Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by happy7pitt (administrator) on HAPPY7PITT-PC (30-01-2017 23:15:33)
Running from C:\Users\happy7pitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1IYQ6O0
Loaded Profiles: happy7pitt (Available Profiles: happy7pitt)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo) C:\Users\happy7pitt\AppData\Local\Apps\2.0\G15Q52ED.WXH\ZWCA4CK0.84N\lsb...tion_2d7b41b05b24775e_0001.0006_4ccd0b1bea5227ca\LSB.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27496 2014-03-05] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2017-01-30] (Murray Hurps Software Pty Ltd)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-611087673-2115474349-3387605633-1000\...\RunOnce: [Adobe Speed Launcher] => 1485835456
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D92E3C74-3A2B-4D8D-B1A7-3F872A48779D}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-611087673-2115474349-3387605633-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emials
FireFox:
========
FF DefaultProfile: a32zo45h.default
FF ProfilePath: C:\Users\happy7pitt\AppData\Roaming\Mozilla\Firefox\Profiles\a32zo45h.default [2017-01-30]
FF Homepage: Mozilla\Firefox\Profiles\a32zo45h.default -> hxxps://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emials
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-03-31] (DisplayLink Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Aviata, Inc.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63848 2014-03-05] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186728 2014-03-05] (Lenovo Group Limited)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-01-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 GENERICDRV; C:\SWTOOLS\FLASH\FCJY78USA\amifldrv64.sys [15640 2012-07-27] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-02-05] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-30 23:15 - 2017-01-30 23:15 - 00000000 ____D C:\FRST
2017-01-30 23:01 - 2017-01-30 23:02 - 06263976 _____ ( ) C:\Users\happy7pitt\Downloads\adblockplusie-1.6.exe
2017-01-30 13:17 - 2017-01-30 13:17 - 00560760 _____ (Murray Hurps Software Pty Ltd) C:\Users\happy7pitt\Downloads\AM-Install.exe
2017-01-30 13:17 - 2017-01-30 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad Muncher
2017-01-30 13:17 - 2017-01-30 13:17 - 00000000 ____D C:\ProgramData\Ad Muncher
2017-01-30 13:17 - 2017-01-30 13:17 - 00000000 ____D C:\Program Files (x86)\Ad Muncher
2017-01-27 13:00 - 2017-01-27 13:03 - 00012171 _____ C:\Users\happy7pitt\Documents\FAX Cover.odt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-30 23:12 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-30 23:12 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-30 23:03 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-30 23:01 - 2016-07-13 12:37 - 00000000 ____D C:\Users\happy7pitt\AppData\LocalLow\Adblock Plus for IE
2017-01-30 19:25 - 2016-01-22 20:33 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-01-30 19:25 - 2015-02-06 04:47 - 00000000 ____D C:\ProgramData\Lenovo
2017-01-30 16:44 - 2016-01-22 20:53 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2017-01-30 16:43 - 2016-01-22 20:44 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2017-01-30 10:56 - 2016-09-14 09:38 - 00031157 _____ C:\Users\happy7pitt\Documents\ebay_clothes.odt
2017-01-30 10:55 - 2016-11-08 01:12 - 00000000 ____D C:\Users\happy7pitt\AppData\Local\Deployment
2017-01-27 08:36 - 2016-12-11 10:01 - 00015228 _____ C:\Users\happy7pitt\Documents\ltr15.odt
2017-01-23 18:36 - 2016-06-25 13:15 - 00000000 ____D C:\Users\happy7pitt\AppData\Local\CrashDumps
2017-01-20 18:22 - 2009-07-14 00:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-15 10:43 - 2009-07-14 00:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-15 10:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-01-13 11:36 - 2016-12-05 11:05 - 00020569 _____ C:\Users\happy7pitt\Documents\ebay_footwear&other_leather.odt
2017-01-13 11:36 - 2016-09-25 16:19 - 00022838 _____ C:\Users\happy7pitt\Documents\ebay_footwear.odt
==================== Files in the root of some directories =======
2016-01-22 20:39 - 2016-01-22 20:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-22 20:48 - 2016-01-22 20:48 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2016-01-22 20:46 - 2016-01-22 20:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2016-01-22 20:47 - 2016-01-22 20:48 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2016-01-22 20:48 - 2016-01-22 20:48 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-05 08:01
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by happy7pitt (30-01-2017 23:16:13)
Running from C:\Users\happy7pitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1IYQ6O0
Windows 7 Professional Service Pack 1 (X64) (2016-06-25 05:38:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-611087673-2115474349-3387605633-500 - Administrator - Disabled)
Guest (S-1-5-21-611087673-2115474349-3387605633-501 - Limited - Disabled)
happy7pitt (S-1-5-21-611087673-2115474349-3387605633-1000 - Administrator - Enabled) => C:\Users\happy7pitt
