Jump to content

Recommended Posts

Hello everyone,

 

A staff member requested I post a topic here.  My problem is that Malewarebytes Anti Maleware v2 will freeze my computer mid scan and I have no choice but to shut the laptop down by holding the power button.  My mouse will either not respond or have a signigicant delay.  If I am able to get to the cancel scan or shutdown buttons nothing happens.

 

I've added exclusions to Norton Security Suite and Malewarebytes for one another.  I tried running a custom scan in both normal and safe mode and unchecking archive or rootkit scanning and only scanning the c: drive.  The problem still occured.  I tried a threat scan in normal mode and that also frooze up.  The scans run for hours.  One scan lasted 15hours.  Another scan ran 6+ hours. 

 

In my prior topic:

 

https://forums.malwarebytes.org/index.php?/topic/152510-mbam-freezing-computer-in-scan/   

 

it was suggested that I run chkdsk.  I checked the boxes for auto fix files and scan and attempt to recover bad sectors.  Appraently there were 222 million bad sectors that were written to the bad sector file out of 225 million total sectors.  Now my hard drive shows only 5gb free out of 912gb when I had a ton more space before.  Did the chkdsk mess up my hard drive?  Or are those "bad sectors" now considered used space.  Could maleware have caused this?  I'm so paranoid and careful that I really don't believe I have maleware but it's possible.

 

During any of the failed scans I've attempted, it never detects any infections. 

 

I've run some diagnostic logs that were requested.  I have attached them so it doesn't take up a lot of screen space. 

 

PS - If I have not followed the rules in some way I sincerely apologize.  There are no excuses, but I am super tired from work and would hate for this laptop to take a dump on me.  I really appreciate everything you guys/ladies do to help experts to novices with their problems. 

 

Thank you again.

 

Fox

 

PPS - Not sure if this makes a difference, but I have a lenovo y580 and i recently ran the battery gauge reset function.  After it completed, I learned that my computer will not charge the battery.  The only way to charge the battery is by removing the battery when the laptop is off, using only the power adapter, turn on the computer then reinsert the battery once the computer is on.  If I remove the ac adapter and reinsert it, it will not charge.   Much research has led me to learn this is likely a motherboard problem and a major design flaw in the motherboard for this laptop.  Could this incident have caused any problems I am experiencing?

 

BTW is there any personal information in these logs that I should be concerned about?  I looked through them, it doesn't appear so.

FRST.txt

Addition.txt

CheckResults.txt

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Hi Ron,

Thank you very much for responding to my post.

I have run into a roadblock. I am unable to get past step 2, running a threat scan on Malwarebytes. Malwarebytes freezes and does not go past object 108, which is the system driver portion of the scan. It freezes/gets stuck on this same object, 108. I attempted the clean removal process with no luck.

My mouse stops responding and the computer will not respond to any input. I have to hold the power button to shut it off. Below is the RKill txt file that was created after running the RKill program. BTW, I disabled my antivirus and ran rkill each time the computer restarted before running any scans.

--------------------------------------------------------------

Rkill 2.6.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/18/2014 10:20:10 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 07/18/2014 10:20:21 PM

Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

------------------------------------------------------

I appreciate your time.

Best.

Link to post
Share on other sites

Sorry for adding another post, I am unable to edit my previous post for some reason. I wanted to clarify that I was able to use mbam cleaner and remove MBAM from my computer and then reinstall the newest version. The scan still frooze on object 108.

Link to post
Share on other sites

  • Root Admin

Sorry for the delay, just too many posts to get back to you the same day. 

 

Go ahead and skip those other steps then for now and run the following instead.

 

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

Hello,

No problem, I appreciate you taking time out of your day to help others, including me. It is truly appreciated!!

MBAM is still getting stuck on system driver object 108. Rouge killer states that I have a kernal filter, fs_rec.sys. Could this driver be what MBAM is stuck on? Is this a rootkit? Please see the logs below:

--------------------------------------------------------------------------------

Rougekiller:

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software

mail : http://forum.adlice.com

Website : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Fox [Admin rights]

Mode : Scan -- Date : 07/22/2014 22:33:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1 -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1 -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1 -> FOUND

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤

[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\HybridDisk @ Unknown (\SystemRoot\System32\Drivers\Fs_Rec.sys)

[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\HybridDisk @ Unknown (\SystemRoot\System32\Drivers\Fs_Rec.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: SAMSUNG MZMPC032HBCD-000 +++++

--- User ---

[MBR] 844d778de07972483a79dcd249959133

[bSP] d39ce535e3de6baa1545308be3a6879b : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 939198 MB

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1923890608 | Size: 25000 MB

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1975090608 | Size: 20001 MB

User = LL1 ... OK

User = LL2 ... OK

+++++ PhysicalDrive1: ST1000LM024 HN-M101MBB +++++

Error reading User MBR! ([1b] The drive cannot find the sector requested. )

User = LL1 ... OK

User = LL2 ... OK

----------------------------------------------------------------------------

RKILL:

Rkill 2.6.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/22/2014 09:37:40 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Manual

* Windows Update (wuauserv) is not Running.

Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 07/22/2014 09:38:17 PM

Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)

------------------------------------------------------------

Junkware Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Fox on Tue 07/22/2014 at 21:38:54.50

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 07/22/2014 at 21:45:56.59

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----------------------------------------------------------------------------------------------------------------------

ADWCleaner:

# AdwCleaner v3.216 - Report created 22/07/2014 at 20:55:03

# Updated 17/07/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Fox - FOX-PC

# Running from : C:\Users\Fox\Downloads\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Windows\util

Folder Deleted : C:\Users\Fox\AppData\Local\Temp\OCS

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Fox\AppData\Roaming\Mozilla\FireFox\Profiles\ljoths8f.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [2428 octets] - [22/07/2014 20:53:33]

AdwCleaner[s0].txt - [2254 octets] - [22/07/2014 20:55:03]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2314 octets] ##########

---------------------------------------------------------------------------------------------

Not sure why rougekiller cannot detect the sector from my hdd. I have a lenovo y580 which came with ssd and hdd combo. I'm not sure, but i think it might have rapiddrive which combines the ssd and hdd in a single virtual drive? That's my understanding of it at least.

I wonder if that one driver that rougekiller found is the one that MBAM is stuck on. Is it a rootkit?

I look forward to hearing from you. I need to fix this computer asap :-( In my first post I mentioned that chkdsk found 224million bad sectors/clusters. Maybe my hdd or ssd is failing and this is why i'm having problems with scans? but norton and eset and all other scans complete...it's just MBAM that will not....

Thank you again in advance...

PS - Just to make sure, the logs I posted in the first post and in this post, they do not contain any personal data that I should be concerned about right?

Best,

Fox

Link to post
Share on other sites

Why are my logs posted as such?  I pasted them directly and they have open blank lines between them to separate then why I post, it's all one big paragraph....odd.BTW I forgot to post the frst file.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Fox (administrator) on FOX-PC on 22-07-2014 23:01:46
Running from C:\Users\Fox\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-15] (Synaptics Incorporated)
HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-15] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-08-24] (Lenovo)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8076848 2014-07-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199344 2014-07-05] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [RemoteControl11] => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [237120 2013-08-06] (CyberLink Corp.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1763048884-3980972539-2938752159-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-05-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-05-19] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=cgps10282012
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\ljoths8f.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File
FF Extension: NoScript - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\ljoths8f.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-10-28]
FF Extension: Adblock Edge - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\ljoths8f.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2012-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-22]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-30]

