Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Viknok Activity 3


  • Please log in to reply

#46
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Believe it or not, we've made good progress! xsmile.png.pagespeed.ic.CwSpBGGvqN.png

 

Now for the A/V issues. Right now I can see Sparktrust and Norton running on your system. Briefly, we advise 1 (one) a/v per machine. More that one will cause them to conflict with each other. So, until we get things right, would you uninstall Norton using the Norton Unistall proceedures. Then, uninstall SparkTrust. If Sparktrust has an uninstaller, make sure you use it. If not, go to the Control Panel and do it that way. If it won't uninstall that way, I see you have Revo, then use Revo. Once, both of these A/V's are uninstalled, Windows Defender will activate. That is a good thing. Don't try and stop Defender.

 

Last, please run FSS and post the results.

 

Run Farbar Service Scanner

  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    fss1.jpg
  • Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

Advertisements


#47
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Hi there.   I ran into some confusion here.  I ditched Norton.  Cannot find SparkTrust to delete anywhere.  The downloads  I see are to install it.  This is a spot where the nut I  was talking to had trouble...well, one place.  I told him to get rid of Sparktrust and he had a hard time doing it, but it looked as if and he said that he finally did.  I looked in downloads, the control panel to remove programs and Revo.  I think he installed that too...I know I never did. 

Windows is warning me that I have no protection and wants me to turn Defender on manually. 

I also do not see fss.exe in Farbar...only FRST...I must be doing something wrong here.


  • 0

#48
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

SparkTrust is absolutely on your computer! Try Revo next. If it can't uninstall it, I'll extracted it with OTL. I always like to give these products a fair chance of leaving on their own, but, leave they must!! Kind of like closing time at a bar. "You don't have to go home, but you can't stay here." So, let me know how Revo does with it.

 

Go ahead on turn on Defender manually. Here's my opinion on Defender and it's older brother Microsoft Security Essentials. They are lighweight, work as advertised, little overhead and best of all...free. It's the only thing that Microsoft is ever going to "give" to you, so why not take it? At least until we get finished here. Then if you want to return to Norton, no problem. It's not that Norton is bad. It's just heavy, loads down the system, costs money, stuff like that. It works just fine.

 

Ok, here's a better link to FSS. Sorry about that first one.

 

Please download FSS and save the file to your desktop.


  • 0

#49
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Otay....if Sparktrust is gone now it's because the solution was too simple and I was looking for a difficult way to do it....I scare myself.

Ladies and Gentlemen...   fss

 

Farbar Service Scanner Version: 10-06-2014
Ran by owner (administrator) on 18-07-2014 at 16:29:28
Running from "C:\Users\owner\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


  • 0

#50
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, that looks as expected. :thumbsup:

 

How the machine working? Norton pop up gone? Are all popups and untoward notifications gone? Anything at all odd or not as expected?

 

Also, there's more to do, I just want to level set as to where we are. So, don't disappear on me :)


  • 0

#51
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

OK, Geek Magique...pop-up and warnings are gone. The machine?  I apparently did not realize how slow this old beast had become. Start-up is faster, accessing Firefox and then this site times are way down. Way to go Yoda (didn't really like those movies, but I liked Yoda and the princess with the cinammon rolls on her ears.) 

Lead on !


  • 0

#52
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Glad to hear that the machine is looking good from your end. I've got a few more clean up scans for your.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next, download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  • Double click on zoek.exe to run.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
  • Click Options button below the large panel and check the box:

    Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

Security Check

Download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Last, rerun OTL as you did previously, but this time just press the Quick Scan button. When OTL completes you will find one log, OTL.TXT. Please post that with the adwCleaner log, the Junkware log, the ZOEK log and the Security Log.


  • 0

#53
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

OK    Adware


  • 0

#54
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

sorry....forgot "paste"

 

# AdwCleaner v3.216 - Report created 19/07/2014 at 11:30:32
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : owner - OWNER-PC
# Running from : C:\Users\owner\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\owner\AppData\LocalLow\Inbox Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\imt0iusk.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1823 octets] - [19/07/2014 11:29:36]
AdwCleaner[S0].txt - [1711 octets] - [19/07/2014 11:30:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1771 octets] ##########
 


  • 0

#55
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Surprise of the day sor far...after Zoek rebooted there is a message from Sparktrust... "unable to update your product because of missing components. Please reinstall."   I'm gonna make believe I didn't see it unless you sound an alarm.  On to Security Check.