HomeGroupUser$ (S-1-5-21-611087673-2115474349-3387605633-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ad Muncher v4.94.34121 (Free) (HKLM-x32\...\Ad Muncher) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Brother MFL-Pro Suite FAX-2820 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Lenovo PowerENGAGE (HKLM-x32\...\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}) (Version: 2.51.0040 - Lenovo Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-611087673-2115474349-3387605633-1000\...\dda9ca0b023f4c56) (Version: 1.6.5.3 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0045 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.20.0008 - Lenovo Group Limited)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (x32 Version: 10.0.1.3710 - CyberLink Corp.) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.)
WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4514 - CyberLink Corp.)
WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden
Windows Driver Package - Intel Corporation (igfx) Display (01/29/2014 10.18.10.3412) (HKLM\...\F67E88B82A3D67C887CB27610C33005C3651783E) (Version: 01/29/2014 10.18.10.3412 - Intel Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07F47237-642F-4133-89B9-1F2282E7971A} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2014-03-05] (Lenovo Group Limited)
Task: {2435D411-AFAD-4BAD-BC76-CFC9DDE824C0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-12-16] (Realtek Semiconductor)
Task: {2CEAC638-2C3D-4CFB-BB5B-7CF604878C9A} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {444B7F13-484F-4B49-84B5-D151B3EAC470} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-07] (CyberLink)
Task: {5433A352-3730-40FE-8D18-F1F24CF0AE39} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {57454AF9-7B46-410C-A21F-C698B0B7AA58} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {7783A7A6-D834-4DCC-9470-70E78D52DEC2} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-01-18] ()
Task: {7B2928CA-319E-4518-B68D-9803B5BBCE35} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-611087673-2115474349-3387605633-1000 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\happy7pitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {8074D321-E4D6-4671-8724-412F76D19A9E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {96D9E9B5-33FA-4E1B-95C9-89029CC97408} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {A7452F90-9C6E-40C1-9325-00B345537A25} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-11-13] (Realtek Semiconductor)
Task: {B3CBA86B-C36C-4F21-B499-48FC4EB6C7B0} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {BEADC178-0A1A-4BE1-A5CA-FECE1FF77F4E} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {BFEFE100-84A5-4338-BC94-8BB749D43F4E} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {C0E32F94-CB28-43C0-A5C2-8D4D74FC1F7D} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {C2CBE3D0-FD70-4FDF-9499-B55C24BE651E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-01-18] ()
Task: {C51A54B9-EF58-42DD-8AE9-23929737FFB5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-01-22 20:44 - 2014-03-05 11:55 - 00035688 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
2017-01-30 16:43 - 2017-01-18 16:36 - 00023416 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2013-03-07 00:49 - 2013-03-07 00:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2013-03-07 00:52 - 2013-03-07 00:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-611087673-2115474349-3387605633-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\happy7pitt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D3198632-37B1-4053-8A6A-99B6DC2887E2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{423257BA-3012-4E75-9524-D066AC8EAE11}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E078FD2F-0EBB-4323-AE6D-237F6F2625E1}] => C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{0C7ADC7E-488A-4F2A-87F6-D7A361EC0A22}] => C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
==================== Restore Points =========================
11-11-2016 11:15:15 End of disinfection
11-11-2016 11:38:47 Installed Adblock Plus for IE (32-bit and 64-bit)
12-12-2016 12:18:39 Scheduled Checkpoint
30-01-2017 13:56:23 Removed Adblock Plus for IE (32-bit and 64-bit)
30-01-2017 23:01:08 Removed Adblock Plus for IE (32-bit and 64-bit)
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/30/2017 11:05:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 10:05:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 07:27:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 04:33:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 01:20:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 12:14:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 10:54:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 08:19:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/29/2017 08:28:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e70
Start Time: 01d27a96e30fa7d1
Termination Time: 22
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (01/29/2017 08:20:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (01/30/2017 10:34:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/30/2017 05:28:12 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/30/2017 04:43:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Update service terminated unexpectedly. It has done this 1 time(s).
