07-11 17:11 - 00000000 ____D () C:\windows\pss
2014-07-11 17:06 - 2014-07-11 17:06 - 00869456 _____ () C:\Users\owner\Downloads\Norton_Removal_Tool(3).exe
2014-07-11 17:01 - 2014-07-11 17:01 - 00869456 _____ () C:\Users\owner\Downloads\Norton_Removal_Tool(2).exe
2014-07-11 16:58 - 2014-07-11 16:54 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-11 16:54 - 2014-07-11 16:54 - 00000000 ____D () C:\ProgramData\Hitman Pro
2014-07-11 16:52 - 2014-07-11 16:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-11 16:52 - 2014-07-11 16:52 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-11 16:50 - 2014-07-11 16:50 - 21657592 _____ (Simply Super Software ) C:\Users\owner\Downloads\trjsetup.exe
2014-07-11 16:44 - 2014-07-11 16:32 - 00000144 _____ () C:\Users\owner\Desktop\tech support.txt
2014-07-11 16:06 - 2014-07-11 16:06 - 00007620 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg
2014-07-11 15:53 - 2014-06-13 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-11 15:53 - 2013-05-05 13:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-11 15:53 - 2012-11-19 21:26 - 00000000 ____D () C:\Users\owner\AppData\Roaming\OnlineVault
2014-07-11 15:53 - 2012-10-28 14:16 - 00000000 ___DC () C:\Users\owner\AppData\Local\MigWiz
2014-07-11 15:53 - 2012-04-25 21:05 - 00000000 ____D () C:\windows\Panther
2014-07-11 15:53 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-07-11 15:52 - 2012-04-25 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-07-11 15:51 - 2014-07-11 15:51 - 00002900 _____ () C:\windows\System32\Tasks\SparkTrust Update Version3 Startup Task
2014-07-11 15:51 - 2014-07-11 15:51 - 00002750 _____ () C:\windows\System32\Tasks\SparkTrust AntiVirus Startup
2014-07-11 15:51 - 2014-07-11 15:51 - 00000000 ___RD () C:\Users\owner\My SpeedyBackup SyncFolder
2014-07-11 15:51 - 2014-05-23 15:36 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-07-11 15:50 - 2014-07-11 15:49 - 10769912 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust AntiVirus Setup.exe
2014-07-11 15:42 - 2014-07-11 15:42 - 01528640 _____ (LogMeIn, Inc.) C:\Users\owner\Downloads\Support-LogMeInRescue.exe
2014-07-11 14:53 - 2014-07-11 14:53 - 00003128 _____ () C:\windows\System32\Tasks\SparkTrust Registration3
2014-07-11 14:50 - 2014-07-11 14:50 - 06769280 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust PC Cleaner Plus Setup_cea5968_.exe
2014-07-10 21:08 - 2013-05-09 22:03 - 00000000 ____D () C:\Program Files (x86)\RegZooka
2014-07-10 19:18 - 2014-07-10 19:18 - 00869456 _____ () C:\Users\owner\Downloads\Norton_Removal_Tool(1).exe
2014-07-10 19:09 - 2013-02-10 00:22 - 00000000 ____D () C:\Users\owner\AppData\Local\NPE
2014-07-10 18:44 - 2014-07-10 18:44 - 07539624 _____ (Symantec Corporation) C:\Users\owner\Downloads\NRnR.exe
2014-07-09 19:12 - 2009-07-14 00:45 - 00275712 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-09 19:10 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 19:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-09 19:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-09 19:06 - 2013-08-14 22:51 - 00000000 ____D () C:\windows\system32\MRT
2014-07-09 19:06 - 2012-10-21 14:10 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 18:57 - 2009-07-14 01:08 - 00032600 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-05 14:58 - 2014-05-23 15:14 - 00001126 _____ () C:\Users\owner\Desktop\20140523-001-v5i64 - Shortcut.lnk
2014-06-21 21:27 - 2012-05-27 22:08 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 21:26 - 2013-08-10 21:59 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1ce4f575a8ab0d1
2014-06-20 16:14 - 2014-07-09 19:02 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-09 19:02 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-18 21:39 - 2014-07-09 19:02 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-09 19:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-09 19:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-09 19:02 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-09 19:02 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-09 19:02 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-09 19:02 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-09 19:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-09 19:02 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-09 19:02 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-09 19:02 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-09 19:02 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-09 19:02 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-09 19:02 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-09 19:02 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-09 19:02 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-09 19:02 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-09 19:02 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-09 19:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-09 19:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-09 19:02 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-09 19:02 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-09 19:02 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-09 19:02 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-09 19:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-09 19:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-09 19:02 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-09 19:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-09 19:02 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-09 19:02 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-09 19:02 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-09 19:02 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-09 19:02 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-09 19:02 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-09 19:02 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-09 19:02 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-09 19:02 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-09 19:02 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-09 19:02 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-09 19:02 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-09 19:02 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 19:02 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-09 19:02 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-09 19:02 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-09 19:02 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-09 19:02 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-09 19:02 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-09 19:02 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 19:02 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-09 19:02 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-09 19:02 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-09 19:02 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-09 19:02 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-09 19:02 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-17 22:18 - 2014-07-09 19:02 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-09 19:02 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-09 19:02 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2013-10-20 10:39

