Jump to content

Recommended Posts

Hello helpful forum guides,

I have just run into a major crash and reset my Lenovo G780 to factory default, thinking that it would clear everything off the computer, but it just crashed again and as I just loaded my Malwarebytes Anti-Malware Pro installation (from cd) trying to rebuild my installation, it installed but won't update. I get the following error message: Program error upating 404, 0, HTTPstatuscode.....

Lenovo is running Windows 8 on 8gb of ram 64-bit

Here are my logs from running Farbar:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015
Ran by sage (administrator) on NEWCHEESE (19-10-2015 19:59:19)
Running from C:\Users\sage\Desktop\FIX
Loaded Profiles: sage (Available Profiles: sage)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-21] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [443728 2010-12-20] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-04-21]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{37BF745F-72DB-4FF8-9A1D-873272B70377}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{C3FC4D55-E12F-4416-9C0E-48A59D95B6C4}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4261140362-3101362919-3132725976-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4261140362-3101362919-3132725976-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4261140362-3101362919-3132725976-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-4261140362-3101362919-3132725976-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-4261140362-3101362919-3132725976-1001 -> DefaultScope {8F11315E-C2E6-40C3-8DF4-5DD2E273DD17} URL =
SearchScopes: HKU\S-1-5-21-4261140362-3101362919-3132725976-1001 -> {8F11315E-C2E6-40C3-8DF4-5DD2E273DD17} URL =
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}