==================== Services (Whitelisted) =================

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [85568 2013-08-06] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [77576 2014-02-11] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [294664 2014-02-11] (CyberLink)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
U3 EraserUtilDrv11313; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [142128 2014-07-15] (Symantec Corporation)
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R1 hybridcfile; C:\Windows\System32\DRIVERS\HybridCFileX64.sys [13920 2010-03-02] (Lenovo.)
R0 HybridDisk; C:\Windows\System32\DRIVERS\HybridDiskX64.sys [38496 2010-03-02] (Lenovo.)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140722.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-22] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140722.008\ENG64.SYS [126040 2014-07-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140722.008\EX64.SYS [2099288 2014-07-15] (Symantec Corporation)
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-21] (Lenovo Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [32456 2014-02-12] (CyberLink Corp.)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
S0 SMR410; System32\drivers\SMR410.SYS [X]
U2 SoftwareService;
U3 SQLWriter;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-22 23:01 - 2014-07-22 23:01 - 02090496 _____ (Farbar) C:\Users\Fox\Downloads\FRST64.exe
2014-07-22 23:01 - 2014-07-22 23:01 - 00022451 _____ () C:\Users\Fox\Downloads\FRST.txt
2014-07-22 22:36 - 2014-07-22 22:36 - 00003574 _____ () C:\Users\Fox\Desktop\RKreport_SCN_07222014_223335.log
2014-07-22 22:27 - 2014-07-22 22:27 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-22 22:27 - 2014-07-22 22:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-22 22:26 - 2014-07-22 22:26 - 05336664 _____ () C:\Users\Fox\Downloads\RogueKillerX64.exe
2014-07-22 21:48 - 2014-07-22 21:48 - 02347384 _____ (ESET) C:\Users\Fox\Downloads\esetsmartinstaller_enu.exe
2014-07-22 21:48 - 2014-07-22 21:48 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-22 21:45 - 2014-07-22 21:45 - 00000631 _____ () C:\Users\Fox\Desktop\JRT.txt
2014-07-22 20:58 - 2014-07-22 20:58 - 00002410 _____ () C:\Users\Fox\Desktop\AdwCleaner[s0].txt
2014-07-22 20:53 - 2014-07-22 20:55 - 00000000 ____D () C:\AdwCleaner
2014-07-22 20:52 - 2014-07-22 20:52 - 01354223 _____ () C:\Users\Fox\Downloads\AdwCleaner.exe
2014-07-22 20:46 - 2014-07-22 21:40 - 00000000 ____D () C:\Users\Fox\AppData\Local\CrashDumps
2014-07-22 20:44 - 2014-07-22 20:44 - 00000000 ____D () C:\Windows\ERUNT
2014-07-22 20:43 - 2014-07-22 20:43 - 01016261 _____ (Thisisu) C:\Users\Fox\Downloads\JRT.exe
2014-07-22 19:37 - 2014-07-22 19:37 - 08867840 _____ () C:\Users\Fox\Downloads\SeaToolsDOS223ALL.ISO
2014-07-21 23:49 - 2014-07-21 23:49 - 00000000 ____D () C:\Users\Fox\Desktop\HDDScan_v31
2014-07-21 23:48 - 2014-07-21 23:48 - 01829148 _____ () C:\Users\Fox\Desktop\HDDScan_v31.zip
2014-07-21 23:43 - 2014-07-21 23:43 - 00003006 _____ () C:\Windows\System32\Tasks\{E4A77396-194B-43DF-8EEB-968D9016C848}
2014-07-21 23:19 - 2014-07-21 23:19 - 00001412 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-07-21 23:16 - 2014-07-21 23:18 - 26771088 _____ () C:\Users\Fox\Desktop\SeaToolsforWindowsSetup.exe
2014-07-21 23:02 - 2014-07-21 23:02 - 00003544 ____N () C:\bootsqm.dat
2014-07-21 21:03 - 2014-07-21 21:03 - 00000000 ____D () C:\NPE
2014-07-21 20:49 - 2014-07-21 21:08 - 00000000 ____D () C:\Users\Fox\AppData\Local\NPE
2014-07-21 20:49 - 2014-07-21 20:49 - 03077584 ____N (Symantec Corporation) C:\Users\Fox\Desktop\NPE.exe
2014-07-21 20:41 - 2014-07-21 20:41 - 00024758 _____ () C:\Users\Fox\Documents\bookmarks.html
2014-07-21 20:38 - 2014-07-21 20:38 - 02302976 _____ () C:\Users\Fox\Documents\backup111.pst
2014-07-21 20:36 - 2014-07-21 20:40 - 559727616 _____ () C:\Users\Fox\Documents\backup.pst
2014-07-21 20:26 - 2014-07-21 20:26 - 00093277 _____ () C:\Users\Fox\Desktop\Belarc Advisor Computer Profile.htm
2014-07-21 20:25 - 2014-07-21 20:25 - 00093277 _____ () C:\Users\Fox\Documents\Belarc Advisor Computer Profile.htm
2014-07-21 20:25 - 2014-07-21 20:25 - 00000000 ____D () C:\Users\Fox\Documents\Belarc Advisor Computer Profile_files
2014-07-21 20:21 - 2014-07-21 20:21 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-07-21 20:21 - 2014-07-21 20:21 - 00002135 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-07-21 20:20 - 2014-07-21 20:20 - 03358176 _____ () C:\Users\Fox\Desktop\advisorinstaller.exe
2014-07-20 03:19 - 2014-07-20 03:19 - 00024551 _____ () C:\Users\Fox\Desktop\bookmarks.html
2014-07-20 03:12 - 2014-07-20 03:12 - 04514472 _____ (Igor Pavlov) C:\Users\Fox\Desktop\bios update.exe
2014-07-19 14:24 - 2014-07-19 14:24 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 14:24 - 2014-07-19 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-18 23:44 - 2014-07-18 23:44 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Fox\Desktop\rkill64.exe
2014-07-18 22:18 - 2014-07-22 21:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-18 22:18 - 2014-07-18 22:18 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-18 22:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-18 22:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-18 22:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-18 22:09 - 2014-07-18 22:16 - 00000000 ____D () C:\Users\Fox\Desktop\mbam stuff
2014-07-18 21:47 - 2014-07-18 21:49 - 00000000 ____D () C:\Users\Fox\Desktop\registry backuo
2014-07-18 21:46 - 2014-07-18 21:46 - 00000939 _____ () C:\Users\Fox\Desktop\NTREGOPT.lnk
2014-07-18 21:46 - 2014-07-18 21:46 - 00000920 _____ () C:\Users\Fox\Desktop\ERUNT.lnk
2014-07-18 21:46 - 2014-07-18 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-18 21:46 - 2014-07-18 21:46 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-18 21:39 - 2014-07-18 21:39 - 00791393 _____ (Lars Hederer ) C:\Users\Fox\Desktop\erunt-setup.exe
2014-07-18 21:38 - 2014-07-22 21:38 - 00002558 _____ () C:\Users\Fox\Desktop\Rkill.txt
2014-07-18 21:35 - 2014-07-18 21:35 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Fox\Desktop\rkill.exe
2014-07-15 22:07 - 2014-07-15 22:07 - 02302976 _____ () C:\Users\Fox\Desktop\backup23.pst
2014-07-14 22:48 - 2014-07-14 22:48 - 00026432 _____ () C:\Users\Fox\Desktop\Addition.txt
2014-07-14 22:47 - 2014-07-22 23:01 - 00000000 ____D () C:\FRST
2014-07-14 22:47 - 2014-07-14 22:48 - 00047607 _____ () C:\Users\Fox\Desktop\FRST.txt
2014-07-14 22:42 - 2014-07-14 22:42 - 00043347 _____ () C:\Users\Fox\Desktop\CheckResults.txt
2014-07-14 22:41 - 2014-07-14 22:42 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Fox\Desktop\mbam-check-2.1.1.1001.exe
2014-07-12 17:40 - 2014-07-12 18:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-12 17:39 - 2014-07-12 18:02 - 00000000 ____D () C:\Users\Fox\Desktop\mbar
2014-07-12 17:38 - 2014-07-12 17:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Fox\Desktop\mbar-1.07.0.1012.exe
2014-07-12 17:27 - 2014-07-12 17:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Fox\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-12 17:17 - 2014-07-22 20:56 - 00029430 _____ () C:\Windows\PFRO.log
2014-07-12 17:16 - 2014-07-12 17:16 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Fox\Desktop\mbam-clean-2.1.1.1001.exe
2014-07-12 17:13 - 2014-07-22 21:35 - 00006832 _____ () C:\Windows\setupact.log
2014-07-12 17:13 - 2014-07-12 17:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-12 16:52 - 2014-07-12 16:52 - 00002256 _____ () C:\Users\Fox\Desktop\cc_20140712_165210.reg
2014-07-09 20:32 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 20:32 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 20:32 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 20:32 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 20:32 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 20:32 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 20:32 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 20:32 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 20:32 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 20:32 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 20:32 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 20:32 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 20:32 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 20:32 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 20:32 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 20:32 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 20:32 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 20:32 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 20:32 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 20:32 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 20:32 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 20:32 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 20:32 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 20:32 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 20:32 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 20:32 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 20:32 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 20:32 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 20:32 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 20:32 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 20:32 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 20:32 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 20:32 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 20:32 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 20:32 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 20:32 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 20:32 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 20:32 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 20:32 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 20:32 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 20:32 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 20:32 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 20:32 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 20:32 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 20:32 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 20:32 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 20:32 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 20:32 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 20:32 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 20:32 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 20:32 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 20:32 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 20:32 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 20:32 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 20:32 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 20:32 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 20:32 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 20:32 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 20:32 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 20:32 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 20:32 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 20:32 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 20:32 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 20:32 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 20:32 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 20:32 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 20:32 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 20:32 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 20:32 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 20:32 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 20:32 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 20:32 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 20:32 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 20:32 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 20:32 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 20:32 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 20:32 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 20:32 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 20:32 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 20:32 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 20:32 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-05 11:10 - 2014-07-05 11:10 - 00039008 _____ (Lenovo.) C:\Windows\system32\Drivers\LhdX64.sys
2014-07-05 10:28 - 2014-07-05 10:28 - 00002984 _____ () C:\Users\Fox\Desktop\cc_20140705_102833.reg
2014-07-04 13:37 - 2014-07-04 13:37 - 00011749 ____H () C:\Users\Fox\Desktop\~WRL0003.tmp

