Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Request help for Additional Adware after IE reset
Message
<blockquote data-quote="hate!ads!999" data-source="post: 592934" data-attributes="member: 53753"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017</p><p>Ran by happy7pitt (administrator) on HAPPY7PITT-PC (30-01-2017 23:15:33)</p><p>Running from C:\Users\happy7pitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1IYQ6O0</p><p>Loaded Profiles: happy7pitt (Available Profiles: happy7pitt)</p><p>Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: FF)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe</p><p>(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxsrvc.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe</p><p>(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe</p><p>(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p>(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe</p><p>(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</p><p>() C:\Program Files (x86)\Lenovo\System Update\SUService.exe</p><p>(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe</p><p>(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe</p><p>(Lenovo) C:\Users\happy7pitt\AppData\Local\Apps\2.0\G15Q52ED.WXH\ZWCA4CK0.84N\lsb...tion_2d7b41b05b24775e_0001.0006_4ccd0b1bea5227ca\LSB.exe</p><p></p><p>==================== Registry (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)</p><p>HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27496 2014-03-05] ()</p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)</p><p>HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2017-01-30] (Murray Hurps Software Pty Ltd)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\S-1-5-21-611087673-2115474349-3387605633-1000\...\RunOnce: [Adobe Speed Launcher] => 1485835456</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p>Tcpip\..\Interfaces\{D92E3C74-3A2B-4D8D-B1A7-3F872A48779D}: [DhcpNameServer] 192.168.1.1</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKU\S-1-5-21-611087673-2115474349-3387605633-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emials</p><p></p><p>FireFox:</p><p>========</p><p>FF DefaultProfile: a32zo45h.default</p><p>FF ProfilePath: C:\Users\happy7pitt\AppData\Roaming\Mozilla\Firefox\Profiles\a32zo45h.default [2017-01-30]</p><p>FF Homepage: Mozilla\Firefox\Profiles\a32zo45h.default -> hxxps://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emials</p><p>FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)</p><p></p><p>==================== Services (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-03-31] (DisplayLink Corp.)</p><p>R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)</p><p>R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]</p><p>S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)</p><p>R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)</p><p>S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Aviata, Inc.)</p><p>S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)</p><p>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]</p><p>R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]</p><p>R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63848 2014-03-05] (Lenovo)</p><p>S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186728 2014-03-05] (Lenovo Group Limited)</p><p>R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-01-18] ()</p><p>R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)</p><p></p><p>===================== Drivers (Whitelisted) ======================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 GENERICDRV; C:\SWTOOLS\FLASH\FCJY78USA\amifldrv64.sys [15640 2012-07-27] ()</p><p>R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-02-05] (Intel Corporation)</p><p>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2017-01-30 23:15 - 2017-01-30 23:15 - 00000000 ____D C:\FRST</p><p>2017-01-30 23:01 - 2017-01-30 23:02 - 06263976 _____ ( ) C:\Users\happy7pitt\Downloads\adblockplusie-1.6.exe</p><p>2017-01-30 13:17 - 2017-01-30 13:17 - 00560760 _____ (Murray Hurps Software Pty Ltd) C:\Users\happy7pitt\Downloads\AM-Install.exe</p><p>2017-01-30 13:17 - 2017-01-30 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad Muncher</p><p>2017-01-30 13:17 - 2017-01-30 13:17 - 00000000 ____D C:\ProgramData\Ad Muncher</p><p>2017-01-30 13:17 - 2017-01-30 13:17 - 00000000 ____D C:\Program Files (x86)\Ad Muncher</p><p>2017-01-27 13:00 - 2017-01-27 13:03 - 00012171 _____ C:\Users\happy7pitt\Documents\FAX Cover.odt</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2017-01-30 23:12 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2017-01-30 23:12 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2017-01-30 23:03 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2017-01-30 23:01 - 2016-07-13 12:37 - 00000000 ____D