Malwarebytes will not run in Safe Mode

[trauts14]

My computer is acting as if it is infected. I cannot run Malwarebytes at all and I cannot run Malewarebytes in Safe Mode. In safe mode I get an error popping up saying the version needs to be updated or something weird and it will not run at all in safe mode.

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Kevin

[trauts14]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014

Ran by user at 2014-01-21 17:55:41

Running from C:\Users\user\Desktop

Boot Mode: Safe Mode (with Networking)

==========================================================

 

 

==================== Security Center ========================

 

AV: avast! Internet Security (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Internet Security (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

 

==================== Installed Programs ======================

 

Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)

avast! Internet Security (x32 Version: 9.0.2008 - Avast Software)

Bonjour (Version: 2.0.2.0 - Apple Inc.)

CCleaner (Version: 4.07 - Piriform)

Create Recovery Media (x32 Version: 1.20.0.00 - Lenovo Group Limited)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

doubleTwist Sync (x32 Version: 4.0.2.18828 - doubleTwist Corporation)

Evernote v. 4.2.3 (x32 Version: 4.2.3.15 - Evernote Corp.)

Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

HP Officejet 6600 Basic Device Software (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Officejet 6600 Help (x32 Version: 140.0.2.2 - Hewlett Packard)

HP Photo Creations (x32 Version: 1.0.0.9572 - HP)

HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)

I.R.I.S. OCR (x32 Version: 12.3.4.0 - HP)

Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10 - Intel)

Intel PROSet Wireless (Version:  - ) Hidden

Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation)

Intel® OpenCL CPU Runtime (x32 Version:  - Intel Corporation)

Intel® Processor Graphics (x32 Version: 8.15.10.2696 - Intel Corporation)

Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.1.0.0096 - Intel Corporation)

Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (Version: 15.01.0000.0830 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation)

Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LBAI (x32 Version: 1.0.0.6 - Lenovo)

Lenovo Patch Utility 64 bit (Version: 1.3.0.9 - Lenovo Group Limited)

Lenovo Registration (x32 Version: 1.0.4 - Lenovo Inc.)

Lenovo SimpleTap (Version: 3.2.0004.00 - Lenovo Group Limited)

Lenovo Solution Center (Version: 2.3.002.00 - Lenovo Group Limited)

Lenovo System Update (x32 Version: 5.03.0005 - Lenovo)

Lenovo User Guide (x32 Version: 1.0.0008.00 - Lenovo)

Lenovo Welcome (x32 Version: 3.1.0020.00 - Lenovo Group Limited)

LogMeIn (x32 Version: 4.1.3888 - LogMeIn, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Message Center Plus (Version: 3.1.0004.00 - Lenovo Group Limited)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Silverlight (x32 Version: 4.0.50401.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden

OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation)

RapidBoot HDD Accelerator (x32 Version: 1.00.0802 - Lenovo)

Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 1.12.0016 - Realtek)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6602 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group)

Second Copy 8 (x32 Version: 8.1.2.0 - Centered Systems)

Sendori (x32 Version: 2.0.16 - Sendori, Inc.)

ThinkVantage Communications Utility (Version: 3.0.30.0 - Lenovo)

ThinkVantage Power Manager (x32 Version: 2.10.0007 - Lenovo Group Limited)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

View Management Utility (Version: 3.0.12.0329 - Lenovo) Hidden

View Management Utility (x32 Version: 3.0.12.0329 - Lenovo)

VIP Access (x32 Version: 2.0.5.13 - VeriSign)

VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)

Windows Driver Package - Intel (NETwNs64) net  (02/20/2012 15.1.0.18) (Version: 02/20/2012 15.1.0.18 - Intel)

Windows Driver Package - Intel Corporation (igfx) Display  (03/19/2012 8.15.10.2696) (Version: 03/19/2012 8.15.10.2696 - Intel Corporation)

Windows Driver Package - Intel hdc  (09/10/2010 9.2.0.1011) (Version: 09/10/2010 9.2.0.1011 - Intel)

Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011 - Intel)

Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (Version: 09/10/2010 9.2.0.1011 - Intel)

Windows Driver Package - Intel System  (11/20/2010 9.2.0.1016) (Version: 11/20/2010 9.2.0.1016 - Intel)

Windows Driver Package - Intel USB  (12/21/2010 9.2.0.1021) (Version: 12/21/2010 9.2.0.1021 - Intel)

Windows Driver Package - Intel® Corporation (IntcDAud) MEDIA  (12/06/2011 6.14.00.3090) (Version: 12/06/2011 6.14.00.3090 - Intel® Corporation)

Windows Driver Package - Realtek (RTL8167) Net  (11/23/2011 7.050.1123.2011) (Version: 11/23/2011 7.050.1123.2011 - Realtek)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/27/2012 6.0.1.6602) (Version: 03/27/2012 6.0.1.6602 - Realtek Semiconductor Corp.)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

 

==================== Restore Points  =========================

 

16-01-2014 08:00:11 Windows Update

18-01-2014 02:16:46 Restore Operation

18-01-2014 02:21:17 avast! antivirus system restore point

18-01-2014 02:47:37 avast! antivirus system restore point

18-01-2014 02:54:24 avast! antivirus system restore point

18-01-2014 08:00:11 Windows Update

18-01-2014 12:40:30 Restore Operation

18-01-2014 12:45:31 avast! antivirus system restore point

18-01-2014 17:50:41 Windows Update

19-01-2014 08:00:11 Windows Update

19-01-2014 13:28:56 Device Driver Package Install: TAP-Windows Provider V9 Network adapters

19-01-2014 13:36:58 avast! antivirus system restore point

19-01-2014 14:08:39 avast! antivirus system restore point

19-01-2014 15:57:49 avast! antivirus system restore point

19-01-2014 16:07:44 avast! antivirus system restore point

19-01-2014 18:20:50 avast! antivirus system restore point

19-01-2014 23:10:16 avast! antivirus system restore point

19-01-2014 23:32:34 Device Driver Package Install: Avast Network Service

21-01-2014 22:26:37 Restore Operation

21-01-2014 22:32:30 avast! antivirus system restore point

21-01-2014 22:33:33 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {1E3FDEEF-A070-445C-BD4C-0DC10DA4DC21} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"

Task: {1FCD8099-B669-42B2-A2A9-290BC57DEF0E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)

Task: {397B752D-77A5-4BEA-9216-1EBB14A023A5} - System32\Tasks\Lenovo\Lenovo Product Registration (user) => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [2011-07-13] (Lenovo, Inc.)

Task: {3A268929-165F-4386-ADB1-D2A5BB653DAB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)

Task: {3D8F6177-55DF-4E95-9E20-6FD4B0270A06} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-09-17] ()

Task: {3DFB3DFA-6868-4230-8BBE-52107ED79B16} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)

Task: {5463273A-8AE6-4165-A21F-6668533E1E02} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()

Task: {60EDDA98-F289-49FA-A195-A7CDCE86B95F} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for user-THINK.user => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)

Task: {6A82835C-ECE9-4215-B127-3651FBD8C1D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12] (Google Inc.)

Task: {835CC6A0-BBCA-4035-BB5E-12B21C8870F4} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)

Task: {83CBE7EF-A773-45A9-8937-0F4BE01FC53F} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PWMIDTSV.EXE [2012-02-22] (Lenovo Group Limited)

Task: {9F3C4FCF-2058-41CE-A09C-C36BA875503A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)

Task: {A8316A6B-EAC6-4ADB-8554-90B7C8FE195D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-22] (AVAST Software)

Task: {F1B28D3E-FC21-487B-A6C3-BC06BD502F0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-12-20 07:00 - 2013-12-05 14:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2013-12-11 08:24 - 2013-12-11 08:24 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\Windows:nlsPreferences

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

 

==================== Faulty Device Manager Devices =============

 

Name: avast! Revert

Description: avast! Revert

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: aswRvrt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: aswTdi

Description: aswTdi

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: aswTdi

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: avast! VM Monitor

Description: avast! VM Monitor

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: aswVmm

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/21/2014 05:44:10 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/21/2014 05:41:51 PM) (Source: Bonjour Service) (User: )

Description: 544: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

 

Error: (01/21/2014 05:41:12 PM) (Source: SendoriService) (User: )

Description: In the enable methodObject reference not set to an instance of an object.