==================== One Month Modified Files and Folders =======

2014-07-22 23:02 - 2014-07-22 23:01 - 00022451 _____ () C:\Users\Fox\Downloads\FRST.txt
2014-07-22 23:01 - 2014-07-22 23:01 - 02090496 _____ (Farbar) C:\Users\Fox\Downloads\FRST64.exe
2014-07-22 23:01 - 2014-07-14 22:47 - 00000000 ____D () C:\FRST
2014-07-22 22:36 - 2014-07-22 22:36 - 00003574 _____ () C:\Users\Fox\Desktop\RKreport_SCN_07222014_223335.log
2014-07-22 22:27 - 2014-07-22 22:27 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-22 22:27 - 2014-07-22 22:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-22 22:26 - 2014-07-22 22:26 - 05336664 _____ () C:\Users\Fox\Downloads\RogueKillerX64.exe
2014-07-22 21:48 - 2014-07-22 21:48 - 02347384 _____ (ESET) C:\Users\Fox\Downloads\esetsmartinstaller_enu.exe
2014-07-22 21:48 - 2014-07-22 21:48 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-22 21:45 - 2014-07-22 21:45 - 00000631 _____ () C:\Users\Fox\Desktop\JRT.txt
2014-07-22 21:43 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 21:43 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 21:40 - 2014-07-22 20:46 - 00000000 ____D () C:\Users\Fox\AppData\Local\CrashDumps
2014-07-22 21:39 - 2012-08-24 15:04 - 01127537 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 21:38 - 2014-07-18 21:38 - 00002558 _____ () C:\Users\Fox\Desktop\Rkill.txt
2014-07-22 21:35 - 2014-07-12 17:13 - 00006832 _____ () C:\Windows\setupact.log
2014-07-22 21:35 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 21:00 - 2014-07-18 22:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 20:58 - 2014-07-22 20:58 - 00002410 _____ () C:\Users\Fox\Desktop\AdwCleaner[s0].txt
2014-07-22 20:56 - 2014-07-12 17:17 - 00029430 _____ () C:\Windows\PFRO.log
2014-07-22 20:55 - 2014-07-22 20:53 - 00000000 ____D () C:\AdwCleaner
2014-07-22 20:52 - 2014-07-22 20:52 - 01354223 _____ () C:\Users\Fox\Downloads\AdwCleaner.exe
2014-07-22 20:44 - 2014-07-22 20:44 - 00000000 ____D () C:\Windows\ERUNT
2014-07-22 20:43 - 2014-07-22 20:43 - 01016261 _____ (Thisisu) C:\Users\Fox\Downloads\JRT.exe
2014-07-22 19:42 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-22 19:37 - 2014-07-22 19:37 - 08867840 _____ () C:\Users\Fox\Downloads\SeaToolsDOS223ALL.ISO
2014-07-21 23:49 - 2014-07-21 23:49 - 00000000 ____D () C:\Users\Fox\Desktop\HDDScan_v31
2014-07-21 23:48 - 2014-07-21 23:48 - 01829148 _____ () C:\Users\Fox\Desktop\HDDScan_v31.zip
2014-07-21 23:43 - 2014-07-21 23:43 - 00003006 _____ () C:\Windows\System32\Tasks\{E4A77396-194B-43DF-8EEB-968D9016C848}
2014-07-21 23:19 - 2014-07-21 23:19 - 00001412 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-07-21 23:19 - 2014-07-21 23:19 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-07-21 23:18 - 2014-07-21 23:16 - 26771088 _____ () C:\Users\Fox\Desktop\SeaToolsforWindowsSetup.exe
2014-07-21 23:02 - 2014-07-21 23:02 - 00003544 ____N () C:\bootsqm.dat
2014-07-21 21:08 - 2014-07-21 20:49 - 00000000 ____D () C:\Users\Fox\AppData\Local\NPE
2014-07-21 21:03 - 2014-07-21 21:03 - 00000000 ____D () C:\NPE
2014-07-21 20:49 - 2014-07-21 20:49 - 03077584 ____N (Symantec Corporation) C:\Users\Fox\Desktop\NPE.exe
2014-07-21 20:49 - 2012-10-28 21:07 - 00000000 ____D () C:\ProgramData\Norton
2014-07-21 20:41 - 2014-07-21 20:41 - 00024758 _____ () C:\Users\Fox\Documents\bookmarks.html
2014-07-21 20:40 - 2014-07-21 20:36 - 559727616 _____ () C:\Users\Fox\Documents\backup7654.pst
2014-07-21 20:38 - 2014-07-21 20:38 - 02302976 _____ () C:\Users\Fox\Documents\backupx4.pst
2014-07-21 20:26 - 2014-07-21 20:26 - 00093277 _____ () C:\Users\Fox\Desktop\Belarc Advisor Computer Profile.htm
2014-07-21 20:25 - 2014-07-21 20:25 - 00093277 _____ () C:\Users\Fox\Documents\Belarc Advisor Computer Profile.htm
2014-07-21 20:25 - 2014-07-21 20:25 - 00000000 ____D () C:\Users\Fox\Documents\Belarc Advisor Computer Profile_files
2014-07-21 20:21 - 2014-07-21 20:21 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-07-21 20:21 - 2014-07-21 20:21 - 00002135 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-07-21 20:20 - 2014-07-21 20:20 - 03358176 _____ () C:\Users\Fox\Desktop\advisorinstaller.exe
2014-07-20 03:19 - 2014-07-20 03:19 - 00024551 _____ () C:\Users\Fox\Desktop\bookmarks.html
2014-07-20 03:12 - 2014-07-20 03:12 - 04514472 _____ (Igor Pavlov) C:\Users\Fox\Desktop\bios update.exe
2014-07-19 16:09 - 2013-05-20 13:00 - 00000000 ____D () C:\Users\Fox\Documents\Career
2014-07-19 15:27 - 2013-05-21 12:40 - 00000000 ____D () C:\Users\Fox\Documents\My TVS
2014-07-19 14:24 - 2014-07-19 14:24 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 14:24 - 2014-07-19 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 14:24 - 2014-04-25 13:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 23:44 - 2014-07-18 23:44 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Fox\Desktop\rkill64.exe