==================== End Of Log ============================

#43
hofner

Posted 17 July 2014 - 07:05 PM

Member

Topic Starter
Member
82 posts

OTL logfile created on: 7/17/2014 9:01:18 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 69.66% Memory free
11.78 Gb Paging File | 9.81 Gb Available in Paging File | 83.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.74 Gb Total Space | 633.07 Gb Free Space | 92.72% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/07/12 20:14:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL(1).exe
PRC - [2014/06/27 01:44:06 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe
PRC - [2014/06/13 15:20:44 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/04/30 10:07:08 | 004,492,776 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
PRC - [2012/01/20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/20 14:45:30 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

========== Modules (No Company Name) ==========

MOD - [2014/06/13 15:20:44 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/02 18:33:46 | 000,580,608 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2012/01/11 00:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/14 18:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/12/08 13:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2011/12/08 13:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/12/08 13:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/12/08 13:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/11/25 21:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/11/24 16:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/04/20 18:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/06/27 01:44:06 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe -- (N360)
SRV - [2014/06/13 15:20:44 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/30 10:07:08 | 004,492,776 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/11/28 17:12:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO)
SRV - [2012/05/10 15:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/20 19:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 19:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/01/20 14:45:30 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/21 18:32:40 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/11 18:41:52 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/03/04 00:18:12 | 001,148,120 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2014/02/20 19:14:34 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2014/02/17 21:32:41 | 000,593,112 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 21:59:49 | 000,875,736 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/10/30 03:26:19 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/10/30 02:48:51 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/10/30 02:32:37 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1504000.00D\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/05/29 11:06:34 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2013/05/23 08:39:23 | 000,041,032 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD04000.00A\ccsetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012/09/20 05:11:58 | 000,258,848 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2012/09/20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2012/09/20 05:11:58 | 000,061,216 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2012/07/26 10:01:26 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/10 15:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 06:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 06:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 06:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/24 20:11:54 | 000,412,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/02/24 20:11:52 | 000,022,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012/01/16 18:49:14 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/01/09 04:44:44 | 011,416,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/12/20 20:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/12/20 20:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/13 18:00:32 | 000,259,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011/12/06 07:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/23 20:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/18 18:03:18 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/07/11 17:22:18 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20140717.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/07/10 01:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140717.008\ex64.sys -- (NAVEX15)
DRV - [2014/07/10 01:00:00 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/07/10 01:00:00 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/07/10 01:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140717.008\eng64.sys -- (NAVENG)
DRV - [2014/07/03 17:17:17 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20140703.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...1I7TSNO_enUS507
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Amazon.com"
FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo..../?fr=sfp-yff25"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF [2014/07/11 18:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn\ [2014/07/17 20:42:28 | 000,000,000 | ---D | M]