FireFox:
========
FF ProfilePath: C:\Users\sage\AppData\Roaming\Mozilla\Firefox\Profiles\7dcxwru8.default
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF)
FF Plugin HKU\S-1-5-21-4261140362-3101362919-3132725976-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
FF Extension: HTTPS-Everywhere - C:\Users\sage\AppData\Roaming\Mozilla\Firefox\Profiles\7dcxwru8.default\Extensions\https-everywhere-eff@eff.org [2015-10-19]
FF Extension: NoScript - C:\Users\sage\AppData\Roaming\Mozilla\Firefox\Profiles\7dcxwru8.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-10-19]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-01] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [83968 2012-09-04] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [363344 2010-12-20] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-01] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [24152 2010-12-20] (Malwarebytes Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-19 19:27 - 2015-10-19 19:59 - 00000000 ____D C:\FRST
2015-10-19 18:52 - 2015-10-19 18:53 - 00000000 ____D C:\Users\sage\Desktop\tools
2015-10-19 18:46 - 2015-10-19 18:46 - 00000000 ____D C:\Users\ADMINI~1
2015-10-19 18:45 - 2015-10-19 18:45 - 00001944 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2015-10-19 18:45 - 2015-10-19 18:45 - 00000000 ____D C:\Users\sage\AppData\Roaming\SumatraPDF
2015-10-19 18:45 - 2015-10-19 18:45 - 00000000 ____D C:\Program Files (x86)\SumatraPDF
2015-10-19 18:30 - 2014-05-14 18:02 - 00059424 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-10-19 18:30 - 2014-05-14 15:43 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-10-19 18:30 - 2014-05-14 15:43 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-10-19 18:30 - 2014-05-14 15:43 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-10-19 18:30 - 2014-05-14 15:42 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2015-10-19 18:29 - 2015-10-19 18:35 - 00000000 ____D C:\Users\sage\AppData\Local\Mozilla
2015-10-19 18:29 - 2015-10-19 18:29 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-19 18:29 - 2015-10-19 18:29 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-19 18:29 - 2015-10-19 18:29 - 00000000 ____D C:\Users\sage\AppData\Roaming\Mozilla
2015-10-19 18:29 - 2015-10-19 18:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-19 18:29 - 2015-10-19 18:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-19 18:29 - 2013-08-15 22:21 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-10-19 18:13 - 2015-10-19 18:13 - 00001279 _____ C:\Users\sage\Desktop\Revo Uninstaller.lnk
2015-10-19 18:13 - 2015-10-19 18:13 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-10-19 18:12 - 2015-10-19 19:37 - 00000000 ____D C:\Users\sage\Desktop\FIX
2015-10-19 18:12 - 2015-10-09 12:47 - 01682432 _____ C:\Users\sage\Desktop\adwcleaner_5.013.exe
2015-10-19 18:11 - 2015-10-14 17:05 - 34033992 _____ (Mozilla) C:\Users\sage\Desktop\Thunderbird Setup 38.3.0.exe
2015-10-19 18:11 - 2015-10-10 00:49 - 04184064 _____ (BrightFort LLC ) C:\Users\sage\Desktop\spywareblastersetup52.exe
2015-10-19 18:11 - 2015-10-09 12:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\sage\Desktop\revosetup.exe
2015-10-19 18:02 - 2015-10-19 19:55 - 00000000 ____D C:\Users\sage\AppData\Roaming\Nitro PDF
2015-10-19 18:02 - 2015-10-19 18:02 - 00000000 ____D C:\Users\sage\AppData\Roaming\Malwarebytes
2015-10-19 18:02 - 2015-10-19 18:02 - 00000000 ____D C:\Users\sage\AppData\Local\LSC
2015-10-19 18:01 - 2010-04-22 05:46 - 00065232 _____ (Malwarebytes) C:\Users\sage\Desktop\RegASSASSIN.exe
2015-10-19 17:58 - 2015-10-19 19:50 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4261140362-3101362919-3132725976-1001
2015-10-19 17:58 - 2015-10-19 17:58 - 00001070 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2015-10-19 17:58 - 2015-10-19 17:58 - 00000000 ____D C:\Users\sage\AppData\Roaming\LSC
2015-10-19 17:58 - 2015-10-19 17:58 - 00000000 ____D C:\Users\sage\AppData\Local\Adobe