 

Zoek.exe v5.0.0.0 Updated 16-07-2014
Tool run by owner on Sat 07/19/2014 at 11:59:55.21.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\owner\Downloads\zoek.exe [Scan all users]  [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-07-16-003739.log    7080 bytes
C:\zoek-results2014-07-16-013020.log    5174 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F04D2D30-776C-4d02-8627-8E4385ECA58D}"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.3.19\coFFPlgn" [07/19/2014 11:32 AM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\imt0iusk.default
EE8D96E7899D12FC3AA5DB2034C0853C    - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll -    Shockwave Flash
ADC539F67D3198679F480974EE203678    - C:\windows\SysWOW64\npDeployJava1.dll -    Java Deployment Toolkit 7.0.210.11
15E298B5EC5B89C5994A59863969D9FF    - C:\windows\SysWOW64\npmproxy.dll -    Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - No path found[]
nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\Exts\Chrome.crx[05/30/2013 09:49 PM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft..../?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft..../?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE11SR"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown  Url="Not_Found"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=91 folders=24 9248256 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\owner\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\owner\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sat 07/19/2014 at 12:17:45.26 ======================
 


  • 0

Advertisements


#56
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

and Security Check

 

 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 21  
 Java version out of Date!
  Adobe Flash Player 11.9.900.152 Flash Player out of Date!  
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 iolo System Mechanic iologovernor64.exe  
 iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 


  • 0

#57
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Attn. Mission Control...

 

here ya go

 

OTL logfile created on: 7/19/2014 12:33:09 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.89 Gb Total Physical Memory | 4.34 Gb Available Physical Memory | 73.69% Memory free
11.78 Gb Paging File | 10.15 Gb Available in Paging File | 86.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.74 Gb Total Space | 633.19 Gb Free Space | 92.74% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/12 20:14:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL(1).exe
PRC - [2014/06/13 15:20:44 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/04/30 10:07:08 | 004,492,776 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
PRC - [2012/01/20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/20 14:45:30 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/13 15:20:44 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/02 18:33:46 | 000,580,608 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2012/01/11 00:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/14 18:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/12/08 13:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2011/12/08 13:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/12/08 13:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/12/08 13:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/11/25 21:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/11/24 16:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/04/20 18:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/06/13 15:20:44 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/30 10:07:08 | 004,492,776 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/11/28 17:12:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO)
SRV - [2012/05/10 15:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/20 19:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 19:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 14:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/01/20 14:45:30 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/21 18:32:40 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/05/29 11:06:34 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2013/05/23 08:39:23 | 000,041,032 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD04000.00A\ccsetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012/09/20 05:11:58 | 000,258,848 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2012/09/20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2012/09/20 05:11:58 | 000,061,216 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2012/07/26 10:01:26 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/10 15:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 06:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 06:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 06:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/24 20:11:54 | 000,412,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/02/24 20:11:52 | 000,022,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012/01/16 18:49:14 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/01/09 04:44:44 | 011,416,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/12/20 20:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/12/20 20:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/13 18:00:32 | 000,259,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011/12/06 07:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/23 20:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/18 18:03:18 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\..\SearchScopes,DefaultScope = {012E1000-F331-11DB-8314-0800200C9A66}
IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...1I7TSNO_enUS507
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.co...1I7TSNO_enUS507
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Amazon.com"
FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo..../?fr=sfp-yff25"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.3.19\coFFPlgn\ [2014/07/19 12:17:34 | 000,000,000 | ---D | M]
 