 

Error: (01/21/2014 05:30:23 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/21/2014 05:20:22 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/21/2014 05:17:02 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/19/2014 07:09:16 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/19/2014 06:47:11 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/19/2014 06:32:37 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary aswFsBlk.

 

System Error:

The system cannot find the file specified.

.

 

Error: (01/19/2014 10:56:23 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (01/21/2014 05:44:08 PM) (Source: DCOM) (User: )

Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

Error: (01/21/2014 05:44:05 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (01/21/2014 05:44:05 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (01/21/2014 05:42:50 PM) (Source: DCOM) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (01/21/2014 05:42:50 PM) (Source: DCOM) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

Error: (01/21/2014 05:42:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

 

Module Path: C:\Windows\System32\IWMSSvc.dll

Error Code: 21

 

Error: (01/21/2014 05:42:45 PM) (Source: DCOM) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (01/21/2014 05:42:35 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

aswRvrt

aswSnx

aswSP

aswTdi

aswVmm

discache

spldr

Wanarpv6

 

Error: (01/21/2014 05:42:35 PM) (Source: DCOM) (User: )

Description: 1084LMIGuardianSvc{D4258A22-CF85-489D-83AE-49FCD0DFAD29}

 

Error: (01/21/2014 05:42:35 PM) (Source: DCOM) (User: )

Description: 1084LMIGuardianSvc{D4258A22-CF85-489D-83AE-49FCD0DFAD29}

 

 

Microsoft Office Sessions:

=========================

Error: (01/21/2014 05:44:10 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/21/2014 05:41:51 PM) (Source: Bonjour Service)(User: )

Description: 544: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

 

Error: (01/21/2014 05:41:12 PM) (Source: SendoriService)(User: )

Description: In the enable methodObject reference not set to an instance of an object.

 

Error: (01/21/2014 05:30:23 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/21/2014 05:20:22 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/21/2014 05:17:02 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/19/2014 07:09:16 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/19/2014 06:47:11 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/19/2014 06:32:37 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: 

Details:

AddLegacyDriverFiles: Unable to back up image of binary aswFsBlk.

 

System Error:

The system cannot find the file specified.

 

Error: (01/19/2014 10:56:23 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 24%

Total physical RAM: 3919.81 MB

Available physical RAM: 2963.29 MB

Total Pagefile: 7837.8 MB

Available Pagefile: 6882 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB

 

==================== Drives ================================

 

Drive c: (Windows7_OS) (Fixed) (Total:450.62 GB) (Free:406.77 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:3.77 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: FAF6F03A)

Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[kevinf80]

Where is the main log FRST.txt

[trauts14]

Sorry about that. Here it is. I appreciate your assistance.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014

Ran by user (administrator) on USER-THINK on 21-01-2014 17:55:01

Running from C:\Users\user\Desktop

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Safe Mode (with Networking)

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)

HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [289648 2012-05-24] (Lenovo Group Limited)

HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-11-05] (LogMeIn, Inc.)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)

HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)

HKLM-x32\...\Run: [intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-22] (AVAST Software)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-10-07] (Sendori, Inc.)