2015-10-19 17:58 - 2015-10-19 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2015-10-19 17:58 - 2015-10-19 17:58 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2015-10-19 17:56 - 2015-10-19 17:56 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2015-10-19 17:56 - 2015-10-19 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-10-19 17:56 - 2015-10-19 17:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-19 17:56 - 2015-10-19 17:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-10-19 17:56 - 2010-12-20 18:09 - 00038224 _____ (Malwarebytes Corporation) C:\windows\SysWOW64\Drivers\mbamswissarmy.sys
2015-10-19 17:56 - 2010-12-20 18:08 - 00024152 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-10-19 17:53 - 2015-10-19 17:58 - 00000000 ____D C:\Users\sage\AppData\Roaming\Adobe
2015-10-19 17:53 - 2015-10-19 17:53 - 00001445 _____ C:\Users\sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-19 17:53 - 2015-10-19 17:53 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2015-10-19 17:53 - 2015-10-19 17:53 - 00000000 ____D C:\Users\sage\Documents\Bluetooth Exchange Folder
2015-10-19 17:53 - 2015-10-19 17:53 - 00000000 ____D C:\Users\sage\AppData\Roaming\Lenovo
2015-10-19 17:53 - 2015-10-19 17:53 - 00000000 ____D C:\Users\sage\AppData\Local\Broadcom
2015-10-19 17:53 - 2015-10-19 17:53 - 00000000 ____D C:\ProgramData\Energy Management
2015-10-19 17:53 - 2015-10-19 17:53 - 00000000 ____D C:\ProgramData\eBay
2015-10-19 17:52 - 2015-10-19 17:55 - 00000000 ____D C:\Users\sage\AppData\Local\VirtualStore
2015-10-19 17:52 - 2015-10-19 17:53 - 00001133 _____ C:\Users\sage\Desktop\Cyberlink Power2Go.lnk
2015-10-19 17:52 - 2015-10-19 17:53 - 00000000 ____D C:\Users\sage\AppData\Local\Packages
2015-10-19 17:52 - 2015-10-19 17:53 - 00000000 ____D C:\Users\sage
2015-10-19 17:52 - 2015-10-19 17:52 - 00000020 ___SH C:\Users\sage\ntuser.ini
2015-10-19 17:52 - 2013-04-21 09:11 - 00000000 ____D C:\Users\sage\AppData\Roaming\Macromedia
2015-10-19 17:52 - 2013-04-21 09:07 - 00000000 ____D C:\Users\sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-10-19 17:52 - 2012-07-26 01:13 - 00000000 ___RD C:\Users\sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-19 17:52 - 2012-07-26 01:13 - 00000000 ___RD C:\Users\sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-19 17:52 - 2012-07-26 01:13 - 00000000 ___RD C:\Users\sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-19 17:52 - 2012-07-26 01:13 - 00000000 ____D C:\Users\sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-19 17:52 - 2010-12-18 22:31 - 00000189 _____ C:\Users\sage\Desktop\Lenovo Telephony Start Now.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-19 19:47 - 2013-04-21 09:11 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2015-10-19 19:46 - 2012-07-26 00:28 - 00848230 _____ C:\windows\system32\PerfStringBackup.INI
2015-10-19 19:29 - 2013-04-21 08:26 - 02018775 _____ C:\windows\WindowsUpdate.log
2015-10-19 19:18 - 2012-07-26 01:12 - 00000000 ____D C:\windows\AUInstallAgent
2015-10-19 19:04 - 2012-07-26 00:59 - 00000000 ____D C:\windows\CbsTemp
2015-10-19 19:02 - 2012-07-26 01:12 - 00000000 ____D C:\windows\system32\sru
2015-10-19 18:56 - 2013-04-21 08:38 - 00000000 ____D C:\ProgramData\Intel
2015-10-19 18:56 - 2013-04-21 08:35 - 00000000 ____D C:\Program Files (x86)\Intel
2015-10-19 18:48 - 2013-04-21 09:06 - 00000000 ____D C:\Program Files (x86)\SugarSync
2015-10-19 18:47 - 2013-04-21 09:10 - 00000000 ____D C:\ProgramData\FreeRide Games
2015-10-19 18:47 - 2013-04-21 08:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-19 18:23 - 2013-04-21 09:11 - 00000000 ____D C:\ProgramData\McAfee
2015-10-19 18:23 - 2013-04-21 09:11 - 00000000 ____D C:\Program Files\mcafee
2015-10-19 18:23 - 2012-10-09 16:08 - 00022206 _____ C:\windows\PFRO.log
2015-10-19 18:23 - 2012-07-26 00:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-19 18:20 - 2012-07-25 22:26 - 00262144 ___SH C:\windows\system32\config\BBI
2015-10-19 18:15 - 2012-07-26 01:12 - 00000000 ___HD C:\windows\ELAMBKUP
2015-10-19 18:11 - 2012-07-26 00:21 - 00021487 _____ C:\windows\setupact.log
2015-10-19 17:55 - 2012-07-25 22:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-10-19 17:53 - 2013-04-21 10:25 - 00100460 _____ C:\windows\modules.log
2015-10-19 17:52 - 2012-07-26 01:12 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2015-10-19 17:52 - 2012-07-26 01:12 - 00000000 ____D C:\windows\WinStore
2015-10-19 17:50 - 2012-07-26 01:12 - 00000000 ____D C:\windows\rescache

