Jump to content

90fox

Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral
  1. That's a relief. I'll look into a new drive. Thank you very much for helping me. I appreciate what everyone does here. Best, Fox
  2. The previous time i ran chkdsk, from my first post for help in the other section of the forum, link: https://forums.malwarebytes.org/index.php?/topic/152510-mbam-freezing-computer-in-scan/ the log stated in stage five 5 of chkdsk that there were about 225million free clusters and that 224million were bad and being added to the bad cluster file. Then the free space on my hdd disappeared, it went from 900gb to only 3-4gb free space. This scan shows that there are only ~800k free clusters, probably because it hid all the other "bad" clusters the first time i ran it. When I first ran the chkdsk function from my first post in the other section I researched more and learned that bad clusters/sectors can be either bad because of physical damage or software corruption. Everyone suggests a drive diagnostics tool such as seatools. I ran seatools for windows, it couldn't detect the serial numbers on my ssd and hdd....(btw i have a lenovo which comes with ssd and hdd combo, there is some software, rapiddrive, which combines the two virtually so you have one virtual drive). It was recommended to run the seatools for dos, that wouldn't work. It was then recommended to run the legacy version of seatools for dos. That DID work and both drive successfully passed the long and short tests.(DST?) This leads me to think there is some software corruption? Caused by trojan, malware or virus? Based on my logs do you believe I have been infected at some point with maleware, rootkit, virus, trojan etc? I really appreciate your advice and look forward to seeing what next steps I have.
  3. Checking file system on C: The type of the file system is NTFS. Volume label is Windows7_OS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 141312 file records processed. File verification completed. 618 large file records processed. 0 bad file records processed. 0 EA records processed. 43 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 196598 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 141312 file SDs/SIDs processed. Cleaning up 104 unused index entries from index $SII of file 0x9. Cleaning up 104 unused index entries from index $SDH of file 0x9. Cleaning up 104 unused security descriptors. Security descriptor verification completed. 27644 data files processed. CHKDSK is verifying Usn Journal... 37104416 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 141296 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 812274 free clusters processed. Free space verification is complete. Adding 308193 bad clusters to the Bad Clusters File. Correcting errors in the master file table's (MFT) BITMAP attribute. Correcting errors in the Volume Bitmap. Windows has made corrections to the file system. 961739479 KB total disk space. 58458116 KB in 109053 files. 71348 KB in 27645 indexes. 900919276 KB in bad sectors. 274415 KB in use by the system. 65536 KB occupied by the log file. 2016324 KB available on disk. 4096 bytes in each allocation unit. 240434869 total allocation units on disk. 504081 allocation units available on disk. Internal Info: 00 28 02 00 05 16 02 00 32 df 03 00 00 00 00 00 .(......2....... 63 04 00 00 2b 00 00 00 00 00 00 00 00 00 00 00 c...+........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts.
  4. Hello, I'm running the chkdsk function right now. Would you like me to post the logs for it from event viewer when complete? Also, do you believe i have any malware or virus/rootkit based on my other scan logs? Just trying to see where we are at so far with diagnosing any problems. Thank you again for your help and time.
  5. ComboFix 14-07-25.01 - Fox 07/25/2014 20:00:33.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8094.5846 [GMT -7:00] Running from: c:\users\Fox\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - Windows: deleted 0 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming . . ((((((((((((((((((((((((( Files Created from 2014-06-26 to 2014-07-26 ))))))))))))))))))))))))))))))) . . 2014-07-26 03:03 . 2014-07-26 03:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-07-23 06:27 . 2014-07-23 06:27 -------- d-----w- c:\program files (x86)\Common Files\Acronis 2014-07-23 06:27 . 2014-07-23 06:27 -------- d-----w- c:\program files (x86)\Acronis 2014-07-23 05:27 . 2014-07-24 03:56 30312 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2014-07-23 05:27 . 2014-07-23 05:27 -------- d-----w- c:\programdata\RogueKiller 2014-07-23 04:48 . 2014-07-23 04:48 -------- d-----w- c:\program files (x86)\ESET 2014-07-23 03:53 . 2014-07-23 03:55 -------- d-----w- C:\AdwCleaner 2014-07-23 03:46 . 2014-07-25 02:44 -------- d-----w- c:\users\Fox\AppData\Local\CrashDumps 2014-07-23 03:44 . 2014-07-23 03:44 -------- d-----w- c:\windows\ERUNT 2014-07-22 06:19 . 2014-07-22 06:19 -------- d-----w- c:\programdata\Package Cache 2014-07-22 06:19 . 2014-07-22 06:19 -------- d-----w- c:\program files (x86)\Seagate 2014-07-22 04:03 . 2014-07-24 04:39 -------- d-----w- C:\NPE 2014-07-22 03:49 . 2014-07-24 04:41 -------- d-----w- c:\users\Fox\AppData\Local\NPE 2014-07-22 03:21 . 2014-07-22 03:21 -------- d-----w- c:\program files (x86)\Belarc 2014-07-19 05:18 . 2014-07-25 03:02 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-07-19 05:18 . 