HKLM-x32\...\Run: [doubleTwist] - C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe [143872 2013-10-25] (doubleTwist Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

MountPoints2: {60ce38a6-039c-11e3-a61a-806e6f6e6963} - Q:\LenovoQDrive.exe

HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-09-25] (Lenovo)

HKU\Default\...\RunOnce: [] - [x]

HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2011-12-14] ()

HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-09-25] (Lenovo)

HKU\Default User\...\RunOnce: [] - [x]

HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2011-12-14] ()

IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - DefaultScope {F9790427-73A3-4F63-9022-65281CCAC62F} URL = 

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - DefaultScope {F9790427-73A3-4F63-9022-65281CCAC62F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279414&CUI=UN10722650962260510&UM=2

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS563

SearchScopes: HKCU - {F9790427-73A3-4F63-9022-65281CCAC62F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279414&CUI=UN10722650962260510&UM=2

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 16 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.1

 

FireFox:

========

FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\delyro54.default

FF DefaultSearchEngine: AOL Search

FF Keyword.URL: user_pref("keyword.URL", "");

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\delyro54.default\searchplugins\conduit.xml

FF Extension: AOL Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\delyro54.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2013-12-28]

FF Extension: eSnipe.com SnipeIt! - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\delyro54.default\Extensions\esnipesnipeit@esnipe.com.xpi [2013-11-30]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-22]

FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\

FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []

 

Chrome: 

=======

CHR RestoreOnStartup: "www.google.com"

CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR Extension: (avast! Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-22]

CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi [2013-12-05]

CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]

CHR HKCU\...\Chrome\Extension: [jccpjpmiegdnbmbnaiaicnaakpacgbdi] - C:\Users\user\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crx [2013-11-21]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-22]

CHR HKLM-x32\...\Chrome\Extension: [jccpjpmiegdnbmbnaiaicnaakpacgbdi] - C:\Users\user\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crx [2013-11-21]

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2013-10-07] (Sendori, Inc.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-22] (AVAST Software)

S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [116776 2013-12-17] (AVAST Software)

S2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)

S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-15] (Intel Corporation)

S2 LBAEvent; C:\Program Files\Lenovo\LBAI\LBAEvent.exe [15520 2012-03-23] (Lenovo)

S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-12-10] (LogMeIn, Inc.)

S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-12-10] (LogMeIn, Inc.)

R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-11-05] (LogMeIn, Inc.)

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()

S2 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [70968 2012-02-22] (Lenovo)

S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [165176 2012-02-22] (Lenovo Group Limited)

S2 ScVssService64; C:\Program Files (x86)\Second Copy 8\ScVssService64.exe [75048 2013-01-27] (Centered Systems)

S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-10-07] (sendori)

R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-10-07] (Sendori)

S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()

S2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)

S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-22] (AVAST Software)

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-12-17] (AVAST Software)

S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-22] (AVAST Software)

R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2013-12-17] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-22] (AVAST Software)

S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-22] ()

S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-22] (AVAST Software)

S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-22] (AVAST Software)

S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-22] (AVAST Software)

S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-22] ()

S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)

R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-08] (Lenovo)

S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-11-05] (LogMeIn, Inc.)

S4 LMIRfsClientNP; No ImagePath

S3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-21 17:55 - 2014-01-21 17:55 - 00015573 _____ C:\Users\user\Desktop\FRST.txt

2014-01-21 17:54 - 2014-01-21 17:54 - 00000000 ____D C:\FRST

2014-01-21 17:49 - 2014-01-21 17:54 - 02077184 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe

2014-01-21 17:42 - 2014-01-21 17:42 - 00000334 _____ C:\Windows\PFRO.log

2014-01-21 17:30 - 2014-01-21 17:30 - 00000056 _____ C:\Windows\setupact.log

2014-01-21 17:30 - 2014-01-21 17:30 - 00000000 _____ C:\Windows\setuperr.log

2014-01-19 11:05 - 2014-01-19 13:21 - 00002038 _____ C:\Users\user\Desktop\Rkill.txt

2014-01-19 10:23 - 2014-01-21 17:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-18 09:37 - 2014-01-18 09:38 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu.exe

2014-01-15 13:19 - 2014-01-15 13:19 - 00013263 _____ C:\Users\user\Documents\AOA January 2014 Sale with 60% Off   01-15-2014.odt