[2013/11/28 17:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2014/07/17 06:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\imt0iusk.default\extensions
[2014/06/13 15:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/13 15:20:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/13 15:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2014/06/13 15:20:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2014/07/16 21:18:57 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\CoIEPlg.dll (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28270AC4-B16B-45F1-81E0-BA4AF7273AD6}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/16 18:13:06 | 000,000,000 | ---D | C] -- C:\FRST
[2014/07/15 23:20:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/15 21:30:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/15 21:27:26 | 000,000,000 | ---D | C] -- C:\windows\Temp
[2014/07/15 21:27:26 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Temp
[2014/07/15 19:41:51 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/07/13 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/12 18:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/07/11 18:41:52 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/07/11 18:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/07/11 18:41:40 | 001,148,120 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymEFA64.sys
[2014/07/11 18:41:40 | 000,875,736 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtsp64.sys
[2014/07/11 18:41:40 | 000,593,112 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\symnets.sys
[2014/07/11 18:41:40 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymDS64.sys
[2014/07/11 18:41:40 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Ironx64.sys
[2014/07/11 18:41:40 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\ccSetx64.sys
[2014/07/11 18:41:40 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtspx64.sys
[2014/07/11 18:41:40 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymELAM.sys
[2014/07/11 18:41:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2014/07/11 18:41:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1504000.00D
[2014/07/11 18:41:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/07/11 18:41:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2014/07/11 17:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/07/11 17:36:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\VS Revo Group
[2014/07/11 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2014/07/11 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2014/07/11 17:36:40 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\windows\SysNative\drivers\revoflt.sys
[2014/07/11 17:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/07/11 17:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/07/11 17:19:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/07/11 17:15:44 | 002,649,016 | ---- | C] (VS Revo Group Ltd.) -- C:\revosetup.exe
[2014/07/11 17:11:23 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/07/11 16:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/07/11 16:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2014/07/11 16:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/07/11 16:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/07/11 15:56:50 | 000,041,032 | ---- | C] (ThreatTrack Security) -- C:\windows\SysNative\drivers\gfiark.sys
[2014/07/11 15:51:41 | 000,000,000 | R--D | C] -- C:\Users\owner\My SpeedyBackup SyncFolder
[2014/07/11 15:50:49 | 000,061,216 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbhips.sys
[2014/07/11 15:50:41 | 000,258,848 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\SbFw.sys
[2014/07/11 15:50:41 | 000,120,064 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\SbFwIm.sys
[2014/07/11 15:43:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\LogMeIn Rescue Applet
[2014/07/11 14:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust

========== Files - Modified Within 30 Days ==========

[2014/07/17 20:48:25 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/17 20:48:25 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/17 20:40:54 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1ce4f575a8ab0d1.job
[2014/07/17 20:40:54 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/07/17 20:40:54 | 000,000,474 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3 Startup Task.job
[2014/07/17 20:40:48 | 000,000,552 | ---- | M] () -- C:\windows\tasks\SparkTrust AntiVirus Startup.job
[2014/07/17 20:40:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/07/17 20:40:22 | 448,237,567 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/17 18:32:48 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/17 18:13:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/07/17 06:13:24 | 000,030,312 | ---- | M] () -- C:\windows\SysNative\drivers\TrueSight.sys
[2014/07/17 06:12:28 | 000,001,243 | ---- | M] () -- C:\Users\owner\Desktop\RogueKillerX64(1) - Shortcut.lnk
[2014/07/16 21:18:57 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2014/07/16 19:39:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/07/16 18:08:09 | 000,001,142 | ---- | M] () -- C:\Users\owner\Desktop\FRST64.exe - Shortcut.lnk
[2014/07/15 21:12:23 | 000,024,064 | ---- | M] () -- C:\windows\zoek-delete.exe
[2014/07/15 19:39:18 | 000,001,122 | ---- | M] () -- C:\Users\owner\Desktop\zoek - Shortcut.lnk
[2014/07/14 18:26:10 | 000,001,216 | ---- | M] () -- C:\Users\owner\Desktop\RogueKillerX64 - Shortcut.lnk
[2014/07/13 18:00:00 | 000,000,464 | ---- | M] () -- C:\windows\tasks\SparkTrust Registration3.job
[2014/07/13 17:30:29 | 000,001,453 | ---- | M] () -- C:\Users\owner\Desktop\mqhgmwg0 - Shortcut.lnk
[2014/07/11 18:42:04 | 002,121,736 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Cat.DB
[2014/07/11 18:41:52 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/07/11 18:41:52 | 000,008,222 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/07/11 18:41:52 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/07/11 18:41:48 | 000,002,406 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/07/11 18:40:42 | 000,001,315 | ---- | M] () -- C:\Users\owner\Desktop\Norton Installation Files.lnk
[2014/07/11 17:36:42 | 000,001,112 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/07/11 17:36:42 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/07/11 17:33:30 | 000,000,422 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3.job
[2014/07/11 17:19:49 | 000,001,279 | ---- | M] () -- C:\Users\owner\Desktop\Revo Uninstaller.lnk
[2014/07/11 16:06:40 | 000,007,620 | ---- | M] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2014/07/09 19:12:47 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/07/05 14:58:48 | 000,001,126 | ---- | M] () -- C:\Users\owner\Desktop\20140523-001-v5i64 - Shortcut.lnk
[2014/07/01 05:23:42 | 000,040,105 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\VT20140701.003
[2014/06/27 01:55:25 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\isolate.ini