2014-07-24 03:37 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-07-19 05:18 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-07-19 05:18 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-07-19 05:18 . 2014-07-19 05:18 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-07-19 05:18 . 2014-07-19 05:18 -------- d-----w- c:\programdata\Malwarebytes 2014-07-19 04:46 . 2014-07-19 04:46 -------- d-----w- c:\program files (x86)\ERUNT 2014-07-15 05:47 . 2014-07-23 06:02 -------- d-----w- C:\FRST 2014-07-13 00:40 . 2014-07-24 04:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-07-05 18:10 . 2014-07-05 18:10 39008 ----a-w- c:\windows\system32\drivers\LhdX64.sys 2014-07-05 17:59 . 2014-07-05 18:09 -------- d-----w- C:\Drivers 2014-06-27 07:55 . 2014-06-27 07:55 196816 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-13 23:17 . 2013-07-23 02:29 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-13 23:17 . 2013-07-23 02:29 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-07-10 05:02 . 2012-10-29 00:16 96441528 ----a-w- c:\windows\system32\MRT.exe 2014-07-05 18:10 . 2012-08-24 22:34 19872 ----a-w- c:\windows\system32\LenovoSDKEmSubSystem.dll 2014-06-03 10:08 . 2013-01-27 01:00 848080 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2014-05-29 23:07 . 2014-06-05 04:43 1291232 ----a-w- c:\windows\SysWow64\nvspbridge.dll 2014-05-29 23:07 . 2013-12-18 04:11 1122312 ----a-w- c:\windows\SysWow64\nvspcap.dll 2014-05-29 23:07 . 2014-06-05 04:43 1715176 ----a-w- c:\windows\system32\nvspbridge64.dll 2014-05-29 23:07 . 2013-12-18 04:11 1279480 ----a-w- c:\windows\system32\nvspcap64.dll 2014-05-20 02:44 . 2014-06-05 04:50 9735256 ----a-w- c:\windows\SysWow64\nvcuda.dll 2014-05-20 02:44 . 2014-06-05 04:50 9697640 ----a-w- c:\windows\SysWow64\nvopencl.dll 2014-05-20 02:44 . 2014-06-05 04:50 895776 ----a-w- c:\windows\system32\NvIFR64.dll 2014-05-20 02:44 . 2014-06-05 04:50 892704 ----a-w- c:\windows\system32\NvFBC64.dll 2014-05-20 02:44 . 2014-06-05 04:50 867784 ----a-w- c:\windows\SysWow64\NvIFR.dll 2014-05-20 02:44 . 2014-06-05 04:50 861128 ----a-w- c:\windows\SysWow64\NvFBC.dll 2014-05-20 02:44 . 2014-06-05 04:50 492376 ----a-w- c:\windows\system32\nvEncodeAPI64.dll 2014-05-20 02:44 . 2014-06-05 04:50 416712 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll 2014-05-20 02:44 . 2014-06-05 04:50 382240 ----a-w- c:\windows\system32\NvIFROpenGL.dll 2014-05-20 02:44 . 2014-06-05 04:50 354016 ----a-w- c:\windows\system32\nvoglshim64.dll 2014-05-20 02:44 . 2014-06-05 04:50 335704 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll 2014-05-20 02:44 . 2014-06-05 04:50 32544 ----a-w- c:\windows\system32\drivers\nvpciflt.sys 2014-05-20 02:44 . 2014-06-05 04:50 3141976 ----a-w- c:\windows\system32\nvcuvid.dll 2014-05-20 02:44 . 2014-06-05 04:50 31387936 ----a-w- c:\windows\system32\nvoglv64.dll 2014-05-20 02:44 . 2014-06-05 04:50 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll 2014-05-20 02:44 . 2014-06-05 04:50 2953672 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2014-05-20 02:44 . 2014-06-05 04:50 2785568 ----a-w- c:\windows\system32\nvcuvenc.dll 2014-05-20 02:44 . 2014-06-05 04:50 2412376 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2014-05-20 02:44 . 2014-06-05 04:50 24025376 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2014-05-20 02:44 . 2014-06-05 04:50 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll 2014-05-20 02:44 . 2014-06-05 04:50 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-05-20 02:44 . 2014-06-05 04:50 17480432 ----a-w- c:\windows\system32\nvd3dumx.dll 2014-05-20 02:44 . 2014-06-05 04:50 16003912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2014-05-20 02:44 . 2014-06-05 04:50 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll 2014-05-20 02:44 . 2014-06-05 04:50 12688328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2014-05-20 02:44 . 2014-06-05 04:50 11644928 ----a-w- c:\windows\system32\nvcuda.dll 2014-05-20 02:44 . 2014-06-05 04:50 11599072 ----a-w- c:\windows\system32\nvopencl.dll 2014-05-20 02:44 . 2014-06-05 04:50 25256224 ----a-w- c:\windows\system32\nvcompiler.dll 2014-05-20 02:44 . 2014-06-05 04:50 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2014-05-20 02:44 . 2014-02-19 01:06 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2014-05-20 02:44 . 2013-12-18 04:08 837056 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2014-05-20 02:44 . 2013-12-18 04:08 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-05-20 02:44 . 2012-08-24 22:06 952952 ----a-w- c:\windows\system32\nvumdshimx.dll 2014-05-20 02:44 . 2012-08-24 22:06 3109248 ----a-w- c:\windows\system32\nvapi64.dll 2014-05-20 02:44 . 2012-08-24 22:06 166568 ----a-w- c:\windows\system32\nvinitx.dll 2014-05-20 02:44 . 2012-08-24 22:06 146480 ----a-w- c:\windows\SysWow64\nvinit.dll 2014-05-20 01:25 . 2012-08-24 22:06 6769096 ----a-w- c:\windows\system32\nvcpl.dll 2014-05-20 01:25 . 2012-08-24 22:06 3514144 ----a-w- c:\windows\system32\nvsvc64.dll 2014-05-20 01:25 . 2012-08-24 22:06 927520 ----a-w- c:\windows\system32\nvvsvc.exe 2014-05-20 01:25 . 2012-08-24 22:06 76064 ----a-w- c:\windows\system32\nv3dappshextr.dll 2014-05-20 01:25 . 2012-08-24 22:06 62808 ----a-w- c:\windows\system32\nvshext.dll 2014-05-20 01:25 . 2012-08-24 22:06 610592 ----a-w- c:\windows\SysWow64\oemdspif.dll 2014-05-20 01:25 . 2012-08-24 22:06 387528 ----a-w- c:\windows\system32\nvmctray.dll 2014-05-20 01:25 . 