Error: (01/30/2017 12:31:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/26/2017 12:57:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/26/2017 12:20:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/26/2017 11:39:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/24/2017 02:43:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/23/2017 04:44:22 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/23/2017 12:13:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4150 CPU @ 3.50GHz
Percentage of memory in use: 59%
Total physical RAM: 4008.85 MB
Available physical RAM: 1619.1 MB
Total Virtual: 8015.89 MB
Available Virtual: 5620.62 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:444.76 GB) (Free:400.7 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:19.53 GB) (Free:8.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1E56ABB6)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
==================== End of FRST.txt ============================
APOLOGIES...Couldn't locate these files, so they're pasted; I hope they are decipherable.
Please assist in finding and deleting adware...Prior to this event, I tolerated a small amount of adware on news sites I visit; they ran at the top, and sides, but were static; ie, they weren't "running"/changing ads. But, today, I reset IE because I thought this would be a solution to a problem (images were not appearing on a shopping site).
BAD move - the reset simply introduced more ads in every spot possible on nearly every site, even on sites that previously didn't have adware. And these also consist of running ads - arrrrghhhhh!!!!
Please ASSIST! If I've reached THE --- Infinite thanks again for your assistance!
THE, or whomever is reading this, I will (again) be happy to contribute to your coffee fund.
Pls inform me if you need anything further! THANKYOUTHANKYOUTHANKYOU...!!!
Ran by happy7pitt (administrator) on HAPPY7PITT-PC (30-01-2017 23:15:33)
Running from C:\Users\happy7pitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1IYQ6O0
Loaded Profiles: happy7pitt (Available Profiles: happy7pitt)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo) C:\Users\happy7pitt\AppData\Local\Apps\2.0\G15Q52ED.WXH\ZWCA4CK0.84N\lsb...tion_2d7b41b05b24775e_0001.0006_4ccd0b1bea5227ca\LSB.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27496 2014-03-05] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2017-01-30] (Murray Hurps Software Pty Ltd)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-611087673-2115474349-3387605633-1000\...\RunOnce: [Adobe Speed Launcher] => 1485835456
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D92E3C74-3A2B-4D8D-B1A7-3F872A48779D}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-611087673-2115474349-3387605633-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emials
FireFox:
========
FF DefaultProfile: a32zo45h.default
FF ProfilePath: C:\Users\happy7pitt\AppData\Roaming\Mozilla\Firefox\Profiles\a32zo45h.default [2017-01-30]
FF Homepage: Mozilla\Firefox\Profiles\a32zo45h.default -> hxxps://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emials
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-03-31] (DisplayLink Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Aviata, Inc.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63848 2014-03-05] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186728 2014-03-05] (Lenovo Group Limited)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-01-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 GENERICDRV; C:\SWTOOLS\FLASH\FCJY78USA\amifldrv64.sys [15640 2012-07-27] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-02-05] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-30 23:15 - 2017-01-30 23:15 - 00000000 ____D C:\FRST
2017-01-30 23:01 - 2017-01-30 23:02 - 06263976 _____ ( ) C:\Users\happy7pitt\Downloads\adblockplusie-1.6.exe