2014-01-15 06:54 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-01-15 06:54 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-01-15 06:54 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-01-15 06:54 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-01-15 06:54 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-01-15 06:54 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-01-15 06:54 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-01-15 06:54 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-01-15 06:54 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-01-10 08:48 - 2014-01-10 08:48 - 00002088 _____ C:\Users\Public\Desktop\doubleTwist.lnk

2014-01-10 08:48 - 2014-01-10 08:48 - 00000000 ____D C:\Users\user\AppData\Local\doubleTwist Corporation

2014-01-10 08:48 - 2014-01-10 08:48 - 00000000 ____D C:\ProgramData\Package Cache

2014-01-10 08:47 - 2014-01-21 17:29 - 00000000 ____D C:\Program Files (x86)\doubleTwist

2014-01-10 08:47 - 2014-01-10 08:47 - 00000000 ____D C:\ProgramData\Apple

2014-01-10 08:47 - 2014-01-10 08:47 - 00000000 ____D C:\Program Files\Bonjour

2014-01-10 08:47 - 2014-01-10 08:47 - 00000000 ____D C:\Program Files (x86)\Bonjour

2014-01-10 08:46 - 2014-01-15 03:19 - 00772214 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2014-01-10 08:45 - 2014-01-21 17:31 - 00000000 ____D C:\ProgramData\Sendori

2014-01-10 08:45 - 2014-01-21 17:29 - 00000000 ____D C:\Users\user\AppData\Roaming\OpenCandy

2014-01-10 08:45 - 2014-01-21 17:29 - 00000000 ____D C:\Program Files (x86)\Sendori

2014-01-10 08:45 - 2013-10-07 14:50 - 00325920 _____ (Sendori) C:\Windows\SysWOW64\Sendori.dll

2014-01-10 08:44 - 2014-01-10 08:44 - 22207936 _____ C:\Users\user\Downloads\doubleTwistSetupFull.exe

2014-01-10 08:34 - 2014-01-10 08:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2014-01-09 10:42 - 2014-01-09 10:56 - 03164799 _____ (Malwarebytes Corporation                                    ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-30 09:55 - 2013-12-30 09:55 - 00000000 ____D C:\avast! sandbox

2013-12-28 10:33 - 2013-12-28 10:36 - 00013249 _____ C:\Users\user\Documents\End of the Year Clearance Sale Sign  12-28-2013.odt

2013-12-28 07:54 - 2013-12-28 07:56 - 24843992 _____ (Mozilla) C:\Users\user\Downloads\AOL_Edition_for_Firefox.exe

2013-12-27 17:51 - 2013-12-27 17:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup.exe

2013-12-27 17:51 - 2013-12-27 17:51 - 00001279 _____ C:\Users\user\Desktop\Revo Uninstaller.lnk

2013-12-27 17:51 - 2013-12-27 17:51 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-27 17:34 - 2013-12-27 17:34 - 00000020 ___SH C:\Users\LogMeInRemoteUser\ntuser.ini

2013-12-27 17:34 - 2013-08-12 17:29 - 00000000 ____D C:\Users\LogMeInRemoteUser\AppData\Roaming\Macromedia

2013-12-27 17:34 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-12-27 17:34 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-12-27 17:33 - 2014-01-21 14:14 - 00000000 ____D C:\ProgramData\LogMeIn

2013-12-27 17:33 - 2013-12-27 17:33 - 00001024 _____ C:\.rnd

2013-12-27 17:33 - 2013-12-27 17:33 - 00000000 ____D C:\Users\user\AppData\Local\LogMeIn

2013-12-27 17:33 - 2013-12-27 17:33 - 00000000 ____D C:\Program Files (x86)\LogMeIn

2013-12-27 17:33 - 2013-12-10 15:15 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll

2013-12-27 17:33 - 2013-12-10 15:15 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll

2013-12-27 17:33 - 2013-12-10 15:15 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll

2013-12-27 17:33 - 2013-11-05 16:45 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys

2013-12-27 17:29 - 2013-12-27 17:31 - 21016576 _____ C:\Users\user\Downloads\LogMeIn.msi

2013-12-27 16:55 - 2013-12-27 16:55 - 00002006 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk

2013-12-27 16:55 - 2013-12-27 16:55 - 00000000 ____D C:\ProgramData\Visan

2013-12-27 16:55 - 2013-12-27 16:55 - 00000000 ____D C:\ProgramData\HP Photo Creations

2013-12-27 16:55 - 2013-12-27 16:55 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations

2013-12-27 16:54 - 2013-12-27 16:54 - 00000000 ____D C:\Windows\Hewlett-Packard

2013-12-27 16:33 - 2014-01-14 09:34 - 00001983 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk

2013-12-27 16:07 - 2013-12-27 16:30 - 00000000 ____D C:\Users\user\AppData\Local\Akamai

2013-12-27 16:00 - 2013-12-27 16:09 - 00000000 ____D C:\Users\user\AppData\Roaming\LSC

2013-12-24 09:15 - 2013-12-24 10:51 - 00012454 _____ C:\Users\user\Documents\Christmas List 2013   12-24-2013.odt

 

==================== One Month Modified Files and Folders =======

 

2014-01-21 17:55 - 2014-01-21 17:55 - 00015573 _____ C:\Users\user\Desktop\FRST.txt

2014-01-21 17:54 - 2014-01-21 17:54 - 00000000 ____D C:\FRST

2014-01-21 17:54 - 2014-01-21 17:49 - 02077184 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe

2014-01-21 17:44 - 2013-12-02 17:21 - 01781365 _____ C:\Windows\WindowsUpdate.log

2014-01-21 17:42 - 2014-01-21 17:42 - 00000334 _____ C:\Windows\PFRO.log

2014-01-21 17:39 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-21 17:39 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-21 17:36 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-21 17:35 - 2013-08-12 17:32 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-21 17:33 - 2013-11-22 13:10 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2014-01-21 17:31 - 2014-01-10 08:45 - 00000000 ____D C:\ProgramData\Sendori

2014-01-21 17:30 - 2014-01-21 17:30 - 00000056 _____ C:\Windows\setupact.log

2014-01-21 17:30 - 2014-01-21 17:30 - 00000000 _____ C:\Windows\setuperr.log

2014-01-21 17:30 - 2013-08-12 17:32 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-21 17:30 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-21 17:29 - 2014-01-19 10:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-21 17:29 - 2014-01-10 08:47 - 00000000 ____D C:\Program Files (x86)\doubleTwist

2014-01-21 17:29 - 2014-01-10 08:45 - 00000000 ____D C:\Users\user\AppData\Roaming\OpenCandy

2014-01-21 17:29 - 2014-01-10 08:45 - 00000000 ____D C:\Program Files (x86)\Sendori

2014-01-21 17:29 - 2013-12-05 05:28 - 00000000 ____D C:\Program Files (x86)\Conduit

2014-01-21 17:29 - 2013-12-05 05:27 - 00000000 ____D C:\Program Files (x86)\MyPC Backup

2014-01-21 17:29 - 2013-08-12 17:30 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo

2014-01-21 17:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF

2014-01-21 17:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration

2014-01-21 17:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat

2014-01-21 17:28 - 2013-11-22 12:58 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes

2014-01-21 14:14 - 2013-12-27 17:33 - 00000000 ____D C:\ProgramData\LogMeIn

2014-01-21 14:14 - 2013-12-04 07:23 - 00000000 ____D C:\Users\user\Documents\DAILY  TO  DO  LISTS

2014-01-20 17:42 - 2013-12-03 13:55 - 00000000 ____D C:\Users\user\Documents\Client Forms

2014-01-20 17:32 - 2013-12-13 08:00 - 00000000 ____D C:\Users\user\Documents\Client Jobs

2014-01-19 13:21 - 2014-01-19 11:05 - 00002038 _____ C:\Users\user\Desktop\Rkill.txt