2012-08-24 22:06 2560968 ----a-w- c:\windows\system32\nvsvcr.dll 2014-05-20 01:25 . 2012-08-24 22:06 1078616 ----a-w- c:\windows\system32\nv3dappshext.dll 2014-05-14 23:49 . 2012-08-24 22:06 3774821 ----a-w- c:\windows\system32\nvcoproc.bin 2014-05-08 09:32 . 2014-06-11 02:48 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2014-05-08 09:32 . 2014-06-11 02:48 3178496 ----a-w- c:\windows\system32\rdpcorets.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-06-10 08:39 1730264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-06-10 08:39 1730264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-06-10 08:39 1730264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648] "LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-26 337776] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-27 1058400] "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360] "RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2013-08-06 237120] "adm_tray.exe"="c:\program files (x86)\Acronis\DriveMonitor\adm_tray.exe" [2011-02-25 466768] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-2-1 1380128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] R2 NSDSvc;Fast boot service of lenovo;c:\windows\System32\NSDSvc.exe;c:\windows\SYSNATIVE\NSDSvc.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x] R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] S0 HybridDisk;HybridDisk;c:\windows\System32\DRIVERS\HybridDiskX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridDiskX64.sys [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x] S0 NSD;NSD;c:\windows\system32\drivers\nsd.sys;c:\windows\SYSNATIVE\drivers\nsd.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [x] S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\ccSetx64.sys [x] S1 hybridcfile;hybridcfile;c:\windows\system32\DRIVERS\HybridCFileX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridCFileX64.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140725.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140725.001\IDSvia64.sys [x] S1 Nsdfltr;Nsdfltr;c:\windows\system32\drivers\Nsdfltr.sys;c:\windows\SYSNATIVE\drivers\Nsdfltr.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1503000.00C\SYMNETS.SYS [x] S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2014/03/23 18:41];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x] S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x] S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [x] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x] S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 hswpan;WPAN Driver;c:\windows\system32\DRIVERS\hswpan.sys;c:\windows\SYSNATIVE\DRIVERS\hswpan.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-06-10 10:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-06-10 10:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-06-10 10:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-08-24 789856] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2014-07-05 8076848] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2014-07-05 6199344] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-12 462400] . ------- Supplementary Scan ------- . uStart Page = hxxp://xfinity.comcast.net/?cid=cgps10282012 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\ljoths8f.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe SafeBoot-mbamchameleon HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file) ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file) ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file) ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynLenovoGestureMgr - c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12;c:\program files (x86)\Norton Security Suite\Engine64\21.3.0.12" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-07-25 20:04:32 ComboFix-quarantined-files.txt 2014-07-26 03:04 . Pre-Run: 3,712,561,152 bytes free Post-Run: 3,083,485,184 bytes free . - - End Of File - - 659A889F6585F478F3011B489C31B18E
  6. Hi Ron, I ran the combofix, but before doing so I disabled the firewall, antivirus auto - protection and turned on silent mode on my comcast norton security suite. Combo fix stated that the antispyware was still running. I cannot locate where to turn this off. I thought what i disabled was all there was to disable from what I read online. Once combofix alerted me that it was still running I wanted to stop running combofix and post a reply but there are no cancel buttons so it ended up running anyway. Should I uninstall norton security suite completely and run the combofix again? I will post the combo fix log in my next reply since it doesn't post correctly when I post it with my main response. Thank you again. Best, Fox
  7. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Jul 24 19:52:44 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting.
  8. Hello, Malwarebytes, again, froze on "object scanned" 108. I'm confused why these other programs are able to complete their scans. Below is the log from running JavaRa. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Jul 24 19:52:44 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting.
  9. Hello, thank you for the reply. I didn't post the junkware removal tool log because the first time i ran it the log was saved but i couldn't locate it, so i ran it again but there was nothing to report in the log. I will run your requested tests tonight when i return home from work. Again thank you for your help.