C:\Users\happy7pitt\AppData\LocalLow\Adblock Plus for IE</p><p>2017-01-30 19:25 - 2016-01-22 20:33 - 00000000 ____D C:\Program Files (x86)\Lenovo</p><p>2017-01-30 19:25 - 2015-02-06 04:47 - 00000000 ____D C:\ProgramData\Lenovo</p><p>2017-01-30 16:44 - 2016-01-22 20:53 - 00000000 ____D C:\Windows\System32\Tasks\TVT</p><p>2017-01-30 16:43 - 2016-01-22 20:44 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools</p><p>2017-01-30 10:56 - 2016-09-14 09:38 - 00031157 _____ C:\Users\happy7pitt\Documents\ebay_clothes.odt</p><p>2017-01-30 10:55 - 2016-11-08 01:12 - 00000000 ____D C:\Users\happy7pitt\AppData\Local\Deployment</p><p>2017-01-27 08:36 - 2016-12-11 10:01 - 00015228 _____ C:\Users\happy7pitt\Documents\ltr15.odt</p><p>2017-01-23 18:36 - 2016-06-25 13:15 - 00000000 ____D C:\Users\happy7pitt\AppData\Local\CrashDumps</p><p>2017-01-20 18:22 - 2009-07-14 00:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT</p><p>2017-01-15 10:43 - 2009-07-14 00:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI</p><p>2017-01-15 10:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf</p><p>2017-01-13 11:36 - 2016-12-05 11:05 - 00020569 _____ C:\Users\happy7pitt\Documents\ebay_footwear&other_leather.odt</p><p>2017-01-13 11:36 - 2016-09-25 16:19 - 00022838 _____ C:\Users\happy7pitt\Documents\ebay_footwear.odt</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2016-01-22 20:39 - 2016-01-22 20:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl</p><p>2016-01-22 20:48 - 2016-01-22 20:48 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log</p><p>2016-01-22 20:46 - 2016-01-22 20:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log</p><p>2016-01-22 20:47 - 2016-01-22 20:48 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log</p><p>2016-01-22 20:48 - 2016-01-22 20:48 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log</p><p></p><p>Some zero byte size files/folders:</p><p>==========================</p><p>C:\Windows\SysWOW64\dlumd10.dll</p><p>C:\Windows\SysWOW64\dlumd11.dll</p><p>C:\Windows\SysWOW64\dlumd9.dll</p><p>C:\Windows\System32\dlumd10.dll</p><p>C:\Windows\System32\dlumd11.dll</p><p>C:\Windows\System32\dlumd9.dll</p><p></p><p>==================== Bamital & volsnap ======================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\system32\winlogon.exe => File is digitally signed</p><p>C:\Windows\system32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\system32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\system32\services.exe => File is digitally signed</p><p>C:\Windows\system32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\system32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\system32\rpcss.dll => File is digitally signed</p><p>C:\Windows\system32\dnsapi.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p>LastRegBack: 2016-11-05 08:01</p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017</p><p>Ran by happy7pitt (30-01-2017 23:16:13)</p><p>Running from C:\Users\happy7pitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1IYQ6O0</p><p>Windows 7 Professional Service Pack 1 (X64) (2016-06-25 05:38:16)</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-611087673-2115474349-3387605633-500 - Administrator - Disabled)</p><p>Guest (S-1-5-21-611087673-2115474349-3387605633-501 - Limited - Disabled)</p><p>happy7pitt (S-1-5-21-611087673-2115474349-3387605633-1000 - Administrator - Enabled) => C:\Users\happy7pitt</p><p>HomeGroupUser$ (S-1-5-21-611087673-2115474349-3387605633-1002 - Limited - Enabled)</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Ad Muncher v4.94.34121 (Free) (HKLM-x32\...\Ad Muncher) (Version: - )</p><p>Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)</p><p>Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)</p><p>Brother MFL-Pro Suite FAX-2820 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)</p><p>Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)</p><p>DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)</p><p>Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)</p><p>Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)</p><p>Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)</p><p>Lenovo PowerENGAGE (HKLM-x32\...\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}) (Version: 2.51.0040 - Lenovo Inc.)</p><p>Lenovo Service Bridge (HKU\S-1-5-21-611087673-2115474349-3387605633-1000\...