[2013/11/28 17:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2014/07/17 06:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\imt0iusk.default\extensions
[2014/06/13 15:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/13 15:20:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/13 15:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2014/06/13 15:20:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
O1 HOSTS File: ([2014/07/16 21:18:57 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28270AC4-B16B-45F1-81E0-BA4AF7273AD6}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/19 12:17:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/07/19 12:15:11 | 000,000,000 | ---D | C] -- C:\windows\Temp
[2014/07/19 12:15:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Temp
[2014/07/19 11:46:14 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/07/19 11:29:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/16 18:13:06 | 000,000,000 | ---D | C] -- C:\FRST
[2014/07/15 23:20:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/15 19:41:51 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/07/13 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/12 18:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/07/11 18:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/07/11 18:41:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2014/07/11 18:41:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1504000.00D
[2014/07/11 17:36:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\VS Revo Group
[2014/07/11 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2014/07/11 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2014/07/11 17:36:40 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\windows\SysNative\drivers\revoflt.sys
[2014/07/11 17:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/07/11 17:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/07/11 17:19:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/07/11 17:15:44 | 002,649,016 | ---- | C] (VS Revo Group Ltd.) -- C:\revosetup.exe
[2014/07/11 17:11:23 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/07/11 16:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/07/11 16:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2014/07/11 16:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/07/11 16:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/07/11 15:56:50 | 000,041,032 | ---- | C] (ThreatTrack Security) -- C:\windows\SysNative\drivers\gfiark.sys
[2014/07/11 15:51:41 | 000,000,000 | R--D | C] -- C:\Users\owner\My SpeedyBackup SyncFolder
[2014/07/11 15:50:49 | 000,061,216 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbhips.sys
[2014/07/11 15:50:41 | 000,258,848 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\SbFw.sys
[2014/07/11 15:50:41 | 000,120,064 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\SbFwIm.sys
[2014/07/11 15:43:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\LogMeIn Rescue Applet
[2014/07/11 14:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/19 12:32:03 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/19 12:25:52 | 000,000,788 | ---- | M] () -- C:\Users\owner\Desktop\SecurityCheck - Shortcut.lnk
[2014/07/19 12:24:50 | 000,000,474 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3 Startup Task.job
[2014/07/19 12:24:40 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/19 12:24:40 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/19 12:17:31 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1ce4f575a8ab0d1.job
[2014/07/19 12:17:31 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/07/19 12:17:31 | 000,000,552 | ---- | M] () -- C:\windows\tasks\SparkTrust AntiVirus Startup.job
[2014/07/19 12:17:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/07/19 12:17:04 | 448,237,567 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/19 12:13:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/07/19 11:59:47 | 000,024,064 | ---- | M] () -- C:\windows\zoek-delete.exe
[2014/07/19 11:38:23 | 000,001,111 | ---- | M] () -- C:\Users\owner\Desktop\JRT - Shortcut.lnk
[2014/07/18 18:00:00 | 000,000,464 | ---- | M] () -- C:\windows\tasks\SparkTrust Registration3.job
[2014/07/18 16:40:55 | 000,001,142 | ---- | M] () -- C:\Users\owner\Desktop\OTL(1) - Shortcut.lnk
[2014/07/18 16:27:40 | 000,001,142 | ---- | M] () -- C:\Users\owner\Desktop\FSS(1) - Shortcut.lnk
[2014/07/18 14:23:46 | 000,001,475 | ---- | M] () -- C:\Users\owner\Desktop\mqhgmwg0 - Shortcut.lnk
[2014/07/17 06:13:24 | 000,030,312 | ---- | M] () -- C:\windows\SysNative\drivers\TrueSight.sys
[2014/07/17 06:12:28 | 000,001,243 | ---- | M] () -- C:\Users\owner\Desktop\RogueKillerX64(1) - Shortcut.lnk
[2014/07/16 21:18:57 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2014/07/16 19:39:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/07/16 18:08:09 | 000,001,142 | ---- | M] () -- C:\Users\owner\Desktop\FRST64.exe - Shortcut.lnk
[2014/07/15 19:39:18 | 000,001,122 | ---- | M] () -- C:\Users\owner\Desktop\zoek - Shortcut.lnk
[2014/07/14 18:26:10 | 000,001,216 | ---- | M] () -- C:\Users\owner\Desktop\RogueKillerX64 - Shortcut.lnk
[2014/07/11 18:42:04 | 002,121,736 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Cat.DB
[2014/07/11 18:40:42 | 000,001,315 | ---- | M] () -- C:\Users\owner\Desktop\Norton Installation Files.lnk
[2014/07/11 17:36:42 | 000,001,112 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/07/11 17:36:42 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/07/11 17:33:30 | 000,000,422 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3.job
[2014/07/11 17:19:49 | 000,001,279 | ---- | M] () -- C:\Users\owner\Desktop\Revo Uninstaller.lnk
[2014/07/11 16:06:40 | 000,007,620 | ---- | M] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2014/07/09 19:12:47 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/07/05 14:58:48 | 000,001,126 | ---- | M] () -- C:\Users\owner\Desktop\20140523-001-v5i64 - Shortcut.lnk
[2014/07/01 05:23:42 | 000,040,105 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\VT20140701.003
 