  10. Rkill 2.6.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/22/2014 09:37:40 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual * Windows Update (wuauserv) is not Running. Startup Type set to: Automatic (Delayed Start) Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 07/22/2014 09:38:17 PM Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)
  11. Rkill 2.6.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/22/2014 09:37:40 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual * Windows Update (wuauserv) is not Running. Startup Type set to: Automatic (Delayed Start) Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 07/22/2014 09:38:17 PM Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)
  12. RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Fox [Admin rights] Mode : Scan -- Date : 07/22/2014 22:33:35 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 11 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤ [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\HybridDisk @ Unknown (\SystemRoot\System32\Drivers\Fs_Rec.sys) [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\HybridDisk @ Unknown (\SystemRoot\System32\Drivers\Fs_Rec.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: SAMSUNG MZMPC032HBCD-000 +++++ --- User --- [MBR] 844d778de07972483a79dcd249959133 [bSP] d39ce535e3de6baa1545308be3a6879b : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 939198 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1923890608 | Size: 25000 MB 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1975090608 | Size: 20001 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ST1000LM024 HN-M101MBB +++++ Error reading User MBR! ([1b] The drive cannot find the sector requested. ) User = LL1 ... OK User = LL2 ... OK
  13. I'll just repost the logs one by one. I hope I don't get in trouble. I just want it easy to read, in no way is my intention to bump my post. Apologies in advance. # AdwCleaner v3.216 - Report created 22/07/2014 at 20:55:03 # Updated 17/07/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Fox - FOX-PC # Running from : C:\Users\Fox\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Windows\util Folder Deleted : C:\Users\Fox\AppData\Local\Temp\OCS ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\Fox\AppData\Roaming\Mozilla\FireFox\Profiles\ljoths8f.default\prefs.js ] ************************* AdwCleaner[R0].txt - [2428 octets] - [22/07/2014 20:53:33] AdwCleaner[s0].txt - [2254 octets] - [22/07/2014 20:55:03] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2314 octets] ##########
  14. Why are my logs posted as such? I pasted them directly and they have open blank lines between them to separate then why I post, it's all one big paragraph....odd.BTW I forgot to post the frst file. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014 Ran by Fox (administrator) on FOX-PC on 22-07-2014 23:01:46 Running from C:\Users\Fox\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ( ) C:\Program Files (x86)\LockKey\LockKey.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe (CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-15] (Synaptics Incorporated) HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-15] (Synaptics) HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-08-24] (Lenovo) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8076848 2014-07-05] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199344 2014-07-05] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation) HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( ) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [RemoteControl11] => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [237120 2013-08-06] (CyberLink Corp.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-1763048884-3980972539-2938752159-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-05-19] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-05-19] (NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=cgps10282012 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\ljoths8f.default FF Homepage: www.google.com FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File FF Extension: NoScript - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\ljoths8f.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-10-28] FF Extension: Adblock Edge - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\ljoths8f.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2012-10-28] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-22] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-30] ==================== Services (Whitelisted) ================= R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.) R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [85568 2013-08-06] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation) R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [77576 2014-02-11] (CyberLink) R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [294664 2014-02-11] (CyberLink) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] () R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation) S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.) R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation) U3 EraserUtilDrv11313; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [142128 2014-07-15] (Symantec Corporation) R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc) R1 hybridcfile; C:\Windows\System32\DRIVERS\HybridCFileX64.sys [13920 2010-03-02] (Lenovo.) R0 HybridDisk; C:\Windows\System32\DRIVERS\HybridDiskX64.sys [38496 2010-03-02] (Lenovo.) R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140722.