==================== Files in the root of some directories =======

2013-04-21 08:47 - 2013-04-21 08:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-04-21 09:13 - 2013-04-21 09:13 - 0000198 ____H () C:\ProgramData\Lenovo-4279.vbs

Files to move or delete:
====================
C:\ProgramData\Lenovo-4279.vbs


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-10-09 16:08

==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-10-2015
Ran by sage (2015-10-19 19:28:08)
Running from C:\Users\sage\Desktop\FIX
Windows 8 (X64) (2015-10-20 00:52:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4261140362-3101362919-3132725976-500 - Administrator - Disabled)
Guest (S-1-5-21-4261140362-3101362919-3132725976-501 - Limited - Disabled)
sage (S-1-5-21-4261140362-3101362919-3132725976-1001 - Administrator - Enabled) => C:\Users\sage

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{1E939186-B443-4262-A278-3C82949EA7AC}) (Version: 1.1.009.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

19-10-2015 18:13:47 Revo Uninstaller's restore point - McAfee Internet Security

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {116D5BDF-7EEF-41DF-8DBB-7002FF3785EF} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] ()
Task: {182460AC-C6E7-4353-B4C2-8F6A84ADDE2C} - System32\Tasks\Lenovo\Lenovo-4279 => C:\ProgramData\Lenovo-4279.vbs [2013-04-21] ()
Task: {1DFBB644-095A-44CC-896D-5754AA177A36} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-08-08] (Lenovo)
Task: {32D11F64-C1F9-43B1-9E29-634877F48D90} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] ()
Task: {39F60083-465E-4ECA-B31B-F27EB8052094} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] ()
Task: {73337A2E-21DC-4930-A1DE-FB8AC343975C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {A1072B43-55C7-4D47-B5F9-20A7045B9F9F} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {CBD80462-021D-40F3-959D-72ACFBAE6CFB} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2012-08-08] ()
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2012-11-15 15:51 - 2012-11-15 15:51 - 00048920 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2013-04-21 09:17 - 2013-01-02 12:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-03-13 17:19 - 2013-02-04 22:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-21 08:38 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4261140362-3101362919-3132725976-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E5D64CD1-CDDE-49D3-9790-3E6A40A2D130}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{4C865D84-B9F2-40AE-9B69-5CCB749F8309}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{AFF7B360-8136-44A4-9626-3C0FA631914F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1D5E233E-B62F-4A00-814A-9AFD0E142867}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C6E5E6CC-CC9E-4F2A-A630-F0F7D73668DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08CB98C0-7133-43C6-A8E9-CC21315E66E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2015 06:15:47 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1

Error: (10/19/2015 06:15:47 PM) (Source: McLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: 0x7eThe specified module could not be found.

Error: (10/19/2015 06:15:47 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1

Error: (10/19/2015 06:15:47 PM) (Source: McLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: 0x7eThe specified module could not be found.

Error: (10/19/2015 05:52:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (10/19/2015 05:52:33 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac

Error: (10/19/2015 05:52:33 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7


System errors:
=============
Error: (10/19/2015 06:23:19 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume D: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (10/19/2015 05:53:25 PM) (Source: DCOM) (EventID: 10000) (User: newcheese)
Description: "C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Platform.Service.RemoteProcess

Error: (10/19/2015 05:47:00 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume D: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (10/19/2015 05:44:55 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


==================== Memory info ===========================

Processor: Intel® Core i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 27%
Total physical RAM: 8057.77 MB
Available physical RAM: 5846.2 MB
Total Virtual: 12665.77 MB
Available Virtual: 10505.58 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:844.54 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.64 GB) NTFS
Drive f: () (Removable) (Total:115.66 GB) (Free:72.06 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 526FC775)

Partition: GPT.

========================================================
Disk: 1 (Size: 115.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

THANKS BIG for any help that can be rendered

Much appreciation

Sage

Link to post
Share on other sites

Hello Sage108 and :welcome:

If the computer in question has otherwise good access to the Internet with any browser, please start by using the below procedure:

  • Please try the following and let us know if this corrects your issue: MBAM Clean Removal Process 2.x.
  • If that does not correct the issue, then please read the following and individually attach the 3 requested logs in a reply to this thread: Diagnostic Logs.
  • The 3 files, from Step 2, to be individually attached from your desktop are: CheckResults.txt, FRST.txt and Addition.txt. Please do not Copy and Paste them into a reply.

Please execute all the above applications from an Administrator's desktop only and then let us know the status of your issue in a reply to this thread.

Thank You.

Link to post
Share on other sites

:welcome:

Hello Sage108,

Just a couple of reminders for your benefit.  It sure appears that the pc had an older version 1 of our software on the CD.

Our very latest version release is 2.2.0

You can retire the CD.   So it is very fitting that you would do a clean removal and new install.

The latest release version for the setup utility is always available for download from this link.

H.T.H.

Cheers

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.