========== Files Created - No Company Name ==========

[2014/07/17 06:12:28 | 000,001,243 | ---- | C] () -- C:\Users\owner\Desktop\RogueKillerX64(1) - Shortcut.lnk
[2014/07/16 18:08:09 | 000,001,142 | ---- | C] () -- C:\Users\owner\Desktop\FRST64.exe - Shortcut.lnk
[2014/07/15 21:27:27 | 000,024,064 | ---- | C] () -- C:\windows\zoek-delete.exe
[2014/07/15 19:39:18 | 000,001,122 | ---- | C] () -- C:\Users\owner\Desktop\zoek - Shortcut.lnk
[2014/07/14 18:26:10 | 000,001,216 | ---- | C] () -- C:\Users\owner\Desktop\RogueKillerX64 - Shortcut.lnk
[2014/07/13 17:30:29 | 000,001,453 | ---- | C] () -- C:\Users\owner\Desktop\mqhgmwg0 - Shortcut.lnk
[2014/07/13 16:54:34 | 000,030,312 | ---- | C] () -- C:\windows\SysNative\drivers\TrueSight.sys
[2014/07/12 18:17:23 | 000,040,105 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\VT20140701.003
[2014/07/11 18:41:56 | 002,121,736 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Cat.DB
[2014/07/11 18:41:52 | 000,008,222 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/07/11 18:41:52 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/07/11 18:41:48 | 000,002,406 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/07/11 18:41:16 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymEFA.inf
[2014/07/11 18:41:16 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymDS.inf
[2014/07/11 18:41:16 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymNet.inf
[2014/07/11 18:41:16 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtsp64.inf
[2014/07/11 18:41:16 | 000,001,420 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtspx64.inf
[2014/07/11 18:41:16 | 000,001,098 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\symELAM.inf
[2014/07/11 18:41:16 | 000,000,855 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\ccSetx64.inf
[2014/07/11 18:41:16 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Iron.inf
[2014/07/11 18:41:15 | 000,030,068 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymVTcer.dat
[2014/07/11 18:41:14 | 000,009,939 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymELAM64.cat
[2014/07/11 18:41:14 | 000,008,202 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\ccSetx64.cat
[2014/07/11 18:41:14 | 000,008,196 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtspx64.cat
[2014/07/11 18:41:14 | 000,008,194 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymEFA64.cat
[2014/07/11 18:41:14 | 000,008,192 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\symnet64.cat
[2014/07/11 18:41:14 | 000,008,192 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\srtsp64.cat
[2014/07/11 18:41:14 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\SymDS64.cat
[2014/07/11 18:41:14 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\iron.cat
[2014/07/11 18:41:14 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\isolate.ini
[2014/07/11 17:36:42 | 000,001,112 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/07/11 17:36:42 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/07/11 17:19:49 | 000,001,279 | ---- | C] () -- C:\Users\owner\Desktop\Revo Uninstaller.lnk
[2014/07/11 16:06:40 | 000,007,620 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2014/07/11 15:51:22 | 000,000,552 | ---- | C] () -- C:\windows\tasks\SparkTrust AntiVirus Startup.job
[2014/07/11 15:51:13 | 000,000,474 | ---- | C] () -- C:\windows\tasks\SparkTrust Update Version3 Startup Task.job
[2014/07/11 14:53:30 | 000,000,464 | ---- | C] () -- C:\windows\tasks\SparkTrust Registration3.job
[2014/07/11 14:53:02 | 000,000,422 | ---- | C] () -- C:\windows\tasks\SparkTrust Update Version3.job
[2013/09/02 13:34:52 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dat
[2013/02/14 22:50:22 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/02/14 22:50:02 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2012/10/21 14:18:07 | 000,017,408 | ---- | C] () -- C:\Users\owner\AppData\Local\WebpageIcons.db