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-22] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140722.008\ENG64.SYS [126040 2014-07-15] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140722.008\EX64.SYS [2099288 2014-07-15] (Symantec Corporation) R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation") R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-21] (Lenovo Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation) S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-27] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation) R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [32456 2014-02-12] (CyberLink Corp.) U3 BcmSqlStartupSvc; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; S0 SMR410; System32\drivers\SMR410.SYS [X] U2 SoftwareService; U3 SQLWriter; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-22 23:01 - 2014-07-22 23:01 - 02090496 _____ (Farbar) C:\Users\Fox\Downloads\FRST64.exe 2014-07-22 23:01 - 2014-07-22 23:01 - 00022451 _____ () C:\Users\Fox\Downloads\FRST.txt 2014-07-22 22:36 - 2014-07-22 22:36 - 00003574 _____ () C:\Users\Fox\Desktop\RKreport_SCN_07222014_223335.log 2014-07-22 22:27 - 2014-07-22 22:27 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-07-22 22:27 - 2014-07-22 22:27 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-22 22:26 - 2014-07-22 22:26 - 05336664 _____ () C:\Users\Fox\Downloads\RogueKillerX64.exe 2014-07-22 21:48 - 2014-07-22 21:48 - 02347384 _____ (ESET) C:\Users\Fox\Downloads\esetsmartinstaller_enu.exe 2014-07-22 21:48 - 2014-07-22 21:48 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-22 21:45 - 2014-07-22 21:45 - 00000631 _____ () C:\Users\Fox\Desktop\JRT.txt 2014-07-22 20:58 - 2014-07-22 20:58 - 00002410 _____ () C:\Users\Fox\Desktop\AdwCleaner[s0].txt 2014-07-22 20:53 - 2014-07-22 20:55 - 00000000 ____D () C:\AdwCleaner 2014-07-22 20:52 - 2014-07-22 20:52 - 01354223 _____ () C:\Users\Fox\Downloads\AdwCleaner.exe 2014-07-22 20:46 - 2014-07-22 21:40 - 00000000 ____D () C:\Users\Fox\AppData\Local\CrashDumps 2014-07-22 20:44 - 2014-07-22 20:44 - 00000000 ____D () C:\Windows\ERUNT 2014-07-22 20:43 - 2014-07-22 20:43 - 01016261 _____ (Thisisu) C:\Users\Fox\Downloads\JRT.exe 2014-07-22 19:37 - 2014-07-22 19:37 - 08867840 _____ () C:\Users\Fox\Downloads\SeaToolsDOS223ALL.ISO 2014-07-21 23:49 - 2014-07-21 23:49 - 00000000 ____D () C:\Users\Fox\Desktop\HDDScan_v31 2014-07-21 23:48 - 2014-07-21 23:48 - 01829148 _____ () C:\Users\Fox\Desktop\HDDScan_v31.zip 2014-07-21 23:43 - 2014-07-21 23:43 - 00003006 _____ () C:\Windows\System32\Tasks\{E4A77396-194B-43DF-8EEB-968D9016C848} 2014-07-21 23:19 - 2014-07-21 23:19 - 00001412 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk 2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate 2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\Program Files (x86)\Seagate 2014-07-21 23:16 - 2014-07-21 23:18 - 26771088 _____ () C:\Users\Fox\Desktop\SeaToolsforWindowsSetup.exe 2014-07-21 23:02 - 2014-07-21 23:02 - 00003544 ____N () C:\bootsqm.dat 2014-07-21 21:03 - 2014-07-21 21:03 - 00000000 ____D () C:\NPE 2014-07-21 20:49 - 2014-07-21 21:08 - 00000000 ____D () C:\Users\Fox\AppData\Local\NPE 2014-07-21 20:49 - 2014-07-21 20:49 - 03077584 ____N (Symantec Corporation) C:\Users\Fox\Desktop\NPE.exe 2014-07-21 20:41 - 2014-07-21 20:41 - 00024758 _____ () C:\Users\Fox\Documents\bookmarks.html 2014-07-21 20:38 - 2014-07-21 20:38 - 02302976 _____ () C:\Users\Fox\Documents\backup111.pst 2014-07-21 20:36 - 2014-07-21 20:40 - 559727616 _____ () C:\Users\Fox\Documents\backup.pst 2014-07-21 20:26 - 2014-07-21 20:26 - 00093277 _____ () C:\Users\Fox\Desktop\Belarc Advisor Computer Profile.htm 2014-07-21 20:25 - 2014-07-21 20:25 - 00093277 _____ () C:\Users\Fox\Documents\Belarc Advisor Computer Profile.htm 2014-07-21 20:25 - 2014-07-21 20:25 - 00000000 ____D () C:\Users\Fox\Documents\Belarc Advisor Computer Profile_files 2014-07-21 20:21 - 2014-07-21 20:21 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk 2014-07-21 20:21 - 2014-07-21 20:21 - 00002135 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk 2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\Program Files (x86)\Belarc 2014-07-21 20:20 - 2014-07-21 20:20 - 03358176 _____ () C:\Users\Fox\Desktop\advisorinstaller.exe 2014-07-20 03:19 - 2014-07-20 03:19 - 00024551 _____ () C:\Users\Fox\Desktop\bookmarks.html 2014-07-20 03:12 - 2014-07-20 03:12 - 04514472 _____ (Igor Pavlov) C:\Users\Fox\Desktop\bios update.exe 2014-07-19 14:24 - 2014-07-19 14:24 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-19 14:24 - 2014-07-19 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-18 23:44 - 2014-07-18 23:44 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Fox\Desktop\rkill64.exe 2014-07-18 22:18 - 2014-07-22 21:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-18 22:18 - 2014-07-18 22:18 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-18 22:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-18 22:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-18 22:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-18 22:09 - 2014-07-18 22:16 - 00000000 ____D () C:\Users\Fox\Desktop\mbam stuff 2014-07-18 21:47 - 2014-07-18 21:49 - 00000000 ____D () C:\Users\Fox\Desktop\registry backuo 2014-07-18 21:46 - 2014-07-18 21:46 - 00000939 _____ () C:\Users\Fox\Desktop\NTREGOPT.lnk 2014-07-18 21:46 - 2014-07-18 21:46 - 00000920 _____ () C:\Users\Fox\Desktop\ERUNT.lnk 2014-07-18 21:46 - 2014-07-18 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-07-18 21:46 - 2014-07-18 21:46 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-07-18 21:39 - 2014-07-18 21:39 - 00791393 _____ (Lars Hederer ) C:\Users\Fox\Desktop\erunt-setup.exe 2014-07-18 21:38 - 2014-07-22 21:38 - 00002558 _____ () C:\Users\Fox\Desktop\Rkill.txt 2014-07-18 21:35 - 2014-07-18 21:35 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Fox\Desktop\rkill.exe 2014-07-15 22:07 - 2014-07-15 22:07 - 02302976 _____ () C:\Users\Fox\Desktop\backup23.pst 2014-07-14 22:48 - 2014-07-14 22:48 - 00026432 _____ () C:\Users\Fox\Desktop\Addition.txt 2014-07-14 22:47 - 2014-07-22 23:01 - 00000000 ____D () C:\FRST 2014-07-14 22:47 - 2014-07-14 22:48 - 00047607 _____ () C:\Users\Fox\Desktop\FRST.txt 2014-07-14 22:42 - 2014-07-14 22:42 - 00043347 _____ () C:\Users\Fox\Desktop\CheckResults.txt 2014-07-14 22:41 - 2014-07-14 22:42 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Fox\Desktop\mbam-check-2.1.1.1001.exe 2014-07-12 17:40 - 2014-07-12 18:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-12 17:39 - 2014-07-12 18:02 - 00000000 ____D () C:\Users\Fox\Desktop\mbar 2014-07-12 17:38 - 2014-07-12 17:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Fox\Desktop\mbar-1.07.0.1012.exe 2014-07-12 17:27 - 2014-07-12 17:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Fox\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-12 17:17 - 2014-07-22 20:56 - 00029430 _____ () C:\Windows\PFRO.log 2014-07-12 17:16 - 2014-07-12 17:16 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Fox\Desktop\mbam-clean-2.1.1.1001.exe 2014-07-12 17:13 - 2014-07-22 21:35 - 00006832 _____ () C:\Windows\setupact.log 2014-07-12 17:13 - 2014-07-12 17:13 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-12 