Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01 Ran by SYSTEM on MININT-99DV814 on 14-02-2014 13:44:39 Running from E:\ Windows 8 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [677104 2013-03-25] (Synaptics) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-10-26] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-10-26] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [Smart Update] - C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe [1706576 2012-08-02] (Lenovo) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.) HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink) HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\WriterOne\...\Run: [HP Deskjet 3510 series (NET)] - C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\WriterOne\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [160328 2014-01-11] (Siber Systems) HKU\WriterOne\...\Run: [PrSft] - C:\Users\WriterOne\AppData\Roaming\svc-mnph.exe [1076224 2014-02-09] () IFEO\k9filter.exe: [Debugger] SvcHost.EXE IFEO\mpcmdrun: [Debugger] c:\windows\vsjitdebugger.EXE IFEO\mpsvc.dll: [Debugger] c:\windows\vsjitdebugger.EXE IFEO\mpuxsrv.exe: [Debugger] c:\windows\vsjitdebugger.EXE IFEO\msascui: [Debugger] c:\windows\vsjitdebugger.EXE IFEO\MSconfig.exe: [Debugger] c:\windows\vsjitdebugger.EXE IFEO\msmpeng.exe: [Debugger] "c:\windows\Notepad2.exe" /z IFEO\MSseces: [Debugger] c:\windows\vsjitdebugger.EXE Startup: C:\Users\WriterOne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) ==================== Services (Whitelisted) ================= S2 HPSLPSVC; C:\Users\WriterOne\AppData\Local\Temp\7zS7A4C\HPSLPSVC64.DLL [1039360 2013-07-19] (Hewlett-Packard Co.) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S2 Lenovo Smart Update Service; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [66640 2012-07-18] (Lenovo) S2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [585032 2013-09-17] (LENOVO INCORPORATED.) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation) S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2012-10-13] (Broadcom Corporation) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider) S3 LAD; C:\Windows\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: ) S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-25] (Synaptics Incorporated) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-14 13:44 - 2014-02-14 13:44 - 00000000 ____D () C:\FRST 2014-02-09 17:52 - 2014-02-09 17:53 - 00002763 _____ () C:\ProgramData\connector.swf 2014-02-09 17:43 - 2014-02-09 17:43 - 00001984 _____ () C:\Users\WriterOne\AppData\Roaming\data.sec 2014-02-09 17:39 - 2014-02-09 17:39 - 01076224 _____ () C:\Users\WriterOne\AppData\Roaming\svc-mnph.exe 2014-02-09 17:38 - 2014-02-09 17:38 - 00122466 _____ () C:\Users\WriterOne\Downloads\setup.exe.vbe 2014-02-09 17:22 - 2014-02-09 17:33 - 06344402 _____ () C:\Users\WriterOne\Downloads\UF-ENG-001World-2009-0.22.SRT.pdf.zip 2014-02-09 13:57 - 2014-02-09 13:57 - 06424058 _____ () C:\Users\WriterOne\Desktop\The URANTHIA .zip.7z 2014-02-09 13:56 - 2014-02-09 13:56 - 00000000 ____D () C:\Program Files\7-Zip 2014-02-09 13:55 - 2014-02-09 13:55 - 01376768 _____ () C:\Users\WriterOne\Downloads\7z920-x64.msi 2014-01-20 14:08 - 2014-01-20 14:08 - 00000594 _____ () C:\Users\WriterOne\Desktop\▶ Peanut's Pastime - YouTube.website 2014-01-20 14:07 - 2014-01-20 14:07 - 00000606 _____ () C:\Users\WriterOne\Desktop\▶ Bigger Than Baseball - YouTube.website 2014-01-20 14:06 - 2014-01-20 14:06 - 00000486 _____ () C:\Users\WriterOne\Desktop\Vimeo.website 2014-01-20 10:27 - 2014-01-20 13:37 - 00000000 ____D () C:\Users\WriterOne\Desktop\Current 2014-01-20 10:23 - 2014-01-20 14:45 - 00000000 ____D () C:\Users\WriterOne\.freemind 2014-01-20 10:23 - 2014-01-20 10:23 - 00000000 ____D () C:\Program Files (x86)\FreeMind 2014-01-20 09:38 - 2014-01-20 09:48 - 38494576 _____ (Apple Inc.) C:\Users\WriterOne\Downloads\SafariSetup.exe 2014-01-15 12:59 - 2013-10-30 21:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\System32\MPSSVC.dll 2014-01-15 12:59 - 2013-10-30 21:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\System32\FirewallAPI.dll 2014-01-15 12:59 - 2013-10-30 20:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll 2014-01-15 12:59 - 2013-10-30 19:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys 2014-01-15 12:59 - 2013-10-27 21:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\System32\SHCore.dll 2014-01-15 12:59 - 2013-10-27 20:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2014-01-15 12:59 - 2013-10-13 12:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys 2014-01-15 12:59 - 2013-08-26 21:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll 2014-01-15 12:59 - 2013-08-26 21:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll 2014-01-15 12:59 - 2013-08-26 14:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-01-15 12:59 - 2013-08-26 14:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2014-01-15 12:55 - 2013-12-06 22:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll 2014-01-15 12:55 - 2013-12-06 22:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-01-15 12:55 - 2013-12-06 21:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-01-15 12:55 - 2013-12-06 21:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll ==================== One Month Modified Files and Folders ======= 2014-02-14 13:44 - 2014-02-14 13:44 - 00000000 ____D () C:\FRST 2014-02-14 10:33 - 2013-11-29 20:23 - 00000369 _____ () C:\Users\WriterOne\AppData\Local\RegisteredPackageInformation.xml 2014-02-14 10:33 - 2012-07-25 23:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-09 19:00 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\System32\sru 2014-02-09 17:53 - 2014-02-09 17:52 - 00002763 _____ () C:\ProgramData\connector.swf 2014-02-09 17:51 - 2013-11-29 23:01 - 00000000 ____D () C:\Users\WriterOne\AppData\Roaming\ClassicShell 2014-02-09 17:43 - 2014-02-09 17:43 - 00001984 _____ () C:\Users\WriterOne\AppData\Roaming\data.sec 2014-02-09 17:40 - 2012-07-25 21:26 - 00524288 ___SH () C:\Windows\System32\config\BBI 2014-02-09 17:39 - 2014-02-09 17:39 - 01076224 _____ () C:\Users\WriterOne\AppData\Roaming\svc-mnph.exe 2014-02-09 17:39 - 2013-10-26 06:02 - 01213145 _____ () C:\Windows\WindowsUpdate.log 2014-02-09 17:38 - 2014-02-09 17:38 - 00122466 _____ () C:\Users\WriterOne\Downloads\setup.exe.vbe 2014-02-09 17:33 - 2014-02-09 17:22 - 06344402 _____ () C:\Users\WriterOne\Downloads\UF-ENG-001World-2009-0.22.SRT.pdf.zip 2014-02-09 17:33 - 2012-07-25 23:28 - 00848230 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-02-09 13:57 - 2014-02-09 13:57 - 06424058 _____ () C:\Users\WriterOne\Desktop\The URANTHIA .zip.7z 2014-02-09 13:56 - 2014-02-09 13:56 - 00000000 ____D () C:\Program Files\7-Zip 2014-02-09 13:55 - 2014-02-09 13:55 - 01376768 _____ () C:\Users\WriterOne\Downloads\7z920-x64.msi 2014-02-09 13:03 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-01-25 16:36 - 2013-11-29 19:51 - 00592896 ___SH () C:\Users\WriterOne\Desktop\Thumbs.db 2014-01-21 11:27 - 2013-11-26 16:56 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-01-20 14:45 - 2014-01-20 10:23 - 00000000 ____D () C:\Users\WriterOne\.freemind 2014-01-20 14:08 - 2014-01-20 14:08 - 00000594 _____ () C:\Users\WriterOne\Desktop\▶ Peanut's Pastime - YouTube.website 2014-01-20 14:07 - 2014-01-20 14:07 - 00000606 _____ () C:\Users\WriterOne\Desktop\▶ Bigger Than Baseball - YouTube.website 2014-01-20 14:06 - 2014-01-20 14:06 - 00000486 _____ () C:\Users\WriterOne\Desktop\Vimeo.website 2014-01-20 13:37 - 2014-01-20 10:27 - 00000000 ____D () C:\Users\WriterOne\Desktop\Current 2014-01-20 13:35 - 2014-01-11 20:46 - 00000000 ____D () C:\Users\WriterOne\Downloads\Wallpaper 2014-01-20 10:32 - 2013-11-30 17:30 - 00000000 ____D () C:\Users\WriterOne\Documents\My eBooks 2014-01-20 10:23 - 2014-01-20 10:23 - 00000000 ____D () C:\Program Files (x86)\FreeMind 2014-01-20 10:23 - 2013-11-24 11:06 - 00000000 ____D () C:\users\WriterOne 2014-01-20 09:48 - 2014-01-20 09:38 - 38494576 _____ (Apple Inc.) C:\Users\WriterOne\Downloads\SafariSetup.exe 2014-01-18 23:33 - 2013-12-16 11:45 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2014-01-17 08:49 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\rescache 2014-01-15 13:05 - 2013-11-24 22:36 - 00000000 ____D () C:\Windows\System32\MRT 2014-01-15 13:02 - 2013-11-24 22:36 - 86054176 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-01-15 13:02 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\WinStore ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-01-25 17:15:10 Restore point made on: 2014-02-09 08:36:10 ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 3960.24 MB Available physical RAM: 3221.71 MB Total Pagefile: 3960.24 MB Available Pagefile: 3244.54 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:425.8 GB) (Free:390.76 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.07 GB) NTFS Drive e: () (Removable) (Total:1.92 GB) (Free:1.7 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 44661907) Partition: GPT Partition Type ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2 GB) (Disk ID: 442559F0) Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS) LastRegBack: 2014-02-09 08:19 ==================== End Of Log ============================