2014-01-19 03:01 - 2013-11-22 09:49 - 00000000 ____D C:\Windows\system32\MRT

2014-01-18 09:38 - 2014-01-18 09:37 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu.exe

2014-01-17 20:24 - 2013-11-22 13:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-16 03:17 - 2009-07-13 23:45 - 00294568 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-16 03:00 - 2013-11-22 09:49 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-01-15 13:19 - 2014-01-15 13:19 - 00013263 _____ C:\Users\user\Documents\AOA January 2014 Sale with 60% Off   01-15-2014.odt

2014-01-15 13:18 - 2013-11-29 09:14 - 00013289 _____ C:\Users\user\Documents\AOA Black Friday Sale Sign  11-29-2013.odt

2014-01-15 03:19 - 2014-01-10 08:46 - 00772214 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2014-01-14 09:34 - 2013-12-27 16:33 - 00001983 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk

2014-01-14 09:34 - 2013-12-17 05:57 - 00002043 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk

2014-01-14 09:32 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2014-01-14 09:25 - 2013-11-22 12:48 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla

2014-01-10 08:48 - 2014-01-10 08:48 - 00002088 _____ C:\Users\Public\Desktop\doubleTwist.lnk

2014-01-10 08:48 - 2014-01-10 08:48 - 00000000 ____D C:\Users\user\AppData\Local\doubleTwist Corporation

2014-01-10 08:48 - 2014-01-10 08:48 - 00000000 ____D C:\ProgramData\Package Cache

2014-01-10 08:47 - 2014-01-10 08:47 - 00000000 ____D C:\ProgramData\Apple

2014-01-10 08:47 - 2014-01-10 08:47 - 00000000 ____D C:\Program Files\Bonjour

2014-01-10 08:47 - 2014-01-10 08:47 - 00000000 ____D C:\Program Files (x86)\Bonjour

2014-01-10 08:44 - 2014-01-10 08:44 - 22207936 _____ C:\Users\user\Downloads\doubleTwistSetupFull.exe

2014-01-10 08:34 - 2014-01-10 08:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2014-01-09 10:56 - 2014-01-09 10:42 - 03164799 _____ (Malwarebytes Corporation                                    ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-03 17:01 - 2013-11-22 17:45 - 00000000 ____D C:\Users\user\AppData\Roaming\HpUpdate

2013-12-31 17:13 - 2011-12-08 15:42 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-12-30 09:55 - 2013-12-30 09:55 - 00000000 ____D C:\avast! sandbox

2013-12-28 10:36 - 2013-12-28 10:33 - 00013249 _____ C:\Users\user\Documents\End of the Year Clearance Sale Sign  12-28-2013.odt

2013-12-28 07:58 - 2013-11-22 12:48 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-12-28 07:58 - 2013-11-22 12:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-12-28 07:57 - 2013-11-22 12:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-28 07:56 - 2013-12-28 07:54 - 24843992 _____ (Mozilla) C:\Users\user\Downloads\AOL_Edition_for_Firefox.exe

2013-12-27 18:09 - 2013-11-22 12:28 - 00000000 ___RD C:\Users\user\Desktop\RUN ME WEEKLY

2013-12-27 17:51 - 2013-12-27 17:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup.exe

2013-12-27 17:51 - 2013-12-27 17:51 - 00001279 _____ C:\Users\user\Desktop\Revo Uninstaller.lnk

2013-12-27 17:51 - 2013-12-27 17:51 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-27 17:34 - 2013-12-27 17:34 - 00000020 ___SH C:\Users\LogMeInRemoteUser\ntuser.ini

2013-12-27 17:33 - 2013-12-27 17:33 - 00001024 _____ C:\.rnd

2013-12-27 17:33 - 2013-12-27 17:33 - 00000000 ____D C:\Users\user\AppData\Local\LogMeIn

2013-12-27 17:33 - 2013-12-27 17:33 - 00000000 ____D C:\Program Files (x86)\LogMeIn

