keevans

Dear Kevin All seems to work fine, rebooting as normal thankfully!! Thanks so much for all your help Best wishes Keith

Dear Kevin Logs attached AdwCleaner[C0].txt mrt.log Fixlog.txt

Dear Kevin Quarantined them , its just restarted OK

Dear Kevin These should be all the logs Best wishes Keith MBscan.txt Addition.txt FRST.txt

Dear Kevin Yes I can reboot in normal mode

Dear Kevin It booted into safe mode, log attached below Fix result of Farbar Recovery Scan Tool (x64) Version: 20-05-2017 Ran by SYSTEM (21-05-2017 16:26:17) Run:2 Running from G:\ Boot Mode: Recovery ============================================== fixlist content: ***************** Start LastRegBack: 2017-05-19 12:08 end ***************** DEFAULT => Could not copy DEFAULT => restored successfully from registry back up SAM => copied successfully to System32\config\HiveBackup SAM => restored successfully from registry back up SECURITY => copied successfully to System32\config\HiveBackup SECURITY => restored successfully from registry back up SOFTWARE => Could not copy SOFTWARE => restored successfully from registry back up SYSTEM => Could not copy SYSTEM => restored successfully from registry back up ==== End of Fixlog 16:26:31 ====

Dear Kevin These are results Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-05-2017 Ran by SYSTEM on MININT-OLDCVQ8 (21-05-2017 15:37:48) Running from G:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED) HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor) HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc) HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc) HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [913216 2010-06-01] (Dell Inc.) HKLM\...\Run: [DLUPDR] => C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE [587584 2010-06-01] (Dell Inc.) HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1284416 2010-06-01] (Dell Inc.) HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [iTunesHelper] => "C:\Program Files\iTunes\iTunesHelper.exe" HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144696 2017-02-14] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] <==== ATTENTION SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - No File GroupPolicy\User: Restriction <======= ATTENTION ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [1002552 2017-03-23] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5334432 2017-03-23] (AVG Technologies CZ, s.r.o.) S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-04-27] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [729048 2017-03-23] (AVG Technologies CZ, s.r.o.) S2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155888 2009-10-16] (Dell Inc.) S2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [344384 2010-06-01] (Dell Inc.) S2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [33280 2014-06-20] (Digital Market Research Apps Pty Ltd) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) S2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) S2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2014-06-20] (Digital Market Research Apps Pty Ltd) S2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc) S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4076744 2017-02-14] (Check Point Software Technologies Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.) S2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1037624 2017-02-14] (Check Point Software Technologies Ltd.) S2 BT Help Wizard; "C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe" [X] S2 PnkBstrA; no ImagePath ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313088 2017-02-20] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.) S0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.) S1 BTOWSFF; C:\Windows\System32\Drivers\BTOWSFF.sys [33024 2016-02-26] (Toolwiz.com) S0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [52480 2016-02-26] (Toolwiz.com) S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-05-19] () S3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [59152 2016-05-11] (FUJITSU LIMITED) S3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-08-02] (AO Kaspersky Lab) S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [180560 2016-08-02] (AO Kaspersky Lab) S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [292176 