2014-07-18 22:18 - 2014-07-18 22:18 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-18 22:18 - 2014-07-18 22:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-18 22:16 - 2014-07-18 22:09 - 00000000 ____D () C:\Users\Fox\Desktop\mbam stuff
2014-07-18 21:49 - 2014-07-18 21:47 - 00000000 ____D () C:\Users\Fox\Desktop\registry backuo
2014-07-18 21:46 - 2014-07-18 21:46 - 00000939 _____ () C:\Users\Fox\Desktop\NTREGOPT.lnk
2014-07-18 21:46 - 2014-07-18 21:46 - 00000920 _____ () C:\Users\Fox\Desktop\ERUNT.lnk
2014-07-18 21:46 - 2014-07-18 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-18 21:46 - 2014-07-18 21:46 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-18 21:39 - 2014-07-18 21:39 - 00791393 _____ (Lars Hederer ) C:\Users\Fox\Desktop\erunt-setup.exe
2014-07-18 21:35 - 2014-07-18 21:35 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Fox\Desktop\rkill.exe
2014-07-15 22:07 - 2014-07-15 22:07 - 02302976 _____ () C:\Users\Fox\Desktop\backup 7835.pst
2014-07-14 22:48 - 2014-07-14 22:48 - 00026432 _____ () C:\Users\Fox\Desktop\Addition.txt
2014-07-14 22:48 - 2014-07-14 22:47 - 00047607 _____ () C:\Users\Fox\Desktop\FRST.txt
2014-07-14 22:42 - 2014-07-14 22:42 - 00043347 _____ () C:\Users\Fox\Desktop\CheckResults.txt
2014-07-14 22:42 - 2014-07-14 22:41 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Fox\Desktop\mbam-check-2.1.1.1001.exe
2014-07-13 16:17 - 2013-07-22 19:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-13 16:17 - 2013-07-22 19:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-12 18:03 - 2014-07-12 17:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-12 18:02 - 2014-07-12 17:39 - 00000000 ____D () C:\Users\Fox\Desktop\mbar
2014-07-12 17:38 - 2014-07-12 17:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Fox\Desktop\mbar-1.07.0.1012.exe
2014-07-12 17:27 - 2014-07-12 17:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Fox\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-12 17:16 - 2014-07-12 17:16 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Fox\Desktop\mbam-clean-2.1.1.1001.exe
2014-07-12 17:13 - 2014-07-12 17:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-12 16:52 - 2014-07-12 16:52 - 00002256 _____ () C:\Users\Fox\Desktop\cc_20140712_165210.reg
2014-07-11 22:26 - 2013-05-04 13:05 - 00000000 ____D () C:\Users\Fox\Documents\Mom's TVS
2014-07-11 20:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 03:02 - 2014-04-25 13:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-04-25 13:28 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-04-25 13:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-04-25 13:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 23:16 - 2009-07-13 21:45 - 00463768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 23:15 - 2014-05-06 11:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 23:15 - 2011-10-10 01:19 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 23:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 23:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 22:02 - 2013-07-31 17:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 22:02 - 2012-10-28 17:16 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 18:19 - 2013-01-26 17:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-06 12:42 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-05 11:10 - 2014-07-05 11:10 - 00039008 _____ (Lenovo.) C:\Windows\system32\Drivers\LhdX64.sys
2014-07-05 11:10 - 2012-10-29 03:36 - 00000000 ____D () C:\Users\Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-07-05 11:10 - 2012-08-24 15:34 - 00019872 _____ (Lenovo (Beijing) Limited) C:\Windows\system32\LenovoSDKEmSubSystem.dll
2014-07-05 11:10 - 2012-08-24 15:34 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-07-05 11:10 - 2012-08-24 15:28 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-07-05 11:10 - 2012-08-24 15:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-05 11:05 - 2012-08-24 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-07-05 10:28 - 2014-07-05 10:28 - 00002984 _____ () C:\Users\Fox\Desktop\cc_20140705_102833.reg
2014-07-05 10:17 - 2013-05-04 13:35 - 00000000 ____D () C:\ProgramData\Energy Management
2014-07-04 15:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-07-04 14:29 - 2012-10-29 03:36 - 00000000 ____D () C:\Users\Fox
2014-07-04 13:37 - 2014-07-04 13:37 - 00011749 ____H () C:\Users\Fox\Desktop\~WRL0003.tmp
2014-06-29 19:09 - 2014-07-09 20:32 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 19:04 - 2014-07-09 20:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 20:00 - 2012-10-28 20:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Fox\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 21:06