\dda9ca0b023f4c56) (Version: 1.6.5.3 - Lenovo)</p><p>Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)</p><p>Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0045 - Lenovo)</p><p>Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)</p><p>Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)</p><p>Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)</p><p>Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)</p><p>Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)</p><p>Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden</p><p>Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden</p><p>Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)</p><p>Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)</p><p>Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)</p><p>OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)</p><p>Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)</p><p>Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.20.0008 - Lenovo Group Limited)</p><p>PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)</p><p>PowerDVD Create 10 (x32 Version: 10.0.1.3710 - CyberLink Corp.) Hidden</p><p>Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.)</p><p>WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4514 - CyberLink Corp.)</p><p>WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden</p><p>Windows Driver Package - Intel Corporation (igfx) Display (01/29/2014 10.18.10.3412) (HKLM\...\F67E88B82A3D67C887CB27610C33005C3651783E) (Version: 01/29/2014 10.18.10.3412 - Intel Corporation)</p><p></p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>Task: {07F47237-642F-4133-89B9-1F2282E7971A} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2014-03-05] (Lenovo Group Limited)</p><p>Task: {2435D411-AFAD-4BAD-BC76-CFC9DDE824C0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-12-16] (Realtek Semiconductor)</p><p>Task: {2CEAC638-2C3D-4CFB-BB5B-7CF604878C9A} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)</p><p>Task: {444B7F13-484F-4B49-84B5-D151B3EAC470} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-07] (CyberLink)</p><p>Task: {5433A352-3730-40FE-8D18-F1F24CF0AE39} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)</p><p>Task: {57454AF9-7B46-410C-A21F-C698B0B7AA58} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)</p><p>Task: {7783A7A6-D834-4DCC-9470-70E78D52DEC2} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-01-18] ()</p><p>Task: {7B2928CA-319E-4518-B68D-9803B5BBCE35} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-611087673-2115474349-3387605633-1000 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\happy7pitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms</p><p>Task: {8074D321-E4D6-4671-8724-412F76D19A9E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)</p><p>Task: {96D9E9B5-33FA-4E1B-95C9-89029CC97408} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()</p><p>Task: {A7452F90-9C6E-40C1-9325-00B345537A25} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-11-13] (Realtek Semiconductor)</p><p>Task: {B3CBA86B-C36C-4F21-B499-48FC4EB6C7B0} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)</p><p>Task: {BEADC178-0A1A-4BE1-A5CA-FECE1FF77F4E} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)</p><p>Task: {BFEFE100-84A5-4338-BC94-8BB749D43F4E} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"</p><p>Task: {C0E32F94-CB28-43C0-A5C2-8D4D74FC1F7D} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)</p><p>Task: {C2CBE3D0-FD70-4FDF-9499-B55C24BE651E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-01-18] ()</p><p>Task: {C51A54B9-EF58-42DD-8AE9-23929737FFB5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p></p><p>==================== Shortcuts =============================</p><p></p><p>(The entries could be listed to be restored or removed.)</p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>2016-01-22 20:44 - 2014-03-05 11:55 - 00035688 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL</p><p>2017-01-30 16:43 - 2017-01-18 16:36 - 00023416 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe</p><p>2013-03-07 00:49 - 2013-03-07 00:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll</p><p>2013-03-07 00:52 - 2013-03-07 00:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p></p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p></p><p>==================== Association (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p></p><p>==================== Hosts content: ===============================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-611087673-2115474349-3387605633-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\happy7pitt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg</p><p>DNS Servers: 192.168.1.1</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)</p><p>Windows Firewall is enabled.