2016-08-02] (AO Kaspersky Lab) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1015120 2016-08-02] (AO Kaspersky Lab) S0 KSafeDISK; C:\Windows\System32\Drivers\KSafeDISK.sys [52992 2016-02-26] (Toolwiz.com) S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-19] (Malwarebytes) S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-20] (Malwarebytes) S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-05-20] () <==== ATTENTION (zero byte File/Folder) S3 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [29392 2016-07-28] () S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [17280 2012-07-09] (Scott) S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-03-16] (Check Point Software Technologies Ltd.) S3 clwvd; system32\DRIVERS\clwvd.sys [X] S3 iswSvc; no ImagePath S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-21 23:42 - 2017-05-21 23:42 - 00000000 ____D C:\Windows\System32\config\HiveBackup 2017-05-21 23:40 - 2017-05-21 15:37 - 00000000 ____D C:\FRST 2017-05-21 06:03 - 2017-05-21 06:03 - 00024576 _____ C:\BCD_BAckup 2017-05-20 14:13 - 2017-05-20 14:13 - 00000000 _____ C:\Windows\System32\Drivers\78834934.sys 2017-05-19 10:45 - 2017-05-19 10:45 - 00000000 _____ C:\Windows\System32\Drivers\27095B6D.sys 2017-05-17 17:46 - 2017-05-17 17:46 - 00000000 _____ C:\Windows\System32\Drivers\43FB0185.sys 2017-05-14 14:27 - 2017-05-20 14:13 - 00113592 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys 2017-05-14 14:27 - 2017-05-20 14:13 - 00000000 _____ C:\Windows\System32\Drivers\mwac.sys 2017-05-14 14:27 - 2017-05-20 14:13 - 00000000 _____ C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2017-05-14 14:27 - 2017-05-20 14:13 - 00000000 _____ C:\Windows\System32\Drivers\mbam.sys 2017-05-14 14:27 - 2017-05-19 10:11 - 00077440 _____ C:\Windows\System32\Drivers\mbae64.sys 2017-05-14 14:27 - 2017-05-19 10:08 - 00187320 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys 2017-05-14 14:27 - 2017-05-14 14:27 - 00001873 ____N C:\Users\Public\Desktop\Malwarebytes.lnk 2017-05-14 14:27 - 2017-05-14 14:27 - 00000000 ____D C:\Program Files\Malwarebytes 2017-05-14 14:02 - 2017-05-14 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-05-14 13:24 - 2017-02-16 21:01 - 00453352 _____ C:\Windows\System32\Drivers\etc\hosts.20170514-132413.backup 2017-05-12 12:25 - 2017-05-20 09:13 - 00004344 _____ C:\Windows\System32\Tasks\SmartAppLiveUpdater 2017-05-11 19:03 - 2017-05-11 19:03 - 00740248 _____ C:\Windows\System32\dll 2017-05-06 11:03 - 2017-02-16 21:01 - 00453352 _____ C:\Windows\System32\Drivers\etc\hosts.20170506-110329.backup 2017-04-28 18:41 - 2017-02-16 21:01 - 00453352 _____ C:\Windows\System32\Drivers\etc\hosts.20170428-184108.backup 2017-04-21 13:39 - 2017-02-16 21:01 - 00453352 _____ C:\Windows\System32\Drivers\etc\hosts.20170421-133900.backup ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-20 17:15 - 2013-10-23 18:30 - 00000378 _____ C:\Windows\Tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}.job 2017-05-20 17:11 - 2012-07-04 22:25 - 00000000 ____D C:\Users\keith\AppData\Roaming\Skype 2017-05-20 16:06 - 2017-04-17 14:13 - 66684103 _____ C:\Users\keith\Desktop\city (v02) (v02) (v03) (Backup) (Backup) (Backup)-2 (Backup) (Backup) (Backup) (v03).fm 2017-05-20 15:16 - 2017-04-17 14:13 - 65439838 _____ C:\Users\keith\Desktop\city (v02) (v02) (v03) (Backup) (Backup) (Backup)-2 (Backup) (Backup) (Backup) (v03) (v02).fm 2017-05-20 14:48 - 2017-04-17 14:13 - 64575254 _____ C:\Users\keith\Desktop\city (v02) (v02) (v03) (Backup) (Backup) (Backup)-2 (Backup) (Backup) (Backup) (v03) (v03).fm 2017-05-20 14:18 - 2016-03-31 19:17 - 00000000 ____D C:\Program Files (x86)\Steam 2017-05-20 11:07 - 2012-07-04 18:46 - 00000000 ____D C:\users\keith 2017-05-20 11:07 - 2008-11-06 17:35 - 00305664 _____ C:\Users\keith\Spending.xls 2017-05-20 10:51 - 2016-09-20 21:10 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task 2017-05-20 09:15 - 2009-07-14 05:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-05-20 09:15 - 2009-07-14 05:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-05-20 09:12 - 2016-05-22 20:30 - 00003298 _____ C:\Windows\System32\Tasks\SmartAppMonitor 2017-05-20 09:05 - 2012-07-04 21:40 - 00000000 ____D C:\ProgramData\MFAData 2017-05-20 09:02 