==================== End Of Log ============================

Link to post
Share on other sites

I'll just repost the logs one by one. I hope I don't get in trouble.  I just want it easy to read, in no way is my intention to bump my post.  Apologies in advance.

 

 

 

# AdwCleaner v3.216 - Report created 22/07/2014 at 20:55:03
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Fox - FOX-PC
# Running from : C:\Users\Fox\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Windows\util
Folder Deleted : C:\Users\Fox\AppData\Local\Temp\OCS

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Fox\AppData\Roaming\Mozilla\FireFox\Profiles\ljoths8f.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2428 octets] - [22/07/2014 20:53:33]
AdwCleaner[s0].txt - [2254 octets] - [22/07/2014 20:55:03]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2314 octets] ##########
 

Link to post
Share on other sites

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Fox [Admin rights]
Mode : Scan -- Date : 07/22/2014  22:33:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2B8E40E2-8062-47E8-B3B9-DC47D59C20CA} | DhcpNameServer : 10.0.0.1  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1763048884-3980972539-2938752159-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\HybridDisk @ Unknown (\SystemRoot\System32\Drivers\Fs_Rec.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\HybridDisk @ Unknown (\SystemRoot\System32\Drivers\Fs_Rec.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZMPC032HBCD-000 +++++
--- User ---
[MBR] 844d778de07972483a79dcd249959133
[bSP] d39ce535e3de6baa1545308be3a6879b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 939198 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1923890608 | Size: 25000 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1975090608 | Size: 20001 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST1000LM024 HN-M101MBB +++++
Error reading User MBR! ([1b] The drive cannot find the sector requested. )
User = LL1 ... OK
User = LL2 ... OK
 

Link to post
Share on other sites

Rkill 2.6.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/22/2014 09:37:40 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 07/22/2014 09:38:17 PM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)
 

Link to post
Share on other sites

Rkill 2.6.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/22/2014 09:37:40 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 07/22/2014 09:38:17 PM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)
 

Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


 
 

 

 

Then reboot and run the following

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

Link to post
Share on other sites

Hello, thank you for the reply. I didn't post the junkware removal tool log because the first time i ran it the log was saved but i couldn't locate it, so i ran it again but there was nothing to report in the log. I will run your requested tests tonight when i return home from work. Again thank you for your help.

Link to post
Share on other sites

Hello,

Malwarebytes, again, froze on "object scanned" 108. I'm confused why these other programs are able to complete their scans. Below is the log from running JavaRa.

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jul 24 19:52:44 2014

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.

Link to post
Share on other sites

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jul 24 19:52:44 2014

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.



 

Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Hi Ron,

 

I ran the combofix, but before doing so I disabled the firewall, antivirus auto - protection  and turned on silent mode on my comcast norton security suite.  Combo fix stated that the antispyware was still running.  I cannot locate where to turn this off.  I thought what i disabled was all there was to disable from what I read online.  Once combofix alerted me that it was still running I wanted to stop running combofix and post a reply but there are no cancel buttons so it ended up running anyway. 

 

Should I uninstall norton security suite completely and run the combofix again?  I will post the combo fix log in my next reply since it doesn't post correctly when I post it with my main response.

 

Thank you again.

 

Best,

 