2013-12-27 17:31 - 2013-12-27 17:29 - 21016576 _____ C:\Users\user\Downloads\LogMeIn.msi

2013-12-27 16:55 - 2013-12-27 16:55 - 00002006 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk

2013-12-27 16:55 - 2013-12-27 16:55 - 00000000 ____D C:\ProgramData\Visan

2013-12-27 16:55 - 2013-12-27 16:55 - 00000000 ____D C:\ProgramData\HP Photo Creations

2013-12-27 16:55 - 2013-12-27 16:55 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations

2013-12-27 16:55 - 2013-11-22 17:44 - 00000000 ____D C:\Program Files (x86)\HP

2013-12-27 16:54 - 2013-12-27 16:54 - 00000000 ____D C:\Windows\Hewlett-Packard

2013-12-27 16:50 - 2013-11-22 09:38 - 00000000 ____D C:\ldiag

2013-12-27 16:31 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries

2013-12-27 16:30 - 2013-12-27 16:07 - 00000000 ____D C:\Users\user\AppData\Local\Akamai

2013-12-27 16:09 - 2013-12-27 16:00 - 00000000 ____D C:\Users\user\AppData\Roaming\LSC

2013-12-24 10:51 - 2013-12-24 09:15 - 00012454 _____ C:\Users\user\Documents\Christmas List 2013   12-24-2013.odt

2013-12-22 14:54 - 2013-11-22 09:36 - 00000000 ____D C:\Users\user\AppData\Local\LSC

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-01-19 00:38

 

==================== End Of Log ============================

[kevinf80]

Why do you run FRST in safe mode? I do not see any obvious malware/infection?

 

Run the following from Normal mode:

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                     

• Make sure to get the correct version for your system.
  
• Quit all running programs
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  
• Wait until Prescan has finished...
  
• The following EULA will appear, please select accept
   
  
   
  
• Ensure MBR scan, Check faked and AntiRootkit are checked
  
• Select Scan
   
  
   
  
• When the scan completes select Report, copy and paste that to your reply.
   
  
   
  
• The log should be found in RKreport[?].txt on your Desktop
  
• Exit/Close RogueKiller
  
  
   
  Kevin

[trauts14]

I had issues getting any .exe to run recently son i did safe mode. I am now restarting in normal mode and will follow the rogue killer instructions. Thanks for the help.

[kevinf80]

Thanks for the update, post RK log when ready...

[trauts14]

Thanks for assisting me. 

RK Log......................................

 

RogueKiller V8.8.2 _x64_ [Jan 17 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : user [Admin rights]

Mode : Scan -- Date : 01/22/2014 13:34:31

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HGST HTS725050A7E630 +++++

--- User ---

[MBR] 6cc6169a9bf600ef986e5a7682b683a9

[bSP] 7cc2d6dda5b6495a93f31244b1e61baf : Lenovo MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 461438 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948099072 | Size: 14000 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 67433fd79d7bf1c597a84b2f4e6fd14b

[bSP] 06a786a58c09386cd11b02e72e70f748 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 461438 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948099072 | Size: 14000 Mo

 

Finished : << RKreport[0]_S_01222014_133431.txt >>

[trauts14]

I forgot to mention I did delete the recommended items Rogue Killer found. The delete was after I sent the log to you.

[kevinf80]

There was nothing malicious to delete with RogueKiller, when an item is shown in the logs it does not mean you have to automatically run delete.

 

What is the current status of your system, what issues or concerns remain

[trauts14]

the main prob is internet dropping out every so often, yet the other computer in my house has a steady and constant connection. So does this mean I theoretically am good to go as far as malware is concerned?  

[kevinf80]

I have not seen any obvious malware/infection in your logs up to now, originally Malwarebytes would not run, is that still the case. Do you have any other issues or concerns.

[trauts14]

i guess that is all for now, I thank you for your help.

[kevinf80]

Do you want to close out, you have no issues?

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!