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-05-20 09:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-05-19 17:45 - 2012-07-13 16:36 - 00000000 ____D C:\Users\keith\AppData\Local\CrashDumps 2017-05-19 14:06 - 2012-07-04 22:25 - 00000000 ____D C:\ProgramData\Skype 2017-05-19 14:05 - 2017-03-22 19:39 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-05-19 14:02 - 2012-11-07 20:00 - 00000000 ____D C:\ProgramData\Package Cache 2017-05-19 13:37 - 2012-07-20 17:43 - 00000000 ____D C:\ProgramData\Apple 2017-05-19 13:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-05-19 13:15 - 2014-09-14 19:31 - 00000000 ____D C:\Users\keith\.get_iplayer 2017-05-19 13:14 - 2014-04-26 16:04 - 00000000 ____D C:\Users\keith\Desktop\iPlayer Recordings 2017-05-17 22:03 - 2012-07-13 20:30 - 00000000 ____D C:\Users\keith\AppData\Roaming\SoftGrid Client 2017-05-16 22:19 - 2011-04-16 11:56 - 00767906 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2017-05-16 22:19 - 2009-07-14 06:13 - 00767906 _____ C:\Windows\System32\PerfStringBackup.INI 2017-05-14 20:50 - 2016-09-14 14:54 - 00001008 ____N C:\Users\Public\Desktop\AVG.lnk 2017-05-14 14:27 - 2012-12-26 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-05-10 18:39 - 2012-07-04 19:28 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-05-10 18:39 - 2012-07-04 19:28 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-05-10 18:39 - 2012-07-04 19:28 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-05-10 18:38 - 2012-07-04 19:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-05-10 18:38 - 2012-07-04 19:27 - 00000000 ____D C:\Windows\System32\Macromed 2017-05-07 20:04 - 2015-06-22 20:55 - 00026886 _____ C:\Users\keith\Desktop\Target.xlsx 2017-05-06 09:37 - 2015-12-22 21:10 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-05-05 11:01 - 2013-06-30 22:48 - 00000000 ____D C:\Program Files (x86)\get_iplayer 2017-04-28 19:49 - 2013-03-16 10:34 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-28 19:49 - 2013-03-16 10:34 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-04-25 17:56 - 2017-01-12 14:00 - 00000000 ____D C:\Users\keith\AppData\Local\Verto Analytics 2017-04-21 10:29 - 2010-12-14 20:29 - 00000711 _____ C:\Users\keith\.swfinfo Files to move or delete: ==================== C:\Users\keith\AppData\Roaming\AltShell.ini C:\Users\Public\dcmsvcsetup.exe C:\Users\Public\invokesi.exe Some files in TEMP: ==================== 2017-05-19 14:01 - 2017-05-19 14:01 - 14456872 _____ (Microsoft Corporation) C:\Users\keith\AppData\Local\Temp\vc_redist.x86.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2016-09-14 14:50] - [2016-08-16 18:36] - 1009152 _____ (Microsoft Corporation) 8F4B991E7837E8E0F90C856659456652 C:\Windows\SysWOW64\User32.dll [2016-09-14 14:50] - [2016-08-16 03:48] - 0833024 _____ (Microsoft Corporation) 0FBC0E335B65EE5A0175631237817510 C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit safeboot: Network => The system is configured to boot to Safe Mode <===== ATTENTION ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 5940.55 MB Available physical RAM: 5161.59 MB Total Virtual: 5938.75 MB Available Virtual: 5156.39 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:60 GB) (Free:0 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Data) (Fixed) (Total:403.76 GB) (Free:284.37 GB) NTFS Drive e: (WINRE) (Fixed) (Total:2 GB) (Free:1.35 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (RDVDW7HPX64M05) (CDROM) (Total:4.8 GB) (Free:0 GB) UDF Drive g: () (Removable) (Total:3.84 GB) (Free:3.78 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.13 GB) (Free:0.12 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B477DB1C) Partition 1: (Active) - (Size=2 GB) - (Type=27) Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=403.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 3.8 GB) (Disk ID: 00000000) Partition: GPT. LastRegBack: 2017-05-19 12:08 ==================== End of FRST.txt ============================ Best wishes Keith

Hello, I am having problems with my windows 7 laptop. Every time I try to start it up it enters recovery mode and cannot normal OR safe mode boot anymore...I checked the logs from the recovery mode and it said that the mbamswissarmy.sys is corrupt. Any suggestions as to how I can around this and get it booting again?