Fox

Link to post
Share on other sites

ComboFix 14-07-25.01 - Fox 07/25/2014  20:00:33.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8094.5846 [GMT -7:00]
Running from: c:\users\Fox\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-26 to 2014-07-26  )))))))))))))))))))))))))))))))
.
.
2014-07-26 03:03 . 2014-07-26 03:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-23 06:27 . 2014-07-23 06:27    --------    d-----w-    c:\program files (x86)\Common Files\Acronis
2014-07-23 06:27 . 2014-07-23 06:27    --------    d-----w-    c:\program files (x86)\Acronis
2014-07-23 05:27 . 2014-07-24 03:56    30312    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-07-23 05:27 . 2014-07-23 05:27    --------    d-----w-    c:\programdata\RogueKiller
2014-07-23 04:48 . 2014-07-23 04:48    --------    d-----w-    c:\program files (x86)\ESET
2014-07-23 03:53 . 2014-07-23 03:55    --------    d-----w-    C:\AdwCleaner
2014-07-23 03:46 . 2014-07-25 02:44    --------    d-----w-    c:\users\Fox\AppData\Local\CrashDumps
2014-07-23 03:44 . 2014-07-23 03:44    --------    d-----w-    c:\windows\ERUNT
2014-07-22 06:19 . 2014-07-22 06:19    --------    d-----w-    c:\programdata\Package Cache
2014-07-22 06:19 . 2014-07-22 06:19    --------    d-----w-    c:\program files (x86)\Seagate
2014-07-22 04:03 . 2014-07-24 04:39    --------    d-----w-    C:\NPE
2014-07-22 03:49 . 2014-07-24 04:41    --------    d-----w-    c:\users\Fox\AppData\Local\NPE
2014-07-22 03:21 . 2014-07-22 03:21    --------    d-----w-    c:\program files (x86)\Belarc
2014-07-19 05:18 . 2014-07-25 03:02    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-19 05:18 . 2014-07-24 03:37    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-07-19 05:18 . 2014-05-12 14:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-07-19 05:18 . 2014-05-12 14:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-07-19 05:18 . 2014-07-19 05:18    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-19 05:18 . 2014-07-19 05:18    --------    d-----w-    c:\programdata\Malwarebytes
2014-07-19 04:46 . 2014-07-19 04:46    --------    d-----w-    c:\program files (x86)\ERUNT
2014-07-15 05:47 . 2014-07-23 06:02    --------    d-----w-    C:\FRST
2014-07-13 00:40 . 2014-07-24 04:17    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-05 18:10 . 2014-07-05 18:10    39008    ----a-w-    c:\windows\system32\drivers\LhdX64.sys
2014-07-05 17:59 . 2014-07-05 18:09    --------    d-----w-    C:\Drivers
2014-06-27 07:55 . 2014-06-27 07:55    196816    ----a-w-    c:\program files\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-13 23:17 . 2013-07-23 02:29    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-13 23:17 . 2013-07-23 02:29    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-10 05:02 . 2012-10-29 00:16    96441528    ----a-w-    c:\windows\system32\MRT.exe
2014-07-05 18:10 . 2012-08-24 22:34    19872    ----a-w-    c:\windows\system32\LenovoSDKEmSubSystem.dll
2014-06-03 10:08 . 2013-01-27 01:00    848080    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-05-29 23:07 . 2014-06-05 04:43    1291232    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2014-05-29 23:07 . 2013-12-18 04:11    1122312    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-05-29 23:07 . 2014-06-05 04:43    1715176    ----a-w-    c:\windows\system32\nvspbridge64.dll
2014-05-29 23:07 . 2013-12-18 04:11    1279480    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-05-20 02:44 . 2014-06-05 04:50    9735256    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-06-05 04:50    9697640    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-06-05 04:50    895776    ----a-w-    c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-06-05 04:50    892704    ----a-w-    c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-06-05 04:50    867784    ----a-w-    c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-06-05 04:50    861128    ----a-w-    c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-06-05 04:50    492376    ----a-w-    c:\windows\system32\nvEncodeAPI64.dll
2014-05-20 02:44 . 2014-06-05 04:50    416712    ----a-w-    c:\windows\SysWow64\nvEncodeAPI.dll
2014-05-20 02:44 . 2014-06-05 04:50    382240    ----a-w-    c:\windows\system32\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-06-05 04:50    354016    ----a-w-    c:\windows\system32\nvoglshim64.dll
2014-05-20 02:44 . 2014-06-05 04:50    335704    ----a-w-    c:\windows\SysWow64\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-06-05 04:50    32544    ----a-w-    c:\windows\system32\drivers\nvpciflt.sys
2014-05-20 02:44 . 2014-06-05 04:50    3141976    ----a-w-    c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-06-05 04:50    31387936    ----a-w-    c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-06-05 04:50    305600    ----a-w-    c:\windows\SysWow64\nvoglshim32.dll
2014-05-20 02:44 . 2014-06-05 04:50    2953672    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-06-05 04:50    2785568    ----a-w-    c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-06-05 04:50    2412376    ----a-w-    c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-06-05 04:50    24025376    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-06-05 04:50    1889112    ----a-w-    c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-06-05 04:50    18531568    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2014-06-05 04:50    17480432    ----a-w-    c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2014-06-05 04:50    16003912    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-06-05 04:50    1541576    ----a-w-    c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-06-05 04:50    12688328    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-06-05 04:50    11644928    ----a-w-    c:\windows\system32\nvcuda.dll
2014-05-20 02:44 . 2014-06-05 04:50    11599072    ----a-w-    c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2014-06-05 04:50    25256224    ----a-w-    c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-06-05 04:50    17561544    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-02-19 01:06    14434704    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2013-12-18 04:08    837056    ----a-w-    c:\windows\SysWow64\nvumdshim.dll
2014-05-20 02:44 . 2013-12-18 04:08    2730208    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2012-08-24 22:06    952952    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2012-08-24 22:06    3109248    ----a-w-    c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2012-08-24 22:06    166568    ----a-w-    c:\windows\system32\nvinitx.dll
2014-05-20 02:44 . 2012-08-24 22:06    146480    ----a-w-    c:\windows\SysWow64\nvinit.dll
2014-05-20 01:25 . 2012-08-24 22:06    6769096    ----a-w-    c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2012-08-24 22:06    3514144    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2012-08-24 22:06    927520    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2012-08-24 22:06    76064    ----a-w-    c:\windows\system32\nv3dappshextr.dll
2014-05-20 01:25 . 2012-08-24 22:06    62808    ----a-w-    c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2012-08-24 22:06    610592    ----a-w-    c:\windows\SysWow64\oemdspif.dll
2014-05-20 01:25 . 2012-08-24 22:06    387528    ----a-w-    c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2012-08-24 22:06    2560968    ----a-w-    c:\windows\system32\nvsvcr.dll
2014-05-20 01:25 . 2012-08-24 22:06    1078616    ----a-w-    c:\windows\system32\nv3dappshext.dll
2014-05-14 23:49 . 2012-08-24 22:06    3774821    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-05-08 09:32 . 2014-06-11 02:48    16384    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-08 09:32 . 2014-06-11 02:48    3178496    ----a-w-    c:\windows\system32\rdpcorets.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 08:39    1730264    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 08:39    1730264    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 08:39    1730264    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-26 337776]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-27 1058400]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2013-08-06 237120]
"adm_tray.exe"="c:\program files (x86)\Acronis\DriveMonitor\adm_tray.exe" [2011-02-25 466768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-2-1 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
R2 NSDSvc;Fast boot service of lenovo;c:\windows\System32\NSDSvc.exe;c:\windows\SYSNATIVE\NSDSvc.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
S0 HybridDisk;HybridDisk;c:\windows\System32\DRIVERS\HybridDiskX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridDiskX64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 NSD;NSD;c:\windows\system32\drivers\nsd.sys;c:\windows\SYSNATIVE\drivers\nsd.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\ccSetx64.sys [x]
S1 hybridcfile;hybridcfile;c:\windows\system32\DRIVERS\HybridCFileX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridCFileX64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140725.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140725.001\IDSvia64.sys [x]
S1 Nsdfltr;Nsdfltr;c:\windows\system32\drivers\Nsdfltr.sys;c:\windows\SYSNATIVE\drivers\Nsdfltr.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1503000.00C\SYMNETS.SYS [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2014/03/23 18:41];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [x]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 hswpan;WPAN Driver;c:\windows\system32\DRIVERS\hswpan.sys;c:\windows\SYSNATIVE\DRIVERS\hswpan.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 10:07    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 10:07    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 10:07    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-08-24 789856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2014-07-05 8076848]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2014-07-05 6199344]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-12 462400]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps10282012
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\ljoths8f.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
SafeBoot-mbamchameleon
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynLenovoGestureMgr - c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.3.0.12;c:\program files (x86)\Norton Security Suite\Engine64\21.3.0.12"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-25  20:04:32
ComboFix-quarantined-files.txt  2014-07-26 03:04
.
Pre-Run: 3,712,561,152 bytes free
Post-Run: 3,083,485,184 bytes free
.
- - End Of File - - 659A889F6585F478F3011B489C31B18E
 