16:52 - 2014-07-12 16:52 - 00002256 _____ () C:\Users\Fox\Desktop\cc_20140712_165210.reg 2014-07-09 20:32 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-09 20:32 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-09 20:32 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-09 20:32 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-09 20:32 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 20:32 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 20:32 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-09 20:32 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 20:32 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 20:32 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-09 20:32 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-09 20:32 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-09 20:32 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 20:32 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-09 20:32 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 20:32 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 20:32 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-09 20:32 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-09 20:32 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-09 20:32 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-09 20:32 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 20:32 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 20:32 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 20:32 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-09 20:32 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 20:32 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 20:32 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 20:32 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-09 20:32 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-09 20:32 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-09 20:32 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-09 20:32 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-09 20:32 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 20:32 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-09 20:32 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 20:32 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-09 20:32 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 20:32 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-09 20:32 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-09 20:32 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 20:32 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-09 20:32 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 20:32 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 20:32 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-09 20:32 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 20:32 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 20:32 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 20:32 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-09 20:32 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 20:32 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 20:32 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-09 20:32 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 20:32 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-09 20:32 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 20:32 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-09 20:32 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-09 20:32 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-09 20:32 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-09 20:32 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 20:32 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 20:32 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 20:32 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 20:32 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 20:32 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 20:32 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 20:32 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-09 20:32 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-09 20:32 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-09 20:32 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-09 20:32 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-09 20:32 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-09 20:32 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-09 20:32 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-09 20:32 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-09 20:32 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-09 20:32 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-09 20:32 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-09 20:32 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-09 20:32 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-09 20:32 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-09 20:32 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-05 11:10 - 2014-07-05 11:10 - 00039008 _____ (Lenovo.) C:\Windows\system32\Drivers\LhdX64.sys 2014-07-05 10:28 - 2014-07-05 10:28 - 00002984 _____ () C:\Users\Fox\Desktop\cc_20140705_102833.reg 2014-07-04 13:37 - 2014-07-04 13:37 - 00011749 ____H () C:\Users\Fox\Desktop\~WRL0003.tmp ==================== One Month Modified Files and Folders ======= 2014-07-22 23:02 - 2014-07-22 23:01 - 00022451 _____ () C:\Users\Fox\Downloads\FRST.txt 2014-07-22 23:01 - 2014-07-22 23:01 - 02090496 _____ (Farbar) C:\Users\Fox\Downloads\FRST64.exe 2014-07-22 23:01 - 2014-07-14 22:47 - 00000000 ____D () C:\FRST 2014-07-22 22:36 - 2014-07-22 22:36 - 00003574 _____ () C:\Users\Fox\Desktop\RKreport_SCN_07222014_223335.log 2014-07-22 22:27 - 2014-07-22 22:27 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-07-22 22:27 - 2014-07-22 22:27 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-22 22:26 - 2014-07-22 22:26 - 05336664 _____ () C:\Users\Fox\Downloads\RogueKillerX64.exe 2014-07-22 21:48 - 2014-07-22 21:48 - 02347384 _____ (ESET) C:\Users\Fox\Downloads\esetsmartinstaller_enu.exe 2014-07-22 21:48 - 2014-07-22 21:48 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-22 21:45 - 2014-07-22 21:45 - 00000631 _____ () C:\Users\Fox\Desktop\JRT.txt 2014-07-22 21:43 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-22 21:43 