========== Files Created - No Company Name ==========
 
[2014/07/19 12:25:52 | 000,000,788 | ---- | C] () -- C:\Users\owner\Desktop\SecurityCheck - Shortcut.lnk
[2014/07/19 12:15:11 | 000,024,064 | ---- | C] () -- C:\windows\zoek-delete.exe
[2014/07/19 11:38:23 | 000,001,111 | ---- | C] () -- C:\Users\owner\Desktop\JRT - Shortcut.lnk
[2014/07/18 16:40:55 | 000,001,142 | ---- | C] () -- C:\Users\owner\Desktop\OTL(1) - Shortcut.lnk
[2014/07/18 16:27:40 | 000,001,142 | ---- | C] () -- C:\Users\owner\Desktop\FSS(1) - Shortcut.lnk
[2014/07/17 06:12:28 | 000,001,243 | ---- | C] () -- C:\Users\owner\Desktop\RogueKillerX64(1) - Shortcut.lnk
[2014/07/16 18:08:09 | 000,001,142 | ---- | C] () -- C:\Users\owner\Desktop\FRST64.exe - Shortcut.lnk
[2014/07/15 19:39:18 | 000,001,122 | ---- | C] () -- C:\Users\owner\Desktop\zoek - Shortcut.lnk
[2014/07/14 18:26:10 | 000,001,216 | ---- | C] () -- C:\Users\owner\Desktop\RogueKillerX64 - Shortcut.lnk
[2014/07/13 17:30:29 | 000,001,475 | ---- | C] () -- C:\Users\owner\Desktop\mqhgmwg0 - Shortcut.lnk
[2014/07/13 16:54:34 | 000,030,312 | ---- | C] () -- C:\windows\SysNative\drivers\TrueSight.sys
[2014/07/12 18:17:23 | 000,040,105 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\VT20140701.003
[2014/07/11 18:41:56 | 002,121,736 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1504000.00D\Cat.DB
[2014/07/11 17:36:42 | 000,001,112 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/07/11 17:36:42 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/07/11 17:19:49 | 000,001,279 | ---- | C] () -- C:\Users\owner\Desktop\Revo Uninstaller.lnk
[2014/07/11 16:06:40 | 000,007,620 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2014/07/11 15:51:22 | 000,000,552 | ---- | C] () -- C:\windows\tasks\SparkTrust AntiVirus Startup.job
[2014/07/11 15:51:13 | 000,000,474 | ---- | C] () -- C:\windows\tasks\SparkTrust Update Version3 Startup Task.job
[2014/07/11 14:53:30 | 000,000,464 | ---- | C] () -- C:\windows\tasks\SparkTrust Registration3.job
[2014/07/11 14:53:02 | 000,000,422 | ---- | C] () -- C:\windows\tasks\SparkTrust Update Version3.job
[2013/09/02 13:34:52 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dat
[2013/02/14 22:50:22 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/02/14 22:50:02 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2012/10/21 14:18:07 | 000,017,408 | ---- | C] () -- C:\Users\owner\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/22 19:16:59 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\iolo
[2013/12/07 21:10:27 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ioloGovernor
[2013/07/31 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech
[2013/01/19 12:02:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\sMedio
[2013/07/31 17:56:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Toshiba
[2012/10/20 16:26:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

#58
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

I think I'll run System Restore for the heck of it...

only kidding...I just wanted to make sure I had your attention. :D :laughing:    I probably should have warned you about my sense of "humor."


Edited by hofner, 19 July 2014 - 10:47 AM.

  • 0

#59
hofner

hofner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Good morning,

Uhhh I don't know how you can respond to this problem, but I am stuck on page one.  I've rebooted, signed in, out  and in again a few times and there it is again...page one..

I'm gonna watch that "messenger" thing for a few minutes and then..we'll see.

H


  • 0

#60
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Yup, management is aware! Not a problem at your end.

 

When the site is working, I have Next Steps for you


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP