Jump to content

90fox

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Posts posted by 90fox

  1. The previous time i ran chkdsk, from my first post for help in the other section of the forum, link:

     

    https://forums.malwarebytes.org/index.php?/topic/152510-mbam-freezing-computer-in-scan/

     

    the log stated in stage five 5 of chkdsk that there were about 225million free clusters and that 224million were bad and being added to the bad cluster file.  Then the free space on my hdd disappeared, it went from 900gb to only 3-4gb free space.

     

    This scan shows that there are only ~800k free clusters, probably because it hid all the other "bad" clusters the first time i ran it.

     

    When I first ran the chkdsk function from my first post in the other section I researched more and learned that bad clusters/sectors can be either bad because of physical damage or software corruption.  Everyone suggests a drive diagnostics tool such as seatools.  I ran seatools for windows, it couldn't detect the serial numbers on my ssd and hdd....(btw i have a lenovo which comes with ssd and hdd combo, there is some software, rapiddrive, which combines the two virtually so you have one virtual drive). 

     

    It was recommended to run the seatools for dos, that wouldn't work.  It was then recommended to run the legacy version of seatools for dos.  That DID work and both drive successfully passed the long and short tests.(DST?)  This leads me to think there is some software corruption? Caused by trojan, malware or virus?

     

    Based on my logs do you believe I have been infected at some point with maleware, rootkit, virus, trojan etc?  I really appreciate your advice and look forward to seeing what next steps I have. 

  2. Checking file system on C:
    The type of the file system is NTFS.
    Volume label is Windows7_OS.

    A disk check has been scheduled.
    Windows will now check the disk.                         

    CHKDSK is verifying files (stage 1 of 5)...
      141312 file records processed.                                          File verification completed.
      618 large file records processed.                                      0 bad file records processed.                                        0 EA records processed.                                              43 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
      196598 index entries processed.                                         Index verification completed.
      0 unindexed files scanned.                                           0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
      141312 file SDs/SIDs processed.                                         Cleaning up 104 unused index entries from index $SII of file 0x9.
    Cleaning up 104 unused index entries from index $SDH of file 0x9.
    Cleaning up 104 unused security descriptors.
    Security descriptor verification completed.
      27644 data files processed.                                            CHKDSK is verifying Usn Journal...
      37104416 USN bytes processed.                                             Usn Journal verification completed.
    CHKDSK is verifying file data (stage 4 of 5)...
      141296 files processed.                                                 File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
      812274 free clusters processed.                                         Free space verification is complete.
    Adding 308193 bad clusters to the Bad Clusters File.
    Correcting errors in the master file table's (MFT) BITMAP attribute.
    Correcting errors in the Volume Bitmap.
    Windows has made corrections to the file system.

     961739479 KB total disk space.
      58458116 KB in 109053 files.
         71348 KB in 27645 indexes.
     900919276 KB in bad sectors.
        274415 KB in use by the system.
         65536 KB occupied by the log file.
       2016324 KB available on disk.

          4096 bytes in each allocation unit.
     240434869 total allocation units on disk.
        504081 allocation units available on disk.

    Internal Info:
    00 28 02 00 05 16 02 00 32 df 03 00 00 00 00 00  .(......2.......
    63 04 00 00 2b 00 00 00 00 00 00 00 00 00 00 00  c...+...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

    Windows has finished checking your disk.
    Please wait while your computer restarts.
     

  3. ComboFix 14-07-25.01 - Fox 07/25/2014  20:00:33.1.8 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8094.5846 [GMT -7:00]
    Running from: c:\users\Fox\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
    SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ADS - Windows: deleted 0 bytes in 1 streams.
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-06-26 to 2014-07-26  )))))))))))))))))))))))))))))))
    .
    .
    2014-07-26 03:03 . 2014-07-26 03:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2014-07-23 06:27 . 2014-07-23 06:27    --------    d-----w-    c:\program files (x86)\Common Files\Acronis
    2014-07-23 06:27 . 2014-07-23 06:27    --------    d-----w-    c:\program files (x86)\Acronis
    2014-07-23 05:27 . 2014-07-24 03:56    30312    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
    2014-07-23 05:27 . 2014-07-23 05:27    --------    d-----w-    c:\programdata\RogueKiller
    2014-07-23 04:48 . 2014-07-23 04:48    --------    d-----w-    c:\program files (x86)\ESET
    2014-07-23 03:53 . 2014-07-23 03:55    --------    d-----w-    C:\AdwCleaner
    2014-07-23 03:46 . 2014-07-25 02:44    --------    d-----w-    c:\users\Fox\AppData\Local\CrashDumps
    2014-07-23 03:44 . 2014-07-23 03:44    --------    d-----w-    c:\windows\ERUNT
    2014-07-22 06:19 . 2014-07-22 06:19    --------    d-----w-    c:\programdata\Package Cache
    2014-07-22 06:19 . 2014-07-22 06:19    --------    d-----w-    c:\program files (x86)\Seagate
    2014-07-22 04:03 . 2014-07-24 04:39    --------    d-----w-    C:\NPE
    2014-07-22 03:49 . 2014-07-24 04:41    --------    d-----w-    c:\users\Fox\AppData\Local\NPE
    2014-07-22 03:21 . 2014-07-22 03:21    --------    d-----w-    c:\program files (x86)\Belarc
    2014-07-19 05:18 . 2014-07-25 03:02    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-07-19 05:18 . 2014-07-24 03:37    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
    2014-07-19 05:18 . 2014-05-12 14:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
    2014-07-19 05:18 . 2014-05-12 14:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2014-07-19 05:18 . 2014-07-19 05:18    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
    2014-07-19 05:18 . 2014-07-19 05:18    --------    d-----w-    c:\programdata\Malwarebytes
    2014-07-19 04:46 . 2014-07-19 04:46    --------    d-----w-    c:\program files (x86)\ERUNT
    2014-07-15 05:47 . 2014-07-23 06:02    --------    d-----w-    C:\FRST
    2014-07-13 00:40 . 2014-07-24 04:17    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-07-05 18:10 . 2014-07-05 18:10    39008    ----a-w-    c:\windows\system32\drivers\LhdX64.sys
    2014-07-05 17:59 . 2014-07-05 18:09    --------    d-----w-    C:\Drivers
    2014-06-27 07:55 . 2014-06-27 07:55    196816    ----a-w-    c:\program files\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-07-13 23:17 . 2013-07-23 02:29    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-13 23:17 . 2013-07-23 02:29    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2014-07-10 05:02 . 2012-10-29 00:16    96441528    ----a-w-    c:\windows\system32\MRT.exe
    2014-07-05 18:10 . 2012-08-24 22:34    19872    ----a-w-    c:\windows\system32\LenovoSDKEmSubSystem.dll
    2014-06-03 10:08 . 2013-01-27 01:00    848080    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2014-05-29 23:07 . 2014-06-05 04:43    1291232    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
    2014-05-29 23:07 . 2013-12-18 04:11    1122312    ----a-w-    c:\windows\SysWow64\nvspcap.dll
    2014-05-29 23:07 . 2014-06-05 04:43    1715176    ----a-w-    c:\windows\system32\nvspbridge64.dll
    2014-05-29 23:07 . 2013-12-18 04:11    1279480    ----a-w-    c:\windows\system32\nvspcap64.dll
    2014-05-20 02:44 . 2014-06-05 04:50    9735256    ----a-w-    c:\windows\SysWow64\nvcuda.dll
    2014-05-20 02:44 . 2014-06-05 04:50    9697640    ----a-w-    c:\windows\SysWow64\nvopencl.dll
    2014-05-20 02:44 . 2014-06-05 04:50    895776    ----a-w-    c:\windows\system32\NvIFR64.dll
    2014-05-20 02:44 . 2014-06-05 04:50    892704    ----a-w-    c:\windows\system32\NvFBC64.dll
    2014-05-20 02:44 . 2014-06-05 04:50    867784    ----a-w-    c:\windows\SysWow64\NvIFR.dll
    2014-05-20 02:44 . 2014-06-05 04:50    861128    ----a-w-    c:\windows\SysWow64\NvFBC.dll
    2014-05-20 02:44 . 2014-06-05 04:50    492376    ----a-w-    c:\windows\system32\nvEncodeAPI64.dll
    2014-05-20 02:44 . 2014-06-05 04:50    416712    ----a-w-    c:\windows\SysWow64\nvEncodeAPI.dll
    2014-05-20 02:44 . 2014-06-05 04:50    382240    ----a-w-    c:\windows\system32\NvIFROpenGL.dll
    2014-05-20 02:44 . 2014-06-05 04:50    354016    ----a-w-    c:\windows\system32\nvoglshim64.dll
    2014-05-20 02:44 . 2014-06-05 04:50    335704    ----a-w-    c:\windows\SysWow64\NvIFROpenGL.dll
    2014-05-20 02:44 . 2014-06-05 04:50    32544    ----a-w-    c:\windows\system32\drivers\nvpciflt.sys
    2014-05-20 02:44 . 2014-06-05 04:50    3141976    ----a-w-    c:\windows\system32\nvcuvid.dll
    2014-05-20 02:44 . 2014-06-05 04:50    31387936    ----a-w-    c:\windows\system32\nvoglv64.dll
    2014-05-20 02:44 . 2014-06-05 04:50    305600    ----a-w-    c:\windows\SysWow64\nvoglshim32.dll
    2014-05-20 02:44 . 2014-06-05 04:50    2953672    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
    2014-05-20 02:44 . 2014-06-05 04:50    2785568    ----a-w-    c:\windows\system32\nvcuvenc.dll
    2014-05-20 02:44 . 2014-06-05 04:50    2412376    ----a-w-    c:\windows\SysWow64\nvcuvenc.dll
    2014-05-20 02:44 . 2014-06-05 04:50    24025376    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
    2014-05-20 02:44 . 2014-06-05 04:50    1889112    ----a-w-    c:\windows\system32\nvdispco6433788.dll
    2014-05-20 02:44 . 2014-06-05 04:50    18531568    ----a-w-    c:\windows\system32\nvwgf2umx.dll
    2014-05-20 02:44 . 2014-06-05 04:50    17480432    ----a-w-    c:\windows\system32\nvd3dumx.dll
    2014-05-20 02:44 . 2014-06-05 04:50    16003912    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
    2014-05-20 02:44 . 2014-06-05 04:50    1541576    ----a-w-    c:\windows\system32\nvdispgenco6433788.dll
    2014-05-20 02:44 . 2014-06-05 04:50    12688328    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
    2014-05-20 02:44 . 2014-06-05 04:50    11644928    ----a-w-    c:\windows\system32\nvcuda.dll
    2014-05-20 02:44 . 2014-06-05 04:50    11599072    ----a-w-    c:\windows\system32\nvopencl.dll
    2014-05-20 02:44 . 2014-06-05 04:50    25256224    ----a-w-    c:\windows\system32\nvcompiler.dll
    2014-05-20 02:44 . 2014-06-05 04:50    17561544    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
    2014-05-20 02:44 . 2014-02-19 01:06    14434704    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
    2014-05-20 02:44 . 2013-12-18 04:08    837056    ----a-w-    c:\windows\SysWow64\nvumdshim.dll
    2014-05-20 02:44 . 2013-12-18 04:08    2730208    ----a-w-    c:\windows\SysWow64\nvapi.dll
    2014-05-20 02:44 . 2012-08-24 22:06    952952    ----a-w-    c:\windows\system32\nvumdshimx.dll
    2014-05-20 02:44 . 2012-08-24 22:06    3109248    ----a-w-    c:\windows\system32\nvapi64.dll
    2014-05-20 02:44 . 2012-08-24 22:06    166568    ----a-w-    c:\windows\system32\nvinitx.dll
    2014-05-20 02:44 . 2012-08-24 22:06    146480    ----a-w-    c:\windows\SysWow64\nvinit.dll
    2014-05-20 01:25 . 2012-08-24 22:06    6769096    ----a-w-    c:\windows\system32\nvcpl.dll
    2014-05-20 01:25 . 2012-08-24 22:06    3514144    ----a-w-    c:\windows\system32\nvsvc64.dll
    2014-05-20 01:25 . 2012-08-24 22:06    927520    ----a-w-    c:\windows\system32\nvvsvc.exe
    2014-05-20 01:25 . 2012-08-24 22:06    76064    ----a-w-    c:\windows\system32\nv3dappshextr.dll
    2014-05-20 01:25 . 2012-08-24 22:06    62808    ----a-w-    c:\windows\system32\nvshext.dll
    2014-05-20 01:25 . 2012-08-24 22:06    610592    ----a-w-    c:\windows\SysWow64\oemdspif.dll
    2014-05-20 01:25 . 2012-08-24 22:06    387528    ----a-w-    c:\windows\system32\nvmctray.dll
    2014-05-20 01:25 . 2012-08-24 22:06    2560968    ----a-w-    c:\windows\system32\nvsvcr.dll
    2014-05-20 01:25 . 2012-08-24 22:06    1078616    ----a-w-    c:\windows\system32\nv3dappshext.dll
    2014-05-14 23:49 . 2012-08-24 22:06    3774821    ----a-w-    c:\windows\system32\nvcoproc.bin
    2014-05-08 09:32 . 2014-06-11 02:48    16384    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
    2014-05-08 09:32 . 2014-06-11 02:48    3178496    ----a-w-    c:\windows\system32\rdpcorets.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-06-10 08:39    1730264    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-06-10 08:39    1730264    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-06-10 08:39    1730264    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
    "LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-26 337776]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-27 1058400]
    "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
    "RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2013-08-06 237120]
    "adm_tray.exe"="c:\program files (x86)\Acronis\DriveMonitor\adm_tray.exe" [2011-02-25 466768]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-2-1 1380128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages    REG_MULTI_SZ       scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
    R2 NSDSvc;Fast boot service of lenovo;c:\windows\System32\NSDSvc.exe;c:\windows\SYSNATIVE\NSDSvc.exe [x]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
    R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
    S0 HybridDisk;HybridDisk;c:\windows\System32\DRIVERS\HybridDiskX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridDiskX64.sys [x]
    S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
    S0 NSD;NSD;c:\windows\system32\drivers\nsd.sys;c:\windows\SYSNATIVE\drivers\nsd.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [x]
    S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\ccSetx64.sys [x]
    S1 hybridcfile;hybridcfile;c:\windows\system32\DRIVERS\HybridCFileX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridCFileX64.sys [x]
    S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140725.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140725.001\IDSvia64.sys [x]
    S1 Nsdfltr;Nsdfltr;c:\windows\system32\drivers\Nsdfltr.sys;c:\windows\SYSNATIVE\drivers\Nsdfltr.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1503000.00C\SYMNETS.SYS [x]
    S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2014/03/23 18:41];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x]
    S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
    S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [x]
    S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
    S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [x]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
    S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    S3 hswpan;WPAN Driver;c:\windows\system32\DRIVERS\hswpan.sys;c:\windows\SYSNATIVE\DRIVERS\hswpan.sys [x]
    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
    .
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-06-10 10:07    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-06-10 10:07    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-06-10 10:07    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-08-24 789856]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
    "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2014-07-05 8076848]
    "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2014-07-05 6199344]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-12 462400]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://xfinity.comcast.net/?cid=cgps10282012
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\ljoths8f.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
    SafeBoot-mbamchameleon
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
    ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
    ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)
    ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-SynLenovoGestureMgr - c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe
    AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
    "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS"
    "TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12;c:\program files (x86)\Norton Security Suite\Engine64\21.3.0.12"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-07-25  20:04:32
    ComboFix-quarantined-files.txt  2014-07-26 03:04
    .
    Pre-Run: 3,712,561,152 bytes free
    Post-Run: 3,083,485,184 bytes free
    .
    - - End Of File - - 659A889F6585F478F3011B489C31B18E
     

  4. Hi Ron,

     

    I ran the combofix, but before doing so I disabled the firewall, antivirus auto - protection  and turned on silent mode on my comcast norton security suite.  Combo fix stated that the antispyware was still running.  I cannot locate where to turn this off.  I thought what i disabled was all there was to disable from what I read online.  Once combofix alerted me that it was still running I wanted to stop running combofix and post a reply but there are no cancel buttons so it ended up running anyway. 

     

    Should I uninstall norton security suite completely and run the combofix again?  I will post the combo fix log in my next reply since it doesn't post correctly when I post it with my main response.

     

    Thank you again.

     

    Best,

     

    Fox

  5. JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Thu Jul 24 19:52:44 2014

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

    Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

    Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

    Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

    Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

    Found and removed: SOFTWARE\JavaSoft

    Found and removed: SOFTWARE\JreMetrics

    Found and removed: SOFTWARE\MozillaPlugins

    ------------------------------------

    Finished reporting.



     

  6. Hello,

    Malwarebytes, again, froze on "object scanned" 108. I'm confused why these other programs are able to complete their scans. Below is the log from running JavaRa.

    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Thu Jul 24 19:52:44 2014

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

    Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

    Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

    Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

    Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

    Found and removed: SOFTWARE\JavaSoft

    Found and removed: SOFTWARE\JreMetrics

    Found and removed: SOFTWARE\MozillaPlugins

    ------------------------------------

    Finished reporting.

  7. Rkill 2.6.7 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2014 BleepingComputer.com
    More Information about Rkill can be found at this link:
     http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 07/22/2014 09:37:40 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

     * No malware services found to stop.

    Checking for processes to terminate:

     * No malware processes found to kill.

    Checking Registry for malware related settings:

     * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

     * Windows Defender Disabled

       [HKLM\SOFTWARE\Microsoft\Windows Defender]
       "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

     * Windows Defender (WinDefend) is not Running.
       Startup Type set to: Manual

     * Windows Update (wuauserv) is not Running.
       Startup Type set to: Automatic (Delayed Start)

    Searching for Missing Digital Signatures:

     * No issues found.

    Checking HOSTS File:

     * No issues found.

    Program finished at: 07/22/2014 09:38:17 PM
    Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)
     

  8. Rkill 2.6.7 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2014 BleepingComputer.com
    More Information about Rkill can be found at this link:
     http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 07/22/2014 09:37:40 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

     * No malware services found to stop.

    Checking for processes to terminate:

     * No malware processes found to kill.

    Checking Registry for malware related settings:

     * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

     * Windows Defender Disabled

       [HKLM\SOFTWARE\Microsoft\Windows Defender]
       "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

     * Windows Defender (WinDefend) is not Running.
       Startup Type set to: Manual

     * Windows Update (wuauserv) is not Running.
       Startup Type set to: Automatic (Delayed Start)

    Searching for Missing Digital Signatures:

     * No issues found.

    Checking HOSTS File:

     * No issues found.

    Program finished at: 07/22/2014 09:38:17 PM
    Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)
     

  9. RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Fox [Admin rights]
    Mode : Scan -- Date : 07/22/2014  22:33:35

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 11 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1  -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1  -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1  -> FOUND
    [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
    [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
    [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
    [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤
    [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\HybridDisk @ Unknown (\SystemRoot\System32\Drivers\Fs_Rec.sys)
    [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\HybridDisk @ Unknown (\SystemRoot\System32\Drivers\Fs_Rec.sys)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG MZMPC032HBCD-000 +++++
    --- User ---
    [MBR] 844d778de07972483a79dcd249959133
    [bSP] d39ce535e3de6baa1545308be3a6879b : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 939198 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1923890608 | Size: 25000 MB
    3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1975090608 | Size: 20001 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: ST1000LM024 HN-M101MBB +++++
    Error reading User MBR! ([1b] The drive cannot find the sector requested. )
    User = LL1 ... OK
    User = LL2 ... OK
     

  10. I'll just repost the logs one by one. I hope I don't get in trouble.  I just want it easy to read, in no way is my intention to bump my post.  Apologies in advance.

     

     

     

    # AdwCleaner v3.216 - Report created 22/07/2014 at 20:55:03
    # Updated 17/07/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Fox - FOX-PC
    # Running from : C:\Users\Fox\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Windows\util
    Folder Deleted : C:\Users\Fox\AppData\Local\Temp\OCS

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
    Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207


    -\\ Mozilla Firefox v30.0 (en-US)

    [ File : C:\Users\Fox\AppData\Roaming\Mozilla\FireFox\Profiles\ljoths8f.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [2428 octets] - [22/07/2014 20:53:33]
    AdwCleaner[s0].txt - [2254 octets] - [22/07/2014 20:55:03]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2314 octets] ##########
     

  11. Why are my logs posted as such?  I pasted them directly and they have open blank lines between them to separate then why I post, it's all one big paragraph....odd.BTW I forgot to post the frst file.

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
    Ran by Fox (administrator) on FOX-PC on 22-07-2014 23:01:46
    Running from C:\Users\Fox\Downloads
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    () C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
    (CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    ( ) C:\Program Files (x86)\LockKey\LockKey.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
    () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
    (CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
    (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-15] (Synaptics Incorporated)
    HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-15] (Synaptics)
    HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-08-24] (Lenovo)
    HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
    HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8076848 2014-07-05] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199344 2014-07-05] (Lenovo(beijing) Limited)
    HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
    HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
    HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [RemoteControl11] => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [237120 2013-08-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-1763048884-3980972539-2938752159-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-05-19] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-05-19] (NVIDIA Corporation)
    Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
    ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
    ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
    ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
    ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=cgps10282012
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
    SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\ljoths8f.default
    FF Homepage: www.google.com
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File
    FF Extension: NoScript - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\ljoths8f.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-10-28]
    FF Extension: Adblock Edge - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\ljoths8f.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2012-10-28]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-22]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-30]

    ==================== Services (Whitelisted) =================

    R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
    R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [85568 2013-08-06] ()
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
    R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [77576 2014-02-11] (CyberLink)
    R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [294664 2014-02-11] (CyberLink)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
    R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
    S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
    U3 EraserUtilDrv11313; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [142128 2014-07-15] (Symantec Corporation)
    R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
    R1 hybridcfile; C:\Windows\System32\DRIVERS\HybridCFileX64.sys [13920 2010-03-02] (Lenovo.)
    R0 HybridDisk; C:\Windows\System32\DRIVERS\HybridDiskX64.sys [38496 2010-03-02] (Lenovo.)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140722.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
    R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-22] (Malwarebytes Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140722.008\ENG64.SYS [126040 2014-07-15] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140722.008\EX64.SYS [2099288 2014-07-15] (Symantec Corporation)
    R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation")
    R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-21] (Lenovo Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
    R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.)
    R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
    S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-27] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
    R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [32456 2014-02-12] (CyberLink Corp.)
    U3 BcmSqlStartupSvc;
    U2 CLKMSVC10_C3B3B687;
    U2 DriverService;
    U2 iATAgentService;
    U2 idealife Update Service;
    U3 IGRS;
    U2 IviRegMgr;
    U2 Oasis2Service;
    U2 PCCarerService;
    U2 ReadyComm.DirectRouter;
    U2 RichVideo;
    U2 RtLedService;
    S0 SMR410; System32\drivers\SMR410.SYS [X]
    U2 SoftwareService;
    U3 SQLWriter;

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-07-22 23:01 - 2014-07-22 23:01 - 02090496 _____ (Farbar) C:\Users\Fox\Downloads\FRST64.exe
    2014-07-22 23:01 - 2014-07-22 23:01 - 00022451 _____ () C:\Users\Fox\Downloads\FRST.txt
    2014-07-22 22:36 - 2014-07-22 22:36 - 00003574 _____ () C:\Users\Fox\Desktop\RKreport_SCN_07222014_223335.log
    2014-07-22 22:27 - 2014-07-22 22:27 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-07-22 22:27 - 2014-07-22 22:27 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-07-22 22:26 - 2014-07-22 22:26 - 05336664 _____ () C:\Users\Fox\Downloads\RogueKillerX64.exe
    2014-07-22 21:48 - 2014-07-22 21:48 - 02347384 _____ (ESET) C:\Users\Fox\Downloads\esetsmartinstaller_enu.exe
    2014-07-22 21:48 - 2014-07-22 21:48 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-07-22 21:45 - 2014-07-22 21:45 - 00000631 _____ () C:\Users\Fox\Desktop\JRT.txt
    2014-07-22 20:58 - 2014-07-22 20:58 - 00002410 _____ () C:\Users\Fox\Desktop\AdwCleaner[s0].txt
    2014-07-22 20:53 - 2014-07-22 20:55 - 00000000 ____D () C:\AdwCleaner
    2014-07-22 20:52 - 2014-07-22 20:52 - 01354223 _____ () C:\Users\Fox\Downloads\AdwCleaner.exe
    2014-07-22 20:46 - 2014-07-22 21:40 - 00000000 ____D () C:\Users\Fox\AppData\Local\CrashDumps
    2014-07-22 20:44 - 2014-07-22 20:44 - 00000000 ____D () C:\Windows\ERUNT
    2014-07-22 20:43 - 2014-07-22 20:43 - 01016261 _____ (Thisisu) C:\Users\Fox\Downloads\JRT.exe
    2014-07-22 19:37 - 2014-07-22 19:37 - 08867840 _____ () C:\Users\Fox\Downloads\SeaToolsDOS223ALL.ISO
    2014-07-21 23:49 - 2014-07-21 23:49 - 00000000 ____D () C:\Users\Fox\Desktop\HDDScan_v31
    2014-07-21 23:48 - 2014-07-21 23:48 - 01829148 _____ () C:\Users\Fox\Desktop\HDDScan_v31.zip
    2014-07-21 23:43 - 2014-07-21 23:43 - 00003006 _____ () C:\Windows\System32\Tasks\{E4A77396-194B-43DF-8EEB-968D9016C848}
    2014-07-21 23:19 - 2014-07-21 23:19 - 00001412 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
    2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
    2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\Program Files (x86)\Seagate
    2014-07-21 23:16 - 2014-07-21 23:18 - 26771088 _____ () C:\Users\Fox\Desktop\SeaToolsforWindowsSetup.exe
    2014-07-21 23:02 - 2014-07-21 23:02 - 00003544 ____N () C:\bootsqm.dat
    2014-07-21 21:03 - 2014-07-21 21:03 - 00000000 ____D () C:\NPE
    2014-07-21 20:49 - 2014-07-21 21:08 - 00000000 ____D () C:\Users\Fox\AppData\Local\NPE
    2014-07-21 20:49 - 2014-07-21 20:49 - 03077584 ____N (Symantec Corporation) C:\Users\Fox\Desktop\NPE.exe
    2014-07-21 20:41 - 2014-07-21 20:41 - 00024758 _____ () C:\Users\Fox\Documents\bookmarks.html
    2014-07-21 20:38 - 2014-07-21 20:38 - 02302976 _____ () C:\Users\Fox\Documents\backup111.pst
    2014-07-21 20:36 - 2014-07-21 20:40 - 559727616 _____ () C:\Users\Fox\Documents\backup.pst
    2014-07-21 20:26 - 2014-07-21 20:26 - 00093277 _____ () C:\Users\Fox\Desktop\Belarc Advisor Computer Profile.htm
    2014-07-21 20:25 - 2014-07-21 20:25 - 00093277 _____ () C:\Users\Fox\Documents\Belarc Advisor Computer Profile.htm
    2014-07-21 20:25 - 2014-07-21 20:25 - 00000000 ____D () C:\Users\Fox\Documents\Belarc Advisor Computer Profile_files
    2014-07-21 20:21 - 2014-07-21 20:21 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
    2014-07-21 20:21 - 2014-07-21 20:21 - 00002135 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
    2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\Program Files (x86)\Belarc
    2014-07-21 20:20 - 2014-07-21 20:20 - 03358176 _____ () C:\Users\Fox\Desktop\advisorinstaller.exe
    2014-07-20 03:19 - 2014-07-20 03:19 - 00024551 _____ () C:\Users\Fox\Desktop\bookmarks.html
    2014-07-20 03:12 - 2014-07-20 03:12 - 04514472 _____ (Igor Pavlov) C:\Users\Fox\Desktop\bios update.exe
    2014-07-19 14:24 - 2014-07-19 14:24 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
    2014-07-19 14:24 - 2014-07-19 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-07-18 23:44 - 2014-07-18 23:44 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Fox\Desktop\rkill64.exe
    2014-07-18 22:18 - 2014-07-22 21:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-18 22:18 - 2014-07-18 22:18 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-18 22:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-07-18 22:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-07-18 22:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-07-18 22:09 - 2014-07-18 22:16 - 00000000 ____D () C:\Users\Fox\Desktop\mbam stuff
    2014-07-18 21:47 - 2014-07-18 21:49 - 00000000 ____D () C:\Users\Fox\Desktop\registry backuo
    2014-07-18 21:46 - 2014-07-18 21:46 - 00000939 _____ () C:\Users\Fox\Desktop\NTREGOPT.lnk
    2014-07-18 21:46 - 2014-07-18 21:46 - 00000920 _____ () C:\Users\Fox\Desktop\ERUNT.lnk
    2014-07-18 21:46 - 2014-07-18 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    2014-07-18 21:46 - 2014-07-18 21:46 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-07-18 21:39 - 2014-07-18 21:39 - 00791393 _____ (Lars Hederer ) C:\Users\Fox\Desktop\erunt-setup.exe
    2014-07-18 21:38 - 2014-07-22 21:38 - 00002558 _____ () C:\Users\Fox\Desktop\Rkill.txt
    2014-07-18 21:35 - 2014-07-18 21:35 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Fox\Desktop\rkill.exe
    2014-07-15 22:07 - 2014-07-15 22:07 - 02302976 _____ () C:\Users\Fox\Desktop\backup23.pst
    2014-07-14 22:48 - 2014-07-14 22:48 - 00026432 _____ () C:\Users\Fox\Desktop\Addition.txt
    2014-07-14 22:47 - 2014-07-22 23:01 - 00000000 ____D () C:\FRST
    2014-07-14 22:47 - 2014-07-14 22:48 - 00047607 _____ () C:\Users\Fox\Desktop\FRST.txt
    2014-07-14 22:42 - 2014-07-14 22:42 - 00043347 _____ () C:\Users\Fox\Desktop\CheckResults.txt
    2014-07-14 22:41 - 2014-07-14 22:42 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Fox\Desktop\mbam-check-2.1.1.1001.exe
    2014-07-12 17:40 - 2014-07-12 18:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-07-12 17:39 - 2014-07-12 18:02 - 00000000 ____D () C:\Users\Fox\Desktop\mbar
    2014-07-12 17:38 - 2014-07-12 17:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Fox\Desktop\mbar-1.07.0.1012.exe
    2014-07-12 17:27 - 2014-07-12 17:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Fox\Desktop\mbam-setup-2.0.2.1012.exe
    2014-07-12 17:17 - 2014-07-22 20:56 - 00029430 _____ () C:\Windows\PFRO.log
    2014-07-12 17:16 - 2014-07-12 17:16 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Fox\Desktop\mbam-clean-2.1.1.1001.exe
    2014-07-12 17:13 - 2014-07-22 21:35 - 00006832 _____ () C:\Windows\setupact.log
    2014-07-12 17:13 - 2014-07-12 17:13 - 00000000 _____ () C:\Windows\setuperr.log
    2014-07-12 16:52 - 2014-07-12 16:52 - 00002256 _____ () C:\Users\Fox\Desktop\cc_20140712_165210.reg
    2014-07-09 20:32 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-07-09 20:32 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-07-09 20:32 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-07-09 20:32 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-07-09 20:32 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-07-09 20:32 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-07-09 20:32 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-07-09 20:32 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-07-09 20:32 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-07-09 20:32 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-07-09 20:32 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-07-09 20:32 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-07-09 20:32 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-07-09 20:32 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-07-09 20:32 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-07-09 20:32 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-07-09 20:32 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-07-09 20:32 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-07-09 20:32 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-07-09 20:32 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-07-09 20:32 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-07-09 20:32 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-07-09 20:32 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-07-09 20:32 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-07-09 20:32 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-07-09 20:32 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-07-09 20:32 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-07-09 20:32 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-07-09 20:32 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-07-09 20:32 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-07-09 20:32 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-07-09 20:32 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-07-09 20:32 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-07-09 20:32 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-07-09 20:32 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-07-09 20:32 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-07-09 20:32 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-07-09 20:32 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-07-09 20:32 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-07-09 20:32 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-07-09 20:32 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-07-09 20:32 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-07-09 20:32 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-07-09 20:32 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-07-09 20:32 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-07-09 20:32 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-07-09 20:32 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-07-09 20:32 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-07-09 20:32 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-07-09 20:32 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-07-09 20:32 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-07-09 20:32 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-07-09 20:32 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-07-09 20:32 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-07-09 20:32 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-07-09 20:32 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-07-09 20:32 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-07-09 20:32 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-07-09 20:32 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-07-09 20:32 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2014-07-09 20:32 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-07-09 20:32 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-07-09 20:32 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-07-09 20:32 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-07-09 20:32 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-07-09 20:32 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-07-09 20:32 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-07-09 20:32 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-07-09 20:32 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-07-09 20:32 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-07-09 20:32 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-07-09 20:32 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-07-09 20:32 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-07-09 20:32 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-07-09 20:32 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-07-09 20:32 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-07-09 20:32 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-07-09 20:32 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-07-09 20:32 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-07-09 20:32 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-07-09 20:32 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-07-05 11:10 - 2014-07-05 11:10 - 00039008 _____ (Lenovo.) C:\Windows\system32\Drivers\LhdX64.sys
    2014-07-05 10:28 - 2014-07-05 10:28 - 00002984 _____ () C:\Users\Fox\Desktop\cc_20140705_102833.reg
    2014-07-04 13:37 - 2014-07-04 13:37 - 00011749 ____H () C:\Users\Fox\Desktop\~WRL0003.tmp

    ==================== One Month Modified Files and Folders =======

    2014-07-22 23:02 - 2014-07-22 23:01 - 00022451 _____ () C:\Users\Fox\Downloads\FRST.txt
    2014-07-22 23:01 - 2014-07-22 23:01 - 02090496 _____ (Farbar) C:\Users\Fox\Downloads\FRST64.exe
    2014-07-22 23:01 - 2014-07-14 22:47 - 00000000 ____D () C:\FRST
    2014-07-22 22:36 - 2014-07-22 22:36 - 00003574 _____ () C:\Users\Fox\Desktop\RKreport_SCN_07222014_223335.log
    2014-07-22 22:27 - 2014-07-22 22:27 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-07-22 22:27 - 2014-07-22 22:27 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-07-22 22:26 - 2014-07-22 22:26 - 05336664 _____ () C:\Users\Fox\Downloads\RogueKillerX64.exe
    2014-07-22 21:48 - 2014-07-22 21:48 - 02347384 _____ (ESET) C:\Users\Fox\Downloads\esetsmartinstaller_enu.exe
    2014-07-22 21:48 - 2014-07-22 21:48 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-07-22 21:45 - 2014-07-22 21:45 - 00000631 _____ () C:\Users\Fox\Desktop\JRT.txt
    2014-07-22 21:43 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-22 21:43 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-22 21:40 - 2014-07-22 20:46 - 00000000 ____D () C:\Users\Fox\AppData\Local\CrashDumps
    2014-07-22 21:39 - 2012-08-24 15:04 - 01127537 _____ () C:\Windows\WindowsUpdate.log
    2014-07-22 21:38 - 2014-07-18 21:38 - 00002558 _____ () C:\Users\Fox\Desktop\Rkill.txt
    2014-07-22 21:35 - 2014-07-12 17:13 - 00006832 _____ () C:\Windows\setupact.log
    2014-07-22 21:35 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-22 21:00 - 2014-07-18 22:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-22 20:58 - 2014-07-22 20:58 - 00002410 _____ () C:\Users\Fox\Desktop\AdwCleaner[s0].txt
    2014-07-22 20:56 - 2014-07-12 17:17 - 00029430 _____ () C:\Windows\PFRO.log
    2014-07-22 20:55 - 2014-07-22 20:53 - 00000000 ____D () C:\AdwCleaner
    2014-07-22 20:52 - 2014-07-22 20:52 - 01354223 _____ () C:\Users\Fox\Downloads\AdwCleaner.exe
    2014-07-22 20:44 - 2014-07-22 20:44 - 00000000 ____D () C:\Windows\ERUNT
    2014-07-22 20:43 - 2014-07-22 20:43 - 01016261 _____ (Thisisu) C:\Users\Fox\Downloads\JRT.exe
    2014-07-22 19:42 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-07-22 19:37 - 2014-07-22 19:37 - 08867840 _____ () C:\Users\Fox\Downloads\SeaToolsDOS223ALL.ISO
    2014-07-21 23:49 - 2014-07-21 23:49 - 00000000 ____D () C:\Users\Fox\Desktop\HDDScan_v31
    2014-07-21 23:48 - 2014-07-21 23:48 - 01829148 _____ () C:\Users\Fox\Desktop\HDDScan_v31.zip
    2014-07-21 23:43 - 2014-07-21 23:43 - 00003006 _____ () C:\Windows\System32\Tasks\{E4A77396-194B-43DF-8EEB-968D9016C848}
    2014-07-21 23:19 - 2014-07-21 23:19 - 00001412 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
    2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
    2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\Program Files (x86)\Seagate
    2014-07-21 23:18 - 2014-07-21 23:16 - 26771088 _____ () C:\Users\Fox\Desktop\SeaToolsforWindowsSetup.exe
    2014-07-21 23:02 - 2014-07-21 23:02 - 00003544 ____N () C:\bootsqm.dat
    2014-07-21 21:08 - 2014-07-21 20:49 - 00000000 ____D () C:\Users\Fox\AppData\Local\NPE
    2014-07-21 21:03 - 2014-07-21 21:03 - 00000000 ____D () C:\NPE
    2014-07-21 20:49 - 2014-07-21 20:49 - 03077584 ____N (Symantec Corporation) C:\Users\Fox\Desktop\NPE.exe
    2014-07-21 20:49 - 2012-10-28 21:07 - 00000000 ____D () C:\ProgramData\Norton
    2014-07-21 20:41 - 2014-07-21 20:41 - 00024758 _____ () C:\Users\Fox\Documents\bookmarks.html
    2014-07-21 20:40 - 2014-07-21 20:36 - 559727616 _____ () C:\Users\Fox\Documents\backup7654.pst
    2014-07-21 20:38 - 2014-07-21 20:38 - 02302976 _____ () C:\Users\Fox\Documents\backupx4.pst
    2014-07-21 20:26 - 2014-07-21 20:26 - 00093277 _____ () C:\Users\Fox\Desktop\Belarc Advisor Computer Profile.htm
    2014-07-21 20:25 - 2014-07-21 20:25 - 00093277 _____ () C:\Users\Fox\Documents\Belarc Advisor Computer Profile.htm
    2014-07-21 20:25 - 2014-07-21 20:25 - 00000000 ____D () C:\Users\Fox\Documents\Belarc Advisor Computer Profile_files
    2014-07-21 20:21 - 2014-07-21 20:21 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
    2014-07-21 20:21 - 2014-07-21 20:21 - 00002135 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
    2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\Program Files (x86)\Belarc
    2014-07-21 20:20 - 2014-07-21 20:20 - 03358176 _____ () C:\Users\Fox\Desktop\advisorinstaller.exe
    2014-07-20 03:19 - 2014-07-20 03:19 - 00024551 _____ () C:\Users\Fox\Desktop\bookmarks.html
    2014-07-20 03:12 - 2014-07-20 03:12 - 04514472 _____ (Igor Pavlov) C:\Users\Fox\Desktop\bios update.exe
    2014-07-19 16:09 - 2013-05-20 13:00 - 00000000 ____D () C:\Users\Fox\Documents\Career
    2014-07-19 15:27 - 2013-05-21 12:40 - 00000000 ____D () C:\Users\Fox\Documents\My TVS
    2014-07-19 14:24 - 2014-07-19 14:24 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
    2014-07-19 14:24 - 2014-07-19 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-07-19 14:24 - 2014-04-25 13:28 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-07-18 23:44 - 2014-07-18 23:44 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Fox\Desktop\rkill64.exe
    2014-07-18 22:18 - 2014-07-18 22:18 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-18 22:16 - 2014-07-18 22:09 - 00000000 ____D () C:\Users\Fox\Desktop\mbam stuff
    2014-07-18 21:49 - 2014-07-18 21:47 - 00000000 ____D () C:\Users\Fox\Desktop\registry backuo
    2014-07-18 21:46 - 2014-07-18 21:46 - 00000939 _____ () C:\Users\Fox\Desktop\NTREGOPT.lnk
    2014-07-18 21:46 - 2014-07-18 21:46 - 00000920 _____ () C:\Users\Fox\Desktop\ERUNT.lnk
    2014-07-18 21:46 - 2014-07-18 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    2014-07-18 21:46 - 2014-07-18 21:46 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-07-18 21:39 - 2014-07-18 21:39 - 00791393 _____ (Lars Hederer ) C:\Users\Fox\Desktop\erunt-setup.exe
    2014-07-18 21:35 - 2014-07-18 21:35 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Fox\Desktop\rkill.exe
    2014-07-15 22:07 - 2014-07-15 22:07 - 02302976 _____ () C:\Users\Fox\Desktop\backup 7835.pst
    2014-07-14 22:48 - 2014-07-14 22:48 - 00026432 _____ () C:\Users\Fox\Desktop\Addition.txt
    2014-07-14 22:48 - 2014-07-14 22:47 - 00047607 _____ () C:\Users\Fox\Desktop\FRST.txt
    2014-07-14 22:42 - 2014-07-14 22:42 - 00043347 _____ () C:\Users\Fox\Desktop\CheckResults.txt
    2014-07-14 22:42 - 2014-07-14 22:41 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Fox\Desktop\mbam-check-2.1.1.1001.exe
    2014-07-13 16:17 - 2013-07-22 19:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-07-13 16:17 - 2013-07-22 19:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-07-12 18:03 - 2014-07-12 17:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-07-12 18:02 - 2014-07-12 17:39 - 00000000 ____D () C:\Users\Fox\Desktop\mbar
    2014-07-12 17:38 - 2014-07-12 17:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Fox\Desktop\mbar-1.07.0.1012.exe
    2014-07-12 17:27 - 2014-07-12 17:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Fox\Desktop\mbam-setup-2.0.2.1012.exe
    2014-07-12 17:16 - 2014-07-12 17:16 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Fox\Desktop\mbam-clean-2.1.1.1001.exe
    2014-07-12 17:13 - 2014-07-12 17:13 - 00000000 _____ () C:\Windows\setuperr.log
    2014-07-12 16:52 - 2014-07-12 16:52 - 00002256 _____ () C:\Users\Fox\Desktop\cc_20140712_165210.reg
    2014-07-11 22:26 - 2013-05-04 13:05 - 00000000 ____D () C:\Users\Fox\Documents\Mom's TVS
    2014-07-11 20:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
    2014-07-11 03:02 - 2014-04-25 13:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-07-11 02:56 - 2014-04-25 13:28 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-07-11 02:56 - 2014-04-25 13:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-07-11 02:55 - 2014-04-25 13:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-07-09 23:16 - 2009-07-13 21:45 - 00463768 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-07-09 23:15 - 2014-05-06 11:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-07-09 23:15 - 2011-10-10 01:19 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-07-09 23:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-07-09 23:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-07-09 22:02 - 2013-07-31 17:41 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-09 22:02 - 2012-10-28 17:16 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-07-09 18:19 - 2013-01-26 17:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-07-06 12:42 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2014-07-05 11:10 - 2014-07-05 11:10 - 00039008 _____ (Lenovo.) C:\Windows\system32\Drivers\LhdX64.sys
    2014-07-05 11:10 - 2012-10-29 03:36 - 00000000 ____D () C:\Users\Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
    2014-07-05 11:10 - 2012-08-24 15:34 - 00019872 _____ (Lenovo (Beijing) Limited) C:\Windows\system32\LenovoSDKEmSubSystem.dll
    2014-07-05 11:10 - 2012-08-24 15:34 - 00000000 ____D () C:\ProgramData\Downloaded Installations
    2014-07-05 11:10 - 2012-08-24 15:28 - 00000000 ____D () C:\Program Files (x86)\Lenovo
    2014-07-05 11:10 - 2012-08-24 15:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-07-05 11:05 - 2012-08-24 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
    2014-07-05 10:28 - 2014-07-05 10:28 - 00002984 _____ () C:\Users\Fox\Desktop\cc_20140705_102833.reg
    2014-07-05 10:17 - 2013-05-04 13:35 - 00000000 ____D () C:\ProgramData\Energy Management
    2014-07-04 15:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
    2014-07-04 14:29 - 2012-10-29 03:36 - 00000000 ____D () C:\Users\Fox
    2014-07-04 13:37 - 2014-07-04 13:37 - 00011749 ____H () C:\Users\Fox\Desktop\~WRL0003.tmp
    2014-06-29 19:09 - 2014-07-09 20:32 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-06-29 19:04 - 2014-07-09 20:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-06-28 20:00 - 2012-10-28 20:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

    Some content of TEMP:
    ====================
    C:\Users\Fox\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-18 21:06

    ==================== End Of Log ============================

  12. Hello,

    No problem, I appreciate you taking time out of your day to help others, including me. It is truly appreciated!!

    MBAM is still getting stuck on system driver object 108. Rouge killer states that I have a kernal filter, fs_rec.sys. Could this driver be what MBAM is stuck on? Is this a rootkit? Please see the logs below:

    --------------------------------------------------------------------------------

    Rougekiller:

    RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software

    mail : http://forum.adlice.com

    Website : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Fox [Admin rights]

    Mode : Scan -- Date : 07/22/2014 22:33:35

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 11 ¤¤¤

    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1 -> FOUND

    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1 -> FOUND

    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1 -> FOUND

    [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND

    [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND

    [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND

    [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND

    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤

    [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\HybridDisk @ Unknown (\SystemRoot\System32\Drivers\Fs_Rec.sys)

    [Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\HybridDisk @ Unknown (\SystemRoot\System32\Drivers\Fs_Rec.sys)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG MZMPC032HBCD-000 +++++

    --- User ---

    [MBR] 844d778de07972483a79dcd249959133

    [bSP] d39ce535e3de6baa1545308be3a6879b : Windows Vista/7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB

    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 939198 MB

    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1923890608 | Size: 25000 MB

    3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1975090608 | Size: 20001 MB

    User = LL1 ... OK

    User = LL2 ... OK

    +++++ PhysicalDrive1: ST1000LM024 HN-M101MBB +++++

    Error reading User MBR! ([1b] The drive cannot find the sector requested. )

    User = LL1 ... OK

    User = LL2 ... OK

    ----------------------------------------------------------------------------

    RKILL:

    Rkill 2.6.7 by Lawrence Abrams (Grinler)

    http://www.bleepingcomputer.com/

    Copyright 2008-2014 BleepingComputer.com

    More Information about Rkill can be found at this link:

    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 07/22/2014 09:37:40 PM in x64 mode.

    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Microsoft\Windows Defender]

    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

    * Windows Defender (WinDefend) is not Running.

    Startup Type set to: Manual

    * Windows Update (wuauserv) is not Running.

    Startup Type set to: Automatic (Delayed Start)

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 07/22/2014 09:38:17 PM

    Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)

    ------------------------------------------------------------

    Junkware Removal Tool:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 6.1.4 (04.06.2014:1)

    OS: Windows 7 Home Premium x64

    Ran by Fox on Tue 07/22/2014 at 21:38:54.50

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services

    ~~~ Registry Values

    ~~~ Registry Keys

    ~~~ Files

    ~~~ Folders

    ~~~ Event Viewer Logs were cleared

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on Tue 07/22/2014 at 21:45:56.59

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    -----------------------------------------------------------------------------------------------------------------------

    ADWCleaner:

    # AdwCleaner v3.216 - Report created 22/07/2014 at 20:55:03

    # Updated 17/07/2014 by Xplode

    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

    # Username : Fox - FOX-PC

    # Running from : C:\Users\Fox\Downloads\AdwCleaner.exe

    # Option : Clean

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Windows\util

    Folder Deleted : C:\Users\Fox\AppData\Local\Temp\OCS

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}

    Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207

    -\\ Mozilla Firefox v30.0 (en-US)

    [ File : C:\Users\Fox\AppData\Roaming\Mozilla\FireFox\Profiles\ljoths8f.default\prefs.js ]

    *************************

    AdwCleaner[R0].txt - [2428 octets] - [22/07/2014 20:53:33]

    AdwCleaner[s0].txt - [2254 octets] - [22/07/2014 20:55:03]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2314 octets] ##########

    ---------------------------------------------------------------------------------------------

    Not sure why rougekiller cannot detect the sector from my hdd. I have a lenovo y580 which came with ssd and hdd combo. I'm not sure, but i think it might have rapiddrive which combines the ssd and hdd in a single virtual drive? That's my understanding of it at least.