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/22 19:16:59 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\iolo
[2013/12/07 21:10:27 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ioloGovernor
[2013/07/31 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech
[2014/07/11 15:53:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OnlineVault
[2013/01/19 12:02:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\sMedio
[2014/05/23 15:36:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SparkTrust
[2013/07/31 17:56:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Toshiba
[2012/10/20 16:26:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch

========== Purity Check ==========

< End of report >

#44
hofner

Posted 17 July 2014 - 07:22 PM

Member

Topic Starter
Member
82 posts

Well....the haunting continues...The computer seemed to run a bit more quickly.

The message remained.

I tried to open Norton and I got an error message and the small icon next to the clock disappeared. Error 8506.421 I will await your analysis before running these steps. First I am just going to close the message box and restart the machine. I'll let you know if anything different occurs.

Wow....the Threat popup is now gone.

"One cause of this error is a known issue with the Instant Reset utility distributed on some Lenovo laptops. Symantec recommends not to install Norton products on Lenovo laptops with Instant Reset utility. If you are encountering this error on a computer other than Lenovo laptop with Instant Reset, follow the steps in the article.

In many cases, this error can be fixed by restarting the computer. If the problem persists even after you restart the computer, you need to uninstall and reinstall your Norton product. Download and run the Norton Removal Tool to uninstall your product.

STEP 1

Download and run the Norton Removal Tool

The Norton Removal Tool uninstalls all Norton 2003 and later products, Norton 360, and Norton SystemWorks 12.0 from your computer. If you have pcAnywhere or WinFax, uninstall it using Add or Remove Programs before running the Norton Removal Tool. Also, if you use ACT! or WinFax, back up those databases and make sure that you have the installation CDs to reinstall the product.

Download the Norton Removal Tool.

Save the file to the Windows desktop.
On the Windows desktop, double-click the Norton Removal Tool icon.
Follow the on-screen instructions.
Restart your computer.

After the computer restarts, follow the on-screen instructions to reinstall your Norton product.

If the problem persists, go to Step 2.

STEP 2

Download and run Norton Power Eraser

Download Norton Power Eraser.
Click Save.
Select the location as Desktop, and then click Save.
To run Norton Power Eraser, double-click the NPE.exe file.

If the User Account Control window appears, click Yes or Continue.
Read the license agreement, and click Accept.
In the Norton Power Eraser window, click the Scan for Risks icon.
By default, Norton Power Eraser performs a Rootkit scan and requires a system restart. When you see a prompt to restart the computer, click Restart. If you do not want to include the Rootkit scan, go to Settings, and uncheck the option Include Rootkit scan (requires a computer restart).
After the computer is restarted, the scan starts automatically. Follow the on-screen instructions.

#45
hofner

Posted 17 July 2014 - 08:01 PM

Member

Topic Starter
Member
82 posts

Hi B

Restarted computer, Norton icon is back, no error message, popup still popping. I still cannot open the Norton dashboard. I cannot get any response by clicking "view details" on the pop-up. I'm ready to kiss them off and try someone else if only just to see what they think about this "System Infected" situation.

Looking at the punctuation makes me wonder if "System Infected" is part of the name of this thing and Norton is keeping it out. "Norton blocked an attack by : System Infected: Trojan.Viknok Activity 3." Then I remembered that when I shut Norton down to run two of the programs that you suggested, the message kept appearing...even with no antivirus or firewall...all this and the Middle East and Eastern Europe are exploding (again or still...call it) and I'm starting to get weirded out by talking to someone called "Biscuit" about pop-ups but that's my problem...just kidding. I'm tired.