2017-01-30 13:17 - 2017-01-30 13:17 - 00560760 _____ (Murray Hurps Software Pty Ltd) C:\Users\happy7pitt\Downloads\AM-Install.exe
2017-01-30 13:17 - 2017-01-30 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad Muncher
2017-01-30 13:17 - 2017-01-30 13:17 - 00000000 ____D C:\ProgramData\Ad Muncher
2017-01-30 13:17 - 2017-01-30 13:17 - 00000000 ____D C:\Program Files (x86)\Ad Muncher
2017-01-27 13:00 - 2017-01-27 13:03 - 00012171 _____ C:\Users\happy7pitt\Documents\FAX Cover.odt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-30 23:12 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-30 23:12 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-30 23:03 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-30 23:01 - 2016-07-13 12:37 - 00000000 ____D C:\Users\happy7pitt\AppData\LocalLow\Adblock Plus for IE
2017-01-30 19:25 - 2016-01-22 20:33 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-01-30 19:25 - 2015-02-06 04:47 - 00000000 ____D C:\ProgramData\Lenovo
2017-01-30 16:44 - 2016-01-22 20:53 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2017-01-30 16:43 - 2016-01-22 20:44 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2017-01-30 10:56 - 2016-09-14 09:38 - 00031157 _____ C:\Users\happy7pitt\Documents\ebay_clothes.odt
2017-01-30 10:55 - 2016-11-08 01:12 - 00000000 ____D C:\Users\happy7pitt\AppData\Local\Deployment
2017-01-27 08:36 - 2016-12-11 10:01 - 00015228 _____ C:\Users\happy7pitt\Documents\ltr15.odt
2017-01-23 18:36 - 2016-06-25 13:15 - 00000000 ____D C:\Users\happy7pitt\AppData\Local\CrashDumps
2017-01-20 18:22 - 2009-07-14 00:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-15 10:43 - 2009-07-14 00:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-15 10:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-01-13 11:36 - 2016-12-05 11:05 - 00020569 _____ C:\Users\happy7pitt\Documents\ebay_footwear&other_leather.odt
2017-01-13 11:36 - 2016-09-25 16:19 - 00022838 _____ C:\Users\happy7pitt\Documents\ebay_footwear.odt
==================== Files in the root of some directories =======
2016-01-22 20:39 - 2016-01-22 20:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-22 20:48 - 2016-01-22 20:48 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2016-01-22 20:46 - 2016-01-22 20:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2016-01-22 20:47 - 2016-01-22 20:48 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2016-01-22 20:48 - 2016-01-22 20:48 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-05 08:01
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by happy7pitt (30-01-2017 23:16:13)
Running from C:\Users\happy7pitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1IYQ6O0
Windows 7 Professional Service Pack 1 (X64) (2016-06-25 05:38:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-611087673-2115474349-3387605633-500 - Administrator - Disabled)
Guest (S-1-5-21-611087673-2115474349-3387605633-501 - Limited - Disabled)
happy7pitt (S-1-5-21-611087673-2115474349-3387605633-1000 - Administrator - Enabled) => C:\Users\happy7pitt
HomeGroupUser$ (S-1-5-21-611087673-2115474349-3387605633-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ad Muncher v4.94.34121 (Free) (HKLM-x32\...\Ad Muncher) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Brother MFL-Pro Suite FAX-2820 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Lenovo PowerENGAGE (HKLM-x32\...\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}) (Version: 2.51.0040 - Lenovo Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-611087673-2115474349-3387605633-1000\...\dda9ca0b023f4c56) (Version: 1.6.5.3 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0045 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.20.0008 - Lenovo Group Limited)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (x32 Version: 10.0.1.3710 - CyberLink Corp.) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.)
WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4514 - CyberLink Corp.)
WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden
Windows Driver Package - Intel Corporation (igfx) Display (01/29/2014 10.18.10.3412) (HKLM\...\F67E88B82A3D67C887CB27610C33005C3651783E) (Version: 01/29/2014 10.18.10.3412 - Intel Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07F47237-642F-4133-89B9-1F2282E7971A} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2014-03-05] (Lenovo Group Limited)
Task: {2435D411-AFAD-4BAD-BC76-CFC9DDE824C0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-12-16] (Realtek Semiconductor)
Task: {2CEAC638-2C3D-4CFB-BB5B-7CF604878C9A} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {444B7F13-484F-4B49-84B5-D151B3EAC470} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-07] (CyberLink)
Task: {5433A352-3730-40FE-8D18-F1F24CF0AE39} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {57454AF9-7B46-410C-A21F-C698B0B7AA58} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {7783A7A6-D834-4DCC-9470-70E78D52DEC2} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-01-18] ()
Task: {7B2928CA-319E-4518-B68D-9803B5BBCE35} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-611087673-2115474349-3387605633-1000 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\happy7pitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {8074D321-E4D6-4671-8724-412F76D19A9E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {96D9E9B5-33FA-4E1B-95C9-89029CC97408} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {A7452F90-9C6E-40C1-9325-00B345537A25} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-11-13] (Realtek Semiconductor)
Task: {B3CBA86B-C36C-4F21-B499-48FC4EB6C7B0} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {BEADC178-0A1A-4BE1-A5CA-FECE1FF77F4E} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {BFEFE100-84A5-4338-BC94-8BB749D43F4E} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {C0E32F94-CB28-43C0-A5C2-8D4D74FC1F7D} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {C2CBE3D0-FD70-4FDF-9499-B55C24BE651E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-01-18] ()
Task: {C51A54B9-EF58-42DD-8AE9-23929737FFB5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-01-22 20:44 - 2014-03-05 11:55 - 00035688 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
2017-01-30 16:43 - 2017-01-18 16:36 - 00023416 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2013-03-07 00:49 - 2013-03-07 00:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2013-03-07 00:52 - 2013-03-07 00:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-611087673-2115474349-3387605633-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\happy7pitt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D3198632-37B1-4053-8A6A-99B6DC2887E2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{423257BA-3012-4E75-9524-D066AC8EAE11}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E078FD2F-0EBB-4323-AE6D-237F6F2625E1}] => C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{0C7ADC7E-488A-4F2A-87F6-D7A361EC0A22}] => C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
==================== Restore Points =========================
11-11-2016 11:15:15 End of disinfection
11-11-2016 11:38:47 Installed Adblock Plus for IE (32-bit and 64-bit)
12-12-2016 12:18:39 Scheduled Checkpoint
30-01-2017 13:56:23 Removed Adblock Plus for IE (32-bit and 64-bit)
30-01-2017 23:01:08 Removed Adblock Plus for IE (32-bit and 64-bit)
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/30/2017 11:05:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 10:05:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 07:27:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 04:33:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 01:20:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 12:14:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 10:54:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/30/2017 08:19:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/29/2017 08:28:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e70
Start Time: 01d27a96e30fa7d1
Termination Time: 22
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (01/29/2017 08:20:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (01/30/2017 10:34:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/30/2017 05:28:12 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/30/2017 04:43:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Update service terminated unexpectedly. It has done this 1 time(s).
Error: (01/30/2017 12:31:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/26/2017 12:57:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/26/2017 12:20:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/26/2017 11:39:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/24/2017 02:43:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/23/2017 04:44:22 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/23/2017 12:13:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4150 CPU @ 3.50GHz
Percentage of memory in use: 59%
Total physical RAM: 4008.85 MB
Available physical RAM: 1619.1 MB
Total Virtual: 8015.89 MB
Available Virtual: 5620.62 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:444.76 GB) (Free:400.7 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:19.53 GB) (Free:8.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1E56ABB6)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
==================== End of FRST.txt ============================
APOLOGIES...Couldn't locate these files, so they're pasted; I hope they are decipherable.
Please assist in finding and deleting adware...Prior to this event, I tolerated a small amount of adware on news sites I visit; they ran at the top, and sides, but were static; ie, they weren't "running"/changing ads. But, today, I reset IE because I thought this would be a solution to a problem (images were not appearing on a shopping site).
BAD move - the reset simply introduced more ads in every spot possible on nearly every site, even on sites that previously didn't have adware. And these also consist of running ads - arrrrghhhhh!!!!
Please ASSIST! If I've reached THE --- Infinite thanks again for your assistance!
THE, or whomever is reading this, I will (again) be happy to contribute to your coffee fund.
Pls inform me if you need anything further! THANKYOUTHANKYOUTHANKYOU...!!!