Link to post
Share on other sites

  • Root Admin

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

 

 

 

Please run a Full Disk Check on your system drive.  If needed here are some links on how to run a Disk Check.


On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit

How to Run Disk Check in Windows 7

How to Run Check Disk at Startup in Vista or Windows 7

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8
 

Thanks

 

Link to post
Share on other sites

Hello, I'm running the chkdsk function right now. Would you like me to post the logs for it from event viewer when complete?

Also, do you believe i have any malware or virus/rootkit based on my other scan logs? Just trying to see where we are at so far with diagnosing any problems.

Thank you again for your help and time.

Link to post
Share on other sites

Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows7_OS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  141312 file records processed.                                          File verification completed.
  618 large file records processed.                                      0 bad file records processed.                                        0 EA records processed.                                              43 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
  196598 index entries processed.                                         Index verification completed.
  0 unindexed files scanned.                                           0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
  141312 file SDs/SIDs processed.                                         Cleaning up 104 unused index entries from index $SII of file 0x9.
Cleaning up 104 unused index entries from index $SDH of file 0x9.
Cleaning up 104 unused security descriptors.
Security descriptor verification completed.
  27644 data files processed.                                            CHKDSK is verifying Usn Journal...
  37104416 USN bytes processed.                                             Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  141296 files processed.                                                 File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  812274 free clusters processed.                                         Free space verification is complete.
Adding 308193 bad clusters to the Bad Clusters File.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 961739479 KB total disk space.
  58458116 KB in 109053 files.
     71348 KB in 27645 indexes.
 900919276 KB in bad sectors.
    274415 KB in use by the system.
     65536 KB occupied by the log file.
   2016324 KB available on disk.

      4096 bytes in each allocation unit.
 240434869 total allocation units on disk.
    504081 allocation units available on disk.

Internal Info:
00 28 02 00 05 16 02 00 32 df 03 00 00 00 00 00  .(......2.......
63 04 00 00 2b 00 00 00 00 00 00 00 00 00 00 00  c...+...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
 

Link to post
Share on other sites

The previous time i ran chkdsk, from my first post for help in the other section of the forum, link:

 

https://forums.malwarebytes.org/index.php?/topic/152510-mbam-freezing-computer-in-scan/

 

the log stated in stage five 5 of chkdsk that there were about 225million free clusters and that 224million were bad and being added to the bad cluster file.  Then the free space on my hdd disappeared, it went from 900gb to only 3-4gb free space.

 

This scan shows that there are only ~800k free clusters, probably because it hid all the other "bad" clusters the first time i ran it.

 

When I first ran the chkdsk function from my first post in the other section I researched more and learned that bad clusters/sectors can be either bad because of physical damage or software corruption.  Everyone suggests a drive diagnostics tool such as seatools.  I ran seatools for windows, it couldn't detect the serial numbers on my ssd and hdd....(btw i have a lenovo which comes with ssd and hdd combo, there is some software, rapiddrive, which combines the two virtually so you have one virtual drive). 

 

It was recommended to run the seatools for dos, that wouldn't work.  It was then recommended to run the legacy version of seatools for dos.  That DID work and both drive successfully passed the long and short tests.(DST?)  This leads me to think there is some software corruption? Caused by trojan, malware or virus?

 

Based on my logs do you believe I have been infected at some point with maleware, rootkit, virus, trojan etc?  I really appreciate your advice and look forward to seeing what next steps I have. 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.