</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe</p><p>FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe</p><p>FirewallRules: [{D3198632-37B1-4053-8A6A-99B6DC2887E2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>FirewallRules: [{423257BA-3012-4E75-9524-D066AC8EAE11}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>FirewallRules: [{E078FD2F-0EBB-4323-AE6D-237F6F2625E1}] => C:\Program Files (x86)\Lenovo\System Update\uncserver.exe</p><p>FirewallRules: [{0C7ADC7E-488A-4F2A-87F6-D7A361EC0A22}] => C:\Program Files (x86)\Lenovo\System Update\uncserver.exe</p><p></p><p>==================== Restore Points =========================</p><p></p><p>11-11-2016 11:15:15 End of disinfection</p><p>11-11-2016 11:38:47 Installed Adblock Plus for IE (32-bit and 64-bit)</p><p>12-12-2016 12:18:39 Scheduled Checkpoint</p><p>30-01-2017 13:56:23 Removed Adblock Plus for IE (32-bit and 64-bit)</p><p>30-01-2017 23:01:08 Removed Adblock Plus for IE (32-bit and 64-bit)</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: </p><p>Description: </p><p>Class Guid: </p><p>Manufacturer: </p><p>Service: </p><p>Problem: : The drivers for this device are not installed. (Code 28)</p><p>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (01/30/2017 11:05:43 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.</p><p></p><p>Error: (01/30/2017 10:05:56 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.</p><p></p><p>Error: (01/30/2017 07:27:06 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.</p><p></p><p>Error: (01/30/2017 04:33:55 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.</p><p></p><p>Error: (01/30/2017 01:20:54 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.</p><p></p><p>Error: (01/30/2017 12:14:40 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.</p><p></p><p>Error: (01/30/2017 10:54:54 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.</p><p></p><p>Error: (01/30/2017 08:19:21 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.</p><p></p><p>Error: (01/29/2017 08:28:41 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program IEXPLORE.EXE version 11.0.9600.18500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: e70</p><p></p><p>Start Time: 01d27a96e30fa7d1</p><p></p><p>Termination Time: 22</p><p></p><p>Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE</p><p></p><p>Report Id:</p><p></p><p>Error: (01/29/2017 08:20:35 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (01/30/2017 10:34:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)</p><p>Description: The following fatal alert was received: 20.</p><p></p><p>Error: (01/30/2017 05:28:12 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)</p><p>Description: The following fatal alert was received: 20.</p><p></p><p>Error: (01/30/2017 04:43:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The System Update service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p>Error: (01/30/2017 12:31:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)</p><p>Description: The following fatal alert was received: 20.</p><p></p><p>Error: (01/26/2017 12:57:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)</p><p>Description: The following fatal alert was received: 20.</p><p></p><p>Error: (01/26/2017 12:20:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)</p><p>Description: The following fatal alert was received: 20.</p><p></p><p>Error: (01/26/2017 11:39:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)</p><p>Description: The following fatal alert was received: 20.</p><p></p><p>Error: (01/24/2017 02:43:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)</p><p>Description: The following fatal alert was received: 20.</p><p></p><p>Error: (01/23/2017 04:44:22 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)</p><p>Description: The following fatal alert was received: 20.</p><p></p><p>Error: (01/23/2017 12:13:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)</p><p>Description: The following fatal alert was received: 20.</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: Intel(R) Core(TM) i3-4150 CPU @ 3.50GHz</p><p>Percentage of memory in use: 59%</p><p>Total physical RAM: 4008.85 MB</p><p>Available physical RAM: 1619.1 MB</p><p>Total Virtual: 8015.89 MB</p><p>Available Virtual: 5620.62 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (Windows7_OS) (Fixed) (Total:444.76 GB) (Free:400.7 GB) NTFS ==>[system with boot components (obtained from drive)]</p><p>Drive q: (Lenovo_Recovery) (Fixed) (Total:19.53 GB) (Free:8.15 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 465.8 GB) (Disk ID: 1E56ABB6)</p><p>Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=444.8 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)</p><p></p><p>==================== End of Addition.txt ============================</p><p>==================== End of FRST.txt ============================</p><p></p><p></p><p>APOLOGIES...Couldn't locate these files, so they're pasted; I hope they are decipherable.</p><p></p><p>Please assist in finding and deleting adware...Prior to this event, I tolerated a small amount of adware on news sites I visit; they ran at the top, and sides, but were static; ie, they weren't "running"/changing ads. But, today, I reset IE because I thought this would be a solution to a problem (images were not appearing on a shopping site).</p><p>BAD move - the reset simply introduced more ads in every spot possible on nearly every site, even on sites that previously didn't have adware. And these also consist of running ads - arrrrghhhhh!!!!</p><p></p><p>Please ASSIST! If I've reached THE --- Infinite thanks again for your assistance!</p><p>THE, or whomever is reading this, I will (again) be happy to contribute to your coffee fund.</p><p>Pls inform me if you need anything further! THANKYOUTHANKYOUTHANKYOU...!!!</p></blockquote><p></p>