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-22 21:40 - 2014-07-22 20:46 - 00000000 ____D () C:\Users\Fox\AppData\Local\CrashDumps 2014-07-22 21:39 - 2012-08-24 15:04 - 01127537 _____ () C:\Windows\WindowsUpdate.log 2014-07-22 21:38 - 2014-07-18 21:38 - 00002558 _____ () C:\Users\Fox\Desktop\Rkill.txt 2014-07-22 21:35 - 2014-07-12 17:13 - 00006832 _____ () C:\Windows\setupact.log 2014-07-22 21:35 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-22 21:00 - 2014-07-18 22:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-22 20:58 - 2014-07-22 20:58 - 00002410 _____ () C:\Users\Fox\Desktop\AdwCleaner[s0].txt 2014-07-22 20:56 - 2014-07-12 17:17 - 00029430 _____ () C:\Windows\PFRO.log 2014-07-22 20:55 - 2014-07-22 20:53 - 00000000 ____D () C:\AdwCleaner 2014-07-22 20:52 - 2014-07-22 20:52 - 01354223 _____ () C:\Users\Fox\Downloads\AdwCleaner.exe 2014-07-22 20:44 - 2014-07-22 20:44 - 00000000 ____D () C:\Windows\ERUNT 2014-07-22 20:43 - 2014-07-22 20:43 - 01016261 _____ (Thisisu) C:\Users\Fox\Downloads\JRT.exe 2014-07-22 19:42 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-22 19:37 - 2014-07-22 19:37 - 08867840 _____ () C:\Users\Fox\Downloads\SeaToolsDOS223ALL.ISO 2014-07-21 23:49 - 2014-07-21 23:49 - 00000000 ____D () C:\Users\Fox\Desktop\HDDScan_v31 2014-07-21 23:48 - 2014-07-21 23:48 - 01829148 _____ () C:\Users\Fox\Desktop\HDDScan_v31.zip 2014-07-21 23:43 - 2014-07-21 23:43 - 00003006 _____ () C:\Windows\System32\Tasks\{E4A77396-194B-43DF-8EEB-968D9016C848} 2014-07-21 23:19 - 2014-07-21 23:19 - 00001412 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk 2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate 2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\Program Files (x86)\Seagate 2014-07-21 23:18 - 2014-07-21 23:16 - 26771088 _____ () C:\Users\Fox\Desktop\SeaToolsforWindowsSetup.exe 2014-07-21 23:02 - 2014-07-21 23:02 - 00003544 ____N () C:\bootsqm.dat 2014-07-21 21:08 - 2014-07-21 20:49 - 00000000 ____D () C:\Users\Fox\AppData\Local\NPE 2014-07-21 21:03 - 2014-07-21 21:03 - 00000000 ____D () C:\NPE 2014-07-21 20:49 - 2014-07-21 20:49 - 03077584 ____N (Symantec Corporation) C:\Users\Fox\Desktop\NPE.exe 2014-07-21 20:49 - 2012-10-28 21:07 - 00000000 ____D () C:\ProgramData\Norton 2014-07-21 20:41 - 2014-07-21 20:41 - 00024758 _____ () C:\Users\Fox\Documents\bookmarks.html 2014-07-21 20:40 - 2014-07-21 20:36 - 559727616 _____ () C:\Users\Fox\Documents\backup7654.pst 2014-07-21 20:38 - 2014-07-21 20:38 - 02302976 _____ () C:\Users\Fox\Documents\backupx4.pst 2014-07-21 20:26 - 2014-07-21 20:26 - 00093277 _____ () C:\Users\Fox\Desktop\Belarc Advisor Computer Profile.htm 2014-07-21 20:25 - 2014-07-21 20:25 - 00093277 _____ () C:\Users\Fox\Documents\Belarc Advisor Computer Profile.htm 2014-07-21 20:25 - 2014-07-21 20:25 - 00000000 ____D () C:\Users\Fox\Documents\Belarc Advisor Computer Profile_files 2014-07-21 20:21 - 2014-07-21 20:21 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk 2014-07-21 20:21 - 2014-07-21 20:21 - 00002135 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk 2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\Program Files (x86)\Belarc 2014-07-21 20:20 - 2014-07-21 20:20 - 03358176 _____ () C:\Users\Fox\Desktop\advisorinstaller.exe 2014-07-20 03:19 - 2014-07-20 03:19 - 00024551 _____ () C:\Users\Fox\Desktop\bookmarks.html 2014-07-20 03:12 - 2014-07-20 03:12 - 04514472 _____ (Igor Pavlov) C:\Users\Fox\Desktop\bios update.exe 2014-07-19 16:09 - 2013-05-20 13:00 - 00000000 ____D () C:\Users\Fox\Documents\Career 2014-07-19 15:27 - 2013-05-21 12:40 - 00000000 ____D () C:\Users\Fox\Documents\My TVS 2014-07-19 14:24 - 2014-07-19 14:24 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-19 14:24 - 2014-07-19 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-19 14:24 - 2014-04-25 13:28 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-18 23:44 - 2014-07-18 23:44 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Fox\Desktop\rkill64.exe 2014-07-18 22:18 - 2014-07-18 22:18 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-18 22:16 - 2014-07-18 22:09 - 00000000 ____D () C:\Users\Fox\Desktop\mbam stuff 2014-07-18 21:49 - 2014-07-18 21:47 - 00000000 ____D () C:\Users\Fox\Desktop\registry backuo 2014-07-18 21:46 - 2014-07-18 21:46 - 00000939 _____ () C:\Users\Fox\Desktop\NTREGOPT.lnk 2014-07-18 21:46 - 2014-07-18 21:46 - 00000920 _____ () C:\Users\Fox\Desktop\ERUNT.lnk 2014-07-18 21:46 - 2014-07-18 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-07-18 21:46 - 2014-07-18 21:46 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-07-18 21:39 - 2014-07-18 21:39 - 00791393 _____ (Lars Hederer ) C:\Users\Fox\Desktop\erunt-setup.exe 2014-07-18 21:35 - 2014-07-18 21:35 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Fox\Desktop\rkill.exe 2014-07-15 22:07 - 2014-07-15 22:07 - 02302976 _____ () C:\Users\Fox\Desktop\backup 7835.pst 2014-07-14 22:48 - 2014-07-14 22:48 - 00026432 _____ () C:\Users\Fox\Desktop\Addition.txt 2014-07-14 22:48 - 2014-07-14 22:47 - 00047607 _____ () C:\Users\Fox\Desktop\FRST.txt 2014-07-14 22:42 - 2014-07-14 22:42 - 00043347 _____ () C:\Users\Fox\Desktop\CheckResults.txt 2014-07-14 22:42 - 2014-07-14 22:41 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Fox\Desktop\mbam-check-2.1.1.1001.exe 2014-07-13 16:17 - 2013-07-22 19:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-13 16:17 - 2013-07-22 19:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-12 18:03 - 2014-07-12 17:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-12 18:02 - 2014-07-12 17:39 - 00000000 ____D () C:\Users\Fox\Desktop\mbar 2014-07-12 17:38 - 2014-07-12 17:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Fox\Desktop\mbar-1.07.0.1012.exe 2014-07-12 17:27 - 2014-07-12 17:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Fox\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-12 17:16 - 2014-07-12 17:16 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Fox\Desktop\mbam-clean-2.1.1.1001.exe 2014-07-12 17:13 - 2014-07-12 17:13 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-12 16:52 - 2014-07-12 16:52 - 00002256 _____ () C:\Users\Fox\Desktop\cc_20140712_165210.reg 2014-07-11 22:26 - 2013-05-04 13:05 - 00000000 ____D () C:\Users\Fox\Documents\Mom's TVS 2014-07-11 20:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache 2014-07-11 03:02 - 2014-04-25 13:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-11 02:56 - 2014-04-25 13:28 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-11 