    I wonder if that one driver that rougekiller found is the one that MBAM is stuck on. Is it a rootkit?

    I look forward to hearing from you. I need to fix this computer asap :-( In my first post I mentioned that chkdsk found 224million bad sectors/clusters. Maybe my hdd or ssd is failing and this is why i'm having problems with scans? but norton and eset and all other scans complete...it's just MBAM that will not....

    Thank you again in advance...

    PS - Just to make sure, the logs I posted in the first post and in this post, they do not contain any personal data that I should be concerned about right?

    Best,

    Fox

  13. Hi Ron,

    Thank you very much for responding to my post.

    I have run into a roadblock. I am unable to get past step 2, running a threat scan on Malwarebytes. Malwarebytes freezes and does not go past object 108, which is the system driver portion of the scan. It freezes/gets stuck on this same object, 108. I attempted the clean removal process with no luck.

    My mouse stops responding and the computer will not respond to any input. I have to hold the power button to shut it off. Below is the RKill txt file that was created after running the RKill program. BTW, I disabled my antivirus and ran rkill each time the computer restarted before running any scans.

    --------------------------------------------------------------

    Rkill 2.6.7 by Lawrence Abrams (Grinler)

    http://www.bleepingcomputer.com/

    Copyright 2008-2014 BleepingComputer.com

    More Information about Rkill can be found at this link:

    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 07/18/2014 10:20:10 PM in x64 mode.

    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Microsoft\Windows Defender]

    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

    * Windows Defender (WinDefend) is not Running.

    Startup Type set to: Manual

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 07/18/2014 10:20:21 PM

    Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

    ------------------------------------------------------

    I appreciate your time.

    Best.

  14. Hello everyone,

     

    A staff member requested I post a topic here.  My problem is that Malewarebytes Anti Maleware v2 will freeze my computer mid scan and I have no choice but to shut the laptop down by holding the power button.  My mouse will either not respond or have a signigicant delay.  If I am able to get to the cancel scan or shutdown buttons nothing happens.

     

    I've added exclusions to Norton Security Suite and Malewarebytes for one another.  I tried running a custom scan in both normal and safe mode and unchecking archive or rootkit scanning and only scanning the c: drive.  The problem still occured.  I tried a threat scan in normal mode and that also frooze up.  The scans run for hours.  One scan lasted 15hours.  Another scan ran 6+ hours. 

     

    In my prior topic:

     

    https://forums.malwarebytes.org/index.php?/topic/152510-mbam-freezing-computer-in-scan/   

     

    it was suggested that I run chkdsk.  I checked the boxes for auto fix files and scan and attempt to recover bad sectors.  Appraently there were 222 million bad sectors that were written to the bad sector file out of 225 million total sectors.  Now my hard drive shows only 5gb free out of 912gb when I had a ton more space before.  Did the chkdsk mess up my hard drive?  Or are those "bad sectors" now considered used space.  Could maleware have caused this?  I'm so paranoid and careful that I really don't believe I have maleware but it's possible.

     

    During any of the failed scans I've attempted, it never detects any infections. 

     

    I've run some diagnostic logs that were requested.  I have attached them so it doesn't take up a lot of screen space. 

     

    PS - If I have not followed the rules in some way I sincerely apologize.  There are no excuses, but I am super tired from work and would hate for this laptop to take a dump on me.  I really appreciate everything you guys/ladies do to help experts to novices with their problems. 

     

    Thank you again.

     

    Fox

     

    PPS - Not sure if this makes a difference, but I have a lenovo y580 and i recently ran the battery gauge reset function.  After it completed, I learned that my computer will not charge the battery.  The only way to charge the battery is by removing the battery when the laptop is off, using only the power adapter, turn on the computer then reinsert the battery once the computer is on.  If I remove the ac adapter and reinsert it, it will not charge.   Much research has led me to learn this is likely a motherboard problem and a major design flaw in the motherboard for this laptop.  Could this incident have caused any problems I am experiencing?

     

    BTW is there any personal information in these logs that I should be concerned about?  I looked through them, it doesn't appear so.

    FRST.txt

    Addition.txt

    CheckResults.txt

  15. Hi daledoc,

    Thank you for taking time to help me out. I followed your directions adding malware bytes to Norton security suite exclusion list for auto protection and the firewall.

    I also ran a custom scan with no archive or root kit scanning and selected only the c drive it was running nearly 6hrs and only scanned about 70k files then the computer froze. I ran it again in safe mode. This time scan ran 15hrs and only reached 96k objects scanned, the computer didn't freeze this time but the mouse would move very slow and wasn't allowing me to shutdown. I had to shut it down to leave for work this morning. I plan to follow your links for system checking any errors and running the diagnostic scans. I'll post the results... Hopefully tonight.

    Thank you again

  16. Hello everyone,

     

    I am new to the community and was looking for some assistance with a problem I have been having with the new Malewarebytes Anti-Maleware version 2.0.2.1012 during my scans.

     

    The problem I am experiencing is MBAM will crash during a scan and my computer will also freeze up and I will be unable to do anything.  I have to hold the power button down until the computer shuts off and restart it.  The problem occurs when I am running a custom scan with the following custom scanning options enabled: scan memory objects, scan startup and registry settings, scan archives and scan for rootkits.  I select my hdd and ssd as the locations to scan.  Once it starts scanning the system drivers it freezes on "object scanned" number 108.  It freezes on this specific object everytime.  I've tried running it in safe mode and the same thing occurs.  I figured it might have something to do with the scan rootkit option being enabled so I downloaded MBAR and that also freezes, except I can see the name of the file and it is igdkmd64.sys.  My research shows that this is related to the integrated intel HD 4000 gpu?  Either way I'm not sure if that is related or not.

     

    I've searched the forums and was unable to find anything that can help.  I don't believe this is related to any actual infection but I'm not an expert and it's always possible there is an infectoin.  I tried the mbam cleaner to remove the software and redownloaded it and that did not help. 

     

    Any advice is greatly appreciated.  Thank you in advance and sorry for the lengthy e-mail. 

     

    BTW I'm running a lenovo y580, win 7 64 bit, gtx 660m nvidia gpu, intel i7 3610q quad core processor with hybrid ssd and hdd.  If it makes a difference with advice or suggestions on where to start.

     

    Cheers

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.