[QUOTE="hate!ads!999, post: 592934, member: 53753"] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017 Ran by happy7pitt (administrator) on HAPPY7PITT-PC (30-01-2017 23:15:33) Running from C:\Users\happy7pitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1IYQ6O0 Loaded Profiles: happy7pitt (Available Profiles: happy7pitt) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe (Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Lenovo) C:\Users\happy7pitt\AppData\Local\Apps\2.0\G15Q52ED.WXH\ZWCA4CK0.84N\lsb...tion_2d7b41b05b24775e_0001.0006_4ccd0b1bea5227ca\LSB.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation) HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27496 2014-03-05] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2017-01-30] (Murray Hurps Software Pty Ltd) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-611087673-2115474349-3387605633-1000\...\RunOnce: [Adobe Speed Launcher] => 1485835456 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{D92E3C74-3A2B-4D8D-B1A7-3F872A48779D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-611087673-2115474349-3387605633-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emials FireFox: ======== FF DefaultProfile: a32zo45h.default FF ProfilePath: C:\Users\happy7pitt\AppData\Roaming\Mozilla\Firefox\Profiles\a32zo45h.default [2017-01-30] FF Homepage: Mozilla\Firefox\Profiles\a32zo45h.default -> hxxps://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emials FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-03-31] (DisplayLink Corp.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Aviata, Inc.) S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed] R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed] R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63848 2014-03-05] (Lenovo) S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186728 2014-03-05] (Lenovo Group Limited) R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-01-18] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 GENERICDRV; C:\SWTOOLS\FLASH\FCJY78USA\amifldrv64.sys [15640 2012-07-27] () R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-02-05] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-30 23:15 - 2017-01-30 23:15 - 00000000 ____D C:\FRST 2017-01-30 23:01 - 2017-01-30 23:02 - 06263976 _____ ( ) C:\Users\happy7pitt\Downloads\adblockplusie-1.6.exe 2017-01-30 13:17 - 2017-01-30 13:17 - 00560760 _____ (Murray Hurps Software Pty Ltd) C:\Users\happy7pitt\Downloads\AM-Install.exe 2017-01-30 13:17 - 2017-01-30 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad Muncher 2017-01-30 13:17 - 2017-01-30 13:17 - 00000000 ____D C:\ProgramData\Ad Muncher 2017-01-30 13:17 - 2017-01-30 13:17 - 00000000 ____D C:\Program Files (x86)\Ad Muncher 2017-01-27 13:00 - 2017-01-27 13:03 - 00012171 _____ C:\Users\happy7pitt\Documents\FAX Cover.odt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-30 23:12 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-30 23:12 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-30 23:03 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-30 23:01 - 2016-07-13 12:37 - 00000000 ____D C:\Users\happy7pitt\AppData\LocalLow\Adblock Plus for IE 2017-01-30 19:25 - 2016-01-22 20:33 - 00000000 ____D C:\Program Files (x86)\Lenovo 2017-01-30 19:25 - 2015-02-06 04:47 - 00000000 ____D C:\ProgramData\Lenovo 2017-01-30 16:44 - 2016-01-22 20:53 - 00000000 ____D C:\Windows\System32\Tasks\TVT 2017-01-30 16:43 - 2016-01-22 20:44 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2017-01-30 10:56 - 2016-09-14 09:38 - 00031157 _____ C:\Users\happy7pitt\Documents\ebay_clothes.odt 2017-01-30 10:55 - 2016-11-08 01:12 - 00000000 ____D C:\Users\happy7pitt\AppData\Local\Deployment 2017-01-27 08:36 - 2016-12-11 10:01 - 00015228 _____ C:\Users\happy7pitt\Documents\ltr15.odt 2017-01-23 18:36 - 2016-06-25 13:15 - 00000000 ____D C:\Users\happy7pitt\AppData\Local\CrashDumps 2017-01-20 18:22 - 2009-07-14 00:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-01-15 10:43 - 2009-07-14 00:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-15 10:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2017-01-13 11:36 - 2016-12-05 11:05 - 00020569 _____ C:\Users\happy7pitt\Documents\ebay_footwear&other_leather.odt 