02:56 - 2014-04-25 13:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-11 02:55 - 2014-04-25 13:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-09 23:16 - 2009-07-13 21:45 - 00463768 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-09 23:15 - 2014-05-06 11:17 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-09 23:15 - 2011-10-10 01:19 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 23:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-09 23:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-09 22:02 - 2013-07-31 17:41 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 22:02 - 2012-10-28 17:16 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-09 18:19 - 2013-01-26 17:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-07-06 12:42 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-07-05 11:10 - 2014-07-05 11:10 - 00039008 _____ (Lenovo.) C:\Windows\system32\Drivers\LhdX64.sys 2014-07-05 11:10 - 2012-10-29 03:36 - 00000000 ____D () C:\Users\Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2014-07-05 11:10 - 2012-08-24 15:34 - 00019872 _____ (Lenovo (Beijing) Limited) C:\Windows\system32\LenovoSDKEmSubSystem.dll 2014-07-05 11:10 - 2012-08-24 15:34 - 00000000 ____D () C:\ProgramData\Downloaded Installations 2014-07-05 11:10 - 2012-08-24 15:28 - 00000000 ____D () C:\Program Files (x86)\Lenovo 2014-07-05 11:10 - 2012-08-24 15:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-05 11:05 - 2012-08-24 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo 2014-07-05 10:28 - 2014-07-05 10:28 - 00002984 _____ () C:\Users\Fox\Desktop\cc_20140705_102833.reg 2014-07-05 10:17 - 2013-05-04 13:35 - 00000000 ____D () C:\ProgramData\Energy Management 2014-07-04 15:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration 2014-07-04 14:29 - 2012-10-29 03:36 - 00000000 ____D () C:\Users\Fox 2014-07-04 13:37 - 2014-07-04 13:37 - 00011749 ____H () C:\Users\Fox\Desktop\~WRL0003.tmp 2014-06-29 19:09 - 2014-07-09 20:32 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-29 19:04 - 2014-07-09 20:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-28 20:00 - 2012-10-28 20:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\Fox\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 21:06 ==================== End Of Log ============================
  15. Hello, No problem, I appreciate you taking time out of your day to help others, including me. It is truly appreciated!! MBAM is still getting stuck on system driver object 108. Rouge killer states that I have a kernal filter, fs_rec.sys. Could this driver be what MBAM is stuck on? Is this a rootkit? Please see the logs below: -------------------------------------------------------------------------------- Rougekiller: RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software mail : http://forum.adlice.com Website : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Fox [Admin rights] Mode : Scan -- Date : 07/22/2014 22:33:35 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 11 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤ [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\HybridDisk @ Unknown (\SystemRoot\System32\Drivers\Fs_Rec.sys) [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\HybridDisk @ Unknown (\SystemRoot\System32\Drivers\Fs_Rec.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: SAMSUNG MZMPC032HBCD-000 +++++ --- User --- [MBR] 844d778de07972483a79dcd249959133 [bSP] d39ce535e3de6baa1545308be3a6879b : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 939198 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1923890608 | Size: 25000 MB 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1975090608 | Size: 20001 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: ST1000LM024 HN-M101MBB +++++ Error reading User MBR! ([1b] The drive cannot find the sector requested. ) User = LL1 ... OK User = LL2 ... OK ---------------------------------------------------------------------------- RKILL: Rkill 2.6.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/22/2014 09:37:40 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual * Windows Update (wuauserv) is not Running. Startup Type set to: Automatic (Delayed Start) Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 07/22/2014 09:38:17 PM Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s) ------------------------------------------------------------ Junkware Removal Tool: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Fox on Tue 07/22/2014 at 21:38:54.50 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 07/22/2014 at 21:45:56.59 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ----------------------------------------------------------------------------------------------------------------------- ADWCleaner: # AdwCleaner v3.216 - Report created 22/07/2014 at 20:55:03 # Updated 17/07/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Fox - FOX-PC # Running from : C:\Users\Fox\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Windows\util Folder Deleted : C:\Users\Fox\AppData\Local\Temp\OCS ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\Fox\AppData\Roaming\Mozilla\FireFox\Profiles\ljoths8f.default\prefs.js ] ************************* AdwCleaner[R0].txt - [2428 octets] - [22/07/2014 20:53:33] AdwCleaner[s0].txt - [2254 octets] - [22/07/2014 20:55:03] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2314 octets] ########## --------------------------------------------------------------------------------------------- Not sure why rougekiller cannot detect the sector from my hdd. I have a lenovo y580 which came with ssd and hdd combo. I'm not sure, but i think it might have rapiddrive which combines the ssd and hdd in a single virtual drive? That's my understanding of it at least. I wonder if that one driver that rougekiller found is the one that MBAM is stuck on. Is it a rootkit? I look forward to hearing from you. I need to fix this computer asap :-( In my first post I mentioned that chkdsk found 224million bad sectors/clusters. Maybe my hdd or ssd is failing and this is why i'm having problems with scans? but norton and eset and all other scans complete...it's just MBAM that will not.... Thank you again in advance... PS - Just to make sure, the logs I posted in the first post and in this post, they do not contain any personal data that I should be concerned about right? Best, Fox
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.