2017-01-13 11:36 - 2016-09-25 16:19 - 00022838 _____ C:\Users\happy7pitt\Documents\ebay_footwear.odt ==================== Files in the root of some directories ======= 2016-01-22 20:39 - 2016-01-22 20:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-01-22 20:48 - 2016-01-22 20:48 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log 2016-01-22 20:46 - 2016-01-22 20:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2016-01-22 20:47 - 2016-01-22 20:48 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2016-01-22 20:48 - 2016-01-22 20:48 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log Some zero byte size files/folders: ========================== C:\Windows\SysWOW64\dlumd10.dll C:\Windows\SysWOW64\dlumd11.dll C:\Windows\SysWOW64\dlumd9.dll C:\Windows\System32\dlumd10.dll C:\Windows\System32\dlumd11.dll C:\Windows\System32\dlumd9.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-11-05 08:01 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017 Ran by happy7pitt (30-01-2017 23:16:13) Running from C:\Users\happy7pitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1IYQ6O0 Windows 7 Professional Service Pack 1 (X64) (2016-06-25 05:38:16) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-611087673-2115474349-3387605633-500 - Administrator - Disabled) Guest (S-1-5-21-611087673-2115474349-3387605633-501 - Limited - Disabled) happy7pitt (S-1-5-21-611087673-2115474349-3387605633-1000 - Administrator - Enabled) => C:\Users\happy7pitt HomeGroupUser$ (S-1-5-21-611087673-2115474349-3387605633-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad Muncher v4.94.34121 (Free) (HKLM-x32\...\Ad Muncher) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Brother MFL-Pro Suite FAX-2820 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.) Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited) DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.) Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Lenovo PowerENGAGE (HKLM-x32\...\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}) (Version: 2.51.0040 - Lenovo Inc.) Lenovo Service Bridge (HKU\S-1-5-21-611087673-2115474349-3387605633-1000\...\dda9ca0b023f4c56) (Version: 1.6.5.3 - Lenovo) Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0045 - Lenovo) Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo) Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited) Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation) Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited) Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla) OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.20.0008 - Lenovo Group Limited) PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.) PowerDVD Create 10 (x32 Version: 10.0.1.3710 - CyberLink Corp.) Hidden Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.) WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4514 - CyberLink Corp.) WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden Windows Driver Package - Intel Corporation (igfx) Display (01/29/2014 10.18.10.3412) (HKLM\...\F67E88B82A3D67C887CB27610C33005C3651783E) (Version: 01/29/2014 10.18.10.3412 - Intel Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07F47237-642F-4133-89B9-1F2282E7971A} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2014-03-05] (Lenovo Group Limited) Task: {2435D411-AFAD-4BAD-BC76-CFC9DDE824C0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-12-16] (Realtek Semiconductor) Task: {2CEAC638-2C3D-4CFB-BB5B-7CF604878C9A} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo) Task: {444B7F13-484F-4B49-84B5-D151B3EAC470} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-07] (CyberLink) Task: {5433A352-3730-40FE-8D18-F1F24CF0AE39} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo) Task: {57454AF9-7B46-410C-A21F-C698B0B7AA58} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo) Task: {7783A7A6-D834-4DCC-9470-70E78D52DEC2} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-01-18] () Task: {7B2928CA-319E-4518-B68D-9803B5BBCE35} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-611087673-2115474349-3387605633-1000 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\happy7pitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms Task: {8074D321-E4D6-4671-8724-412F76D19A9E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo) Task: {96D9E9B5-33FA-4E1B-95C9-89029CC97408} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] () Task: {A7452F90-9C6E-40C1-9325-00B345537A25} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-11-13] (Realtek Semiconductor) Task: {B3CBA86B-C36C-4F21-B499-48FC4EB6C7B0} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc) Task: {BEADC178-0A1A-4BE1-A5CA-FECE1FF77F4E} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc) Task: {BFEFE100-84A5-4338-BC94-8BB749D43F4E} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {C0E32F94-CB28-43C0-A5C2-8D4D74FC1F7D} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo) Task: {C2CBE3D0-FD70-4FDF-9499-B55C24BE651E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-01-18] () Task: {C51A54B9-EF58-42DD-8AE9-23929737FFB5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-01-22 20:44 - 2014-03-05 11:55 - 00035688 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL 2017-01-30 16:43 - 2017-01-18 16:36 - 00023416 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe 2013-03-07 00:49 - 2013-03-07 00:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2013-03-07 00:52 - 2013-03-07 00:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-611087673-2115474349-3387605633-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\happy7pitt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [{D3198632-37B1-4053-8A6A-99B6DC2887E2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{423257BA-3012-4E75-9524-D066AC8EAE11}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E078FD2F-0EBB-4323-AE6D-237F6F2625E1}] => C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{0C7ADC7E-488A-4F2A-87F6-D7A361EC0A22}] => C:\Program Files (x86)\Lenovo\System Update\uncserver.exe ==================== Restore Points ========================= 11-11-2016 11:15:15 End of disinfection 11-11-2016 11:38:47 Installed Adblock Plus for IE (32-bit and 64-bit) 12-12-2016 12:18:39 Scheduled Checkpoint 30-01-2017 13:56:23 Removed Adblock Plus for IE (32-bit and 64-bit) 30-01-2017 23:01:08 Removed Adblock Plus for IE (32-bit and 64-bit) ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/30/2017 11:05:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/30/2017 10:05:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/30/2017 07:27:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/30/2017 04:33:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/30/2017 01:20:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/30/2017 12:14:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/30/2017 10:54:54 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/30/2017 08:19:21 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/29/2017 08:28:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.18500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e70 Start Time: 01d27a96e30fa7d1 Termination Time: 22 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (01/29/2017 08:20:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (01/30/2017 10:34:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (01/30/2017 05:28:12 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (01/30/2017 04:43:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The System Update service terminated unexpectedly. It has done this 1 time(s). Error: (01/30/2017 12:31:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (01/26/2017 12:57:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (01/26/2017 12:20:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (01/26/2017 11:39:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (01/24/2017 02:43:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (01/23/2017 04:44:22 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (01/23/2017 12:13:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4150 CPU @ 3.50GHz Percentage of memory in use: 59% Total physical RAM: 4008.85 MB Available physical RAM: 1619.1 MB Total Virtual: 8015.89 MB Available Virtual: 5620.62 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:444.76 GB) (Free:400.7 GB) NTFS ==>[system with boot components (obtained from drive)] Drive q: (Lenovo_Recovery) (Fixed) (Total:19.53 GB) (Free:8.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 1E56ABB6) Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=444.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ ==================== End of FRST.txt ============================ APOLOGIES...Couldn't locate these files, so they're pasted; I hope they are decipherable. Please assist in finding and deleting adware...Prior to this event, I tolerated a small amount of adware on news sites I visit; they ran at the top, and sides, but were static; ie, they weren't "running"/changing ads. But, today, I reset IE because I thought this would be a solution to a problem (images were not appearing on a shopping site). BAD move - the reset simply introduced more ads in every spot possible on nearly every site, even on sites that previously didn't have adware. And these also consist of running ads - arrrrghhhhh!!!! Please ASSIST! If I've reached THE --- Infinite thanks again for your assistance! THE, or whomever is reading this, I will (again) be happy to contribute to your coffee fund. Pls inform me if you need anything further! THANKYOUTHANKYOUTHANKYOU...!!! [/QUOTE]
Insert quotes…
Verification
Post reply
Top
